forked from cory/tildefriends
		
	Add prebuild OpenSSL, and remove SCHANNEL code and whatever it was on MacOS. Build mingw for 64-bit.
git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@4088 ed5197a5-7fde-0310-b194-c3ffbd925b24
This commit is contained in:
		
							
								
								
									
										221
									
								
								deps/openssl/mingw64/share/man/man7/Ed25519.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										221
									
								
								deps/openssl/mingw64/share/man/man7/Ed25519.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,221 @@ | ||||
| .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) | ||||
| .\" | ||||
| .\" Standard preamble: | ||||
| .\" ======================================================================== | ||||
| .de Sp \" Vertical space (when we can't use .PP) | ||||
| .if t .sp .5v | ||||
| .if n .sp | ||||
| .. | ||||
| .de Vb \" Begin verbatim text | ||||
| .ft CW | ||||
| .nf | ||||
| .ne \\$1 | ||||
| .. | ||||
| .de Ve \" End verbatim text | ||||
| .ft R | ||||
| .fi | ||||
| .. | ||||
| .\" Set up some character translations and predefined strings.  \*(-- will | ||||
| .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | ||||
| .\" double quote, and \*(R" will give a right double quote.  \*(C+ will | ||||
| .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and | ||||
| .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff, | ||||
| .\" nothing in troff, for use with C<>. | ||||
| .tr \(*W- | ||||
| .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | ||||
| .ie n \{\ | ||||
| .    ds -- \(*W- | ||||
| .    ds PI pi | ||||
| .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | ||||
| .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch | ||||
| .    ds L" "" | ||||
| .    ds R" "" | ||||
| .    ds C` "" | ||||
| .    ds C' "" | ||||
| 'br\} | ||||
| .el\{\ | ||||
| .    ds -- \|\(em\| | ||||
| .    ds PI \(*p | ||||
| .    ds L" `` | ||||
| .    ds R" '' | ||||
| .    ds C` | ||||
| .    ds C' | ||||
| 'br\} | ||||
| .\" | ||||
| .\" Escape single quotes in literal strings from groff's Unicode transform. | ||||
| .ie \n(.g .ds Aq \(aq | ||||
| .el       .ds Aq ' | ||||
| .\" | ||||
| .\" If the F register is >0, we'll generate index entries on stderr for | ||||
| .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | ||||
| .\" entries marked with X<> in POD.  Of course, you'll have to process the | ||||
| .\" output yourself in some meaningful fashion. | ||||
| .\" | ||||
| .\" Avoid warning from groff about undefined register 'F'. | ||||
| .de IX | ||||
| .. | ||||
| .nr rF 0 | ||||
| .if \n(.g .if rF .nr rF 1 | ||||
| .if (\n(rF:(\n(.g==0)) \{\ | ||||
| .    if \nF \{\ | ||||
| .        de IX | ||||
| .        tm Index:\\$1\t\\n%\t"\\$2" | ||||
| .. | ||||
| .        if !\nF==2 \{\ | ||||
| .            nr % 0 | ||||
| .            nr F 2 | ||||
| .        \} | ||||
| .    \} | ||||
| .\} | ||||
| .rr rF | ||||
| .\" | ||||
| .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | ||||
| .\" Fear.  Run.  Save yourself.  No user-serviceable parts. | ||||
| .    \" fudge factors for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds #H 0 | ||||
| .    ds #V .8m | ||||
| .    ds #F .3m | ||||
| .    ds #[ \f1 | ||||
| .    ds #] \fP | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds #H ((1u-(\\\\n(.fu%2u))*.13m) | ||||
| .    ds #V .6m | ||||
| .    ds #F 0 | ||||
| .    ds #[ \& | ||||
| .    ds #] \& | ||||
| .\} | ||||
| .    \" simple accents for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds ' \& | ||||
| .    ds ` \& | ||||
| .    ds ^ \& | ||||
| .    ds , \& | ||||
| .    ds ~ ~ | ||||
| .    ds / | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | ||||
| .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | ||||
| .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | ||||
| .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | ||||
| .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | ||||
| .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | ||||
| .\} | ||||
| .    \" troff and (daisy-wheel) nroff accents | ||||
| .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | ||||
| .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | ||||
| .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | ||||
| .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | ||||
| .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | ||||
| .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | ||||
| .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | ||||
| .ds ae a\h'-(\w'a'u*4/10)'e | ||||
| .ds Ae A\h'-(\w'A'u*4/10)'E | ||||
| .    \" corrections for vroff | ||||
| .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | ||||
| .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | ||||
| .    \" for low resolution devices (crt and lpr) | ||||
| .if \n(.H>23 .if \n(.V>19 \ | ||||
| \{\ | ||||
| .    ds : e | ||||
| .    ds 8 ss | ||||
| .    ds o a | ||||
| .    ds d- d\h'-1'\(ga | ||||
| .    ds D- D\h'-1'\(hy | ||||
| .    ds th \o'bp' | ||||
| .    ds Th \o'LP' | ||||
| .    ds ae ae | ||||
| .    ds Ae AE | ||||
| .\} | ||||
| .rm #[ #] #H #V #F C | ||||
| .\" ======================================================================== | ||||
| .\" | ||||
| .IX Title "ED25519 7" | ||||
| .TH ED25519 7 "2020-04-21" "1.1.1g" "OpenSSL" | ||||
| .\" For nroff, turn off justification.  Always turn off hyphenation; it makes | ||||
| .\" way too many mistakes in technical documents. | ||||
| .if n .ad l | ||||
| .nh | ||||
| .SH "NAME" | ||||
| Ed25519, Ed448 \&\- EVP_PKEY Ed25519 and Ed448 support | ||||
| .SH "DESCRIPTION" | ||||
| .IX Header "DESCRIPTION" | ||||
| The \fBEd25519\fR and \fBEd448\fR \s-1EVP_PKEY\s0 implementation supports key generation, | ||||
| one-shot digest sign and digest verify using PureEdDSA and \fBEd25519\fR or \fBEd448\fR | ||||
| (see \s-1RFC8032\s0). It has associated private and public key formats compatible with | ||||
| \&\s-1RFC 8410.\s0 | ||||
| .PP | ||||
| No additional parameters can be set during key generation, one-shot signing or | ||||
| verification. In particular, because PureEdDSA is used, a digest must \fB\s-1NOT\s0\fR be | ||||
| specified when signing or verifying. | ||||
| .SH "NOTES" | ||||
| .IX Header "NOTES" | ||||
| The PureEdDSA algorithm does not support the streaming mechanism | ||||
| of other signature algorithms using, for example, \fBEVP_DigestUpdate()\fR. | ||||
| The message to sign or verify must be passed using the one-shot | ||||
| \&\fBEVP_DigestSign()\fR and \fBEVP_DigestVerify()\fR functions. | ||||
| .PP | ||||
| When calling \fBEVP_DigestSignInit()\fR or \fBEVP_DigestVerifyInit()\fR, the | ||||
| digest \fBtype\fR parameter \fB\s-1MUST\s0\fR be set to \fB\s-1NULL\s0\fR. | ||||
| .PP | ||||
| Applications wishing to sign certificates (or other structures such as | ||||
| CRLs or certificate requests) using Ed25519 or Ed448 can either use \fBX509_sign()\fR | ||||
| or \fBX509_sign_ctx()\fR in the usual way. | ||||
| .PP | ||||
| A context for the \fBEd25519\fR algorithm can be obtained by calling: | ||||
| .PP | ||||
| .Vb 1 | ||||
| \& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); | ||||
| .Ve | ||||
| .PP | ||||
| For the \fBEd448\fR algorithm a context can be obtained by calling: | ||||
| .PP | ||||
| .Vb 1 | ||||
| \& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED448, NULL); | ||||
| .Ve | ||||
| .PP | ||||
| Ed25519 or Ed448 private keys can be set directly using | ||||
| \&\fBEVP_PKEY_new_raw_private_key\fR\|(3) or loaded from a PKCS#8 private key file | ||||
| using \fBPEM_read_bio_PrivateKey\fR\|(3) (or similar function). Completely new keys | ||||
| can also be generated (see the example below). Setting a private key also sets | ||||
| the associated public key. | ||||
| .PP | ||||
| Ed25519 or Ed448 public keys can be set directly using | ||||
| \&\fBEVP_PKEY_new_raw_public_key\fR\|(3) or loaded from a SubjectPublicKeyInfo | ||||
| structure in a \s-1PEM\s0 file using \fBPEM_read_bio_PUBKEY\fR\|(3) (or similar function). | ||||
| .PP | ||||
| Ed25519 and Ed448 can be tested within \fBspeed\fR\|(1) application since version 1.1.1. | ||||
| Valid algorithm names are \fBed25519\fR, \fBed448\fR and \fBeddsa\fR. If \fBeddsa\fR is | ||||
| specified, then both Ed25519 and Ed448 are benchmarked. | ||||
| .SH "EXAMPLES" | ||||
| .IX Header "EXAMPLES" | ||||
| This example generates an \fB\s-1ED25519\s0\fR private key and writes it to standard | ||||
| output in \s-1PEM\s0 format: | ||||
| .PP | ||||
| .Vb 9 | ||||
| \& #include <openssl/evp.h> | ||||
| \& #include <openssl/pem.h> | ||||
| \& ... | ||||
| \& EVP_PKEY *pkey = NULL; | ||||
| \& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); | ||||
| \& EVP_PKEY_keygen_init(pctx); | ||||
| \& EVP_PKEY_keygen(pctx, &pkey); | ||||
| \& EVP_PKEY_CTX_free(pctx); | ||||
| \& PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); | ||||
| .Ve | ||||
| .SH "SEE ALSO" | ||||
| .IX Header "SEE ALSO" | ||||
| \&\fBEVP_PKEY_CTX_new\fR\|(3), | ||||
| \&\fBEVP_PKEY_keygen\fR\|(3), | ||||
| \&\fBEVP_DigestSignInit\fR\|(3), | ||||
| \&\fBEVP_DigestVerifyInit\fR\|(3), | ||||
| .SH "COPYRIGHT" | ||||
| .IX Header "COPYRIGHT" | ||||
| Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. | ||||
| .PP | ||||
| Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use | ||||
| this file except in compliance with the License.  You can obtain a copy | ||||
| in the file \s-1LICENSE\s0 in the source distribution or at | ||||
| <https://www.openssl.org/source/license.html>. | ||||
							
								
								
									
										210
									
								
								deps/openssl/mingw64/share/man/man7/RAND.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										210
									
								
								deps/openssl/mingw64/share/man/man7/RAND.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,210 @@ | ||||
| .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) | ||||
| .\" | ||||
| .\" Standard preamble: | ||||
| .\" ======================================================================== | ||||
| .de Sp \" Vertical space (when we can't use .PP) | ||||
| .if t .sp .5v | ||||
| .if n .sp | ||||
| .. | ||||
| .de Vb \" Begin verbatim text | ||||
| .ft CW | ||||
| .nf | ||||
| .ne \\$1 | ||||
| .. | ||||
| .de Ve \" End verbatim text | ||||
| .ft R | ||||
| .fi | ||||
| .. | ||||
| .\" Set up some character translations and predefined strings.  \*(-- will | ||||
| .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | ||||
| .\" double quote, and \*(R" will give a right double quote.  \*(C+ will | ||||
| .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and | ||||
| .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff, | ||||
| .\" nothing in troff, for use with C<>. | ||||
| .tr \(*W- | ||||
| .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | ||||
| .ie n \{\ | ||||
| .    ds -- \(*W- | ||||
| .    ds PI pi | ||||
| .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | ||||
| .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch | ||||
| .    ds L" "" | ||||
| .    ds R" "" | ||||
| .    ds C` "" | ||||
| .    ds C' "" | ||||
| 'br\} | ||||
| .el\{\ | ||||
| .    ds -- \|\(em\| | ||||
| .    ds PI \(*p | ||||
| .    ds L" `` | ||||
| .    ds R" '' | ||||
| .    ds C` | ||||
| .    ds C' | ||||
| 'br\} | ||||
| .\" | ||||
| .\" Escape single quotes in literal strings from groff's Unicode transform. | ||||
| .ie \n(.g .ds Aq \(aq | ||||
| .el       .ds Aq ' | ||||
| .\" | ||||
| .\" If the F register is >0, we'll generate index entries on stderr for | ||||
| .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | ||||
| .\" entries marked with X<> in POD.  Of course, you'll have to process the | ||||
| .\" output yourself in some meaningful fashion. | ||||
| .\" | ||||
| .\" Avoid warning from groff about undefined register 'F'. | ||||
| .de IX | ||||
| .. | ||||
| .nr rF 0 | ||||
| .if \n(.g .if rF .nr rF 1 | ||||
| .if (\n(rF:(\n(.g==0)) \{\ | ||||
| .    if \nF \{\ | ||||
| .        de IX | ||||
| .        tm Index:\\$1\t\\n%\t"\\$2" | ||||
| .. | ||||
| .        if !\nF==2 \{\ | ||||
| .            nr % 0 | ||||
| .            nr F 2 | ||||
| .        \} | ||||
| .    \} | ||||
| .\} | ||||
| .rr rF | ||||
| .\" | ||||
| .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | ||||
| .\" Fear.  Run.  Save yourself.  No user-serviceable parts. | ||||
| .    \" fudge factors for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds #H 0 | ||||
| .    ds #V .8m | ||||
| .    ds #F .3m | ||||
| .    ds #[ \f1 | ||||
| .    ds #] \fP | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds #H ((1u-(\\\\n(.fu%2u))*.13m) | ||||
| .    ds #V .6m | ||||
| .    ds #F 0 | ||||
| .    ds #[ \& | ||||
| .    ds #] \& | ||||
| .\} | ||||
| .    \" simple accents for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds ' \& | ||||
| .    ds ` \& | ||||
| .    ds ^ \& | ||||
| .    ds , \& | ||||
| .    ds ~ ~ | ||||
| .    ds / | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | ||||
| .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | ||||
| .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | ||||
| .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | ||||
| .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | ||||
| .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | ||||
| .\} | ||||
| .    \" troff and (daisy-wheel) nroff accents | ||||
| .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | ||||
| .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | ||||
| .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | ||||
| .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | ||||
| .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | ||||
| .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | ||||
| .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | ||||
| .ds ae a\h'-(\w'a'u*4/10)'e | ||||
| .ds Ae A\h'-(\w'A'u*4/10)'E | ||||
| .    \" corrections for vroff | ||||
| .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | ||||
| .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | ||||
| .    \" for low resolution devices (crt and lpr) | ||||
| .if \n(.H>23 .if \n(.V>19 \ | ||||
| \{\ | ||||
| .    ds : e | ||||
| .    ds 8 ss | ||||
| .    ds o a | ||||
| .    ds d- d\h'-1'\(ga | ||||
| .    ds D- D\h'-1'\(hy | ||||
| .    ds th \o'bp' | ||||
| .    ds Th \o'LP' | ||||
| .    ds ae ae | ||||
| .    ds Ae AE | ||||
| .\} | ||||
| .rm #[ #] #H #V #F C | ||||
| .\" ======================================================================== | ||||
| .\" | ||||
| .IX Title "RAND 7" | ||||
| .TH RAND 7 "2020-04-21" "1.1.1g" "OpenSSL" | ||||
| .\" For nroff, turn off justification.  Always turn off hyphenation; it makes | ||||
| .\" way too many mistakes in technical documents. | ||||
| .if n .ad l | ||||
| .nh | ||||
| .SH "NAME" | ||||
| RAND \&\- the OpenSSL random generator | ||||
| .SH "DESCRIPTION" | ||||
| .IX Header "DESCRIPTION" | ||||
| Random numbers are a vital part of cryptography, they are needed to provide | ||||
| unpredictability for tasks like key generation, creating salts, and many more. | ||||
| Software-based generators must be seeded with external randomness before they | ||||
| can be used as a cryptographically-secure pseudo-random number generator | ||||
| (\s-1CSPRNG\s0). | ||||
| The availability of common hardware with special instructions and | ||||
| modern operating systems, which may use items such as interrupt jitter | ||||
| and network packet timings, can be reasonable sources of seeding material. | ||||
| .PP | ||||
| OpenSSL comes with a default implementation of the \s-1RAND API\s0 which is based on | ||||
| the deterministic random bit generator (\s-1DRBG\s0) model as described in | ||||
| [\s-1NIST SP 800\-90A\s0 Rev. 1]. The default random generator will initialize | ||||
| automatically on first use and will be fully functional without having | ||||
| to be initialized ('seeded') explicitly. | ||||
| It seeds and reseeds itself automatically using trusted random sources | ||||
| provided by the operating system. | ||||
| .PP | ||||
| As a normal application developer, you do not have to worry about any details, | ||||
| just use \fBRAND_bytes\fR\|(3) to obtain random data. | ||||
| Having said that, there is one important rule to obey: Always check the error | ||||
| return value of \fBRAND_bytes\fR\|(3) and do not take randomness for granted. | ||||
| Although (re\-)seeding is automatic, it can fail because no trusted random source | ||||
| is available or the trusted source(s) temporarily fail to provide sufficient | ||||
| random seed material. | ||||
| In this case the \s-1CSPRNG\s0 enters an error state and ceases to provide output, | ||||
| until it is able to recover from the error by reseeding itself. | ||||
| For more details on reseeding and error recovery, see \s-1\fBRAND_DRBG\s0\fR\|(7). | ||||
| .PP | ||||
| For values that should remain secret, you can use \fBRAND_priv_bytes\fR\|(3) | ||||
| instead. | ||||
| This method does not provide 'better' randomness, it uses the same type of \s-1CSPRNG.\s0 | ||||
| The intention behind using a dedicated \s-1CSPRNG\s0 exclusively for private | ||||
| values is that none of its output should be visible to an attacker (e.g., | ||||
| used as salt value), in order to reveal as little information as | ||||
| possible about its internal state, and that a compromise of the \*(L"public\*(R" | ||||
| \&\s-1CSPRNG\s0 instance will not affect the secrecy of these private values. | ||||
| .PP | ||||
| In the rare case where the default implementation does not satisfy your special | ||||
| requirements, there are two options: | ||||
| .IP "\(bu" 2 | ||||
| Replace the default \s-1RAND\s0 method by your own \s-1RAND\s0 method using | ||||
| \&\fBRAND_set_rand_method\fR\|(3). | ||||
| .IP "\(bu" 2 | ||||
| Modify the default settings of the OpenSSL \s-1RAND\s0 method by modifying the security | ||||
| parameters of the underlying \s-1DRBG,\s0 which is described in detail in \s-1\fBRAND_DRBG\s0\fR\|(7). | ||||
| .PP | ||||
| Changing the default random generator or its default parameters should be necessary | ||||
| only in exceptional cases and is not recommended, unless you have a profound knowledge | ||||
| of cryptographic principles and understand the implications of your changes. | ||||
| .SH "SEE ALSO" | ||||
| .IX Header "SEE ALSO" | ||||
| \&\fBRAND_add\fR\|(3), | ||||
| \&\fBRAND_bytes\fR\|(3), | ||||
| \&\fBRAND_priv_bytes\fR\|(3), | ||||
| \&\fBRAND_get_rand_method\fR\|(3), | ||||
| \&\fBRAND_set_rand_method\fR\|(3), | ||||
| \&\fBRAND_OpenSSL\fR\|(3), | ||||
| \&\s-1\fBRAND_DRBG\s0\fR\|(7) | ||||
| .SH "COPYRIGHT" | ||||
| .IX Header "COPYRIGHT" | ||||
| Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. | ||||
| .PP | ||||
| Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use | ||||
| this file except in compliance with the License.  You can obtain a copy | ||||
| in the file \s-1LICENSE\s0 in the source distribution or at | ||||
| <https://www.openssl.org/source/license.html>. | ||||
							
								
								
									
										396
									
								
								deps/openssl/mingw64/share/man/man7/RAND_DRBG.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										396
									
								
								deps/openssl/mingw64/share/man/man7/RAND_DRBG.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,396 @@ | ||||
| .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) | ||||
| .\" | ||||
| .\" Standard preamble: | ||||
| .\" ======================================================================== | ||||
| .de Sp \" Vertical space (when we can't use .PP) | ||||
| .if t .sp .5v | ||||
| .if n .sp | ||||
| .. | ||||
| .de Vb \" Begin verbatim text | ||||
| .ft CW | ||||
| .nf | ||||
| .ne \\$1 | ||||
| .. | ||||
| .de Ve \" End verbatim text | ||||
| .ft R | ||||
| .fi | ||||
| .. | ||||
| .\" Set up some character translations and predefined strings.  \*(-- will | ||||
| .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | ||||
| .\" double quote, and \*(R" will give a right double quote.  \*(C+ will | ||||
| .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and | ||||
| .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff, | ||||
| .\" nothing in troff, for use with C<>. | ||||
| .tr \(*W- | ||||
| .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | ||||
| .ie n \{\ | ||||
| .    ds -- \(*W- | ||||
| .    ds PI pi | ||||
| .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | ||||
| .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch | ||||
| .    ds L" "" | ||||
| .    ds R" "" | ||||
| .    ds C` "" | ||||
| .    ds C' "" | ||||
| 'br\} | ||||
| .el\{\ | ||||
| .    ds -- \|\(em\| | ||||
| .    ds PI \(*p | ||||
| .    ds L" `` | ||||
| .    ds R" '' | ||||
| .    ds C` | ||||
| .    ds C' | ||||
| 'br\} | ||||
| .\" | ||||
| .\" Escape single quotes in literal strings from groff's Unicode transform. | ||||
| .ie \n(.g .ds Aq \(aq | ||||
| .el       .ds Aq ' | ||||
| .\" | ||||
| .\" If the F register is >0, we'll generate index entries on stderr for | ||||
| .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | ||||
| .\" entries marked with X<> in POD.  Of course, you'll have to process the | ||||
| .\" output yourself in some meaningful fashion. | ||||
| .\" | ||||
| .\" Avoid warning from groff about undefined register 'F'. | ||||
| .de IX | ||||
| .. | ||||
| .nr rF 0 | ||||
| .if \n(.g .if rF .nr rF 1 | ||||
| .if (\n(rF:(\n(.g==0)) \{\ | ||||
| .    if \nF \{\ | ||||
| .        de IX | ||||
| .        tm Index:\\$1\t\\n%\t"\\$2" | ||||
| .. | ||||
| .        if !\nF==2 \{\ | ||||
| .            nr % 0 | ||||
| .            nr F 2 | ||||
| .        \} | ||||
| .    \} | ||||
| .\} | ||||
| .rr rF | ||||
| .\" | ||||
| .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | ||||
| .\" Fear.  Run.  Save yourself.  No user-serviceable parts. | ||||
| .    \" fudge factors for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds #H 0 | ||||
| .    ds #V .8m | ||||
| .    ds #F .3m | ||||
| .    ds #[ \f1 | ||||
| .    ds #] \fP | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds #H ((1u-(\\\\n(.fu%2u))*.13m) | ||||
| .    ds #V .6m | ||||
| .    ds #F 0 | ||||
| .    ds #[ \& | ||||
| .    ds #] \& | ||||
| .\} | ||||
| .    \" simple accents for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds ' \& | ||||
| .    ds ` \& | ||||
| .    ds ^ \& | ||||
| .    ds , \& | ||||
| .    ds ~ ~ | ||||
| .    ds / | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | ||||
| .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | ||||
| .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | ||||
| .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | ||||
| .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | ||||
| .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | ||||
| .\} | ||||
| .    \" troff and (daisy-wheel) nroff accents | ||||
| .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | ||||
| .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | ||||
| .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | ||||
| .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | ||||
| .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | ||||
| .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | ||||
| .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | ||||
| .ds ae a\h'-(\w'a'u*4/10)'e | ||||
| .ds Ae A\h'-(\w'A'u*4/10)'E | ||||
| .    \" corrections for vroff | ||||
| .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | ||||
| .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | ||||
| .    \" for low resolution devices (crt and lpr) | ||||
| .if \n(.H>23 .if \n(.V>19 \ | ||||
| \{\ | ||||
| .    ds : e | ||||
| .    ds 8 ss | ||||
| .    ds o a | ||||
| .    ds d- d\h'-1'\(ga | ||||
| .    ds D- D\h'-1'\(hy | ||||
| .    ds th \o'bp' | ||||
| .    ds Th \o'LP' | ||||
| .    ds ae ae | ||||
| .    ds Ae AE | ||||
| .\} | ||||
| .rm #[ #] #H #V #F C | ||||
| .\" ======================================================================== | ||||
| .\" | ||||
| .IX Title "RAND_DRBG 7" | ||||
| .TH RAND_DRBG 7 "2020-04-21" "1.1.1g" "OpenSSL" | ||||
| .\" For nroff, turn off justification.  Always turn off hyphenation; it makes | ||||
| .\" way too many mistakes in technical documents. | ||||
| .if n .ad l | ||||
| .nh | ||||
| .SH "NAME" | ||||
| RAND_DRBG \- the deterministic random bit generator | ||||
| .SH "SYNOPSIS" | ||||
| .IX Header "SYNOPSIS" | ||||
| .Vb 1 | ||||
| \& #include <openssl/rand_drbg.h> | ||||
| .Ve | ||||
| .SH "DESCRIPTION" | ||||
| .IX Header "DESCRIPTION" | ||||
| The default OpenSSL \s-1RAND\s0 method is based on the \s-1RAND_DRBG\s0 class, | ||||
| which implements a deterministic random bit generator (\s-1DRBG\s0). | ||||
| A \s-1DRBG\s0 is a certain type of cryptographically-secure pseudo-random | ||||
| number generator (\s-1CSPRNG\s0), which is described in | ||||
| [\s-1NIST SP 800\-90A\s0 Rev. 1]. | ||||
| .PP | ||||
| While the \s-1RAND API\s0 is the 'frontend' which is intended to be used by | ||||
| application developers for obtaining random bytes, the \s-1RAND_DRBG API\s0 | ||||
| serves as the 'backend', connecting the former with the operating | ||||
| systems's entropy sources and providing access to the \s-1DRBG\s0's | ||||
| configuration parameters. | ||||
| .SS "Disclaimer" | ||||
| .IX Subsection "Disclaimer" | ||||
| Unless you have very specific requirements for your random generator, | ||||
| it is in general not necessary to utilize the \s-1RAND_DRBG API\s0 directly. | ||||
| The usual way to obtain random bytes is to use \fBRAND_bytes\fR\|(3) or | ||||
| \&\fBRAND_priv_bytes\fR\|(3), see also \s-1\fBRAND\s0\fR\|(7). | ||||
| .SS "Typical Use Cases" | ||||
| .IX Subsection "Typical Use Cases" | ||||
| Typical examples for such special use cases are the following: | ||||
| .IP "\(bu" 2 | ||||
| You want to use your own private \s-1DRBG\s0 instances. | ||||
| Multiple \s-1DRBG\s0 instances which are accessed only by a single thread provide | ||||
| additional security (because their internal states are independent) and | ||||
| better scalability in multithreaded applications (because they don't need | ||||
| to be locked). | ||||
| .IP "\(bu" 2 | ||||
| You need to integrate a previously unsupported entropy source. | ||||
| .IP "\(bu" 2 | ||||
| You need to change the default settings of the standard OpenSSL \s-1RAND\s0 | ||||
| implementation to meet specific requirements. | ||||
| .SH "CHAINING" | ||||
| .IX Header "CHAINING" | ||||
| A \s-1DRBG\s0 instance can be used as the entropy source of another \s-1DRBG\s0 instance, | ||||
| provided it has itself access to a valid entropy source. | ||||
| The \s-1DRBG\s0 instance which acts as entropy source is called the \fIparent\fR \s-1DRBG,\s0 | ||||
| the other instance the \fIchild\fR \s-1DRBG.\s0 | ||||
| .PP | ||||
| This is called chaining. A chained \s-1DRBG\s0 instance is created by passing | ||||
| a pointer to the parent \s-1DRBG\s0 as argument to the \fBRAND_DRBG_new()\fR call. | ||||
| It is possible to create chains of more than two \s-1DRBG\s0 in a row. | ||||
| .SH "THE THREE SHARED DRBG INSTANCES" | ||||
| .IX Header "THE THREE SHARED DRBG INSTANCES" | ||||
| Currently, there are three shared \s-1DRBG\s0 instances, | ||||
| the <master>, <public>, and <private> \s-1DRBG.\s0 | ||||
| While the <master> \s-1DRBG\s0 is a single global instance, the <public> and <private> | ||||
| \&\s-1DRBG\s0 are created per thread and accessed through thread-local storage. | ||||
| .PP | ||||
| By default, the functions \fBRAND_bytes\fR\|(3) and \fBRAND_priv_bytes\fR\|(3) use | ||||
| the thread-local <public> and <private> \s-1DRBG\s0 instance, respectively. | ||||
| .SS "The <master> \s-1DRBG\s0 instance" | ||||
| .IX Subsection "The <master> DRBG instance" | ||||
| The <master> \s-1DRBG\s0 is not used directly by the application, only for reseeding | ||||
| the two other two \s-1DRBG\s0 instances. It reseeds itself by obtaining randomness | ||||
| either from os entropy sources or by consuming randomness which was added | ||||
| previously by \fBRAND_add\fR\|(3). | ||||
| .SS "The <public> \s-1DRBG\s0 instance" | ||||
| .IX Subsection "The <public> DRBG instance" | ||||
| This instance is used per default by \fBRAND_bytes\fR\|(3). | ||||
| .SS "The <private> \s-1DRBG\s0 instance" | ||||
| .IX Subsection "The <private> DRBG instance" | ||||
| This instance is used per default by \fBRAND_priv_bytes\fR\|(3) | ||||
| .SH "LOCKING" | ||||
| .IX Header "LOCKING" | ||||
| The <master> \s-1DRBG\s0 is intended to be accessed concurrently for reseeding | ||||
| by its child \s-1DRBG\s0 instances. The necessary locking is done internally. | ||||
| It is \fInot\fR thread-safe to access the <master> \s-1DRBG\s0 directly via the | ||||
| \&\s-1RAND_DRBG\s0 interface. | ||||
| The <public> and <private> \s-1DRBG\s0 are thread-local, i.e. there is an | ||||
| instance of each per thread. So they can safely be accessed without | ||||
| locking via the \s-1RAND_DRBG\s0 interface. | ||||
| .PP | ||||
| Pointers to these \s-1DRBG\s0 instances can be obtained using | ||||
| \&\fBRAND_DRBG_get0_master()\fR, | ||||
| \&\fBRAND_DRBG_get0_public()\fR, and | ||||
| \&\fBRAND_DRBG_get0_private()\fR, respectively. | ||||
| Note that it is not allowed to store a pointer to one of the thread-local | ||||
| \&\s-1DRBG\s0 instances in a variable or other memory location where it will be | ||||
| accessed and used by multiple threads. | ||||
| .PP | ||||
| All other \s-1DRBG\s0 instances created by an application don't support locking, | ||||
| because they are intended to be used by a single thread. | ||||
| Instead of accessing a single \s-1DRBG\s0 instance concurrently from different | ||||
| threads, it is recommended to instantiate a separate \s-1DRBG\s0 instance per | ||||
| thread. Using the <master> \s-1DRBG\s0 as entropy source for multiple \s-1DRBG\s0 | ||||
| instances on different threads is thread-safe, because the \s-1DRBG\s0 instance | ||||
| will lock the <master> \s-1DRBG\s0 automatically for obtaining random input. | ||||
| .SH "THE OVERALL PICTURE" | ||||
| .IX Header "THE OVERALL PICTURE" | ||||
| The following picture gives an overview over how the \s-1DRBG\s0 instances work | ||||
| together and are being used. | ||||
| .PP | ||||
| .Vb 10 | ||||
| \&               +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ | ||||
| \&               | os entropy sources | | ||||
| \&               +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ | ||||
| \&                        | | ||||
| \&                        v           +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ | ||||
| \&      RAND_add() ==> <master>     <\-| shared DRBG (with locking)  | | ||||
| \&                      /   \e         +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ | ||||
| \&                     /     \e              +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ | ||||
| \&              <public>     <private>   <\- | per\-thread DRBG instances | | ||||
| \&                 |             |          +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ | ||||
| \&                 v             v | ||||
| \&               RAND_bytes()   RAND_priv_bytes() | ||||
| \&                    |               ^ | ||||
| \&                    |               | | ||||
| \&    +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+      +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ | ||||
| \&    | general purpose  |      | used for secrets like session keys | | ||||
| \&    | random generator |      | and private keys for certificates  | | ||||
| \&    +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+      +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ | ||||
| .Ve | ||||
| .PP | ||||
| The usual way to obtain random bytes is to call RAND_bytes(...) or | ||||
| RAND_priv_bytes(...). These calls are roughly equivalent to calling | ||||
| RAND_DRBG_bytes(<public>, ...) and RAND_DRBG_bytes(<private>, ...), | ||||
| respectively. The method \fBRAND_DRBG_bytes\fR\|(3) is a convenience method | ||||
| wrapping the \fBRAND_DRBG_generate\fR\|(3) function, which serves the actual | ||||
| request for random data. | ||||
| .SH "RESEEDING" | ||||
| .IX Header "RESEEDING" | ||||
| A \s-1DRBG\s0 instance seeds itself automatically, pulling random input from | ||||
| its entropy source. The entropy source can be either a trusted operating | ||||
| system entropy source, or another \s-1DRBG\s0 with access to such a source. | ||||
| .PP | ||||
| Automatic reseeding occurs after a predefined number of generate requests. | ||||
| The selection of the trusted entropy sources is configured at build | ||||
| time using the \-\-with\-rand\-seed option. The following sections explain | ||||
| the reseeding process in more detail. | ||||
| .SS "Automatic Reseeding" | ||||
| .IX Subsection "Automatic Reseeding" | ||||
| Before satisfying a generate request (\fBRAND_DRBG_generate\fR\|(3)), the \s-1DRBG\s0 | ||||
| reseeds itself automatically, if one of the following conditions holds: | ||||
| .PP | ||||
| \&\- the \s-1DRBG\s0 was not instantiated (=seeded) yet or has been uninstantiated. | ||||
| .PP | ||||
| \&\- the number of generate requests since the last reseeding exceeds a | ||||
| certain threshold, the so called \fIreseed_interval\fR. | ||||
| This behaviour can be disabled by setting the \fIreseed_interval\fR to 0. | ||||
| .PP | ||||
| \&\- the time elapsed since the last reseeding exceeds a certain time | ||||
| interval, the so called \fIreseed_time_interval\fR. | ||||
| This can be disabled by setting the \fIreseed_time_interval\fR to 0. | ||||
| .PP | ||||
| \&\- the \s-1DRBG\s0 is in an error state. | ||||
| .PP | ||||
| \&\fBNote\fR: An error state is entered if the entropy source fails while | ||||
| the \s-1DRBG\s0 is seeding or reseeding. | ||||
| The last case ensures that the \s-1DRBG\s0 automatically recovers | ||||
| from the error as soon as the entropy source is available again. | ||||
| .SS "Manual Reseeding" | ||||
| .IX Subsection "Manual Reseeding" | ||||
| In addition to automatic reseeding, the caller can request an immediate | ||||
| reseeding of the \s-1DRBG\s0 with fresh entropy by setting the | ||||
| \&\fIprediction resistance\fR parameter to 1 when calling \fBRAND_DRBG_generate\fR\|(3). | ||||
| .PP | ||||
| The document [\s-1NIST SP 800\-90C\s0] describes prediction resistance requests | ||||
| in detail and imposes strict conditions on the entropy sources that are | ||||
| approved for providing prediction resistance. | ||||
| Since the default \s-1DRBG\s0 implementation does not have access to such an approved | ||||
| entropy source, a request for prediction resistance will currently always fail. | ||||
| In other words, prediction resistance is currently not supported yet by the \s-1DRBG.\s0 | ||||
| .PP | ||||
| For the three shared DRBGs (and only for these) there is another way to | ||||
| reseed them manually: | ||||
| If \fBRAND_add\fR\|(3) is called with a positive \fIrandomness\fR argument | ||||
| (or \fBRAND_seed\fR\|(3)), then this will immediately reseed the <master> \s-1DRBG.\s0 | ||||
| The <public> and <private> \s-1DRBG\s0 will detect this on their next generate | ||||
| call and reseed, pulling randomness from <master>. | ||||
| .PP | ||||
| The last feature has been added to support the common practice used with | ||||
| previous OpenSSL versions to call \fBRAND_add()\fR before calling \fBRAND_bytes()\fR. | ||||
| .SS "Entropy Input vs. Additional Data" | ||||
| .IX Subsection "Entropy Input vs. Additional Data" | ||||
| The \s-1DRBG\s0 distinguishes two different types of random input: \fIentropy\fR, | ||||
| which comes from a trusted source, and \fIadditional input\fR', | ||||
| which can optionally be added by the user and is considered untrusted. | ||||
| It is possible to add \fIadditional input\fR not only during reseeding, | ||||
| but also for every generate request. | ||||
| This is in fact done automatically by \fBRAND_DRBG_bytes\fR\|(3). | ||||
| .SS "Configuring the Random Seed Source" | ||||
| .IX Subsection "Configuring the Random Seed Source" | ||||
| In most cases OpenSSL will automatically choose a suitable seed source | ||||
| for automatically seeding and reseeding its <master> \s-1DRBG.\s0 In some cases | ||||
| however, it will be necessary to explicitly specify a seed source during | ||||
| configuration, using the \-\-with\-rand\-seed option. For more information, | ||||
| see the \s-1INSTALL\s0 instructions. There are also operating systems where no | ||||
| seed source is available and automatic reseeding is disabled by default. | ||||
| .PP | ||||
| The following two sections describe the reseeding process of the master | ||||
| \&\s-1DRBG,\s0 depending on whether automatic reseeding is available or not. | ||||
| .SS "Reseeding the master \s-1DRBG\s0 with automatic seeding enabled" | ||||
| .IX Subsection "Reseeding the master DRBG with automatic seeding enabled" | ||||
| Calling \fBRAND_poll()\fR or \fBRAND_add()\fR is not necessary, because the \s-1DRBG\s0 | ||||
| pulls the necessary entropy from its source automatically. | ||||
| However, both calls are permitted, and do reseed the \s-1RNG.\s0 | ||||
| .PP | ||||
| \&\fBRAND_add()\fR can be used to add both kinds of random input, depending on the | ||||
| value of the \fBrandomness\fR argument: | ||||
| .IP "randomness == 0:" 4 | ||||
| .IX Item "randomness == 0:" | ||||
| The random bytes are mixed as additional input into the current state of | ||||
| the \s-1DRBG.\s0 | ||||
| Mixing in additional input is not considered a full reseeding, hence the | ||||
| reseed counter is not reset. | ||||
| .IP "randomness > 0:" 4 | ||||
| .IX Item "randomness > 0:" | ||||
| The random bytes are used as entropy input for a full reseeding | ||||
| (resp. reinstantiation) if the \s-1DRBG\s0 is instantiated | ||||
| (resp. uninstantiated or in an error state). | ||||
| The number of random bits required for reseeding is determined by the | ||||
| security strength of the \s-1DRBG.\s0 Currently it defaults to 256 bits (32 bytes). | ||||
| It is possible to provide less randomness than required. | ||||
| In this case the missing randomness will be obtained by pulling random input | ||||
| from the trusted entropy sources. | ||||
| .SS "Reseeding the master \s-1DRBG\s0 with automatic seeding disabled" | ||||
| .IX Subsection "Reseeding the master DRBG with automatic seeding disabled" | ||||
| Calling \fBRAND_poll()\fR will always fail. | ||||
| .PP | ||||
| \&\fBRAND_add()\fR needs to be called for initial seeding and periodic reseeding. | ||||
| At least 48 bytes (384 bits) of randomness have to be provided, otherwise | ||||
| the (re\-)seeding of the \s-1DRBG\s0 will fail. This corresponds to one and a half | ||||
| times the security strength of the \s-1DRBG.\s0 The extra half is used for the | ||||
| nonce during instantiation. | ||||
| .PP | ||||
| More precisely, the number of bytes needed for seeding depend on the | ||||
| \&\fIsecurity strength\fR of the \s-1DRBG,\s0 which is set to 256 by default. | ||||
| .SH "SEE ALSO" | ||||
| .IX Header "SEE ALSO" | ||||
| \&\fBRAND_DRBG_bytes\fR\|(3), | ||||
| \&\fBRAND_DRBG_generate\fR\|(3), | ||||
| \&\fBRAND_DRBG_reseed\fR\|(3), | ||||
| \&\fBRAND_DRBG_get0_master\fR\|(3), | ||||
| \&\fBRAND_DRBG_get0_public\fR\|(3), | ||||
| \&\fBRAND_DRBG_get0_private\fR\|(3), | ||||
| \&\fBRAND_DRBG_set_reseed_interval\fR\|(3), | ||||
| \&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3), | ||||
| \&\fBRAND_DRBG_set_reseed_defaults\fR\|(3), | ||||
| \&\s-1\fBRAND\s0\fR\|(7), | ||||
| .SH "COPYRIGHT" | ||||
| .IX Header "COPYRIGHT" | ||||
| Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. | ||||
| .PP | ||||
| Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use | ||||
| this file except in compliance with the License.  You can obtain a copy | ||||
| in the file \s-1LICENSE\s0 in the source distribution or at | ||||
| <https://www.openssl.org/source/license.html>. | ||||
							
								
								
									
										189
									
								
								deps/openssl/mingw64/share/man/man7/RSA-PSS.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										189
									
								
								deps/openssl/mingw64/share/man/man7/RSA-PSS.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,189 @@ | ||||
| .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) | ||||
| .\" | ||||
| .\" Standard preamble: | ||||
| .\" ======================================================================== | ||||
| .de Sp \" Vertical space (when we can't use .PP) | ||||
| .if t .sp .5v | ||||
| .if n .sp | ||||
| .. | ||||
| .de Vb \" Begin verbatim text | ||||
| .ft CW | ||||
| .nf | ||||
| .ne \\$1 | ||||
| .. | ||||
| .de Ve \" End verbatim text | ||||
| .ft R | ||||
| .fi | ||||
| .. | ||||
| .\" Set up some character translations and predefined strings.  \*(-- will | ||||
| .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | ||||
| .\" double quote, and \*(R" will give a right double quote.  \*(C+ will | ||||
| .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and | ||||
| .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff, | ||||
| .\" nothing in troff, for use with C<>. | ||||
| .tr \(*W- | ||||
| .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | ||||
| .ie n \{\ | ||||
| .    ds -- \(*W- | ||||
| .    ds PI pi | ||||
| .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | ||||
| .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch | ||||
| .    ds L" "" | ||||
| .    ds R" "" | ||||
| .    ds C` "" | ||||
| .    ds C' "" | ||||
| 'br\} | ||||
| .el\{\ | ||||
| .    ds -- \|\(em\| | ||||
| .    ds PI \(*p | ||||
| .    ds L" `` | ||||
| .    ds R" '' | ||||
| .    ds C` | ||||
| .    ds C' | ||||
| 'br\} | ||||
| .\" | ||||
| .\" Escape single quotes in literal strings from groff's Unicode transform. | ||||
| .ie \n(.g .ds Aq \(aq | ||||
| .el       .ds Aq ' | ||||
| .\" | ||||
| .\" If the F register is >0, we'll generate index entries on stderr for | ||||
| .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | ||||
| .\" entries marked with X<> in POD.  Of course, you'll have to process the | ||||
| .\" output yourself in some meaningful fashion. | ||||
| .\" | ||||
| .\" Avoid warning from groff about undefined register 'F'. | ||||
| .de IX | ||||
| .. | ||||
| .nr rF 0 | ||||
| .if \n(.g .if rF .nr rF 1 | ||||
| .if (\n(rF:(\n(.g==0)) \{\ | ||||
| .    if \nF \{\ | ||||
| .        de IX | ||||
| .        tm Index:\\$1\t\\n%\t"\\$2" | ||||
| .. | ||||
| .        if !\nF==2 \{\ | ||||
| .            nr % 0 | ||||
| .            nr F 2 | ||||
| .        \} | ||||
| .    \} | ||||
| .\} | ||||
| .rr rF | ||||
| .\" | ||||
| .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | ||||
| .\" Fear.  Run.  Save yourself.  No user-serviceable parts. | ||||
| .    \" fudge factors for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds #H 0 | ||||
| .    ds #V .8m | ||||
| .    ds #F .3m | ||||
| .    ds #[ \f1 | ||||
| .    ds #] \fP | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds #H ((1u-(\\\\n(.fu%2u))*.13m) | ||||
| .    ds #V .6m | ||||
| .    ds #F 0 | ||||
| .    ds #[ \& | ||||
| .    ds #] \& | ||||
| .\} | ||||
| .    \" simple accents for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds ' \& | ||||
| .    ds ` \& | ||||
| .    ds ^ \& | ||||
| .    ds , \& | ||||
| .    ds ~ ~ | ||||
| .    ds / | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | ||||
| .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | ||||
| .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | ||||
| .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | ||||
| .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | ||||
| .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | ||||
| .\} | ||||
| .    \" troff and (daisy-wheel) nroff accents | ||||
| .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | ||||
| .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | ||||
| .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | ||||
| .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | ||||
| .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | ||||
| .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | ||||
| .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | ||||
| .ds ae a\h'-(\w'a'u*4/10)'e | ||||
| .ds Ae A\h'-(\w'A'u*4/10)'E | ||||
| .    \" corrections for vroff | ||||
| .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | ||||
| .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | ||||
| .    \" for low resolution devices (crt and lpr) | ||||
| .if \n(.H>23 .if \n(.V>19 \ | ||||
| \{\ | ||||
| .    ds : e | ||||
| .    ds 8 ss | ||||
| .    ds o a | ||||
| .    ds d- d\h'-1'\(ga | ||||
| .    ds D- D\h'-1'\(hy | ||||
| .    ds th \o'bp' | ||||
| .    ds Th \o'LP' | ||||
| .    ds ae ae | ||||
| .    ds Ae AE | ||||
| .\} | ||||
| .rm #[ #] #H #V #F C | ||||
| .\" ======================================================================== | ||||
| .\" | ||||
| .IX Title "RSA-PSS 7" | ||||
| .TH RSA-PSS 7 "2020-04-21" "1.1.1g" "OpenSSL" | ||||
| .\" For nroff, turn off justification.  Always turn off hyphenation; it makes | ||||
| .\" way too many mistakes in technical documents. | ||||
| .if n .ad l | ||||
| .nh | ||||
| .SH "NAME" | ||||
| RSA\-PSS \- EVP_PKEY RSA\-PSS algorithm support | ||||
| .SH "DESCRIPTION" | ||||
| .IX Header "DESCRIPTION" | ||||
| The \fBRSA-PSS\fR \s-1EVP_PKEY\s0 implementation is a restricted version of the \s-1RSA\s0 | ||||
| algorithm which only supports signing, verification and key generation | ||||
| using \s-1PSS\s0 padding modes with optional parameter restrictions. | ||||
| .PP | ||||
| It has associated private key and public key formats. | ||||
| .PP | ||||
| This algorithm shares several control operations with the \fB\s-1RSA\s0\fR algorithm | ||||
| but with some restrictions described below. | ||||
| .SS "Signing and Verification" | ||||
| .IX Subsection "Signing and Verification" | ||||
| Signing and verification is similar to the \fB\s-1RSA\s0\fR algorithm except the | ||||
| padding mode is always \s-1PSS.\s0 If the key in use has parameter restrictions then | ||||
| the corresponding signature parameters are set to the restrictions: | ||||
| for example, if the key can only be used with digest \s-1SHA256, MGF1 SHA256\s0 | ||||
| and minimum salt length 32 then the digest, \s-1MGF1\s0 digest and salt length | ||||
| will be set to \s-1SHA256, SHA256\s0 and 32 respectively. | ||||
| .SS "Key Generation" | ||||
| .IX Subsection "Key Generation" | ||||
| By default no parameter restrictions are placed on the generated key. | ||||
| .SH "NOTES" | ||||
| .IX Header "NOTES" | ||||
| The public key format is documented in \s-1RFC4055.\s0 | ||||
| .PP | ||||
| The PKCS#8 private key format used for RSA-PSS keys is similar to the \s-1RSA\s0 | ||||
| format except it uses the \fBid-RSASSA-PSS\fR \s-1OID\s0 and the parameters field, if | ||||
| present, restricts the key parameters in the same way as the public key. | ||||
| .SH "CONFORMING TO" | ||||
| .IX Header "CONFORMING TO" | ||||
| \&\s-1RFC 4055\s0 | ||||
| .SH "SEE ALSO" | ||||
| .IX Header "SEE ALSO" | ||||
| \&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_md\fR\|(3), | ||||
| \&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md\fR\|(3), | ||||
| \&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen\fR\|(3), | ||||
| \&\fBEVP_PKEY_CTX_new\fR\|(3), | ||||
| \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), | ||||
| \&\fBEVP_PKEY_derive\fR\|(3) | ||||
| .SH "COPYRIGHT" | ||||
| .IX Header "COPYRIGHT" | ||||
| Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. | ||||
| .PP | ||||
| Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use | ||||
| this file except in compliance with the License.  You can obtain a copy | ||||
| in the file \s-1LICENSE\s0 in the source distribution or at | ||||
| <https://www.openssl.org/source/license.html>. | ||||
							
								
								
									
										217
									
								
								deps/openssl/mingw64/share/man/man7/SM2.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										217
									
								
								deps/openssl/mingw64/share/man/man7/SM2.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,217 @@ | ||||
| .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) | ||||
| .\" | ||||
| .\" Standard preamble: | ||||
| .\" ======================================================================== | ||||
| .de Sp \" Vertical space (when we can't use .PP) | ||||
| .if t .sp .5v | ||||
| .if n .sp | ||||
| .. | ||||
| .de Vb \" Begin verbatim text | ||||
| .ft CW | ||||
| .nf | ||||
| .ne \\$1 | ||||
| .. | ||||
| .de Ve \" End verbatim text | ||||
| .ft R | ||||
| .fi | ||||
| .. | ||||
| .\" Set up some character translations and predefined strings.  \*(-- will | ||||
| .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | ||||
| .\" double quote, and \*(R" will give a right double quote.  \*(C+ will | ||||
| .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and | ||||
| .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff, | ||||
| .\" nothing in troff, for use with C<>. | ||||
| .tr \(*W- | ||||
| .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | ||||
| .ie n \{\ | ||||
| .    ds -- \(*W- | ||||
| .    ds PI pi | ||||
| .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | ||||
| .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch | ||||
| .    ds L" "" | ||||
| .    ds R" "" | ||||
| .    ds C` "" | ||||
| .    ds C' "" | ||||
| 'br\} | ||||
| .el\{\ | ||||
| .    ds -- \|\(em\| | ||||
| .    ds PI \(*p | ||||
| .    ds L" `` | ||||
| .    ds R" '' | ||||
| .    ds C` | ||||
| .    ds C' | ||||
| 'br\} | ||||
| .\" | ||||
| .\" Escape single quotes in literal strings from groff's Unicode transform. | ||||
| .ie \n(.g .ds Aq \(aq | ||||
| .el       .ds Aq ' | ||||
| .\" | ||||
| .\" If the F register is >0, we'll generate index entries on stderr for | ||||
| .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | ||||
| .\" entries marked with X<> in POD.  Of course, you'll have to process the | ||||
| .\" output yourself in some meaningful fashion. | ||||
| .\" | ||||
| .\" Avoid warning from groff about undefined register 'F'. | ||||
| .de IX | ||||
| .. | ||||
| .nr rF 0 | ||||
| .if \n(.g .if rF .nr rF 1 | ||||
| .if (\n(rF:(\n(.g==0)) \{\ | ||||
| .    if \nF \{\ | ||||
| .        de IX | ||||
| .        tm Index:\\$1\t\\n%\t"\\$2" | ||||
| .. | ||||
| .        if !\nF==2 \{\ | ||||
| .            nr % 0 | ||||
| .            nr F 2 | ||||
| .        \} | ||||
| .    \} | ||||
| .\} | ||||
| .rr rF | ||||
| .\" | ||||
| .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | ||||
| .\" Fear.  Run.  Save yourself.  No user-serviceable parts. | ||||
| .    \" fudge factors for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds #H 0 | ||||
| .    ds #V .8m | ||||
| .    ds #F .3m | ||||
| .    ds #[ \f1 | ||||
| .    ds #] \fP | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds #H ((1u-(\\\\n(.fu%2u))*.13m) | ||||
| .    ds #V .6m | ||||
| .    ds #F 0 | ||||
| .    ds #[ \& | ||||
| .    ds #] \& | ||||
| .\} | ||||
| .    \" simple accents for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds ' \& | ||||
| .    ds ` \& | ||||
| .    ds ^ \& | ||||
| .    ds , \& | ||||
| .    ds ~ ~ | ||||
| .    ds / | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | ||||
| .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | ||||
| .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | ||||
| .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | ||||
| .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | ||||
| .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | ||||
| .\} | ||||
| .    \" troff and (daisy-wheel) nroff accents | ||||
| .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | ||||
| .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | ||||
| .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | ||||
| .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | ||||
| .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | ||||
| .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | ||||
| .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | ||||
| .ds ae a\h'-(\w'a'u*4/10)'e | ||||
| .ds Ae A\h'-(\w'A'u*4/10)'E | ||||
| .    \" corrections for vroff | ||||
| .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | ||||
| .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | ||||
| .    \" for low resolution devices (crt and lpr) | ||||
| .if \n(.H>23 .if \n(.V>19 \ | ||||
| \{\ | ||||
| .    ds : e | ||||
| .    ds 8 ss | ||||
| .    ds o a | ||||
| .    ds d- d\h'-1'\(ga | ||||
| .    ds D- D\h'-1'\(hy | ||||
| .    ds th \o'bp' | ||||
| .    ds Th \o'LP' | ||||
| .    ds ae ae | ||||
| .    ds Ae AE | ||||
| .\} | ||||
| .rm #[ #] #H #V #F C | ||||
| .\" ======================================================================== | ||||
| .\" | ||||
| .IX Title "SM2 7" | ||||
| .TH SM2 7 "2020-04-21" "1.1.1g" "OpenSSL" | ||||
| .\" For nroff, turn off justification.  Always turn off hyphenation; it makes | ||||
| .\" way too many mistakes in technical documents. | ||||
| .if n .ad l | ||||
| .nh | ||||
| .SH "NAME" | ||||
| SM2 \- Chinese SM2 signature and encryption algorithm support | ||||
| .SH "DESCRIPTION" | ||||
| .IX Header "DESCRIPTION" | ||||
| The \fB\s-1SM2\s0\fR algorithm was first defined by the Chinese national standard \s-1GM/T | ||||
| 0003\-2012\s0 and was later standardized by \s-1ISO\s0 as \s-1ISO/IEC 14888.\s0 \fB\s-1SM2\s0\fR is actually | ||||
| an elliptic curve based algorithm. The current implementation in OpenSSL supports | ||||
| both signature and encryption schemes via the \s-1EVP\s0 interface. | ||||
| .PP | ||||
| When doing the \fB\s-1SM2\s0\fR signature algorithm, it requires a distinguishing identifier | ||||
| to form the message prefix which is hashed before the real message is hashed. | ||||
| .SH "NOTES" | ||||
| .IX Header "NOTES" | ||||
| \&\fB\s-1SM2\s0\fR signatures can be generated by using the 'DigestSign' series of APIs, for | ||||
| instance, \fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR. | ||||
| Ditto for the verification process by calling the 'DigestVerify' series of APIs. | ||||
| .PP | ||||
| There are several special steps that need to be done before computing an \fB\s-1SM2\s0\fR | ||||
| signature. | ||||
| .PP | ||||
| The \fB\s-1EVP_PKEY\s0\fR structure will default to using \s-1ECDSA\s0 for signatures when it is | ||||
| created. It should be set to \fB\s-1EVP_PKEY_SM2\s0\fR by calling: | ||||
| .PP | ||||
| .Vb 1 | ||||
| \& EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); | ||||
| .Ve | ||||
| .PP | ||||
| Then an \s-1ID\s0 should be set by calling: | ||||
| .PP | ||||
| .Vb 1 | ||||
| \& EVP_PKEY_CTX_set1_id(pctx, id, id_len); | ||||
| .Ve | ||||
| .PP | ||||
| When calling the \fBEVP_DigestSignInit()\fR or \fBEVP_DigestVerifyInit()\fR functions, a | ||||
| pre-allocated \fB\s-1EVP_PKEY_CTX\s0\fR should be assigned to the \fB\s-1EVP_MD_CTX\s0\fR. This is | ||||
| done by calling: | ||||
| .PP | ||||
| .Vb 1 | ||||
| \& EVP_MD_CTX_set_pkey_ctx(mctx, pctx); | ||||
| .Ve | ||||
| .PP | ||||
| And normally there is no need to pass a \fBpctx\fR parameter to \fBEVP_DigestSignInit()\fR | ||||
| or \fBEVP_DigestVerifyInit()\fR in such a scenario. | ||||
| .SH "EXAMPLES" | ||||
| .IX Header "EXAMPLES" | ||||
| This example demonstrates the calling sequence for using an \fB\s-1EVP_PKEY\s0\fR to verify | ||||
| a message with the \s-1SM2\s0 signature algorithm and the \s-1SM3\s0 hash algorithm: | ||||
| .PP | ||||
| .Vb 1 | ||||
| \& #include <openssl/evp.h> | ||||
| \& | ||||
| \& /* obtain an EVP_PKEY using whatever methods... */ | ||||
| \& EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); | ||||
| \& mctx = EVP_MD_CTX_new(); | ||||
| \& pctx = EVP_PKEY_CTX_new(pkey, NULL); | ||||
| \& EVP_PKEY_CTX_set1_id(pctx, id, id_len); | ||||
| \& EVP_MD_CTX_set_pkey_ctx(mctx, pctx);; | ||||
| \& EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey); | ||||
| \& EVP_DigestVerifyUpdate(mctx, msg, msg_len); | ||||
| \& EVP_DigestVerifyFinal(mctx, sig, sig_len) | ||||
| .Ve | ||||
| .SH "SEE ALSO" | ||||
| .IX Header "SEE ALSO" | ||||
| \&\fBEVP_PKEY_CTX_new\fR\|(3), | ||||
| \&\fBEVP_PKEY_set_alias_type\fR\|(3), | ||||
| \&\fBEVP_DigestSignInit\fR\|(3), | ||||
| \&\fBEVP_DigestVerifyInit\fR\|(3), | ||||
| \&\fBEVP_PKEY_CTX_set1_id\fR\|(3), | ||||
| \&\fBEVP_MD_CTX_set_pkey_ctx\fR\|(3) | ||||
| .SH "COPYRIGHT" | ||||
| .IX Header "COPYRIGHT" | ||||
| Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. | ||||
| .PP | ||||
| Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use | ||||
| this file except in compliance with the License.  You can obtain a copy | ||||
| in the file \s-1LICENSE\s0 in the source distribution or at | ||||
| <https://www.openssl.org/source/license.html>. | ||||
							
								
								
									
										208
									
								
								deps/openssl/mingw64/share/man/man7/X25519.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										208
									
								
								deps/openssl/mingw64/share/man/man7/X25519.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,208 @@ | ||||
| .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) | ||||
| .\" | ||||
| .\" Standard preamble: | ||||
| .\" ======================================================================== | ||||
| .de Sp \" Vertical space (when we can't use .PP) | ||||
| .if t .sp .5v | ||||
| .if n .sp | ||||
| .. | ||||
| .de Vb \" Begin verbatim text | ||||
| .ft CW | ||||
| .nf | ||||
| .ne \\$1 | ||||
| .. | ||||
| .de Ve \" End verbatim text | ||||
| .ft R | ||||
| .fi | ||||
| .. | ||||
| .\" Set up some character translations and predefined strings.  \*(-- will | ||||
| .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | ||||
| .\" double quote, and \*(R" will give a right double quote.  \*(C+ will | ||||
| .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and | ||||
| .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff, | ||||
| .\" nothing in troff, for use with C<>. | ||||
| .tr \(*W- | ||||
| .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | ||||
| .ie n \{\ | ||||
| .    ds -- \(*W- | ||||
| .    ds PI pi | ||||
| .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | ||||
| .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch | ||||
| .    ds L" "" | ||||
| .    ds R" "" | ||||
| .    ds C` "" | ||||
| .    ds C' "" | ||||
| 'br\} | ||||
| .el\{\ | ||||
| .    ds -- \|\(em\| | ||||
| .    ds PI \(*p | ||||
| .    ds L" `` | ||||
| .    ds R" '' | ||||
| .    ds C` | ||||
| .    ds C' | ||||
| 'br\} | ||||
| .\" | ||||
| .\" Escape single quotes in literal strings from groff's Unicode transform. | ||||
| .ie \n(.g .ds Aq \(aq | ||||
| .el       .ds Aq ' | ||||
| .\" | ||||
| .\" If the F register is >0, we'll generate index entries on stderr for | ||||
| .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | ||||
| .\" entries marked with X<> in POD.  Of course, you'll have to process the | ||||
| .\" output yourself in some meaningful fashion. | ||||
| .\" | ||||
| .\" Avoid warning from groff about undefined register 'F'. | ||||
| .de IX | ||||
| .. | ||||
| .nr rF 0 | ||||
| .if \n(.g .if rF .nr rF 1 | ||||
| .if (\n(rF:(\n(.g==0)) \{\ | ||||
| .    if \nF \{\ | ||||
| .        de IX | ||||
| .        tm Index:\\$1\t\\n%\t"\\$2" | ||||
| .. | ||||
| .        if !\nF==2 \{\ | ||||
| .            nr % 0 | ||||
| .            nr F 2 | ||||
| .        \} | ||||
| .    \} | ||||
| .\} | ||||
| .rr rF | ||||
| .\" | ||||
| .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | ||||
| .\" Fear.  Run.  Save yourself.  No user-serviceable parts. | ||||
| .    \" fudge factors for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds #H 0 | ||||
| .    ds #V .8m | ||||
| .    ds #F .3m | ||||
| .    ds #[ \f1 | ||||
| .    ds #] \fP | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds #H ((1u-(\\\\n(.fu%2u))*.13m) | ||||
| .    ds #V .6m | ||||
| .    ds #F 0 | ||||
| .    ds #[ \& | ||||
| .    ds #] \& | ||||
| .\} | ||||
| .    \" simple accents for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds ' \& | ||||
| .    ds ` \& | ||||
| .    ds ^ \& | ||||
| .    ds , \& | ||||
| .    ds ~ ~ | ||||
| .    ds / | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | ||||
| .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | ||||
| .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | ||||
| .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | ||||
| .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | ||||
| .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | ||||
| .\} | ||||
| .    \" troff and (daisy-wheel) nroff accents | ||||
| .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | ||||
| .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | ||||
| .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | ||||
| .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | ||||
| .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | ||||
| .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | ||||
| .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | ||||
| .ds ae a\h'-(\w'a'u*4/10)'e | ||||
| .ds Ae A\h'-(\w'A'u*4/10)'E | ||||
| .    \" corrections for vroff | ||||
| .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | ||||
| .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | ||||
| .    \" for low resolution devices (crt and lpr) | ||||
| .if \n(.H>23 .if \n(.V>19 \ | ||||
| \{\ | ||||
| .    ds : e | ||||
| .    ds 8 ss | ||||
| .    ds o a | ||||
| .    ds d- d\h'-1'\(ga | ||||
| .    ds D- D\h'-1'\(hy | ||||
| .    ds th \o'bp' | ||||
| .    ds Th \o'LP' | ||||
| .    ds ae ae | ||||
| .    ds Ae AE | ||||
| .\} | ||||
| .rm #[ #] #H #V #F C | ||||
| .\" ======================================================================== | ||||
| .\" | ||||
| .IX Title "X25519 7" | ||||
| .TH X25519 7 "2020-04-21" "1.1.1g" "OpenSSL" | ||||
| .\" For nroff, turn off justification.  Always turn off hyphenation; it makes | ||||
| .\" way too many mistakes in technical documents. | ||||
| .if n .ad l | ||||
| .nh | ||||
| .SH "NAME" | ||||
| X25519, X448 \&\- EVP_PKEY X25519 and X448 support | ||||
| .SH "DESCRIPTION" | ||||
| .IX Header "DESCRIPTION" | ||||
| The \fBX25519\fR and \fBX448\fR \s-1EVP_PKEY\s0 implementation supports key generation and | ||||
| key derivation using \fBX25519\fR and \fBX448\fR. It has associated private and public | ||||
| key formats compatible with \s-1RFC 8410.\s0 | ||||
| .PP | ||||
| No additional parameters can be set during key generation. | ||||
| .PP | ||||
| The peer public key must be set using \fBEVP_PKEY_derive_set_peer()\fR when | ||||
| performing key derivation. | ||||
| .SH "NOTES" | ||||
| .IX Header "NOTES" | ||||
| A context for the \fBX25519\fR algorithm can be obtained by calling: | ||||
| .PP | ||||
| .Vb 1 | ||||
| \& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL); | ||||
| .Ve | ||||
| .PP | ||||
| For the \fBX448\fR algorithm a context can be obtained by calling: | ||||
| .PP | ||||
| .Vb 1 | ||||
| \& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X448, NULL); | ||||
| .Ve | ||||
| .PP | ||||
| X25519 or X448 private keys can be set directly using | ||||
| \&\fBEVP_PKEY_new_raw_private_key\fR\|(3) or loaded from a PKCS#8 private key file | ||||
| using \fBPEM_read_bio_PrivateKey\fR\|(3) (or similar function). Completely new keys | ||||
| can also be generated (see the example below). Setting a private key also sets | ||||
| the associated public key. | ||||
| .PP | ||||
| X25519 or X448 public keys can be set directly using | ||||
| \&\fBEVP_PKEY_new_raw_public_key\fR\|(3) or loaded from a SubjectPublicKeyInfo | ||||
| structure in a \s-1PEM\s0 file using \fBPEM_read_bio_PUBKEY\fR\|(3) (or similar function). | ||||
| .SH "EXAMPLES" | ||||
| .IX Header "EXAMPLES" | ||||
| This example generates an \fBX25519\fR private key and writes it to standard | ||||
| output in \s-1PEM\s0 format: | ||||
| .PP | ||||
| .Vb 9 | ||||
| \& #include <openssl/evp.h> | ||||
| \& #include <openssl/pem.h> | ||||
| \& ... | ||||
| \& EVP_PKEY *pkey = NULL; | ||||
| \& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL); | ||||
| \& EVP_PKEY_keygen_init(pctx); | ||||
| \& EVP_PKEY_keygen(pctx, &pkey); | ||||
| \& EVP_PKEY_CTX_free(pctx); | ||||
| \& PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); | ||||
| .Ve | ||||
| .PP | ||||
| The key derivation example in \fBEVP_PKEY_derive\fR\|(3) can be used with | ||||
| \&\fBX25519\fR and \fBX448\fR. | ||||
| .SH "SEE ALSO" | ||||
| .IX Header "SEE ALSO" | ||||
| \&\fBEVP_PKEY_CTX_new\fR\|(3), | ||||
| \&\fBEVP_PKEY_keygen\fR\|(3), | ||||
| \&\fBEVP_PKEY_derive\fR\|(3), | ||||
| \&\fBEVP_PKEY_derive_set_peer\fR\|(3) | ||||
| .SH "COPYRIGHT" | ||||
| .IX Header "COPYRIGHT" | ||||
| Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. | ||||
| .PP | ||||
| Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use | ||||
| this file except in compliance with the License.  You can obtain a copy | ||||
| in the file \s-1LICENSE\s0 in the source distribution or at | ||||
| <https://www.openssl.org/source/license.html>. | ||||
							
								
								
									
										217
									
								
								deps/openssl/mingw64/share/man/man7/bio.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										217
									
								
								deps/openssl/mingw64/share/man/man7/bio.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,217 @@ | ||||
| .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) | ||||
| .\" | ||||
| .\" Standard preamble: | ||||
| .\" ======================================================================== | ||||
| .de Sp \" Vertical space (when we can't use .PP) | ||||
| .if t .sp .5v | ||||
| .if n .sp | ||||
| .. | ||||
| .de Vb \" Begin verbatim text | ||||
| .ft CW | ||||
| .nf | ||||
| .ne \\$1 | ||||
| .. | ||||
| .de Ve \" End verbatim text | ||||
| .ft R | ||||
| .fi | ||||
| .. | ||||
| .\" Set up some character translations and predefined strings.  \*(-- will | ||||
| .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | ||||
| .\" double quote, and \*(R" will give a right double quote.  \*(C+ will | ||||
| .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and | ||||
| .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff, | ||||
| .\" nothing in troff, for use with C<>. | ||||
| .tr \(*W- | ||||
| .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | ||||
| .ie n \{\ | ||||
| .    ds -- \(*W- | ||||
| .    ds PI pi | ||||
| .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | ||||
| .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch | ||||
| .    ds L" "" | ||||
| .    ds R" "" | ||||
| .    ds C` "" | ||||
| .    ds C' "" | ||||
| 'br\} | ||||
| .el\{\ | ||||
| .    ds -- \|\(em\| | ||||
| .    ds PI \(*p | ||||
| .    ds L" `` | ||||
| .    ds R" '' | ||||
| .    ds C` | ||||
| .    ds C' | ||||
| 'br\} | ||||
| .\" | ||||
| .\" Escape single quotes in literal strings from groff's Unicode transform. | ||||
| .ie \n(.g .ds Aq \(aq | ||||
| .el       .ds Aq ' | ||||
| .\" | ||||
| .\" If the F register is >0, we'll generate index entries on stderr for | ||||
| .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | ||||
| .\" entries marked with X<> in POD.  Of course, you'll have to process the | ||||
| .\" output yourself in some meaningful fashion. | ||||
| .\" | ||||
| .\" Avoid warning from groff about undefined register 'F'. | ||||
| .de IX | ||||
| .. | ||||
| .nr rF 0 | ||||
| .if \n(.g .if rF .nr rF 1 | ||||
| .if (\n(rF:(\n(.g==0)) \{\ | ||||
| .    if \nF \{\ | ||||
| .        de IX | ||||
| .        tm Index:\\$1\t\\n%\t"\\$2" | ||||
| .. | ||||
| .        if !\nF==2 \{\ | ||||
| .            nr % 0 | ||||
| .            nr F 2 | ||||
| .        \} | ||||
| .    \} | ||||
| .\} | ||||
| .rr rF | ||||
| .\" | ||||
| .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | ||||
| .\" Fear.  Run.  Save yourself.  No user-serviceable parts. | ||||
| .    \" fudge factors for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds #H 0 | ||||
| .    ds #V .8m | ||||
| .    ds #F .3m | ||||
| .    ds #[ \f1 | ||||
| .    ds #] \fP | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds #H ((1u-(\\\\n(.fu%2u))*.13m) | ||||
| .    ds #V .6m | ||||
| .    ds #F 0 | ||||
| .    ds #[ \& | ||||
| .    ds #] \& | ||||
| .\} | ||||
| .    \" simple accents for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds ' \& | ||||
| .    ds ` \& | ||||
| .    ds ^ \& | ||||
| .    ds , \& | ||||
| .    ds ~ ~ | ||||
| .    ds / | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | ||||
| .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | ||||
| .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | ||||
| .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | ||||
| .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | ||||
| .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | ||||
| .\} | ||||
| .    \" troff and (daisy-wheel) nroff accents | ||||
| .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | ||||
| .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | ||||
| .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | ||||
| .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | ||||
| .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | ||||
| .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | ||||
| .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | ||||
| .ds ae a\h'-(\w'a'u*4/10)'e | ||||
| .ds Ae A\h'-(\w'A'u*4/10)'E | ||||
| .    \" corrections for vroff | ||||
| .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | ||||
| .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | ||||
| .    \" for low resolution devices (crt and lpr) | ||||
| .if \n(.H>23 .if \n(.V>19 \ | ||||
| \{\ | ||||
| .    ds : e | ||||
| .    ds 8 ss | ||||
| .    ds o a | ||||
| .    ds d- d\h'-1'\(ga | ||||
| .    ds D- D\h'-1'\(hy | ||||
| .    ds th \o'bp' | ||||
| .    ds Th \o'LP' | ||||
| .    ds ae ae | ||||
| .    ds Ae AE | ||||
| .\} | ||||
| .rm #[ #] #H #V #F C | ||||
| .\" ======================================================================== | ||||
| .\" | ||||
| .IX Title "BIO 7" | ||||
| .TH BIO 7 "2020-04-21" "1.1.1g" "OpenSSL" | ||||
| .\" For nroff, turn off justification.  Always turn off hyphenation; it makes | ||||
| .\" way too many mistakes in technical documents. | ||||
| .if n .ad l | ||||
| .nh | ||||
| .SH "NAME" | ||||
| bio \- Basic I/O abstraction | ||||
| .SH "SYNOPSIS" | ||||
| .IX Header "SYNOPSIS" | ||||
| .Vb 1 | ||||
| \& #include <openssl/bio.h> | ||||
| .Ve | ||||
| .SH "DESCRIPTION" | ||||
| .IX Header "DESCRIPTION" | ||||
| A \s-1BIO\s0 is an I/O abstraction, it hides many of the underlying I/O | ||||
| details from an application. If an application uses a \s-1BIO\s0 for its | ||||
| I/O it can transparently handle \s-1SSL\s0 connections, unencrypted network | ||||
| connections and file I/O. | ||||
| .PP | ||||
| There are two type of \s-1BIO,\s0 a source/sink \s-1BIO\s0 and a filter \s-1BIO.\s0 | ||||
| .PP | ||||
| As its name implies a source/sink \s-1BIO\s0 is a source and/or sink of data, | ||||
| examples include a socket \s-1BIO\s0 and a file \s-1BIO.\s0 | ||||
| .PP | ||||
| A filter \s-1BIO\s0 takes data from one \s-1BIO\s0 and passes it through to | ||||
| another, or the application. The data may be left unmodified (for | ||||
| example a message digest \s-1BIO\s0) or translated (for example an | ||||
| encryption \s-1BIO\s0). The effect of a filter \s-1BIO\s0 may change according | ||||
| to the I/O operation it is performing: for example an encryption | ||||
| \&\s-1BIO\s0 will encrypt data if it is being written to and decrypt data | ||||
| if it is being read from. | ||||
| .PP | ||||
| BIOs can be joined together to form a chain (a single \s-1BIO\s0 is a chain | ||||
| with one component). A chain normally consist of one source/sink | ||||
| \&\s-1BIO\s0 and one or more filter BIOs. Data read from or written to the | ||||
| first \s-1BIO\s0 then traverses the chain to the end (normally a source/sink | ||||
| \&\s-1BIO\s0). | ||||
| .PP | ||||
| Some BIOs (such as memory BIOs) can be used immediately after calling | ||||
| \&\fBBIO_new()\fR. Others (such as file BIOs) need some additional initialization, | ||||
| and frequently a utility function exists to create and initialize such BIOs. | ||||
| .PP | ||||
| If \fBBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting | ||||
| in a memory leak. | ||||
| .PP | ||||
| Calling \fBBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling | ||||
| \&\fBBIO_free()\fR on it other than the discarded return value. | ||||
| .PP | ||||
| Normally the \fBtype\fR argument is supplied by a function which returns a | ||||
| pointer to a \s-1BIO_METHOD.\s0 There is a naming convention for such functions: | ||||
| a source/sink \s-1BIO\s0 is normally called BIO_s_*() and a filter \s-1BIO\s0 | ||||
| BIO_f_*(); | ||||
| .SH "EXAMPLES" | ||||
| .IX Header "EXAMPLES" | ||||
| Create a memory \s-1BIO:\s0 | ||||
| .PP | ||||
| .Vb 1 | ||||
| \& BIO *mem = BIO_new(BIO_s_mem()); | ||||
| .Ve | ||||
| .SH "SEE ALSO" | ||||
| .IX Header "SEE ALSO" | ||||
| \&\fBBIO_ctrl\fR\|(3), | ||||
| \&\fBBIO_f_base64\fR\|(3), \fBBIO_f_buffer\fR\|(3), | ||||
| \&\fBBIO_f_cipher\fR\|(3), \fBBIO_f_md\fR\|(3), | ||||
| \&\fBBIO_f_null\fR\|(3), \fBBIO_f_ssl\fR\|(3), | ||||
| \&\fBBIO_find_type\fR\|(3), \fBBIO_new\fR\|(3), | ||||
| \&\fBBIO_new_bio_pair\fR\|(3), | ||||
| \&\fBBIO_push\fR\|(3), \fBBIO_read_ex\fR\|(3), | ||||
| \&\fBBIO_s_accept\fR\|(3), \fBBIO_s_bio\fR\|(3), | ||||
| \&\fBBIO_s_connect\fR\|(3), \fBBIO_s_fd\fR\|(3), | ||||
| \&\fBBIO_s_file\fR\|(3), \fBBIO_s_mem\fR\|(3), | ||||
| \&\fBBIO_s_null\fR\|(3), \fBBIO_s_socket\fR\|(3), | ||||
| \&\fBBIO_set_callback\fR\|(3), | ||||
| \&\fBBIO_should_retry\fR\|(3) | ||||
| .SH "COPYRIGHT" | ||||
| .IX Header "COPYRIGHT" | ||||
| Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. | ||||
| .PP | ||||
| Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use | ||||
| this file except in compliance with the License.  You can obtain a copy | ||||
| in the file \s-1LICENSE\s0 in the source distribution or at | ||||
| <https://www.openssl.org/source/license.html>. | ||||
							
								
								
									
										191
									
								
								deps/openssl/mingw64/share/man/man7/crypto.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										191
									
								
								deps/openssl/mingw64/share/man/man7/crypto.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,191 @@ | ||||
| .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) | ||||
| .\" | ||||
| .\" Standard preamble: | ||||
| .\" ======================================================================== | ||||
| .de Sp \" Vertical space (when we can't use .PP) | ||||
| .if t .sp .5v | ||||
| .if n .sp | ||||
| .. | ||||
| .de Vb \" Begin verbatim text | ||||
| .ft CW | ||||
| .nf | ||||
| .ne \\$1 | ||||
| .. | ||||
| .de Ve \" End verbatim text | ||||
| .ft R | ||||
| .fi | ||||
| .. | ||||
| .\" Set up some character translations and predefined strings.  \*(-- will | ||||
| .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | ||||
| .\" double quote, and \*(R" will give a right double quote.  \*(C+ will | ||||
| .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and | ||||
| .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff, | ||||
| .\" nothing in troff, for use with C<>. | ||||
| .tr \(*W- | ||||
| .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | ||||
| .ie n \{\ | ||||
| .    ds -- \(*W- | ||||
| .    ds PI pi | ||||
| .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | ||||
| .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch | ||||
| .    ds L" "" | ||||
| .    ds R" "" | ||||
| .    ds C` "" | ||||
| .    ds C' "" | ||||
| 'br\} | ||||
| .el\{\ | ||||
| .    ds -- \|\(em\| | ||||
| .    ds PI \(*p | ||||
| .    ds L" `` | ||||
| .    ds R" '' | ||||
| .    ds C` | ||||
| .    ds C' | ||||
| 'br\} | ||||
| .\" | ||||
| .\" Escape single quotes in literal strings from groff's Unicode transform. | ||||
| .ie \n(.g .ds Aq \(aq | ||||
| .el       .ds Aq ' | ||||
| .\" | ||||
| .\" If the F register is >0, we'll generate index entries on stderr for | ||||
| .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | ||||
| .\" entries marked with X<> in POD.  Of course, you'll have to process the | ||||
| .\" output yourself in some meaningful fashion. | ||||
| .\" | ||||
| .\" Avoid warning from groff about undefined register 'F'. | ||||
| .de IX | ||||
| .. | ||||
| .nr rF 0 | ||||
| .if \n(.g .if rF .nr rF 1 | ||||
| .if (\n(rF:(\n(.g==0)) \{\ | ||||
| .    if \nF \{\ | ||||
| .        de IX | ||||
| .        tm Index:\\$1\t\\n%\t"\\$2" | ||||
| .. | ||||
| .        if !\nF==2 \{\ | ||||
| .            nr % 0 | ||||
| .            nr F 2 | ||||
| .        \} | ||||
| .    \} | ||||
| .\} | ||||
| .rr rF | ||||
| .\" | ||||
| .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | ||||
| .\" Fear.  Run.  Save yourself.  No user-serviceable parts. | ||||
| .    \" fudge factors for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds #H 0 | ||||
| .    ds #V .8m | ||||
| .    ds #F .3m | ||||
| .    ds #[ \f1 | ||||
| .    ds #] \fP | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds #H ((1u-(\\\\n(.fu%2u))*.13m) | ||||
| .    ds #V .6m | ||||
| .    ds #F 0 | ||||
| .    ds #[ \& | ||||
| .    ds #] \& | ||||
| .\} | ||||
| .    \" simple accents for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds ' \& | ||||
| .    ds ` \& | ||||
| .    ds ^ \& | ||||
| .    ds , \& | ||||
| .    ds ~ ~ | ||||
| .    ds / | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | ||||
| .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | ||||
| .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | ||||
| .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | ||||
| .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | ||||
| .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | ||||
| .\} | ||||
| .    \" troff and (daisy-wheel) nroff accents | ||||
| .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | ||||
| .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | ||||
| .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | ||||
| .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | ||||
| .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | ||||
| .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | ||||
| .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | ||||
| .ds ae a\h'-(\w'a'u*4/10)'e | ||||
| .ds Ae A\h'-(\w'A'u*4/10)'E | ||||
| .    \" corrections for vroff | ||||
| .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | ||||
| .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | ||||
| .    \" for low resolution devices (crt and lpr) | ||||
| .if \n(.H>23 .if \n(.V>19 \ | ||||
| \{\ | ||||
| .    ds : e | ||||
| .    ds 8 ss | ||||
| .    ds o a | ||||
| .    ds d- d\h'-1'\(ga | ||||
| .    ds D- D\h'-1'\(hy | ||||
| .    ds th \o'bp' | ||||
| .    ds Th \o'LP' | ||||
| .    ds ae ae | ||||
| .    ds Ae AE | ||||
| .\} | ||||
| .rm #[ #] #H #V #F C | ||||
| .\" ======================================================================== | ||||
| .\" | ||||
| .IX Title "CRYPTO 7" | ||||
| .TH CRYPTO 7 "2020-04-21" "1.1.1g" "OpenSSL" | ||||
| .\" For nroff, turn off justification.  Always turn off hyphenation; it makes | ||||
| .\" way too many mistakes in technical documents. | ||||
| .if n .ad l | ||||
| .nh | ||||
| .SH "NAME" | ||||
| crypto \- OpenSSL cryptographic library | ||||
| .SH "SYNOPSIS" | ||||
| .IX Header "SYNOPSIS" | ||||
| See the individual manual pages for details. | ||||
| .SH "DESCRIPTION" | ||||
| .IX Header "DESCRIPTION" | ||||
| The OpenSSL \fBcrypto\fR library implements a wide range of cryptographic | ||||
| algorithms used in various Internet standards. The services provided | ||||
| by this library are used by the OpenSSL implementations of \s-1SSL, TLS\s0 | ||||
| and S/MIME, and they have also been used to implement \s-1SSH,\s0 OpenPGP, and | ||||
| other cryptographic standards. | ||||
| .PP | ||||
| \&\fBlibcrypto\fR consists of a number of sub-libraries that implement the | ||||
| individual algorithms. | ||||
| .PP | ||||
| The functionality includes symmetric encryption, public key | ||||
| cryptography and key agreement, certificate handling, cryptographic | ||||
| hash functions, cryptographic pseudo-random number generator, and | ||||
| various utilities. | ||||
| .SH "NOTES" | ||||
| .IX Header "NOTES" | ||||
| Some of the newer functions follow a naming convention using the numbers | ||||
| \&\fB0\fR and \fB1\fR. For example the functions: | ||||
| .PP | ||||
| .Vb 2 | ||||
| \& int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); | ||||
| \& int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); | ||||
| .Ve | ||||
| .PP | ||||
| The \fB0\fR version uses the supplied structure pointer directly | ||||
| in the parent and it will be freed up when the parent is freed. | ||||
| In the above example \fBcrl\fR would be freed but \fBrev\fR would not. | ||||
| .PP | ||||
| The \fB1\fR function uses a copy of the supplied structure pointer | ||||
| (or in some cases increases its link count) in the parent and | ||||
| so both (\fBx\fR and \fBobj\fR above) should be freed up. | ||||
| .SH "RETURN VALUES" | ||||
| .IX Header "RETURN VALUES" | ||||
| See the individual manual pages for details. | ||||
| .SH "SEE ALSO" | ||||
| .IX Header "SEE ALSO" | ||||
| \&\fBopenssl\fR\|(1), \fBssl\fR\|(7) | ||||
| .SH "COPYRIGHT" | ||||
| .IX Header "COPYRIGHT" | ||||
| Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. | ||||
| .PP | ||||
| Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use | ||||
| this file except in compliance with the License.  You can obtain a copy | ||||
| in the file \s-1LICENSE\s0 in the source distribution or at | ||||
| <https://www.openssl.org/source/license.html>. | ||||
							
								
								
									
										185
									
								
								deps/openssl/mingw64/share/man/man7/ct.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										185
									
								
								deps/openssl/mingw64/share/man/man7/ct.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,185 @@ | ||||
| .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) | ||||
| .\" | ||||
| .\" Standard preamble: | ||||
| .\" ======================================================================== | ||||
| .de Sp \" Vertical space (when we can't use .PP) | ||||
| .if t .sp .5v | ||||
| .if n .sp | ||||
| .. | ||||
| .de Vb \" Begin verbatim text | ||||
| .ft CW | ||||
| .nf | ||||
| .ne \\$1 | ||||
| .. | ||||
| .de Ve \" End verbatim text | ||||
| .ft R | ||||
| .fi | ||||
| .. | ||||
| .\" Set up some character translations and predefined strings.  \*(-- will | ||||
| .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | ||||
| .\" double quote, and \*(R" will give a right double quote.  \*(C+ will | ||||
| .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and | ||||
| .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff, | ||||
| .\" nothing in troff, for use with C<>. | ||||
| .tr \(*W- | ||||
| .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | ||||
| .ie n \{\ | ||||
| .    ds -- \(*W- | ||||
| .    ds PI pi | ||||
| .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | ||||
| .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch | ||||
| .    ds L" "" | ||||
| .    ds R" "" | ||||
| .    ds C` "" | ||||
| .    ds C' "" | ||||
| 'br\} | ||||
| .el\{\ | ||||
| .    ds -- \|\(em\| | ||||
| .    ds PI \(*p | ||||
| .    ds L" `` | ||||
| .    ds R" '' | ||||
| .    ds C` | ||||
| .    ds C' | ||||
| 'br\} | ||||
| .\" | ||||
| .\" Escape single quotes in literal strings from groff's Unicode transform. | ||||
| .ie \n(.g .ds Aq \(aq | ||||
| .el       .ds Aq ' | ||||
| .\" | ||||
| .\" If the F register is >0, we'll generate index entries on stderr for | ||||
| .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | ||||
| .\" entries marked with X<> in POD.  Of course, you'll have to process the | ||||
| .\" output yourself in some meaningful fashion. | ||||
| .\" | ||||
| .\" Avoid warning from groff about undefined register 'F'. | ||||
| .de IX | ||||
| .. | ||||
| .nr rF 0 | ||||
| .if \n(.g .if rF .nr rF 1 | ||||
| .if (\n(rF:(\n(.g==0)) \{\ | ||||
| .    if \nF \{\ | ||||
| .        de IX | ||||
| .        tm Index:\\$1\t\\n%\t"\\$2" | ||||
| .. | ||||
| .        if !\nF==2 \{\ | ||||
| .            nr % 0 | ||||
| .            nr F 2 | ||||
| .        \} | ||||
| .    \} | ||||
| .\} | ||||
| .rr rF | ||||
| .\" | ||||
| .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | ||||
| .\" Fear.  Run.  Save yourself.  No user-serviceable parts. | ||||
| .    \" fudge factors for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds #H 0 | ||||
| .    ds #V .8m | ||||
| .    ds #F .3m | ||||
| .    ds #[ \f1 | ||||
| .    ds #] \fP | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds #H ((1u-(\\\\n(.fu%2u))*.13m) | ||||
| .    ds #V .6m | ||||
| .    ds #F 0 | ||||
| .    ds #[ \& | ||||
| .    ds #] \& | ||||
| .\} | ||||
| .    \" simple accents for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds ' \& | ||||
| .    ds ` \& | ||||
| .    ds ^ \& | ||||
| .    ds , \& | ||||
| .    ds ~ ~ | ||||
| .    ds / | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | ||||
| .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | ||||
| .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | ||||
| .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | ||||
| .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | ||||
| .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | ||||
| .\} | ||||
| .    \" troff and (daisy-wheel) nroff accents | ||||
| .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | ||||
| .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | ||||
| .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | ||||
| .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | ||||
| .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | ||||
| .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | ||||
| .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | ||||
| .ds ae a\h'-(\w'a'u*4/10)'e | ||||
| .ds Ae A\h'-(\w'A'u*4/10)'E | ||||
| .    \" corrections for vroff | ||||
| .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | ||||
| .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | ||||
| .    \" for low resolution devices (crt and lpr) | ||||
| .if \n(.H>23 .if \n(.V>19 \ | ||||
| \{\ | ||||
| .    ds : e | ||||
| .    ds 8 ss | ||||
| .    ds o a | ||||
| .    ds d- d\h'-1'\(ga | ||||
| .    ds D- D\h'-1'\(hy | ||||
| .    ds th \o'bp' | ||||
| .    ds Th \o'LP' | ||||
| .    ds ae ae | ||||
| .    ds Ae AE | ||||
| .\} | ||||
| .rm #[ #] #H #V #F C | ||||
| .\" ======================================================================== | ||||
| .\" | ||||
| .IX Title "CT 7" | ||||
| .TH CT 7 "2020-04-21" "1.1.1g" "OpenSSL" | ||||
| .\" For nroff, turn off justification.  Always turn off hyphenation; it makes | ||||
| .\" way too many mistakes in technical documents. | ||||
| .if n .ad l | ||||
| .nh | ||||
| .SH "NAME" | ||||
| ct \- Certificate Transparency | ||||
| .SH "SYNOPSIS" | ||||
| .IX Header "SYNOPSIS" | ||||
| .Vb 1 | ||||
| \& #include <openssl/ct.h> | ||||
| .Ve | ||||
| .SH "DESCRIPTION" | ||||
| .IX Header "DESCRIPTION" | ||||
| This library implements Certificate Transparency (\s-1CT\s0) verification for \s-1TLS\s0 | ||||
| clients, as defined in \s-1RFC 6962.\s0 This verification can provide some confidence | ||||
| that a certificate has been publicly logged in a set of \s-1CT\s0 logs. | ||||
| .PP | ||||
| By default, these checks are disabled. They can be enabled using | ||||
| \&\fBSSL_CTX_enable_ct\fR\|(3) or \fBSSL_enable_ct\fR\|(3). | ||||
| .PP | ||||
| This library can also be used to parse and examine \s-1CT\s0 data structures, such as | ||||
| Signed Certificate Timestamps (SCTs), or to read a list of \s-1CT\s0 logs. There are | ||||
| functions for: | ||||
| \&\- decoding and encoding SCTs in \s-1DER\s0 and \s-1TLS\s0 wire format. | ||||
| \&\- printing SCTs. | ||||
| \&\- verifying the authenticity of SCTs. | ||||
| \&\- loading a \s-1CT\s0 log list from a \s-1CONF\s0 file. | ||||
| .SH "SEE ALSO" | ||||
| .IX Header "SEE ALSO" | ||||
| \&\fBd2i_SCT_LIST\fR\|(3), | ||||
| \&\fBCTLOG_STORE_new\fR\|(3), | ||||
| \&\fBCTLOG_STORE_get0_log_by_id\fR\|(3), | ||||
| \&\fBSCT_new\fR\|(3), | ||||
| \&\fBSCT_print\fR\|(3), | ||||
| \&\fBSCT_validate\fR\|(3), | ||||
| \&\fBSCT_validate\fR\|(3), | ||||
| \&\fBCT_POLICY_EVAL_CTX_new\fR\|(3), | ||||
| \&\fBSSL_CTX_set_ct_validation_callback\fR\|(3) | ||||
| .SH "HISTORY" | ||||
| .IX Header "HISTORY" | ||||
| The ct library was added in OpenSSL 1.1.0. | ||||
| .SH "COPYRIGHT" | ||||
| .IX Header "COPYRIGHT" | ||||
| Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. | ||||
| .PP | ||||
| Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use | ||||
| this file except in compliance with the License.  You can obtain a copy | ||||
| in the file \s-1LICENSE\s0 in the source distribution or at | ||||
| <https://www.openssl.org/source/license.html>. | ||||
							
								
								
									
										295
									
								
								deps/openssl/mingw64/share/man/man7/des_modes.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										295
									
								
								deps/openssl/mingw64/share/man/man7/des_modes.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,295 @@ | ||||
| .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) | ||||
| .\" | ||||
| .\" Standard preamble: | ||||
| .\" ======================================================================== | ||||
| .de Sp \" Vertical space (when we can't use .PP) | ||||
| .if t .sp .5v | ||||
| .if n .sp | ||||
| .. | ||||
| .de Vb \" Begin verbatim text | ||||
| .ft CW | ||||
| .nf | ||||
| .ne \\$1 | ||||
| .. | ||||
| .de Ve \" End verbatim text | ||||
| .ft R | ||||
| .fi | ||||
| .. | ||||
| .\" Set up some character translations and predefined strings.  \*(-- will | ||||
| .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | ||||
| .\" double quote, and \*(R" will give a right double quote.  \*(C+ will | ||||
| .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and | ||||
| .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff, | ||||
| .\" nothing in troff, for use with C<>. | ||||
| .tr \(*W- | ||||
| .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | ||||
| .ie n \{\ | ||||
| .    ds -- \(*W- | ||||
| .    ds PI pi | ||||
| .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | ||||
| .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch | ||||
| .    ds L" "" | ||||
| .    ds R" "" | ||||
| .    ds C` "" | ||||
| .    ds C' "" | ||||
| 'br\} | ||||
| .el\{\ | ||||
| .    ds -- \|\(em\| | ||||
| .    ds PI \(*p | ||||
| .    ds L" `` | ||||
| .    ds R" '' | ||||
| .    ds C` | ||||
| .    ds C' | ||||
| 'br\} | ||||
| .\" | ||||
| .\" Escape single quotes in literal strings from groff's Unicode transform. | ||||
| .ie \n(.g .ds Aq \(aq | ||||
| .el       .ds Aq ' | ||||
| .\" | ||||
| .\" If the F register is >0, we'll generate index entries on stderr for | ||||
| .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | ||||
| .\" entries marked with X<> in POD.  Of course, you'll have to process the | ||||
| .\" output yourself in some meaningful fashion. | ||||
| .\" | ||||
| .\" Avoid warning from groff about undefined register 'F'. | ||||
| .de IX | ||||
| .. | ||||
| .nr rF 0 | ||||
| .if \n(.g .if rF .nr rF 1 | ||||
| .if (\n(rF:(\n(.g==0)) \{\ | ||||
| .    if \nF \{\ | ||||
| .        de IX | ||||
| .        tm Index:\\$1\t\\n%\t"\\$2" | ||||
| .. | ||||
| .        if !\nF==2 \{\ | ||||
| .            nr % 0 | ||||
| .            nr F 2 | ||||
| .        \} | ||||
| .    \} | ||||
| .\} | ||||
| .rr rF | ||||
| .\" | ||||
| .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | ||||
| .\" Fear.  Run.  Save yourself.  No user-serviceable parts. | ||||
| .    \" fudge factors for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds #H 0 | ||||
| .    ds #V .8m | ||||
| .    ds #F .3m | ||||
| .    ds #[ \f1 | ||||
| .    ds #] \fP | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds #H ((1u-(\\\\n(.fu%2u))*.13m) | ||||
| .    ds #V .6m | ||||
| .    ds #F 0 | ||||
| .    ds #[ \& | ||||
| .    ds #] \& | ||||
| .\} | ||||
| .    \" simple accents for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds ' \& | ||||
| .    ds ` \& | ||||
| .    ds ^ \& | ||||
| .    ds , \& | ||||
| .    ds ~ ~ | ||||
| .    ds / | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | ||||
| .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | ||||
| .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | ||||
| .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | ||||
| .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | ||||
| .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | ||||
| .\} | ||||
| .    \" troff and (daisy-wheel) nroff accents | ||||
| .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | ||||
| .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | ||||
| .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | ||||
| .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | ||||
| .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | ||||
| .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | ||||
| .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | ||||
| .ds ae a\h'-(\w'a'u*4/10)'e | ||||
| .ds Ae A\h'-(\w'A'u*4/10)'E | ||||
| .    \" corrections for vroff | ||||
| .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | ||||
| .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | ||||
| .    \" for low resolution devices (crt and lpr) | ||||
| .if \n(.H>23 .if \n(.V>19 \ | ||||
| \{\ | ||||
| .    ds : e | ||||
| .    ds 8 ss | ||||
| .    ds o a | ||||
| .    ds d- d\h'-1'\(ga | ||||
| .    ds D- D\h'-1'\(hy | ||||
| .    ds th \o'bp' | ||||
| .    ds Th \o'LP' | ||||
| .    ds ae ae | ||||
| .    ds Ae AE | ||||
| .\} | ||||
| .rm #[ #] #H #V #F C | ||||
| .\" ======================================================================== | ||||
| .\" | ||||
| .IX Title "DES_MODES 7" | ||||
| .TH DES_MODES 7 "2020-04-21" "1.1.1g" "OpenSSL" | ||||
| .\" For nroff, turn off justification.  Always turn off hyphenation; it makes | ||||
| .\" way too many mistakes in technical documents. | ||||
| .if n .ad l | ||||
| .nh | ||||
| .SH "NAME" | ||||
| des_modes \- the variants of DES and other crypto algorithms of OpenSSL | ||||
| .SH "DESCRIPTION" | ||||
| .IX Header "DESCRIPTION" | ||||
| Several crypto algorithms for OpenSSL can be used in a number of modes.  Those | ||||
| are used for using block ciphers in a way similar to stream ciphers, among | ||||
| other things. | ||||
| .SH "OVERVIEW" | ||||
| .IX Header "OVERVIEW" | ||||
| .SS "Electronic Codebook Mode (\s-1ECB\s0)" | ||||
| .IX Subsection "Electronic Codebook Mode (ECB)" | ||||
| Normally, this is found as the function \fIalgorithm\fR\fB_ecb_encrypt()\fR. | ||||
| .IP "\(bu" 2 | ||||
| 64 bits are enciphered at a time. | ||||
| .IP "\(bu" 2 | ||||
| The order of the blocks can be rearranged without detection. | ||||
| .IP "\(bu" 2 | ||||
| The same plaintext block always produces the same ciphertext block | ||||
| (for the same key) making it vulnerable to a 'dictionary attack'. | ||||
| .IP "\(bu" 2 | ||||
| An error will only affect one ciphertext block. | ||||
| .SS "Cipher Block Chaining Mode (\s-1CBC\s0)" | ||||
| .IX Subsection "Cipher Block Chaining Mode (CBC)" | ||||
| Normally, this is found as the function \fIalgorithm\fR\fB_cbc_encrypt()\fR. | ||||
| Be aware that \fBdes_cbc_encrypt()\fR is not really \s-1DES CBC\s0 (it does | ||||
| not update the \s-1IV\s0); use \fBdes_ncbc_encrypt()\fR instead. | ||||
| .IP "\(bu" 2 | ||||
| a multiple of 64 bits are enciphered at a time. | ||||
| .IP "\(bu" 2 | ||||
| The \s-1CBC\s0 mode produces the same ciphertext whenever the same | ||||
| plaintext is encrypted using the same key and starting variable. | ||||
| .IP "\(bu" 2 | ||||
| The chaining operation makes the ciphertext blocks dependent on the | ||||
| current and all preceding plaintext blocks and therefore blocks can not | ||||
| be rearranged. | ||||
| .IP "\(bu" 2 | ||||
| The use of different starting variables prevents the same plaintext | ||||
| enciphering to the same ciphertext. | ||||
| .IP "\(bu" 2 | ||||
| An error will affect the current and the following ciphertext blocks. | ||||
| .SS "Cipher Feedback Mode (\s-1CFB\s0)" | ||||
| .IX Subsection "Cipher Feedback Mode (CFB)" | ||||
| Normally, this is found as the function \fIalgorithm\fR\fB_cfb_encrypt()\fR. | ||||
| .IP "\(bu" 2 | ||||
| a number of bits (j) <= 64 are enciphered at a time. | ||||
| .IP "\(bu" 2 | ||||
| The \s-1CFB\s0 mode produces the same ciphertext whenever the same | ||||
| plaintext is encrypted using the same key and starting variable. | ||||
| .IP "\(bu" 2 | ||||
| The chaining operation makes the ciphertext variables dependent on the | ||||
| current and all preceding variables and therefore j\-bit variables are | ||||
| chained together and can not be rearranged. | ||||
| .IP "\(bu" 2 | ||||
| The use of different starting variables prevents the same plaintext | ||||
| enciphering to the same ciphertext. | ||||
| .IP "\(bu" 2 | ||||
| The strength of the \s-1CFB\s0 mode depends on the size of k (maximal if | ||||
| j == k).  In my implementation this is always the case. | ||||
| .IP "\(bu" 2 | ||||
| Selection of a small value for j will require more cycles through | ||||
| the encipherment algorithm per unit of plaintext and thus cause | ||||
| greater processing overheads. | ||||
| .IP "\(bu" 2 | ||||
| Only multiples of j bits can be enciphered. | ||||
| .IP "\(bu" 2 | ||||
| An error will affect the current and the following ciphertext variables. | ||||
| .SS "Output Feedback Mode (\s-1OFB\s0)" | ||||
| .IX Subsection "Output Feedback Mode (OFB)" | ||||
| Normally, this is found as the function \fIalgorithm\fR\fB_ofb_encrypt()\fR. | ||||
| .IP "\(bu" 2 | ||||
| a number of bits (j) <= 64 are enciphered at a time. | ||||
| .IP "\(bu" 2 | ||||
| The \s-1OFB\s0 mode produces the same ciphertext whenever the same | ||||
| plaintext enciphered using the same key and starting variable.  More | ||||
| over, in the \s-1OFB\s0 mode the same key stream is produced when the same | ||||
| key and start variable are used.  Consequently, for security reasons | ||||
| a specific start variable should be used only once for a given key. | ||||
| .IP "\(bu" 2 | ||||
| The absence of chaining makes the \s-1OFB\s0 more vulnerable to specific attacks. | ||||
| .IP "\(bu" 2 | ||||
| The use of different start variables values prevents the same | ||||
| plaintext enciphering to the same ciphertext, by producing different | ||||
| key streams. | ||||
| .IP "\(bu" 2 | ||||
| Selection of a small value for j will require more cycles through | ||||
| the encipherment algorithm per unit of plaintext and thus cause | ||||
| greater processing overheads. | ||||
| .IP "\(bu" 2 | ||||
| Only multiples of j bits can be enciphered. | ||||
| .IP "\(bu" 2 | ||||
| \&\s-1OFB\s0 mode of operation does not extend ciphertext errors in the | ||||
| resultant plaintext output.  Every bit error in the ciphertext causes | ||||
| only one bit to be in error in the deciphered plaintext. | ||||
| .IP "\(bu" 2 | ||||
| \&\s-1OFB\s0 mode is not self-synchronizing.  If the two operation of | ||||
| encipherment and decipherment get out of synchronism, the system needs | ||||
| to be re-initialized. | ||||
| .IP "\(bu" 2 | ||||
| Each re-initialization should use a value of the start variable | ||||
| different from the start variable values used before with the same | ||||
| key.  The reason for this is that an identical bit stream would be | ||||
| produced each time from the same parameters.  This would be | ||||
| susceptible to a 'known plaintext' attack. | ||||
| .SS "Triple \s-1ECB\s0 Mode" | ||||
| .IX Subsection "Triple ECB Mode" | ||||
| Normally, this is found as the function \fIalgorithm\fR\fB_ecb3_encrypt()\fR. | ||||
| .IP "\(bu" 2 | ||||
| Encrypt with key1, decrypt with key2 and encrypt with key3 again. | ||||
| .IP "\(bu" 2 | ||||
| As for \s-1ECB\s0 encryption but increases the key length to 168 bits. | ||||
| There are theoretic attacks that can be used that make the effective | ||||
| key length 112 bits, but this attack also requires 2^56 blocks of | ||||
| memory, not very likely, even for the \s-1NSA.\s0 | ||||
| .IP "\(bu" 2 | ||||
| If both keys are the same it is equivalent to encrypting once with | ||||
| just one key. | ||||
| .IP "\(bu" 2 | ||||
| If the first and last key are the same, the key length is 112 bits. | ||||
| There are attacks that could reduce the effective key strength | ||||
| to only slightly more than 56 bits, but these require a lot of memory. | ||||
| .IP "\(bu" 2 | ||||
| If all 3 keys are the same, this is effectively the same as normal | ||||
| ecb mode. | ||||
| .SS "Triple \s-1CBC\s0 Mode" | ||||
| .IX Subsection "Triple CBC Mode" | ||||
| Normally, this is found as the function \fIalgorithm\fR\fB_ede3_cbc_encrypt()\fR. | ||||
| .IP "\(bu" 2 | ||||
| Encrypt with key1, decrypt with key2 and then encrypt with key3. | ||||
| .IP "\(bu" 2 | ||||
| As for \s-1CBC\s0 encryption but increases the key length to 168 bits with | ||||
| the same restrictions as for triple ecb mode. | ||||
| .SH "NOTES" | ||||
| .IX Header "NOTES" | ||||
| This text was been written in large parts by Eric Young in his original | ||||
| documentation for SSLeay, the predecessor of OpenSSL.  In turn, he attributed | ||||
| it to: | ||||
| .PP | ||||
| .Vb 5 | ||||
| \&        AS 2805.5.2 | ||||
| \&        Australian Standard | ||||
| \&        Electronic funds transfer \- Requirements for interfaces, | ||||
| \&        Part 5.2: Modes of operation for an n\-bit block cipher algorithm | ||||
| \&        Appendix A | ||||
| .Ve | ||||
| .SH "SEE ALSO" | ||||
| .IX Header "SEE ALSO" | ||||
| \&\fBBF_encrypt\fR\|(3), \fBDES_crypt\fR\|(3) | ||||
| .SH "COPYRIGHT" | ||||
| .IX Header "COPYRIGHT" | ||||
| Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. | ||||
| .PP | ||||
| Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use | ||||
| this file except in compliance with the License.  You can obtain a copy | ||||
| in the file \s-1LICENSE\s0 in the source distribution or at | ||||
| <https://www.openssl.org/source/license.html>. | ||||
							
								
								
									
										236
									
								
								deps/openssl/mingw64/share/man/man7/evp.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										236
									
								
								deps/openssl/mingw64/share/man/man7/evp.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,236 @@ | ||||
| .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) | ||||
| .\" | ||||
| .\" Standard preamble: | ||||
| .\" ======================================================================== | ||||
| .de Sp \" Vertical space (when we can't use .PP) | ||||
| .if t .sp .5v | ||||
| .if n .sp | ||||
| .. | ||||
| .de Vb \" Begin verbatim text | ||||
| .ft CW | ||||
| .nf | ||||
| .ne \\$1 | ||||
| .. | ||||
| .de Ve \" End verbatim text | ||||
| .ft R | ||||
| .fi | ||||
| .. | ||||
| .\" Set up some character translations and predefined strings.  \*(-- will | ||||
| .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | ||||
| .\" double quote, and \*(R" will give a right double quote.  \*(C+ will | ||||
| .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and | ||||
| .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff, | ||||
| .\" nothing in troff, for use with C<>. | ||||
| .tr \(*W- | ||||
| .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | ||||
| .ie n \{\ | ||||
| .    ds -- \(*W- | ||||
| .    ds PI pi | ||||
| .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | ||||
| .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch | ||||
| .    ds L" "" | ||||
| .    ds R" "" | ||||
| .    ds C` "" | ||||
| .    ds C' "" | ||||
| 'br\} | ||||
| .el\{\ | ||||
| .    ds -- \|\(em\| | ||||
| .    ds PI \(*p | ||||
| .    ds L" `` | ||||
| .    ds R" '' | ||||
| .    ds C` | ||||
| .    ds C' | ||||
| 'br\} | ||||
| .\" | ||||
| .\" Escape single quotes in literal strings from groff's Unicode transform. | ||||
| .ie \n(.g .ds Aq \(aq | ||||
| .el       .ds Aq ' | ||||
| .\" | ||||
| .\" If the F register is >0, we'll generate index entries on stderr for | ||||
| .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | ||||
| .\" entries marked with X<> in POD.  Of course, you'll have to process the | ||||
| .\" output yourself in some meaningful fashion. | ||||
| .\" | ||||
| .\" Avoid warning from groff about undefined register 'F'. | ||||
| .de IX | ||||
| .. | ||||
| .nr rF 0 | ||||
| .if \n(.g .if rF .nr rF 1 | ||||
| .if (\n(rF:(\n(.g==0)) \{\ | ||||
| .    if \nF \{\ | ||||
| .        de IX | ||||
| .        tm Index:\\$1\t\\n%\t"\\$2" | ||||
| .. | ||||
| .        if !\nF==2 \{\ | ||||
| .            nr % 0 | ||||
| .            nr F 2 | ||||
| .        \} | ||||
| .    \} | ||||
| .\} | ||||
| .rr rF | ||||
| .\" | ||||
| .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | ||||
| .\" Fear.  Run.  Save yourself.  No user-serviceable parts. | ||||
| .    \" fudge factors for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds #H 0 | ||||
| .    ds #V .8m | ||||
| .    ds #F .3m | ||||
| .    ds #[ \f1 | ||||
| .    ds #] \fP | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds #H ((1u-(\\\\n(.fu%2u))*.13m) | ||||
| .    ds #V .6m | ||||
| .    ds #F 0 | ||||
| .    ds #[ \& | ||||
| .    ds #] \& | ||||
| .\} | ||||
| .    \" simple accents for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds ' \& | ||||
| .    ds ` \& | ||||
| .    ds ^ \& | ||||
| .    ds , \& | ||||
| .    ds ~ ~ | ||||
| .    ds / | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | ||||
| .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | ||||
| .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | ||||
| .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | ||||
| .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | ||||
| .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | ||||
| .\} | ||||
| .    \" troff and (daisy-wheel) nroff accents | ||||
| .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | ||||
| .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | ||||
| .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | ||||
| .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | ||||
| .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | ||||
| .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | ||||
| .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | ||||
| .ds ae a\h'-(\w'a'u*4/10)'e | ||||
| .ds Ae A\h'-(\w'A'u*4/10)'E | ||||
| .    \" corrections for vroff | ||||
| .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | ||||
| .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | ||||
| .    \" for low resolution devices (crt and lpr) | ||||
| .if \n(.H>23 .if \n(.V>19 \ | ||||
| \{\ | ||||
| .    ds : e | ||||
| .    ds 8 ss | ||||
| .    ds o a | ||||
| .    ds d- d\h'-1'\(ga | ||||
| .    ds D- D\h'-1'\(hy | ||||
| .    ds th \o'bp' | ||||
| .    ds Th \o'LP' | ||||
| .    ds ae ae | ||||
| .    ds Ae AE | ||||
| .\} | ||||
| .rm #[ #] #H #V #F C | ||||
| .\" ======================================================================== | ||||
| .\" | ||||
| .IX Title "EVP 7" | ||||
| .TH EVP 7 "2020-04-21" "1.1.1g" "OpenSSL" | ||||
| .\" For nroff, turn off justification.  Always turn off hyphenation; it makes | ||||
| .\" way too many mistakes in technical documents. | ||||
| .if n .ad l | ||||
| .nh | ||||
| .SH "NAME" | ||||
| evp \- high\-level cryptographic functions | ||||
| .SH "SYNOPSIS" | ||||
| .IX Header "SYNOPSIS" | ||||
| .Vb 1 | ||||
| \& #include <openssl/evp.h> | ||||
| .Ve | ||||
| .SH "DESCRIPTION" | ||||
| .IX Header "DESCRIPTION" | ||||
| The \s-1EVP\s0 library provides a high-level interface to cryptographic | ||||
| functions. | ||||
| .PP | ||||
| The \fBEVP_Seal\fR\fI\s-1XXX\s0\fR and \fBEVP_Open\fR\fI\s-1XXX\s0\fR | ||||
| functions provide public key encryption and decryption to implement digital \*(L"envelopes\*(R". | ||||
| .PP | ||||
| The \fBEVP_DigestSign\fR\fI\s-1XXX\s0\fR and | ||||
| \&\fBEVP_DigestVerify\fR\fI\s-1XXX\s0\fR functions implement | ||||
| digital signatures and Message Authentication Codes (MACs). Also see the older | ||||
| \&\fBEVP_Sign\fR\fI\s-1XXX\s0\fR and \fBEVP_Verify\fR\fI\s-1XXX\s0\fR | ||||
| functions. | ||||
| .PP | ||||
| Symmetric encryption is available with the \fBEVP_Encrypt\fR\fI\s-1XXX\s0\fR | ||||
| functions.  The \fBEVP_Digest\fR\fI\s-1XXX\s0\fR functions provide message digests. | ||||
| .PP | ||||
| The \fB\s-1EVP_PKEY\s0\fR\fI\s-1XXX\s0\fR functions provide a high level interface to | ||||
| asymmetric algorithms. To create a new \s-1EVP_PKEY\s0 see | ||||
| \&\fBEVP_PKEY_new\fR\|(3). EVP_PKEYs can be associated | ||||
| with a private key of a particular algorithm by using the functions | ||||
| described on the \fBEVP_PKEY_set1_RSA\fR\|(3) page, or | ||||
| new keys can be generated using \fBEVP_PKEY_keygen\fR\|(3). | ||||
| EVP_PKEYs can be compared using \fBEVP_PKEY_cmp\fR\|(3), or printed using | ||||
| \&\fBEVP_PKEY_print_private\fR\|(3). | ||||
| .PP | ||||
| The \s-1EVP_PKEY\s0 functions support the full range of asymmetric algorithm operations: | ||||
| .IP "For key agreement see \fBEVP_PKEY_derive\fR\|(3)" 4 | ||||
| .IX Item "For key agreement see EVP_PKEY_derive" | ||||
| .PD 0 | ||||
| .IP "For signing and verifying see \fBEVP_PKEY_sign\fR\|(3), \fBEVP_PKEY_verify\fR\|(3) and \fBEVP_PKEY_verify_recover\fR\|(3). However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the \fBEVP_DigestSignInit\fR\|(3) functions for this purpose." 4 | ||||
| .IX Item "For signing and verifying see EVP_PKEY_sign, EVP_PKEY_verify and EVP_PKEY_verify_recover. However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the EVP_DigestSignInit functions for this purpose." | ||||
| .ie n .IP "For encryption and decryption see \fBEVP_PKEY_encrypt\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ""digital envelope"" using the \fBEVP_SealInit\fR\|(3) and \fBEVP_OpenInit\fR\|(3) functions." 4 | ||||
| .el .IP "For encryption and decryption see \fBEVP_PKEY_encrypt\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ``digital envelope'' using the \fBEVP_SealInit\fR\|(3) and \fBEVP_OpenInit\fR\|(3) functions." 4 | ||||
| .IX Item "For encryption and decryption see EVP_PKEY_encrypt and EVP_PKEY_decrypt respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a digital envelope using the EVP_SealInit and EVP_OpenInit functions." | ||||
| .PD | ||||
| .PP | ||||
| The \fBEVP_BytesToKey\fR\|(3) function provides some limited support for password | ||||
| based encryption. Careful selection of the parameters will provide a PKCS#5 \s-1PBKDF1\s0 compatible | ||||
| implementation. However, new applications should not typically use this (preferring, for example, | ||||
| \&\s-1PBKDF2\s0 from PCKS#5). | ||||
| .PP | ||||
| The \fBEVP_Encode\fR\fI\s-1XXX\s0\fR and | ||||
| \&\fBEVP_Decode\fR\fI\s-1XXX\s0\fR functions implement base 64 encoding | ||||
| and decoding. | ||||
| .PP | ||||
| All the symmetric algorithms (ciphers), digests and asymmetric algorithms | ||||
| (public key algorithms) can be replaced by \s-1ENGINE\s0 modules providing alternative | ||||
| implementations. If \s-1ENGINE\s0 implementations of ciphers or digests are registered | ||||
| as defaults, then the various \s-1EVP\s0 functions will automatically use those | ||||
| implementations automatically in preference to built in software | ||||
| implementations. For more information, consult the \fBengine\fR\|(3) man page. | ||||
| .PP | ||||
| Although low level algorithm specific functions exist for many algorithms | ||||
| their use is discouraged. They cannot be used with an \s-1ENGINE\s0 and \s-1ENGINE\s0 | ||||
| versions of new algorithms cannot be accessed using the low level functions. | ||||
| Also makes code harder to adapt to new algorithms and some options are not | ||||
| cleanly supported at the low level and some operations are more efficient | ||||
| using the high level interface. | ||||
| .SH "SEE ALSO" | ||||
| .IX Header "SEE ALSO" | ||||
| \&\fBEVP_DigestInit\fR\|(3), | ||||
| \&\fBEVP_EncryptInit\fR\|(3), | ||||
| \&\fBEVP_OpenInit\fR\|(3), | ||||
| \&\fBEVP_SealInit\fR\|(3), | ||||
| \&\fBEVP_DigestSignInit\fR\|(3), | ||||
| \&\fBEVP_SignInit\fR\|(3), | ||||
| \&\fBEVP_VerifyInit\fR\|(3), | ||||
| \&\fBEVP_EncodeInit\fR\|(3), | ||||
| \&\fBEVP_PKEY_new\fR\|(3), | ||||
| \&\fBEVP_PKEY_set1_RSA\fR\|(3), | ||||
| \&\fBEVP_PKEY_keygen\fR\|(3), | ||||
| \&\fBEVP_PKEY_print_private\fR\|(3), | ||||
| \&\fBEVP_PKEY_decrypt\fR\|(3), | ||||
| \&\fBEVP_PKEY_encrypt\fR\|(3), | ||||
| \&\fBEVP_PKEY_sign\fR\|(3), | ||||
| \&\fBEVP_PKEY_verify\fR\|(3), | ||||
| \&\fBEVP_PKEY_verify_recover\fR\|(3), | ||||
| \&\fBEVP_PKEY_derive\fR\|(3), | ||||
| \&\fBEVP_BytesToKey\fR\|(3), | ||||
| \&\fBENGINE_by_id\fR\|(3) | ||||
| .SH "COPYRIGHT" | ||||
| .IX Header "COPYRIGHT" | ||||
| Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. | ||||
| .PP | ||||
| Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use | ||||
| this file except in compliance with the License.  You can obtain a copy | ||||
| in the file \s-1LICENSE\s0 in the source distribution or at | ||||
| <https://www.openssl.org/source/license.html>. | ||||
							
								
								
									
										191
									
								
								deps/openssl/mingw64/share/man/man7/ossl_store-file.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										191
									
								
								deps/openssl/mingw64/share/man/man7/ossl_store-file.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,191 @@ | ||||
| .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) | ||||
| .\" | ||||
| .\" Standard preamble: | ||||
| .\" ======================================================================== | ||||
| .de Sp \" Vertical space (when we can't use .PP) | ||||
| .if t .sp .5v | ||||
| .if n .sp | ||||
| .. | ||||
| .de Vb \" Begin verbatim text | ||||
| .ft CW | ||||
| .nf | ||||
| .ne \\$1 | ||||
| .. | ||||
| .de Ve \" End verbatim text | ||||
| .ft R | ||||
| .fi | ||||
| .. | ||||
| .\" Set up some character translations and predefined strings.  \*(-- will | ||||
| .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | ||||
| .\" double quote, and \*(R" will give a right double quote.  \*(C+ will | ||||
| .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and | ||||
| .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff, | ||||
| .\" nothing in troff, for use with C<>. | ||||
| .tr \(*W- | ||||
| .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | ||||
| .ie n \{\ | ||||
| .    ds -- \(*W- | ||||
| .    ds PI pi | ||||
| .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | ||||
| .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch | ||||
| .    ds L" "" | ||||
| .    ds R" "" | ||||
| .    ds C` "" | ||||
| .    ds C' "" | ||||
| 'br\} | ||||
| .el\{\ | ||||
| .    ds -- \|\(em\| | ||||
| .    ds PI \(*p | ||||
| .    ds L" `` | ||||
| .    ds R" '' | ||||
| .    ds C` | ||||
| .    ds C' | ||||
| 'br\} | ||||
| .\" | ||||
| .\" Escape single quotes in literal strings from groff's Unicode transform. | ||||
| .ie \n(.g .ds Aq \(aq | ||||
| .el       .ds Aq ' | ||||
| .\" | ||||
| .\" If the F register is >0, we'll generate index entries on stderr for | ||||
| .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | ||||
| .\" entries marked with X<> in POD.  Of course, you'll have to process the | ||||
| .\" output yourself in some meaningful fashion. | ||||
| .\" | ||||
| .\" Avoid warning from groff about undefined register 'F'. | ||||
| .de IX | ||||
| .. | ||||
| .nr rF 0 | ||||
| .if \n(.g .if rF .nr rF 1 | ||||
| .if (\n(rF:(\n(.g==0)) \{\ | ||||
| .    if \nF \{\ | ||||
| .        de IX | ||||
| .        tm Index:\\$1\t\\n%\t"\\$2" | ||||
| .. | ||||
| .        if !\nF==2 \{\ | ||||
| .            nr % 0 | ||||
| .            nr F 2 | ||||
| .        \} | ||||
| .    \} | ||||
| .\} | ||||
| .rr rF | ||||
| .\" | ||||
| .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | ||||
| .\" Fear.  Run.  Save yourself.  No user-serviceable parts. | ||||
| .    \" fudge factors for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds #H 0 | ||||
| .    ds #V .8m | ||||
| .    ds #F .3m | ||||
| .    ds #[ \f1 | ||||
| .    ds #] \fP | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds #H ((1u-(\\\\n(.fu%2u))*.13m) | ||||
| .    ds #V .6m | ||||
| .    ds #F 0 | ||||
| .    ds #[ \& | ||||
| .    ds #] \& | ||||
| .\} | ||||
| .    \" simple accents for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds ' \& | ||||
| .    ds ` \& | ||||
| .    ds ^ \& | ||||
| .    ds , \& | ||||
| .    ds ~ ~ | ||||
| .    ds / | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | ||||
| .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | ||||
| .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | ||||
| .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | ||||
| .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | ||||
| .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | ||||
| .\} | ||||
| .    \" troff and (daisy-wheel) nroff accents | ||||
| .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | ||||
| .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | ||||
| .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | ||||
| .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | ||||
| .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | ||||
| .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | ||||
| .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | ||||
| .ds ae a\h'-(\w'a'u*4/10)'e | ||||
| .ds Ae A\h'-(\w'A'u*4/10)'E | ||||
| .    \" corrections for vroff | ||||
| .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | ||||
| .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | ||||
| .    \" for low resolution devices (crt and lpr) | ||||
| .if \n(.H>23 .if \n(.V>19 \ | ||||
| \{\ | ||||
| .    ds : e | ||||
| .    ds 8 ss | ||||
| .    ds o a | ||||
| .    ds d- d\h'-1'\(ga | ||||
| .    ds D- D\h'-1'\(hy | ||||
| .    ds th \o'bp' | ||||
| .    ds Th \o'LP' | ||||
| .    ds ae ae | ||||
| .    ds Ae AE | ||||
| .\} | ||||
| .rm #[ #] #H #V #F C | ||||
| .\" ======================================================================== | ||||
| .\" | ||||
| .IX Title "OSSL_STORE-FILE 7" | ||||
| .TH OSSL_STORE-FILE 7 "2020-04-21" "1.1.1g" "OpenSSL" | ||||
| .\" For nroff, turn off justification.  Always turn off hyphenation; it makes | ||||
| .\" way too many mistakes in technical documents. | ||||
| .if n .ad l | ||||
| .nh | ||||
| .SH "NAME" | ||||
| ossl_store\-file \- The store 'file' scheme loader | ||||
| .SH "SYNOPSIS" | ||||
| .IX Header "SYNOPSIS" | ||||
| #include <openssl/store.h> | ||||
| .SH "DESCRIPTION" | ||||
| .IX Header "DESCRIPTION" | ||||
| Support for the 'file' scheme is built into \f(CW\*(C`libcrypto\*(C'\fR. | ||||
| Since files come in all kinds of formats and content types, the 'file' | ||||
| scheme has its own layer of functionality called \*(L"file handlers\*(R", | ||||
| which are used to try to decode diverse types of file contents. | ||||
| .PP | ||||
| In case a file is formatted as \s-1PEM,\s0 each called file handler receives | ||||
| the \s-1PEM\s0 name (everything following any '\f(CW\*(C`\-\-\-\-\-BEGIN \*(C'\fR') as well as | ||||
| possible \s-1PEM\s0 headers, together with the decoded \s-1PEM\s0 body.  Since \s-1PEM\s0 | ||||
| formatted files can contain more than one object, the file handlers | ||||
| are called upon for each such object. | ||||
| .PP | ||||
| If the file isn't determined to be formatted as \s-1PEM,\s0 the content is | ||||
| loaded in raw form in its entirety and passed to the available file | ||||
| handlers as is, with no \s-1PEM\s0 name or headers. | ||||
| .PP | ||||
| Each file handler is expected to handle \s-1PEM\s0 and non-PEM content as | ||||
| appropriate.  Some may refuse non-PEM content for the sake of | ||||
| determinism (for example, there are keys out in the wild that are | ||||
| represented as an \s-1ASN.1 OCTET STRING.\s0  In raw form, it's not easily | ||||
| possible to distinguish those from any other data coming as an \s-1ASN.1 | ||||
| OCTET STRING,\s0 so such keys would naturally be accepted as \s-1PEM\s0 files | ||||
| only). | ||||
| .SH "NOTES" | ||||
| .IX Header "NOTES" | ||||
| When needed, the 'file' scheme loader will require a pass phrase by | ||||
| using the \f(CW\*(C`UI_METHOD\*(C'\fR that was passed via \fBOSSL_STORE_open()\fR. | ||||
| This pass phrase is expected to be \s-1UTF\-8\s0 encoded, anything else will | ||||
| give an undefined result. | ||||
| The files made accessible through this loader are expected to be | ||||
| standard compliant with regards to pass phrase encoding. | ||||
| Files that aren't should be re-generated with a correctly encoded pass | ||||
| phrase. | ||||
| See \fBpassphrase\-encoding\fR\|(7) for more information. | ||||
| .SH "SEE ALSO" | ||||
| .IX Header "SEE ALSO" | ||||
| \&\fBossl_store\fR\|(7), \fBpassphrase\-encoding\fR\|(7) | ||||
| .SH "COPYRIGHT" | ||||
| .IX Header "COPYRIGHT" | ||||
| Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. | ||||
| .PP | ||||
| Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use | ||||
| this file except in compliance with the License.  You can obtain a copy | ||||
| in the file \s-1LICENSE\s0 in the source distribution or at | ||||
| <https://www.openssl.org/source/license.html>. | ||||
							
								
								
									
										215
									
								
								deps/openssl/mingw64/share/man/man7/ossl_store.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										215
									
								
								deps/openssl/mingw64/share/man/man7/ossl_store.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,215 @@ | ||||
| .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) | ||||
| .\" | ||||
| .\" Standard preamble: | ||||
| .\" ======================================================================== | ||||
| .de Sp \" Vertical space (when we can't use .PP) | ||||
| .if t .sp .5v | ||||
| .if n .sp | ||||
| .. | ||||
| .de Vb \" Begin verbatim text | ||||
| .ft CW | ||||
| .nf | ||||
| .ne \\$1 | ||||
| .. | ||||
| .de Ve \" End verbatim text | ||||
| .ft R | ||||
| .fi | ||||
| .. | ||||
| .\" Set up some character translations and predefined strings.  \*(-- will | ||||
| .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | ||||
| .\" double quote, and \*(R" will give a right double quote.  \*(C+ will | ||||
| .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and | ||||
| .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff, | ||||
| .\" nothing in troff, for use with C<>. | ||||
| .tr \(*W- | ||||
| .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | ||||
| .ie n \{\ | ||||
| .    ds -- \(*W- | ||||
| .    ds PI pi | ||||
| .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | ||||
| .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch | ||||
| .    ds L" "" | ||||
| .    ds R" "" | ||||
| .    ds C` "" | ||||
| .    ds C' "" | ||||
| 'br\} | ||||
| .el\{\ | ||||
| .    ds -- \|\(em\| | ||||
| .    ds PI \(*p | ||||
| .    ds L" `` | ||||
| .    ds R" '' | ||||
| .    ds C` | ||||
| .    ds C' | ||||
| 'br\} | ||||
| .\" | ||||
| .\" Escape single quotes in literal strings from groff's Unicode transform. | ||||
| .ie \n(.g .ds Aq \(aq | ||||
| .el       .ds Aq ' | ||||
| .\" | ||||
| .\" If the F register is >0, we'll generate index entries on stderr for | ||||
| .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | ||||
| .\" entries marked with X<> in POD.  Of course, you'll have to process the | ||||
| .\" output yourself in some meaningful fashion. | ||||
| .\" | ||||
| .\" Avoid warning from groff about undefined register 'F'. | ||||
| .de IX | ||||
| .. | ||||
| .nr rF 0 | ||||
| .if \n(.g .if rF .nr rF 1 | ||||
| .if (\n(rF:(\n(.g==0)) \{\ | ||||
| .    if \nF \{\ | ||||
| .        de IX | ||||
| .        tm Index:\\$1\t\\n%\t"\\$2" | ||||
| .. | ||||
| .        if !\nF==2 \{\ | ||||
| .            nr % 0 | ||||
| .            nr F 2 | ||||
| .        \} | ||||
| .    \} | ||||
| .\} | ||||
| .rr rF | ||||
| .\" | ||||
| .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | ||||
| .\" Fear.  Run.  Save yourself.  No user-serviceable parts. | ||||
| .    \" fudge factors for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds #H 0 | ||||
| .    ds #V .8m | ||||
| .    ds #F .3m | ||||
| .    ds #[ \f1 | ||||
| .    ds #] \fP | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds #H ((1u-(\\\\n(.fu%2u))*.13m) | ||||
| .    ds #V .6m | ||||
| .    ds #F 0 | ||||
| .    ds #[ \& | ||||
| .    ds #] \& | ||||
| .\} | ||||
| .    \" simple accents for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds ' \& | ||||
| .    ds ` \& | ||||
| .    ds ^ \& | ||||
| .    ds , \& | ||||
| .    ds ~ ~ | ||||
| .    ds / | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | ||||
| .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | ||||
| .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | ||||
| .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | ||||
| .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | ||||
| .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | ||||
| .\} | ||||
| .    \" troff and (daisy-wheel) nroff accents | ||||
| .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | ||||
| .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | ||||
| .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | ||||
| .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | ||||
| .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | ||||
| .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | ||||
| .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | ||||
| .ds ae a\h'-(\w'a'u*4/10)'e | ||||
| .ds Ae A\h'-(\w'A'u*4/10)'E | ||||
| .    \" corrections for vroff | ||||
| .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | ||||
| .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | ||||
| .    \" for low resolution devices (crt and lpr) | ||||
| .if \n(.H>23 .if \n(.V>19 \ | ||||
| \{\ | ||||
| .    ds : e | ||||
| .    ds 8 ss | ||||
| .    ds o a | ||||
| .    ds d- d\h'-1'\(ga | ||||
| .    ds D- D\h'-1'\(hy | ||||
| .    ds th \o'bp' | ||||
| .    ds Th \o'LP' | ||||
| .    ds ae ae | ||||
| .    ds Ae AE | ||||
| .\} | ||||
| .rm #[ #] #H #V #F C | ||||
| .\" ======================================================================== | ||||
| .\" | ||||
| .IX Title "OSSL_STORE 7" | ||||
| .TH OSSL_STORE 7 "2020-04-21" "1.1.1g" "OpenSSL" | ||||
| .\" For nroff, turn off justification.  Always turn off hyphenation; it makes | ||||
| .\" way too many mistakes in technical documents. | ||||
| .if n .ad l | ||||
| .nh | ||||
| .SH "NAME" | ||||
| ossl_store \- Store retrieval functions | ||||
| .SH "SYNOPSIS" | ||||
| .IX Header "SYNOPSIS" | ||||
| #include <openssl/store.h> | ||||
| .SH "DESCRIPTION" | ||||
| .IX Header "DESCRIPTION" | ||||
| .SS "General" | ||||
| .IX Subsection "General" | ||||
| A \s-1STORE\s0 is a layer of functionality to retrieve a number of supported | ||||
| objects from a repository of any kind, addressable as a file name or | ||||
| as a \s-1URI.\s0 | ||||
| .PP | ||||
| The functionality supports the pattern \*(L"open a channel to the | ||||
| repository\*(R", \*(L"loop and retrieve one object at a time\*(R", and \*(L"finish up | ||||
| by closing the channel\*(R". | ||||
| .PP | ||||
| The retrieved objects are returned as a wrapper type \fB\s-1OSSL_STORE_INFO\s0\fR, | ||||
| from which an OpenSSL type can be retrieved. | ||||
| .SS "\s-1URI\s0 schemes and loaders" | ||||
| .IX Subsection "URI schemes and loaders" | ||||
| Support for a \s-1URI\s0 scheme is called a \s-1STORE\s0 \*(L"loader\*(R", and can be added | ||||
| dynamically from the calling application or from a loadable engine. | ||||
| .PP | ||||
| Support for the 'file' scheme is built into \f(CW\*(C`libcrypto\*(C'\fR. | ||||
| See \fBossl_store\-file\fR\|(7) for more information. | ||||
| .SS "\s-1UI_METHOD\s0 and pass phrases" | ||||
| .IX Subsection "UI_METHOD and pass phrases" | ||||
| The \fB\s-1OSS_STORE\s0\fR \s-1API\s0 does nothing to enforce any specific format or | ||||
| encoding on the pass phrase that the \fB\s-1UI_METHOD\s0\fR provides.  However, | ||||
| the pass phrase is expected to be \s-1UTF\-8\s0 encoded.  The result of any | ||||
| other encoding is undefined. | ||||
| .SH "EXAMPLES" | ||||
| .IX Header "EXAMPLES" | ||||
| .SS "A generic call" | ||||
| .IX Subsection "A generic call" | ||||
| .Vb 1 | ||||
| \& OSSL_STORE_CTX *ctx = OSSL_STORE_open("file:/foo/bar/data.pem"); | ||||
| \& | ||||
| \& /* | ||||
| \&  * OSSL_STORE_eof() simulates file semantics for any repository to signal | ||||
| \&  * that no more data can be expected | ||||
| \&  */ | ||||
| \& while (!OSSL_STORE_eof(ctx)) { | ||||
| \&     OSSL_STORE_INFO *info = OSSL_STORE_load(ctx); | ||||
| \& | ||||
| \&     /* | ||||
| \&      * Do whatever is necessary with the OSSL_STORE_INFO, | ||||
| \&      * here just one example | ||||
| \&      */ | ||||
| \&     switch (OSSL_STORE_INFO_get_type(info)) { | ||||
| \&     case OSSL_STORE_INFO_X509: | ||||
| \&         /* Print the X.509 certificate text */ | ||||
| \&         X509_print_fp(stdout, OSSL_STORE_INFO_get0_CERT(info)); | ||||
| \&         /* Print the X.509 certificate PEM output */ | ||||
| \&         PEM_write_X509(stdout, OSSL_STORE_INFO_get0_CERT(info)); | ||||
| \&         break; | ||||
| \&     } | ||||
| \& } | ||||
| \& | ||||
| \& OSSL_STORE_close(ctx); | ||||
| .Ve | ||||
| .SH "SEE ALSO" | ||||
| .IX Header "SEE ALSO" | ||||
| \&\s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \s-1\fBOSSL_STORE_LOADER\s0\fR\|(3), | ||||
| \&\fBOSSL_STORE_open\fR\|(3), \fBOSSL_STORE_expect\fR\|(3), | ||||
| \&\s-1\fBOSSL_STORE_SEARCH\s0\fR\|(3) | ||||
| .SH "COPYRIGHT" | ||||
| .IX Header "COPYRIGHT" | ||||
| Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. | ||||
| .PP | ||||
| Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use | ||||
| this file except in compliance with the License.  You can obtain a copy | ||||
| in the file \s-1LICENSE\s0 in the source distribution or at | ||||
| <https://www.openssl.org/source/license.html>. | ||||
							
								
								
									
										287
									
								
								deps/openssl/mingw64/share/man/man7/passphrase-encoding.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										287
									
								
								deps/openssl/mingw64/share/man/man7/passphrase-encoding.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,287 @@ | ||||
| .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) | ||||
| .\" | ||||
| .\" Standard preamble: | ||||
| .\" ======================================================================== | ||||
| .de Sp \" Vertical space (when we can't use .PP) | ||||
| .if t .sp .5v | ||||
| .if n .sp | ||||
| .. | ||||
| .de Vb \" Begin verbatim text | ||||
| .ft CW | ||||
| .nf | ||||
| .ne \\$1 | ||||
| .. | ||||
| .de Ve \" End verbatim text | ||||
| .ft R | ||||
| .fi | ||||
| .. | ||||
| .\" Set up some character translations and predefined strings.  \*(-- will | ||||
| .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | ||||
| .\" double quote, and \*(R" will give a right double quote.  \*(C+ will | ||||
| .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and | ||||
| .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff, | ||||
| .\" nothing in troff, for use with C<>. | ||||
| .tr \(*W- | ||||
| .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | ||||
| .ie n \{\ | ||||
| .    ds -- \(*W- | ||||
| .    ds PI pi | ||||
| .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | ||||
| .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch | ||||
| .    ds L" "" | ||||
| .    ds R" "" | ||||
| .    ds C` "" | ||||
| .    ds C' "" | ||||
| 'br\} | ||||
| .el\{\ | ||||
| .    ds -- \|\(em\| | ||||
| .    ds PI \(*p | ||||
| .    ds L" `` | ||||
| .    ds R" '' | ||||
| .    ds C` | ||||
| .    ds C' | ||||
| 'br\} | ||||
| .\" | ||||
| .\" Escape single quotes in literal strings from groff's Unicode transform. | ||||
| .ie \n(.g .ds Aq \(aq | ||||
| .el       .ds Aq ' | ||||
| .\" | ||||
| .\" If the F register is >0, we'll generate index entries on stderr for | ||||
| .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | ||||
| .\" entries marked with X<> in POD.  Of course, you'll have to process the | ||||
| .\" output yourself in some meaningful fashion. | ||||
| .\" | ||||
| .\" Avoid warning from groff about undefined register 'F'. | ||||
| .de IX | ||||
| .. | ||||
| .nr rF 0 | ||||
| .if \n(.g .if rF .nr rF 1 | ||||
| .if (\n(rF:(\n(.g==0)) \{\ | ||||
| .    if \nF \{\ | ||||
| .        de IX | ||||
| .        tm Index:\\$1\t\\n%\t"\\$2" | ||||
| .. | ||||
| .        if !\nF==2 \{\ | ||||
| .            nr % 0 | ||||
| .            nr F 2 | ||||
| .        \} | ||||
| .    \} | ||||
| .\} | ||||
| .rr rF | ||||
| .\" | ||||
| .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | ||||
| .\" Fear.  Run.  Save yourself.  No user-serviceable parts. | ||||
| .    \" fudge factors for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds #H 0 | ||||
| .    ds #V .8m | ||||
| .    ds #F .3m | ||||
| .    ds #[ \f1 | ||||
| .    ds #] \fP | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds #H ((1u-(\\\\n(.fu%2u))*.13m) | ||||
| .    ds #V .6m | ||||
| .    ds #F 0 | ||||
| .    ds #[ \& | ||||
| .    ds #] \& | ||||
| .\} | ||||
| .    \" simple accents for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds ' \& | ||||
| .    ds ` \& | ||||
| .    ds ^ \& | ||||
| .    ds , \& | ||||
| .    ds ~ ~ | ||||
| .    ds / | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | ||||
| .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | ||||
| .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | ||||
| .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | ||||
| .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | ||||
| .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | ||||
| .\} | ||||
| .    \" troff and (daisy-wheel) nroff accents | ||||
| .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | ||||
| .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | ||||
| .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | ||||
| .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | ||||
| .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | ||||
| .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | ||||
| .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | ||||
| .ds ae a\h'-(\w'a'u*4/10)'e | ||||
| .ds Ae A\h'-(\w'A'u*4/10)'E | ||||
| .    \" corrections for vroff | ||||
| .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | ||||
| .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | ||||
| .    \" for low resolution devices (crt and lpr) | ||||
| .if \n(.H>23 .if \n(.V>19 \ | ||||
| \{\ | ||||
| .    ds : e | ||||
| .    ds 8 ss | ||||
| .    ds o a | ||||
| .    ds d- d\h'-1'\(ga | ||||
| .    ds D- D\h'-1'\(hy | ||||
| .    ds th \o'bp' | ||||
| .    ds Th \o'LP' | ||||
| .    ds ae ae | ||||
| .    ds Ae AE | ||||
| .\} | ||||
| .rm #[ #] #H #V #F C | ||||
| .\" ======================================================================== | ||||
| .\" | ||||
| .IX Title "PASSPHRASE-ENCODING 7" | ||||
| .TH PASSPHRASE-ENCODING 7 "2020-04-21" "1.1.1g" "OpenSSL" | ||||
| .\" For nroff, turn off justification.  Always turn off hyphenation; it makes | ||||
| .\" way too many mistakes in technical documents. | ||||
| .if n .ad l | ||||
| .nh | ||||
| .SH "NAME" | ||||
| passphrase\-encoding \&\- How diverse parts of OpenSSL treat pass phrases character encoding | ||||
| .SH "DESCRIPTION" | ||||
| .IX Header "DESCRIPTION" | ||||
| In a modern world with all sorts of character encodings, the treatment of pass | ||||
| phrases has become increasingly complex. | ||||
| This manual page attempts to give an overview over how this problem is | ||||
| currently addressed in different parts of the OpenSSL library. | ||||
| .SS "The general case" | ||||
| .IX Subsection "The general case" | ||||
| The OpenSSL library doesn't treat pass phrases in any special way as a general | ||||
| rule, and trusts the application or user to choose a suitable character set | ||||
| and stick to that throughout the lifetime of affected objects. | ||||
| This means that for an object that was encrypted using a pass phrase encoded in | ||||
| \&\s-1ISO\-8859\-1,\s0 that object needs to be decrypted using a pass phrase encoded in | ||||
| \&\s-1ISO\-8859\-1.\s0 | ||||
| Using the wrong encoding is expected to cause a decryption failure. | ||||
| .SS "PKCS#12" | ||||
| .IX Subsection "PKCS#12" | ||||
| PKCS#12 is a bit different regarding pass phrase encoding. | ||||
| The standard stipulates that the pass phrase shall be encoded as an \s-1ASN.1\s0 | ||||
| BMPString, which consists of the code points of the basic multilingual plane, | ||||
| encoded in big endian (\s-1UCS\-2 BE\s0). | ||||
| .PP | ||||
| OpenSSL tries to adapt to this requirements in one of the following manners: | ||||
| .IP "1." 4 | ||||
| Treats the received pass phrase as \s-1UTF\-8\s0 encoded and tries to re-encode it to | ||||
| \&\s-1UTF\-16\s0 (which is the same as \s-1UCS\-2\s0 for characters U+0000 to U+D7FF and U+E000 | ||||
| to U+FFFF, but becomes an expansion for any other character), or failing that, | ||||
| proceeds with step 2. | ||||
| .IP "2." 4 | ||||
| Assumes that the pass phrase is encoded in \s-1ASCII\s0 or \s-1ISO\-8859\-1\s0 and | ||||
| opportunistically prepends each byte with a zero byte to obtain the \s-1UCS\-2\s0 | ||||
| encoding of the characters, which it stores as a BMPString. | ||||
| .Sp | ||||
| Note that since there is no check of your locale, this may produce \s-1UCS\-2 / | ||||
| UTF\-16\s0 characters that do not correspond to the original pass phrase characters | ||||
| for other character sets, such as any \s-1ISO\-8859\-X\s0 encoding other than | ||||
| \&\s-1ISO\-8859\-1\s0 (or for Windows, \s-1CP 1252\s0 with exception for the extra \*(L"graphical\*(R" | ||||
| characters in the 0x80\-0x9F range). | ||||
| .PP | ||||
| OpenSSL versions older than 1.1.0 do variant 2 only, and that is the reason why | ||||
| OpenSSL still does this, to be able to read files produced with older versions. | ||||
| .PP | ||||
| It should be noted that this approach isn't entirely fault free. | ||||
| .PP | ||||
| A pass phrase encoded in \s-1ISO\-8859\-2\s0 could very well have a sequence such as | ||||
| 0xC3 0xAF (which is the two characters \*(L"\s-1LATIN CAPITAL LETTER A WITH BREVE\*(R"\s0 | ||||
| and \*(L"\s-1LATIN CAPITAL LETTER Z WITH DOT ABOVE\*(R"\s0 in \s-1ISO\-8859\-2\s0 encoding), but would | ||||
| be misinterpreted as the perfectly valid \s-1UTF\-8\s0 encoded code point U+00EF (\s-1LATIN | ||||
| SMALL LETTER I WITH DIAERESIS\s0) \fIif the pass phrase doesn't contain anything that | ||||
| would be invalid \s-1UTF\-8\s0\fR. | ||||
| A pass phrase that contains this kind of byte sequence will give a different | ||||
| outcome in OpenSSL 1.1.0 and newer than in OpenSSL older than 1.1.0. | ||||
| .PP | ||||
| .Vb 2 | ||||
| \& 0x00 0xC3 0x00 0xAF                    # OpenSSL older than 1.1.0 | ||||
| \& 0x00 0xEF                              # OpenSSL 1.1.0 and newer | ||||
| .Ve | ||||
| .PP | ||||
| On the same accord, anything encoded in \s-1UTF\-8\s0 that was given to OpenSSL older | ||||
| than 1.1.0 was misinterpreted as \s-1ISO\-8859\-1\s0 sequences. | ||||
| .SS "\s-1OSSL_STORE\s0" | ||||
| .IX Subsection "OSSL_STORE" | ||||
| \&\fBossl_store\fR\|(7) acts as a general interface to access all kinds of objects, | ||||
| potentially protected with a pass phrase, a \s-1PIN\s0 or something else. | ||||
| This \s-1API\s0 stipulates that pass phrases should be \s-1UTF\-8\s0 encoded, and that any | ||||
| other pass phrase encoding may give undefined results. | ||||
| This \s-1API\s0 relies on the application to ensure \s-1UTF\-8\s0 encoding, and doesn't check | ||||
| that this is the case, so what it gets, it will also pass to the underlying | ||||
| loader. | ||||
| .SH "RECOMMENDATIONS" | ||||
| .IX Header "RECOMMENDATIONS" | ||||
| This section assumes that you know what pass phrase was used for encryption, | ||||
| but that it may have been encoded in a different character encoding than the | ||||
| one used by your current input method. | ||||
| For example, the pass phrase may have been used at a time when your default | ||||
| encoding was \s-1ISO\-8859\-1\s0 (i.e. \*(L"nai\*:ve\*(R" resulting in the byte sequence 0x6E 0x61 | ||||
| 0xEF 0x76 0x65), and you're now in an environment where your default encoding | ||||
| is \s-1UTF\-8\s0 (i.e. \*(L"nai\*:ve\*(R" resulting in the byte sequence 0x6E 0x61 0xC3 0xAF 0x76 | ||||
| 0x65). | ||||
| Whenever it's mentioned that you should use a certain character encoding, it | ||||
| should be understood that you either change the input method to use the | ||||
| mentioned encoding when you type in your pass phrase, or use some suitable tool | ||||
| to convert your pass phrase from your default encoding to the target encoding. | ||||
| .PP | ||||
| Also note that the sub-sections below discuss human readable pass phrases. | ||||
| This is particularly relevant for PKCS#12 objects, where human readable pass | ||||
| phrases are assumed. | ||||
| For other objects, it's as legitimate to use any byte sequence (such as a | ||||
| sequence of bytes from `/dev/urandom` that's been saved away), which makes any | ||||
| character encoding discussion irrelevant; in such cases, simply use the same | ||||
| byte sequence as it is. | ||||
| .SS "Creating new objects" | ||||
| .IX Subsection "Creating new objects" | ||||
| For creating new pass phrase protected objects, make sure the pass phrase is | ||||
| encoded using \s-1UTF\-8.\s0 | ||||
| This is default on most modern Unixes, but may involve an effort on other | ||||
| platforms. | ||||
| Specifically for Windows, setting the environment variable | ||||
| \&\f(CW\*(C`OPENSSL_WIN32_UTF8\*(C'\fR will have anything entered on [Windows] console prompt | ||||
| converted to \s-1UTF\-8\s0 (command line and separately prompted pass phrases alike). | ||||
| .SS "Opening existing objects" | ||||
| .IX Subsection "Opening existing objects" | ||||
| For opening pass phrase protected objects where you know what character | ||||
| encoding was used for the encryption pass phrase, make sure to use the same | ||||
| encoding again. | ||||
| .PP | ||||
| For opening pass phrase protected objects where the character encoding that was | ||||
| used is unknown, or where the producing application is unknown, try one of the | ||||
| following: | ||||
| .IP "1." 4 | ||||
| Try the pass phrase that you have as it is in the character encoding of your | ||||
| environment. | ||||
| It's possible that its byte sequence is exactly right. | ||||
| .IP "2." 4 | ||||
| Convert the pass phrase to \s-1UTF\-8\s0 and try with the result. | ||||
| Specifically with PKCS#12, this should open up any object that was created | ||||
| according to the specification. | ||||
| .IP "3." 4 | ||||
| Do a nai\*:ve (i.e. purely mathematical) \s-1ISO\-8859\-1\s0 to \s-1UTF\-8\s0 conversion and try | ||||
| with the result. | ||||
| This differs from the previous attempt because \s-1ISO\-8859\-1\s0 maps directly to | ||||
| U+0000 to U+00FF, which other non\-UTF\-8 character sets do not. | ||||
| .Sp | ||||
| This also takes care of the case when a \s-1UTF\-8\s0 encoded string was used with | ||||
| OpenSSL older than 1.1.0. | ||||
| (for example, \f(CW\*(C`i\*:\*(C'\fR, which is 0xC3 0xAF when encoded in \s-1UTF\-8,\s0 would become 0xC3 | ||||
| 0x83 0xC2 0xAF when re-encoded in the nai\*:ve manner. | ||||
| The conversion to BMPString would then yield 0x00 0xC3 0x00 0xA4 0x00 0x00, the | ||||
| erroneous/non\-compliant encoding used by OpenSSL older than 1.1.0) | ||||
| .SH "SEE ALSO" | ||||
| .IX Header "SEE ALSO" | ||||
| \&\fBevp\fR\|(7), | ||||
| \&\fBossl_store\fR\|(7), | ||||
| \&\fBEVP_BytesToKey\fR\|(3), \fBEVP_DecryptInit\fR\|(3), | ||||
| \&\fBPEM_do_header\fR\|(3), | ||||
| \&\fBPKCS12_parse\fR\|(3), \fBPKCS12_newpass\fR\|(3), | ||||
| \&\fBd2i_PKCS8PrivateKey_bio\fR\|(3) | ||||
| .SH "COPYRIGHT" | ||||
| .IX Header "COPYRIGHT" | ||||
| Copyright 2018\-2020 The OpenSSL Project Authors. All Rights Reserved. | ||||
| .PP | ||||
| Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use | ||||
| this file except in compliance with the License.  You can obtain a copy | ||||
| in the file \s-1LICENSE\s0 in the source distribution or at | ||||
| <https://www.openssl.org/source/license.html>. | ||||
							
								
								
									
										478
									
								
								deps/openssl/mingw64/share/man/man7/proxy-certificates.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										478
									
								
								deps/openssl/mingw64/share/man/man7/proxy-certificates.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,478 @@ | ||||
| .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) | ||||
| .\" | ||||
| .\" Standard preamble: | ||||
| .\" ======================================================================== | ||||
| .de Sp \" Vertical space (when we can't use .PP) | ||||
| .if t .sp .5v | ||||
| .if n .sp | ||||
| .. | ||||
| .de Vb \" Begin verbatim text | ||||
| .ft CW | ||||
| .nf | ||||
| .ne \\$1 | ||||
| .. | ||||
| .de Ve \" End verbatim text | ||||
| .ft R | ||||
| .fi | ||||
| .. | ||||
| .\" Set up some character translations and predefined strings.  \*(-- will | ||||
| .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | ||||
| .\" double quote, and \*(R" will give a right double quote.  \*(C+ will | ||||
| .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and | ||||
| .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff, | ||||
| .\" nothing in troff, for use with C<>. | ||||
| .tr \(*W- | ||||
| .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | ||||
| .ie n \{\ | ||||
| .    ds -- \(*W- | ||||
| .    ds PI pi | ||||
| .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | ||||
| .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch | ||||
| .    ds L" "" | ||||
| .    ds R" "" | ||||
| .    ds C` "" | ||||
| .    ds C' "" | ||||
| 'br\} | ||||
| .el\{\ | ||||
| .    ds -- \|\(em\| | ||||
| .    ds PI \(*p | ||||
| .    ds L" `` | ||||
| .    ds R" '' | ||||
| .    ds C` | ||||
| .    ds C' | ||||
| 'br\} | ||||
| .\" | ||||
| .\" Escape single quotes in literal strings from groff's Unicode transform. | ||||
| .ie \n(.g .ds Aq \(aq | ||||
| .el       .ds Aq ' | ||||
| .\" | ||||
| .\" If the F register is >0, we'll generate index entries on stderr for | ||||
| .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | ||||
| .\" entries marked with X<> in POD.  Of course, you'll have to process the | ||||
| .\" output yourself in some meaningful fashion. | ||||
| .\" | ||||
| .\" Avoid warning from groff about undefined register 'F'. | ||||
| .de IX | ||||
| .. | ||||
| .nr rF 0 | ||||
| .if \n(.g .if rF .nr rF 1 | ||||
| .if (\n(rF:(\n(.g==0)) \{\ | ||||
| .    if \nF \{\ | ||||
| .        de IX | ||||
| .        tm Index:\\$1\t\\n%\t"\\$2" | ||||
| .. | ||||
| .        if !\nF==2 \{\ | ||||
| .            nr % 0 | ||||
| .            nr F 2 | ||||
| .        \} | ||||
| .    \} | ||||
| .\} | ||||
| .rr rF | ||||
| .\" | ||||
| .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | ||||
| .\" Fear.  Run.  Save yourself.  No user-serviceable parts. | ||||
| .    \" fudge factors for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds #H 0 | ||||
| .    ds #V .8m | ||||
| .    ds #F .3m | ||||
| .    ds #[ \f1 | ||||
| .    ds #] \fP | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds #H ((1u-(\\\\n(.fu%2u))*.13m) | ||||
| .    ds #V .6m | ||||
| .    ds #F 0 | ||||
| .    ds #[ \& | ||||
| .    ds #] \& | ||||
| .\} | ||||
| .    \" simple accents for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds ' \& | ||||
| .    ds ` \& | ||||
| .    ds ^ \& | ||||
| .    ds , \& | ||||
| .    ds ~ ~ | ||||
| .    ds / | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | ||||
| .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | ||||
| .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | ||||
| .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | ||||
| .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | ||||
| .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | ||||
| .\} | ||||
| .    \" troff and (daisy-wheel) nroff accents | ||||
| .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | ||||
| .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | ||||
| .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | ||||
| .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | ||||
| .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | ||||
| .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | ||||
| .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | ||||
| .ds ae a\h'-(\w'a'u*4/10)'e | ||||
| .ds Ae A\h'-(\w'A'u*4/10)'E | ||||
| .    \" corrections for vroff | ||||
| .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | ||||
| .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | ||||
| .    \" for low resolution devices (crt and lpr) | ||||
| .if \n(.H>23 .if \n(.V>19 \ | ||||
| \{\ | ||||
| .    ds : e | ||||
| .    ds 8 ss | ||||
| .    ds o a | ||||
| .    ds d- d\h'-1'\(ga | ||||
| .    ds D- D\h'-1'\(hy | ||||
| .    ds th \o'bp' | ||||
| .    ds Th \o'LP' | ||||
| .    ds ae ae | ||||
| .    ds Ae AE | ||||
| .\} | ||||
| .rm #[ #] #H #V #F C | ||||
| .\" ======================================================================== | ||||
| .\" | ||||
| .IX Title "PROXY-CERTIFICATES 7" | ||||
| .TH PROXY-CERTIFICATES 7 "2020-04-21" "1.1.1g" "OpenSSL" | ||||
| .\" For nroff, turn off justification.  Always turn off hyphenation; it makes | ||||
| .\" way too many mistakes in technical documents. | ||||
| .if n .ad l | ||||
| .nh | ||||
| .SH "NAME" | ||||
| proxy\-certificates \- Proxy certificates in OpenSSL | ||||
| .SH "DESCRIPTION" | ||||
| .IX Header "DESCRIPTION" | ||||
| Proxy certificates are defined in \s-1RFC 3820.\s0  They are used to | ||||
| extend rights to some other entity (a computer process, typically, or | ||||
| sometimes to the user itself).  This allows the entity to perform | ||||
| operations on behalf of the owner of the \s-1EE\s0 (End Entity) certificate. | ||||
| .PP | ||||
| The requirements for a valid proxy certificate are: | ||||
| .IP "\(bu" 4 | ||||
| They are issued by an End Entity, either a normal \s-1EE\s0 certificate, or | ||||
| another proxy certificate. | ||||
| .IP "\(bu" 4 | ||||
| They must not have the \fBsubjectAltName\fR or \fBissuerAltName\fR | ||||
| extensions. | ||||
| .IP "\(bu" 4 | ||||
| They must have the \fBproxyCertInfo\fR extension. | ||||
| .IP "\(bu" 4 | ||||
| They must have the subject of their issuer, with one \fBcommonName\fR | ||||
| added. | ||||
| .SS "Enabling proxy certificate verification" | ||||
| .IX Subsection "Enabling proxy certificate verification" | ||||
| OpenSSL expects applications that want to use proxy certificates to be | ||||
| specially aware of them, and make that explicit.  This is done by | ||||
| setting an X509 verification flag: | ||||
| .PP | ||||
| .Vb 1 | ||||
| \&    X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); | ||||
| .Ve | ||||
| .PP | ||||
| or | ||||
| .PP | ||||
| .Vb 1 | ||||
| \&    X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_ALLOW_PROXY_CERTS); | ||||
| .Ve | ||||
| .PP | ||||
| See \*(L"\s-1NOTES\*(R"\s0 for a discussion on this requirement. | ||||
| .SS "Creating proxy certificates" | ||||
| .IX Subsection "Creating proxy certificates" | ||||
| Creating proxy certificates can be done using the \fBopenssl\-x509\fR\|(1) | ||||
| command, with some extra extensions: | ||||
| .PP | ||||
| .Vb 3 | ||||
| \&    [ v3_proxy ] | ||||
| \&    # A proxy certificate MUST NEVER be a CA certificate. | ||||
| \&    basicConstraints=CA:FALSE | ||||
| \& | ||||
| \&    # Usual authority key ID | ||||
| \&    authorityKeyIdentifier=keyid,issuer:always | ||||
| \& | ||||
| \&    # The extension which marks this certificate as a proxy | ||||
| \&    proxyCertInfo=critical,language:id\-ppl\-anyLanguage,pathlen:1,policy:text:AB | ||||
| .Ve | ||||
| .PP | ||||
| It's also possible to specify the proxy extension in a separate section: | ||||
| .PP | ||||
| .Vb 1 | ||||
| \&    proxyCertInfo=critical,@proxy_ext | ||||
| \& | ||||
| \&    [ proxy_ext ] | ||||
| \&    language=id\-ppl\-anyLanguage | ||||
| \&    pathlen=0 | ||||
| \&    policy=text:BC | ||||
| .Ve | ||||
| .PP | ||||
| The policy value has a specific syntax, \fIsyntag\fR:\fIstring\fR, where the | ||||
| \&\fIsyntag\fR determines what will be done with the string.  The following | ||||
| \&\fIsyntag\fRs are recognised: | ||||
| .IP "\fBtext\fR" 4 | ||||
| .IX Item "text" | ||||
| indicates that the string is a byte sequence, without any encoding: | ||||
| .Sp | ||||
| .Vb 1 | ||||
| \&    policy=text:ra\*:ksmo\*:rga\*os | ||||
| .Ve | ||||
| .IP "\fBhex\fR" 4 | ||||
| .IX Item "hex" | ||||
| indicates the string is encoded hexadecimal encoded binary data, with | ||||
| colons between each byte (every second hex digit): | ||||
| .Sp | ||||
| .Vb 1 | ||||
| \&    policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73 | ||||
| .Ve | ||||
| .IP "\fBfile\fR" 4 | ||||
| .IX Item "file" | ||||
| indicates that the text of the policy should be taken from a file. | ||||
| The string is then a filename.  This is useful for policies that are | ||||
| large (more than a few lines, e.g. \s-1XML\s0 documents). | ||||
| .PP | ||||
| \&\fI\s-1NOTE:\s0 The proxy policy value is what determines the rights granted | ||||
| to the process during the proxy certificate.  It's up to the | ||||
| application to interpret and combine these policies.\fR | ||||
| .PP | ||||
| With a proxy extension, creating a proxy certificate is a matter of | ||||
| two commands: | ||||
| .PP | ||||
| .Vb 3 | ||||
| \&    openssl req \-new \-config proxy.cnf \e | ||||
| \&        \-out proxy.req \-keyout proxy.key \e | ||||
| \&        \-subj "/DC=org/DC=openssl/DC=users/CN=proxy 1" | ||||
| \& | ||||
| \&    openssl x509 \-req \-CAcreateserial \-in proxy.req \-out proxy.crt \e | ||||
| \&        \-CA user.crt \-CAkey user.key \-days 7 \e | ||||
| \&        \-extfile proxy.cnf \-extensions v3_proxy1 | ||||
| .Ve | ||||
| .PP | ||||
| You can also create a proxy certificate using another proxy | ||||
| certificate as issuer (note: using a different configuration | ||||
| section for the proxy extensions): | ||||
| .PP | ||||
| .Vb 3 | ||||
| \&    openssl req \-new \-config proxy.cnf \e | ||||
| \&        \-out proxy2.req \-keyout proxy2.key \e | ||||
| \&        \-subj "/DC=org/DC=openssl/DC=users/CN=proxy 1/CN=proxy 2" | ||||
| \& | ||||
| \&    openssl x509 \-req \-CAcreateserial \-in proxy2.req \-out proxy2.crt \e | ||||
| \&        \-CA proxy.crt \-CAkey proxy.key \-days 7 \e | ||||
| \&        \-extfile proxy.cnf \-extensions v3_proxy2 | ||||
| .Ve | ||||
| .SS "Using proxy certs in applications" | ||||
| .IX Subsection "Using proxy certs in applications" | ||||
| To interpret proxy policies, the application would normally start with | ||||
| some default rights (perhaps none at all), then compute the resulting | ||||
| rights by checking the rights against the chain of proxy certificates, | ||||
| user certificate and \s-1CA\s0 certificates. | ||||
| .PP | ||||
| The complicated part is figuring out how to pass data between your | ||||
| application and the certificate validation procedure. | ||||
| .PP | ||||
| The following ingredients are needed for such processing: | ||||
| .IP "\(bu" 4 | ||||
| a callback function that will be called for every certificate being | ||||
| validated.  The callback is called several times for each certificate, | ||||
| so you must be careful to do the proxy policy interpretation at the | ||||
| right time.  You also need to fill in the defaults when the \s-1EE\s0 | ||||
| certificate is checked. | ||||
| .IP "\(bu" 4 | ||||
| a data structure that is shared between your application code and the | ||||
| callback. | ||||
| .IP "\(bu" 4 | ||||
| a wrapper function that sets it all up. | ||||
| .IP "\(bu" 4 | ||||
| an ex_data index function that creates an index into the generic | ||||
| ex_data store that is attached to an X509 validation context. | ||||
| .PP | ||||
| The following skeleton code can be used as a starting point: | ||||
| .PP | ||||
| .Vb 4 | ||||
| \&    #include <string.h> | ||||
| \&    #include <netdb.h> | ||||
| \&    #include <openssl/x509.h> | ||||
| \&    #include <openssl/x509v3.h> | ||||
| \& | ||||
| \&    #define total_rights 25 | ||||
| \& | ||||
| \&    /* | ||||
| \&     * In this example, I will use a view of granted rights as a bit | ||||
| \&     * array, one bit for each possible right. | ||||
| \&     */ | ||||
| \&    typedef struct your_rights { | ||||
| \&        unsigned char rights[(total_rights + 7) / 8]; | ||||
| \&    } YOUR_RIGHTS; | ||||
| \& | ||||
| \&    /* | ||||
| \&     * The following procedure will create an index for the ex_data | ||||
| \&     * store in the X509 validation context the first time it\*(Aqs | ||||
| \&     * called.  Subsequent calls will return the same index. | ||||
| \&     */ | ||||
| \&    static int get_proxy_auth_ex_data_idx(X509_STORE_CTX *ctx) | ||||
| \&    { | ||||
| \&        static volatile int idx = \-1; | ||||
| \& | ||||
| \&        if (idx < 0) { | ||||
| \&            X509_STORE_lock(X509_STORE_CTX_get0_store(ctx)); | ||||
| \&            if (idx < 0) { | ||||
| \&                idx = X509_STORE_CTX_get_ex_new_index(0, | ||||
| \&                                                      "for verify callback", | ||||
| \&                                                      NULL,NULL,NULL); | ||||
| \&            } | ||||
| \&            X509_STORE_unlock(X509_STORE_CTX_get0_store(ctx)); | ||||
| \&        } | ||||
| \&        return idx; | ||||
| \&    } | ||||
| \& | ||||
| \&    /* Callback to be given to the X509 validation procedure.  */ | ||||
| \&    static int verify_callback(int ok, X509_STORE_CTX *ctx) | ||||
| \&    { | ||||
| \&        if (ok == 1) { | ||||
| \&            /* | ||||
| \&             * It\*(Aqs REALLY important you keep the proxy policy check | ||||
| \&             * within this section.  It\*(Aqs important to know that when | ||||
| \&             * ok is 1, the certificates are checked from top to | ||||
| \&             * bottom.  You get the CA root first, followed by the | ||||
| \&             * possible chain of intermediate CAs, followed by the EE | ||||
| \&             * certificate, followed by the possible proxy | ||||
| \&             * certificates.  | ||||
| \&             */ | ||||
| \&            X509 *xs = X509_STORE_CTX_get_current_cert(ctx); | ||||
| \& | ||||
| \&            if (X509_get_extension_flags(xs) & EXFLAG_PROXY) { | ||||
| \&                YOUR_RIGHTS *rights = | ||||
| \&                    (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, | ||||
| \&                        get_proxy_auth_ex_data_idx(ctx)); | ||||
| \&                PROXY_CERT_INFO_EXTENSION *pci = | ||||
| \&                    X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL); | ||||
| \& | ||||
| \&                switch (OBJ_obj2nid(pci\->proxyPolicy\->policyLanguage)) { | ||||
| \&                case NID_Independent: | ||||
| \&                    /* | ||||
| \&                     * Do whatever you need to grant explicit rights | ||||
| \&                     * to this particular proxy certificate, usually | ||||
| \&                     * by pulling them from some database.  If there | ||||
| \&                     * are none to be found, clear all rights (making | ||||
| \&                     * this and any subsequent proxy certificate void | ||||
| \&                     * of any rights).  | ||||
| \&                     */ | ||||
| \&                    memset(rights\->rights, 0, sizeof(rights\->rights)); | ||||
| \&                    break; | ||||
| \&                case NID_id_ppl_inheritAll: | ||||
| \&                    /* | ||||
| \&                     * This is basically a NOP, we simply let the | ||||
| \&                     * current rights stand as they are. | ||||
| \&                     */ | ||||
| \&                    break; | ||||
| \&                default: | ||||
| \&                    /* | ||||
| \&                     * This is usually the most complex section of | ||||
| \&                     * code.  You really do whatever you want as long | ||||
| \&                     * as you follow RFC 3820.  In the example we use | ||||
| \&                     * here, the simplest thing to do is to build | ||||
| \&                     * another, temporary bit array and fill it with | ||||
| \&                     * the rights granted by the current proxy | ||||
| \&                     * certificate, then use it as a mask on the | ||||
| \&                     * accumulated rights bit array, and voila\*`, you | ||||
| \&                     * now have a new accumulated rights bit array. | ||||
| \&                     */ | ||||
| \&                    { | ||||
| \&                        int i; | ||||
| \&                        YOUR_RIGHTS tmp_rights; | ||||
| \&                        memset(tmp_rights.rights, 0, | ||||
| \&                               sizeof(tmp_rights.rights)); | ||||
| \& | ||||
| \&                        /* | ||||
| \&                         * process_rights() is supposed to be a | ||||
| \&                         * procedure that takes a string and its | ||||
| \&                         * length, interprets it and sets the bits | ||||
| \&                         * in the YOUR_RIGHTS pointed at by the | ||||
| \&                         * third argument. | ||||
| \&                         */ | ||||
| \&                        process_rights((char *) pci\->proxyPolicy\->policy\->data, | ||||
| \&                                       pci\->proxyPolicy\->policy\->length, | ||||
| \&                                       &tmp_rights); | ||||
| \& | ||||
| \&                        for(i = 0; i < total_rights / 8; i++) | ||||
| \&                            rights\->rights[i] &= tmp_rights.rights[i]; | ||||
| \&                    } | ||||
| \&                    break; | ||||
| \&                } | ||||
| \&                PROXY_CERT_INFO_EXTENSION_free(pci); | ||||
| \&            } else if (!(X509_get_extension_flags(xs) & EXFLAG_CA)) { | ||||
| \&                /* We have an EE certificate, let\*(Aqs use it to set default! */ | ||||
| \&                YOUR_RIGHTS *rights = | ||||
| \&                    (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, | ||||
| \&                        get_proxy_auth_ex_data_idx(ctx)); | ||||
| \& | ||||
| \&                /* | ||||
| \&                 * The following procedure finds out what rights the | ||||
| \&                 * owner of the current certificate has, and sets them | ||||
| \&                 * in the YOUR_RIGHTS structure pointed at by the | ||||
| \&                 * second argument. | ||||
| \&                 */ | ||||
| \&                set_default_rights(xs, rights); | ||||
| \&            } | ||||
| \&        } | ||||
| \&        return ok; | ||||
| \&    } | ||||
| \& | ||||
| \&    static int my_X509_verify_cert(X509_STORE_CTX *ctx, | ||||
| \&                                   YOUR_RIGHTS *needed_rights) | ||||
| \&    { | ||||
| \&        int ok; | ||||
| \&        int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) = | ||||
| \&            X509_STORE_CTX_get_verify_cb(ctx); | ||||
| \&        YOUR_RIGHTS rights; | ||||
| \& | ||||
| \&        X509_STORE_CTX_set_verify_cb(ctx, verify_callback); | ||||
| \&        X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(ctx), | ||||
| \&                                   &rights); | ||||
| \&        X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); | ||||
| \&        ok = X509_verify_cert(ctx); | ||||
| \& | ||||
| \&        if (ok == 1) { | ||||
| \&            ok = check_needed_rights(rights, needed_rights); | ||||
| \&        } | ||||
| \& | ||||
| \&        X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb); | ||||
| \& | ||||
| \&        return ok; | ||||
| \&    } | ||||
| .Ve | ||||
| .PP | ||||
| If you use \s-1SSL\s0 or \s-1TLS,\s0 you can easily set up a callback to have the | ||||
| certificates checked properly, using the code above: | ||||
| .PP | ||||
| .Vb 2 | ||||
| \&    SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert, | ||||
| \&                                     &needed_rights); | ||||
| .Ve | ||||
| .SH "NOTES" | ||||
| .IX Header "NOTES" | ||||
| To this date, it seems that proxy certificates have only been used in | ||||
| environments that are aware of them, and no one seems to have | ||||
| investigated how they can be used or misused outside of such an | ||||
| environment. | ||||
| .PP | ||||
| For that reason, OpenSSL requires that applications aware of proxy | ||||
| certificates must also make that explicit. | ||||
| .PP | ||||
| \&\fBsubjectAltName\fR and \fBissuerAltName\fR are forbidden in proxy | ||||
| certificates, and this is enforced in OpenSSL.  The subject must be | ||||
| the same as the issuer, with one commonName added on. | ||||
| .SH "SEE ALSO" | ||||
| .IX Header "SEE ALSO" | ||||
| \&\fBX509_STORE_CTX_set_flags\fR\|(3), | ||||
| \&\fBX509_STORE_CTX_set_verify_cb\fR\|(3), | ||||
| \&\fBX509_VERIFY_PARAM_set_flags\fR\|(3), | ||||
| \&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), | ||||
| \&\fBopenssl\-req\fR\|(1), \fBopenssl\-x509\fR\|(1), | ||||
| \&\s-1RFC 3820\s0 <https://tools.ietf.org/html/rfc3820> | ||||
| .SH "COPYRIGHT" | ||||
| .IX Header "COPYRIGHT" | ||||
| Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | ||||
| .PP | ||||
| Licensed under the Apache License 2.0 (the \*(L"License\*(R").  You may not use | ||||
| this file except in compliance with the License.  You can obtain a copy | ||||
| in the file \s-1LICENSE\s0 in the source distribution or at | ||||
| <https://www.openssl.org/source/license.html>. | ||||
							
								
								
									
										248
									
								
								deps/openssl/mingw64/share/man/man7/scrypt.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										248
									
								
								deps/openssl/mingw64/share/man/man7/scrypt.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,248 @@ | ||||
| .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) | ||||
| .\" | ||||
| .\" Standard preamble: | ||||
| .\" ======================================================================== | ||||
| .de Sp \" Vertical space (when we can't use .PP) | ||||
| .if t .sp .5v | ||||
| .if n .sp | ||||
| .. | ||||
| .de Vb \" Begin verbatim text | ||||
| .ft CW | ||||
| .nf | ||||
| .ne \\$1 | ||||
| .. | ||||
| .de Ve \" End verbatim text | ||||
| .ft R | ||||
| .fi | ||||
| .. | ||||
| .\" Set up some character translations and predefined strings.  \*(-- will | ||||
| .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | ||||
| .\" double quote, and \*(R" will give a right double quote.  \*(C+ will | ||||
| .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and | ||||
| .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff, | ||||
| .\" nothing in troff, for use with C<>. | ||||
| .tr \(*W- | ||||
| .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | ||||
| .ie n \{\ | ||||
| .    ds -- \(*W- | ||||
| .    ds PI pi | ||||
| .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | ||||
| .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch | ||||
| .    ds L" "" | ||||
| .    ds R" "" | ||||
| .    ds C` "" | ||||
| .    ds C' "" | ||||
| 'br\} | ||||
| .el\{\ | ||||
| .    ds -- \|\(em\| | ||||
| .    ds PI \(*p | ||||
| .    ds L" `` | ||||
| .    ds R" '' | ||||
| .    ds C` | ||||
| .    ds C' | ||||
| 'br\} | ||||
| .\" | ||||
| .\" Escape single quotes in literal strings from groff's Unicode transform. | ||||
| .ie \n(.g .ds Aq \(aq | ||||
| .el       .ds Aq ' | ||||
| .\" | ||||
| .\" If the F register is >0, we'll generate index entries on stderr for | ||||
| .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | ||||
| .\" entries marked with X<> in POD.  Of course, you'll have to process the | ||||
| .\" output yourself in some meaningful fashion. | ||||
| .\" | ||||
| .\" Avoid warning from groff about undefined register 'F'. | ||||
| .de IX | ||||
| .. | ||||
| .nr rF 0 | ||||
| .if \n(.g .if rF .nr rF 1 | ||||
| .if (\n(rF:(\n(.g==0)) \{\ | ||||
| .    if \nF \{\ | ||||
| .        de IX | ||||
| .        tm Index:\\$1\t\\n%\t"\\$2" | ||||
| .. | ||||
| .        if !\nF==2 \{\ | ||||
| .            nr % 0 | ||||
| .            nr F 2 | ||||
| .        \} | ||||
| .    \} | ||||
| .\} | ||||
| .rr rF | ||||
| .\" | ||||
| .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | ||||
| .\" Fear.  Run.  Save yourself.  No user-serviceable parts. | ||||
| .    \" fudge factors for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds #H 0 | ||||
| .    ds #V .8m | ||||
| .    ds #F .3m | ||||
| .    ds #[ \f1 | ||||
| .    ds #] \fP | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds #H ((1u-(\\\\n(.fu%2u))*.13m) | ||||
| .    ds #V .6m | ||||
| .    ds #F 0 | ||||
| .    ds #[ \& | ||||
| .    ds #] \& | ||||
| .\} | ||||
| .    \" simple accents for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds ' \& | ||||
| .    ds ` \& | ||||
| .    ds ^ \& | ||||
| .    ds , \& | ||||
| .    ds ~ ~ | ||||
| .    ds / | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | ||||
| .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | ||||
| .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | ||||
| .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | ||||
| .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | ||||
| .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | ||||
| .\} | ||||
| .    \" troff and (daisy-wheel) nroff accents | ||||
| .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | ||||
| .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | ||||
| .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | ||||
| .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | ||||
| .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | ||||
| .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | ||||
| .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | ||||
| .ds ae a\h'-(\w'a'u*4/10)'e | ||||
| .ds Ae A\h'-(\w'A'u*4/10)'E | ||||
| .    \" corrections for vroff | ||||
| .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | ||||
| .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | ||||
| .    \" for low resolution devices (crt and lpr) | ||||
| .if \n(.H>23 .if \n(.V>19 \ | ||||
| \{\ | ||||
| .    ds : e | ||||
| .    ds 8 ss | ||||
| .    ds o a | ||||
| .    ds d- d\h'-1'\(ga | ||||
| .    ds D- D\h'-1'\(hy | ||||
| .    ds th \o'bp' | ||||
| .    ds Th \o'LP' | ||||
| .    ds ae ae | ||||
| .    ds Ae AE | ||||
| .\} | ||||
| .rm #[ #] #H #V #F C | ||||
| .\" ======================================================================== | ||||
| .\" | ||||
| .IX Title "SCRYPT 7" | ||||
| .TH SCRYPT 7 "2020-04-21" "1.1.1g" "OpenSSL" | ||||
| .\" For nroff, turn off justification.  Always turn off hyphenation; it makes | ||||
| .\" way too many mistakes in technical documents. | ||||
| .if n .ad l | ||||
| .nh | ||||
| .SH "NAME" | ||||
| scrypt \- EVP_PKEY scrypt KDF support | ||||
| .SH "DESCRIPTION" | ||||
| .IX Header "DESCRIPTION" | ||||
| The \s-1EVP_PKEY_SCRYPT\s0 algorithm implements the scrypt password based key | ||||
| derivation function, as described in \s-1RFC 7914.\s0  It is memory-hard in the sense | ||||
| that it deliberately requires a significant amount of \s-1RAM\s0 for efficient | ||||
| computation. The intention of this is to render brute forcing of passwords on | ||||
| systems that lack large amounts of main memory (such as GPUs or ASICs) | ||||
| computationally infeasible. | ||||
| .PP | ||||
| scrypt provides three work factors that can be customized: N, r and p. N, which | ||||
| has to be a positive power of two, is the general work factor and scales \s-1CPU\s0 | ||||
| time in an approximately linear fashion. r is the block size of the internally | ||||
| used hash function and p is the parallelization factor. Both r and p need to be | ||||
| greater than zero. The amount of \s-1RAM\s0 that scrypt requires for its computation | ||||
| is roughly (128 * N * r * p) bytes. | ||||
| .PP | ||||
| In the original paper of Colin Percival (\*(L"Stronger Key Derivation via | ||||
| Sequential Memory-Hard Functions\*(R", 2009), the suggested values that give a | ||||
| computation time of less than 5 seconds on a 2.5 GHz Intel Core 2 Duo are N = | ||||
| 2^20 = 1048576, r = 8, p = 1. Consequently, the required amount of memory for | ||||
| this computation is roughly 1 GiB. On a more recent \s-1CPU\s0 (Intel i7\-5930K at 3.5 | ||||
| GHz), this computation takes about 3 seconds. When N, r or p are not specified, | ||||
| they default to 1048576, 8, and 1, respectively. The default amount of \s-1RAM\s0 that | ||||
| may be used by scrypt defaults to 1025 MiB. | ||||
| .SH "NOTES" | ||||
| .IX Header "NOTES" | ||||
| A context for scrypt can be obtained by calling: | ||||
| .PP | ||||
| .Vb 1 | ||||
| \& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL); | ||||
| .Ve | ||||
| .PP | ||||
| The output length of an scrypt key derivation is specified via the | ||||
| length parameter to the \fBEVP_PKEY_derive\fR\|(3) function. | ||||
| .SH "EXAMPLES" | ||||
| .IX Header "EXAMPLES" | ||||
| This example derives a 64\-byte long test vector using scrypt using the password | ||||
| \&\*(L"password\*(R", salt \*(L"NaCl\*(R" and N = 1024, r = 8, p = 16. | ||||
| .PP | ||||
| .Vb 2 | ||||
| \& EVP_PKEY_CTX *pctx; | ||||
| \& unsigned char out[64]; | ||||
| \& | ||||
| \& size_t outlen = sizeof(out); | ||||
| \& pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL); | ||||
| \& | ||||
| \& if (EVP_PKEY_derive_init(pctx) <= 0) { | ||||
| \&     error("EVP_PKEY_derive_init"); | ||||
| \& } | ||||
| \& if (EVP_PKEY_CTX_set1_pbe_pass(pctx, "password", 8) <= 0) { | ||||
| \&     error("EVP_PKEY_CTX_set1_pbe_pass"); | ||||
| \& } | ||||
| \& if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, "NaCl", 4) <= 0) { | ||||
| \&     error("EVP_PKEY_CTX_set1_scrypt_salt"); | ||||
| \& } | ||||
| \& if (EVP_PKEY_CTX_set_scrypt_N(pctx, 1024) <= 0) { | ||||
| \&     error("EVP_PKEY_CTX_set_scrypt_N"); | ||||
| \& } | ||||
| \& if (EVP_PKEY_CTX_set_scrypt_r(pctx, 8) <= 0) { | ||||
| \&     error("EVP_PKEY_CTX_set_scrypt_r"); | ||||
| \& } | ||||
| \& if (EVP_PKEY_CTX_set_scrypt_p(pctx, 16) <= 0) { | ||||
| \&     error("EVP_PKEY_CTX_set_scrypt_p"); | ||||
| \& } | ||||
| \& if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { | ||||
| \&     error("EVP_PKEY_derive"); | ||||
| \& } | ||||
| \& | ||||
| \& { | ||||
| \&     const unsigned char expected[sizeof(out)] = { | ||||
| \&         0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, | ||||
| \&         0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, | ||||
| \&         0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, | ||||
| \&         0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, | ||||
| \&         0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, | ||||
| \&         0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, | ||||
| \&         0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, | ||||
| \&         0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 | ||||
| \&     }; | ||||
| \& | ||||
| \&     assert(!memcmp(out, expected, sizeof(out))); | ||||
| \& } | ||||
| \& | ||||
| \& EVP_PKEY_CTX_free(pctx); | ||||
| .Ve | ||||
| .SH "CONFORMING TO" | ||||
| .IX Header "CONFORMING TO" | ||||
| \&\s-1RFC 7914\s0 | ||||
| .SH "SEE ALSO" | ||||
| .IX Header "SEE ALSO" | ||||
| \&\fBEVP_PKEY_CTX_set1_scrypt_salt\fR\|(3), | ||||
| \&\fBEVP_PKEY_CTX_set_scrypt_N\fR\|(3), | ||||
| \&\fBEVP_PKEY_CTX_set_scrypt_r\fR\|(3), | ||||
| \&\fBEVP_PKEY_CTX_set_scrypt_p\fR\|(3), | ||||
| \&\fBEVP_PKEY_CTX_set_scrypt_maxmem_bytes\fR\|(3), | ||||
| \&\fBEVP_PKEY_CTX_new\fR\|(3), | ||||
| \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), | ||||
| \&\fBEVP_PKEY_derive\fR\|(3) | ||||
| .SH "COPYRIGHT" | ||||
| .IX Header "COPYRIGHT" | ||||
| Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. | ||||
| .PP | ||||
| Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use | ||||
| this file except in compliance with the License.  You can obtain a copy | ||||
| in the file \s-1LICENSE\s0 in the source distribution or at | ||||
| <https://www.openssl.org/source/license.html>. | ||||
							
								
								
									
										914
									
								
								deps/openssl/mingw64/share/man/man7/ssl.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										914
									
								
								deps/openssl/mingw64/share/man/man7/ssl.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,914 @@ | ||||
| .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) | ||||
| .\" | ||||
| .\" Standard preamble: | ||||
| .\" ======================================================================== | ||||
| .de Sp \" Vertical space (when we can't use .PP) | ||||
| .if t .sp .5v | ||||
| .if n .sp | ||||
| .. | ||||
| .de Vb \" Begin verbatim text | ||||
| .ft CW | ||||
| .nf | ||||
| .ne \\$1 | ||||
| .. | ||||
| .de Ve \" End verbatim text | ||||
| .ft R | ||||
| .fi | ||||
| .. | ||||
| .\" Set up some character translations and predefined strings.  \*(-- will | ||||
| .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | ||||
| .\" double quote, and \*(R" will give a right double quote.  \*(C+ will | ||||
| .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and | ||||
| .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff, | ||||
| .\" nothing in troff, for use with C<>. | ||||
| .tr \(*W- | ||||
| .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | ||||
| .ie n \{\ | ||||
| .    ds -- \(*W- | ||||
| .    ds PI pi | ||||
| .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | ||||
| .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch | ||||
| .    ds L" "" | ||||
| .    ds R" "" | ||||
| .    ds C` "" | ||||
| .    ds C' "" | ||||
| 'br\} | ||||
| .el\{\ | ||||
| .    ds -- \|\(em\| | ||||
| .    ds PI \(*p | ||||
| .    ds L" `` | ||||
| .    ds R" '' | ||||
| .    ds C` | ||||
| .    ds C' | ||||
| 'br\} | ||||
| .\" | ||||
| .\" Escape single quotes in literal strings from groff's Unicode transform. | ||||
| .ie \n(.g .ds Aq \(aq | ||||
| .el       .ds Aq ' | ||||
| .\" | ||||
| .\" If the F register is >0, we'll generate index entries on stderr for | ||||
| .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | ||||
| .\" entries marked with X<> in POD.  Of course, you'll have to process the | ||||
| .\" output yourself in some meaningful fashion. | ||||
| .\" | ||||
| .\" Avoid warning from groff about undefined register 'F'. | ||||
| .de IX | ||||
| .. | ||||
| .nr rF 0 | ||||
| .if \n(.g .if rF .nr rF 1 | ||||
| .if (\n(rF:(\n(.g==0)) \{\ | ||||
| .    if \nF \{\ | ||||
| .        de IX | ||||
| .        tm Index:\\$1\t\\n%\t"\\$2" | ||||
| .. | ||||
| .        if !\nF==2 \{\ | ||||
| .            nr % 0 | ||||
| .            nr F 2 | ||||
| .        \} | ||||
| .    \} | ||||
| .\} | ||||
| .rr rF | ||||
| .\" | ||||
| .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | ||||
| .\" Fear.  Run.  Save yourself.  No user-serviceable parts. | ||||
| .    \" fudge factors for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds #H 0 | ||||
| .    ds #V .8m | ||||
| .    ds #F .3m | ||||
| .    ds #[ \f1 | ||||
| .    ds #] \fP | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds #H ((1u-(\\\\n(.fu%2u))*.13m) | ||||
| .    ds #V .6m | ||||
| .    ds #F 0 | ||||
| .    ds #[ \& | ||||
| .    ds #] \& | ||||
| .\} | ||||
| .    \" simple accents for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds ' \& | ||||
| .    ds ` \& | ||||
| .    ds ^ \& | ||||
| .    ds , \& | ||||
| .    ds ~ ~ | ||||
| .    ds / | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | ||||
| .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | ||||
| .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | ||||
| .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | ||||
| .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | ||||
| .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | ||||
| .\} | ||||
| .    \" troff and (daisy-wheel) nroff accents | ||||
| .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | ||||
| .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | ||||
| .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | ||||
| .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | ||||
| .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | ||||
| .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | ||||
| .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | ||||
| .ds ae a\h'-(\w'a'u*4/10)'e | ||||
| .ds Ae A\h'-(\w'A'u*4/10)'E | ||||
| .    \" corrections for vroff | ||||
| .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | ||||
| .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | ||||
| .    \" for low resolution devices (crt and lpr) | ||||
| .if \n(.H>23 .if \n(.V>19 \ | ||||
| \{\ | ||||
| .    ds : e | ||||
| .    ds 8 ss | ||||
| .    ds o a | ||||
| .    ds d- d\h'-1'\(ga | ||||
| .    ds D- D\h'-1'\(hy | ||||
| .    ds th \o'bp' | ||||
| .    ds Th \o'LP' | ||||
| .    ds ae ae | ||||
| .    ds Ae AE | ||||
| .\} | ||||
| .rm #[ #] #H #V #F C | ||||
| .\" ======================================================================== | ||||
| .\" | ||||
| .IX Title "SSL 7" | ||||
| .TH SSL 7 "2020-04-21" "1.1.1g" "OpenSSL" | ||||
| .\" For nroff, turn off justification.  Always turn off hyphenation; it makes | ||||
| .\" way too many mistakes in technical documents. | ||||
| .if n .ad l | ||||
| .nh | ||||
| .SH "NAME" | ||||
| ssl \- OpenSSL SSL/TLS library | ||||
| .SH "SYNOPSIS" | ||||
| .IX Header "SYNOPSIS" | ||||
| See the individual manual pages for details. | ||||
| .SH "DESCRIPTION" | ||||
| .IX Header "DESCRIPTION" | ||||
| The OpenSSL \fBssl\fR library implements the Secure Sockets Layer (\s-1SSL\s0 v2/v3) and | ||||
| Transport Layer Security (\s-1TLS\s0 v1) protocols. It provides a rich \s-1API\s0 which is | ||||
| documented here. | ||||
| .PP | ||||
| An \fB\s-1SSL_CTX\s0\fR object is created as a framework to establish | ||||
| \&\s-1TLS/SSL\s0 enabled connections (see \fBSSL_CTX_new\fR\|(3)). | ||||
| Various options regarding certificates, algorithms etc. can be set | ||||
| in this object. | ||||
| .PP | ||||
| When a network connection has been created, it can be assigned to an | ||||
| \&\fB\s-1SSL\s0\fR object. After the \fB\s-1SSL\s0\fR object has been created using | ||||
| \&\fBSSL_new\fR\|(3), \fBSSL_set_fd\fR\|(3) or | ||||
| \&\fBSSL_set_bio\fR\|(3) can be used to associate the network | ||||
| connection with the object. | ||||
| .PP | ||||
| When the \s-1TLS/SSL\s0 handshake is performed using | ||||
| \&\fBSSL_accept\fR\|(3) or \fBSSL_connect\fR\|(3) | ||||
| respectively. | ||||
| \&\fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) and \fBSSL_write\fR\|(3) are | ||||
| used to read and write data on the \s-1TLS/SSL\s0 connection. | ||||
| \&\fBSSL_shutdown\fR\|(3) can be used to shut down the | ||||
| \&\s-1TLS/SSL\s0 connection. | ||||
| .SH "DATA STRUCTURES" | ||||
| .IX Header "DATA STRUCTURES" | ||||
| Currently the OpenSSL \fBssl\fR library functions deals with the following data | ||||
| structures: | ||||
| .IP "\fB\s-1SSL_METHOD\s0\fR (\s-1SSL\s0 Method)" 4 | ||||
| .IX Item "SSL_METHOD (SSL Method)" | ||||
| This is a dispatch structure describing the internal \fBssl\fR library | ||||
| methods/functions which implement the various protocol versions (SSLv3 | ||||
| TLSv1, ...). It's needed to create an \fB\s-1SSL_CTX\s0\fR. | ||||
| .IP "\fB\s-1SSL_CIPHER\s0\fR (\s-1SSL\s0 Cipher)" 4 | ||||
| .IX Item "SSL_CIPHER (SSL Cipher)" | ||||
| This structure holds the algorithm information for a particular cipher which | ||||
| are a core part of the \s-1SSL/TLS\s0 protocol. The available ciphers are configured | ||||
| on a \fB\s-1SSL_CTX\s0\fR basis and the actual ones used are then part of the | ||||
| \&\fB\s-1SSL_SESSION\s0\fR. | ||||
| .IP "\fB\s-1SSL_CTX\s0\fR (\s-1SSL\s0 Context)" 4 | ||||
| .IX Item "SSL_CTX (SSL Context)" | ||||
| This is the global context structure which is created by a server or client | ||||
| once per program life-time and which holds mainly default values for the | ||||
| \&\fB\s-1SSL\s0\fR structures which are later created for the connections. | ||||
| .IP "\fB\s-1SSL_SESSION\s0\fR (\s-1SSL\s0 Session)" 4 | ||||
| .IX Item "SSL_SESSION (SSL Session)" | ||||
| This is a structure containing the current \s-1TLS/SSL\s0 session details for a | ||||
| connection: \fB\s-1SSL_CIPHER\s0\fRs, client and server certificates, keys, etc. | ||||
| .IP "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4 | ||||
| .IX Item "SSL (SSL Connection)" | ||||
| This is the main \s-1SSL/TLS\s0 structure which is created by a server or client per | ||||
| established connection. This actually is the core structure in the \s-1SSL API.\s0 | ||||
| At run-time the application usually deals with this structure which has | ||||
| links to mostly all other structures. | ||||
| .SH "HEADER FILES" | ||||
| .IX Header "HEADER FILES" | ||||
| Currently the OpenSSL \fBssl\fR library provides the following C header files | ||||
| containing the prototypes for the data structures and functions: | ||||
| .IP "\fBssl.h\fR" 4 | ||||
| .IX Item "ssl.h" | ||||
| This is the common header file for the \s-1SSL/TLS API.\s0  Include it into your | ||||
| program to make the \s-1API\s0 of the \fBssl\fR library available. It internally | ||||
| includes both more private \s-1SSL\s0 headers and headers from the \fBcrypto\fR library. | ||||
| Whenever you need hard-core details on the internals of the \s-1SSL API,\s0 look | ||||
| inside this header file. | ||||
| .IP "\fBssl2.h\fR" 4 | ||||
| .IX Item "ssl2.h" | ||||
| Unused. Present for backwards compatibility only. | ||||
| .IP "\fBssl3.h\fR" 4 | ||||
| .IX Item "ssl3.h" | ||||
| This is the sub header file dealing with the SSLv3 protocol only. | ||||
| \&\fIUsually you don't have to include it explicitly because | ||||
| it's already included by ssl.h\fR. | ||||
| .IP "\fBtls1.h\fR" 4 | ||||
| .IX Item "tls1.h" | ||||
| This is the sub header file dealing with the TLSv1 protocol only. | ||||
| \&\fIUsually you don't have to include it explicitly because | ||||
| it's already included by ssl.h\fR. | ||||
| .SH "API FUNCTIONS" | ||||
| .IX Header "API FUNCTIONS" | ||||
| Currently the OpenSSL \fBssl\fR library exports 214 \s-1API\s0 functions. | ||||
| They are documented in the following: | ||||
| .SS "Dealing with Protocol Methods" | ||||
| .IX Subsection "Dealing with Protocol Methods" | ||||
| Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 | ||||
| protocol methods defined in \fB\s-1SSL_METHOD\s0\fR structures. | ||||
| .IP "const \s-1SSL_METHOD\s0 *\fBTLS_method\fR(void);" 4 | ||||
| .IX Item "const SSL_METHOD *TLS_method(void);" | ||||
| Constructor for the \fIversion-flexible\fR \s-1SSL_METHOD\s0 structure for clients, | ||||
| servers or both. | ||||
| See \fBSSL_CTX_new\fR\|(3) for details. | ||||
| .IP "const \s-1SSL_METHOD\s0 *\fBTLS_client_method\fR(void);" 4 | ||||
| .IX Item "const SSL_METHOD *TLS_client_method(void);" | ||||
| Constructor for the \fIversion-flexible\fR \s-1SSL_METHOD\s0 structure for clients. | ||||
| Must be used to support the TLSv1.3 protocol. | ||||
| .IP "const \s-1SSL_METHOD\s0 *\fBTLS_server_method\fR(void);" 4 | ||||
| .IX Item "const SSL_METHOD *TLS_server_method(void);" | ||||
| Constructor for the \fIversion-flexible\fR \s-1SSL_METHOD\s0 structure for servers. | ||||
| Must be used to support the TLSv1.3 protocol. | ||||
| .IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_2_method\fR(void);" 4 | ||||
| .IX Item "const SSL_METHOD *TLSv1_2_method(void);" | ||||
| Constructor for the TLSv1.2 \s-1SSL_METHOD\s0 structure for clients, servers or both. | ||||
| .IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_2_client_method\fR(void);" 4 | ||||
| .IX Item "const SSL_METHOD *TLSv1_2_client_method(void);" | ||||
| Constructor for the TLSv1.2 \s-1SSL_METHOD\s0 structure for clients. | ||||
| .IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_2_server_method\fR(void);" 4 | ||||
| .IX Item "const SSL_METHOD *TLSv1_2_server_method(void);" | ||||
| Constructor for the TLSv1.2 \s-1SSL_METHOD\s0 structure for servers. | ||||
| .IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_1_method\fR(void);" 4 | ||||
| .IX Item "const SSL_METHOD *TLSv1_1_method(void);" | ||||
| Constructor for the TLSv1.1 \s-1SSL_METHOD\s0 structure for clients, servers or both. | ||||
| .IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_1_client_method\fR(void);" 4 | ||||
| .IX Item "const SSL_METHOD *TLSv1_1_client_method(void);" | ||||
| Constructor for the TLSv1.1 \s-1SSL_METHOD\s0 structure for clients. | ||||
| .IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_1_server_method\fR(void);" 4 | ||||
| .IX Item "const SSL_METHOD *TLSv1_1_server_method(void);" | ||||
| Constructor for the TLSv1.1 \s-1SSL_METHOD\s0 structure for servers. | ||||
| .IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_method\fR(void);" 4 | ||||
| .IX Item "const SSL_METHOD *TLSv1_method(void);" | ||||
| Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for clients, servers or both. | ||||
| .IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_client_method\fR(void);" 4 | ||||
| .IX Item "const SSL_METHOD *TLSv1_client_method(void);" | ||||
| Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for clients. | ||||
| .IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_server_method\fR(void);" 4 | ||||
| .IX Item "const SSL_METHOD *TLSv1_server_method(void);" | ||||
| Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for servers. | ||||
| .IP "const \s-1SSL_METHOD\s0 *\fBSSLv3_method\fR(void);" 4 | ||||
| .IX Item "const SSL_METHOD *SSLv3_method(void);" | ||||
| Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for clients, servers or both. | ||||
| .IP "const \s-1SSL_METHOD\s0 *\fBSSLv3_client_method\fR(void);" 4 | ||||
| .IX Item "const SSL_METHOD *SSLv3_client_method(void);" | ||||
| Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for clients. | ||||
| .IP "const \s-1SSL_METHOD\s0 *\fBSSLv3_server_method\fR(void);" 4 | ||||
| .IX Item "const SSL_METHOD *SSLv3_server_method(void);" | ||||
| Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for servers. | ||||
| .SS "Dealing with Ciphers" | ||||
| .IX Subsection "Dealing with Ciphers" | ||||
| Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 | ||||
| ciphers defined in \fB\s-1SSL_CIPHER\s0\fR structures. | ||||
| .IP "char *\fBSSL_CIPHER_description\fR(\s-1SSL_CIPHER\s0 *cipher, char *buf, int len);" 4 | ||||
| .IX Item "char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len);" | ||||
| Write a string to \fIbuf\fR (with a maximum size of \fIlen\fR) containing a human | ||||
| readable description of \fIcipher\fR. Returns \fIbuf\fR. | ||||
| .IP "int \fBSSL_CIPHER_get_bits\fR(\s-1SSL_CIPHER\s0 *cipher, int *alg_bits);" 4 | ||||
| .IX Item "int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits);" | ||||
| Determine the number of bits in \fIcipher\fR. Because of export crippled ciphers | ||||
| there are two bits: The bits the algorithm supports in general (stored to | ||||
| \&\fIalg_bits\fR) and the bits which are actually used (the return value). | ||||
| .IP "const char *\fBSSL_CIPHER_get_name\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 | ||||
| .IX Item "const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher);" | ||||
| Return the internal name of \fIcipher\fR as a string. These are the various | ||||
| strings defined by the \fISSL3_TXT_xxx\fR and \fITLS1_TXT_xxx\fR | ||||
| definitions in the header files. | ||||
| .IP "const char *\fBSSL_CIPHER_get_version\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 | ||||
| .IX Item "const char *SSL_CIPHER_get_version(SSL_CIPHER *cipher);" | ||||
| Returns a string like "\f(CW\*(C`SSLv3\*(C'\fR\*(L" or \*(R"\f(CW\*(C`TLSv1.2\*(C'\fR" which indicates the | ||||
| \&\s-1SSL/TLS\s0 protocol version to which \fIcipher\fR belongs (i.e. where it was defined | ||||
| in the specification the first time). | ||||
| .SS "Dealing with Protocol Contexts" | ||||
| .IX Subsection "Dealing with Protocol Contexts" | ||||
| Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 | ||||
| protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure. | ||||
| .IP "int \fBSSL_CTX_add_client_CA\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 | ||||
| .IX Item "int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);" | ||||
| .PD 0 | ||||
| .IP "long \fBSSL_CTX_add_extra_chain_cert\fR(\s-1SSL_CTX\s0 *ctx, X509 *x509);" 4 | ||||
| .IX Item "long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);" | ||||
| .IP "int \fBSSL_CTX_add_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 | ||||
| .IX Item "int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);" | ||||
| .IP "int \fBSSL_CTX_check_private_key\fR(const \s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_check_private_key(const SSL_CTX *ctx);" | ||||
| .IP "long \fBSSL_CTX_ctrl\fR(\s-1SSL_CTX\s0 *ctx, int cmd, long larg, char *parg);" 4 | ||||
| .IX Item "long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);" | ||||
| .IP "void \fBSSL_CTX_flush_sessions\fR(\s-1SSL_CTX\s0 *s, long t);" 4 | ||||
| .IX Item "void SSL_CTX_flush_sessions(SSL_CTX *s, long t);" | ||||
| .IP "void \fBSSL_CTX_free\fR(\s-1SSL_CTX\s0 *a);" 4 | ||||
| .IX Item "void SSL_CTX_free(SSL_CTX *a);" | ||||
| .IP "char *\fBSSL_CTX_get_app_data\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "char *SSL_CTX_get_app_data(SSL_CTX *ctx);" | ||||
| .IP "X509_STORE *\fBSSL_CTX_get_cert_store\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);" | ||||
| .IP "\s-1STACK\s0 *\fBSSL_CTX_get_ciphers\fR(const \s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "STACK *SSL_CTX_get_ciphers(const SSL_CTX *ctx);" | ||||
| .IP "\s-1STACK\s0 *\fBSSL_CTX_get_client_CA_list\fR(const \s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "STACK *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);" | ||||
| .IP "int (*\fBSSL_CTX_get_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey);" 4 | ||||
| .IX Item "int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);" | ||||
| .IP "void \fBSSL_CTX_get_default_read_ahead\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "void SSL_CTX_get_default_read_ahead(SSL_CTX *ctx);" | ||||
| .IP "char *\fBSSL_CTX_get_ex_data\fR(const \s-1SSL_CTX\s0 *s, int idx);" 4 | ||||
| .IX Item "char *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx);" | ||||
| .IP "int \fBSSL_CTX_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 | ||||
| .IX Item "int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" | ||||
| .IP "void (*\fBSSL_CTX_get_info_callback\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, int cb, int ret);" 4 | ||||
| .IX Item "void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);" | ||||
| .IP "int \fBSSL_CTX_get_quiet_shutdown\fR(const \s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);" | ||||
| .IP "void \fBSSL_CTX_get_read_ahead\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "void SSL_CTX_get_read_ahead(SSL_CTX *ctx);" | ||||
| .IP "int \fBSSL_CTX_get_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_get_session_cache_mode(SSL_CTX *ctx);" | ||||
| .IP "long \fBSSL_CTX_get_timeout\fR(const \s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "long SSL_CTX_get_timeout(const SSL_CTX *ctx);" | ||||
| .IP "int (*\fBSSL_CTX_get_verify_callback\fR(const \s-1SSL_CTX\s0 *ctx))(int ok, X509_STORE_CTX *ctx);" 4 | ||||
| .IX Item "int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);" | ||||
| .IP "int \fBSSL_CTX_get_verify_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_get_verify_mode(SSL_CTX *ctx);" | ||||
| .IP "int \fBSSL_CTX_load_verify_locations\fR(\s-1SSL_CTX\s0 *ctx, const char *CAfile, const char *CApath);" 4 | ||||
| .IX Item "int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath);" | ||||
| .IP "\s-1SSL_CTX\s0 *\fBSSL_CTX_new\fR(const \s-1SSL_METHOD\s0 *meth);" 4 | ||||
| .IX Item "SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);" | ||||
| .IP "int SSL_CTX_up_ref(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_up_ref(SSL_CTX *ctx);" | ||||
| .IP "int \fBSSL_CTX_remove_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 | ||||
| .IX Item "int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);" | ||||
| .IP "int \fBSSL_CTX_sess_accept\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_sess_accept(SSL_CTX *ctx);" | ||||
| .IP "int \fBSSL_CTX_sess_accept_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_sess_accept_good(SSL_CTX *ctx);" | ||||
| .IP "int \fBSSL_CTX_sess_accept_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);" | ||||
| .IP "int \fBSSL_CTX_sess_cache_full\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_sess_cache_full(SSL_CTX *ctx);" | ||||
| .IP "int \fBSSL_CTX_sess_cb_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_sess_cb_hits(SSL_CTX *ctx);" | ||||
| .IP "int \fBSSL_CTX_sess_connect\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_sess_connect(SSL_CTX *ctx);" | ||||
| .IP "int \fBSSL_CTX_sess_connect_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_sess_connect_good(SSL_CTX *ctx);" | ||||
| .IP "int \fBSSL_CTX_sess_connect_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);" | ||||
| .IP "int \fBSSL_CTX_sess_get_cache_size\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);" | ||||
| .IP "\s-1SSL_SESSION\s0 *(*\fBSSL_CTX_sess_get_get_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy);" 4 | ||||
| .IX Item "SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);" | ||||
| .IP "int (*\fBSSL_CTX_sess_get_new_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess);" 4 | ||||
| .IX Item "int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);" | ||||
| .IP "void (*\fBSSL_CTX_sess_get_remove_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess);" 4 | ||||
| .IX Item "void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);" | ||||
| .IP "int \fBSSL_CTX_sess_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_sess_hits(SSL_CTX *ctx);" | ||||
| .IP "int \fBSSL_CTX_sess_misses\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_sess_misses(SSL_CTX *ctx);" | ||||
| .IP "int \fBSSL_CTX_sess_number\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_sess_number(SSL_CTX *ctx);" | ||||
| .IP "void \fBSSL_CTX_sess_set_cache_size\fR(\s-1SSL_CTX\s0 *ctx, t);" 4 | ||||
| .IX Item "void SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, t);" | ||||
| .IP "void \fBSSL_CTX_sess_set_get_cb\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *(*cb)(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy));" 4 | ||||
| .IX Item "void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));" | ||||
| .IP "void \fBSSL_CTX_sess_set_new_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess));" 4 | ||||
| .IX Item "void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));" | ||||
| .IP "void \fBSSL_CTX_sess_set_remove_cb\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess));" 4 | ||||
| .IX Item "void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));" | ||||
| .IP "int \fBSSL_CTX_sess_timeouts\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_sess_timeouts(SSL_CTX *ctx);" | ||||
| .IP "\s-1LHASH\s0 *\fBSSL_CTX_sessions\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "LHASH *SSL_CTX_sessions(SSL_CTX *ctx);" | ||||
| .IP "int \fBSSL_CTX_set_app_data\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 | ||||
| .IX Item "int SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg);" | ||||
| .IP "void \fBSSL_CTX_set_cert_store\fR(\s-1SSL_CTX\s0 *ctx, X509_STORE *cs);" 4 | ||||
| .IX Item "void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs);" | ||||
| .IP "void \fBSSL_CTX_set1_cert_store\fR(\s-1SSL_CTX\s0 *ctx, X509_STORE *cs);" 4 | ||||
| .IX Item "void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *cs);" | ||||
| .IP "void \fBSSL_CTX_set_cert_verify_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(), char *arg)" 4 | ||||
| .IX Item "void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(), char *arg)" | ||||
| .IP "int \fBSSL_CTX_set_cipher_list\fR(\s-1SSL_CTX\s0 *ctx, char *str);" 4 | ||||
| .IX Item "int SSL_CTX_set_cipher_list(SSL_CTX *ctx, char *str);" | ||||
| .IP "void \fBSSL_CTX_set_client_CA_list\fR(\s-1SSL_CTX\s0 *ctx, \s-1STACK\s0 *list);" 4 | ||||
| .IX Item "void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);" | ||||
| .IP "void \fBSSL_CTX_set_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey));" 4 | ||||
| .IX Item "void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));" | ||||
| .IP "int \fBSSL_CTX_set_ct_validation_callback\fR(\s-1SSL_CTX\s0 *ctx, ssl_ct_validation_cb callback, void *arg);" 4 | ||||
| .IX Item "int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, ssl_ct_validation_cb callback, void *arg);" | ||||
| .IP "void \fBSSL_CTX_set_default_passwd_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb);(void))" 4 | ||||
| .IX Item "void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, int (*cb);(void))" | ||||
| .IP "void \fBSSL_CTX_set_default_read_ahead\fR(\s-1SSL_CTX\s0 *ctx, int m);" 4 | ||||
| .IX Item "void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m);" | ||||
| .IP "int \fBSSL_CTX_set_default_verify_paths\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);" | ||||
| .PD | ||||
| Use the default paths to locate trusted \s-1CA\s0 certificates. There is one default | ||||
| directory path and one default file path. Both are set via this call. | ||||
| .IP "int \fBSSL_CTX_set_default_verify_dir\fR(\s-1SSL_CTX\s0 *ctx)" 4 | ||||
| .IX Item "int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)" | ||||
| Use the default directory path to locate trusted \s-1CA\s0 certificates. | ||||
| .IP "int \fBSSL_CTX_set_default_verify_file\fR(\s-1SSL_CTX\s0 *ctx)" 4 | ||||
| .IX Item "int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)" | ||||
| Use the file path to locate trusted \s-1CA\s0 certificates. | ||||
| .IP "int \fBSSL_CTX_set_ex_data\fR(\s-1SSL_CTX\s0 *s, int idx, char *arg);" 4 | ||||
| .IX Item "int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);" | ||||
| .PD 0 | ||||
| .IP "void \fBSSL_CTX_set_info_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL\s0 *ssl, int cb, int ret));" 4 | ||||
| .IX Item "void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));" | ||||
| .IP "void \fBSSL_CTX_set_msg_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 | ||||
| .IX Item "void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));" | ||||
| .IP "void \fBSSL_CTX_set_msg_callback_arg\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 | ||||
| .IX Item "void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);" | ||||
| .IP "unsigned long \fBSSL_CTX_clear_options\fR(\s-1SSL_CTX\s0 *ctx, unsigned long op);" 4 | ||||
| .IX Item "unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op);" | ||||
| .IP "unsigned long \fBSSL_CTX_get_options\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "unsigned long SSL_CTX_get_options(SSL_CTX *ctx);" | ||||
| .IP "unsigned long \fBSSL_CTX_set_options\fR(\s-1SSL_CTX\s0 *ctx, unsigned long op);" 4 | ||||
| .IX Item "unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);" | ||||
| .IP "void \fBSSL_CTX_set_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 | ||||
| .IX Item "void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);" | ||||
| .IP "void \fBSSL_CTX_set_read_ahead\fR(\s-1SSL_CTX\s0 *ctx, int m);" 4 | ||||
| .IX Item "void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int m);" | ||||
| .IP "void \fBSSL_CTX_set_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 | ||||
| .IX Item "void SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode);" | ||||
| .IP "int \fBSSL_CTX_set_ssl_version\fR(\s-1SSL_CTX\s0 *ctx, const \s-1SSL_METHOD\s0 *meth);" 4 | ||||
| .IX Item "int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);" | ||||
| .IP "void \fBSSL_CTX_set_timeout\fR(\s-1SSL_CTX\s0 *ctx, long t);" 4 | ||||
| .IX Item "void SSL_CTX_set_timeout(SSL_CTX *ctx, long t);" | ||||
| .IP "long \fBSSL_CTX_set_tmp_dh\fR(SSL_CTX* ctx, \s-1DH\s0 *dh);" 4 | ||||
| .IX Item "long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh);" | ||||
| .IP "long \fBSSL_CTX_set_tmp_dh_callback\fR(\s-1SSL_CTX\s0 *ctx, \s-1DH\s0 *(*cb)(void));" 4 | ||||
| .IX Item "long SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(void));" | ||||
| .IP "void \fBSSL_CTX_set_verify\fR(\s-1SSL_CTX\s0 *ctx, int mode, int (*cb);(void))" 4 | ||||
| .IX Item "void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))" | ||||
| .IP "int \fBSSL_CTX_use_PrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1EVP_PKEY\s0 *pkey);" 4 | ||||
| .IX Item "int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);" | ||||
| .IP "int \fBSSL_CTX_use_PrivateKey_ASN1\fR(int type, \s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 | ||||
| .IX Item "int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, long len);" | ||||
| .IP "int \fBSSL_CTX_use_PrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, const char *file, int type);" 4 | ||||
| .IX Item "int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);" | ||||
| .IP "int \fBSSL_CTX_use_RSAPrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4 | ||||
| .IX Item "int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);" | ||||
| .IP "int \fBSSL_CTX_use_RSAPrivateKey_ASN1\fR(\s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 | ||||
| .IX Item "int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);" | ||||
| .IP "int \fBSSL_CTX_use_RSAPrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, const char *file, int type);" 4 | ||||
| .IX Item "int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);" | ||||
| .IP "int \fBSSL_CTX_use_certificate\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 | ||||
| .IX Item "int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);" | ||||
| .IP "int \fBSSL_CTX_use_certificate_ASN1\fR(\s-1SSL_CTX\s0 *ctx, int len, unsigned char *d);" 4 | ||||
| .IX Item "int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);" | ||||
| .IP "int \fBSSL_CTX_use_certificate_file\fR(\s-1SSL_CTX\s0 *ctx, const char *file, int type);" 4 | ||||
| .IX Item "int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);" | ||||
| .IP "int \fBSSL_CTX_use_cert_and_key\fR(\s-1SSL_CTX\s0 *ctx, X509 *x, \s-1EVP_PKEY\s0 *pkey, \s-1STACK_OF\s0(X509) *chain, int override);" 4 | ||||
| .IX Item "int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);" | ||||
| .IP "X509 *\fBSSL_CTX_get0_certificate\fR(const \s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);" | ||||
| .IP "\s-1EVP_PKEY\s0 *\fBSSL_CTX_get0_privatekey\fR(const \s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);" | ||||
| .IP "void \fBSSL_CTX_set_psk_client_callback\fR(\s-1SSL_CTX\s0 *ctx, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" 4 | ||||
| .IX Item "void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" | ||||
| .IP "int \fBSSL_CTX_use_psk_identity_hint\fR(\s-1SSL_CTX\s0 *ctx, const char *hint);" 4 | ||||
| .IX Item "int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);" | ||||
| .IP "void \fBSSL_CTX_set_psk_server_callback\fR(\s-1SSL_CTX\s0 *ctx, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *identity, unsigned char *psk, int max_psk_len));" 4 | ||||
| .IX Item "void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));" | ||||
| .PD | ||||
| .SS "Dealing with Sessions" | ||||
| .IX Subsection "Dealing with Sessions" | ||||
| Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 | ||||
| sessions defined in the \fB\s-1SSL_SESSION\s0\fR structures. | ||||
| .IP "int \fBSSL_SESSION_cmp\fR(const \s-1SSL_SESSION\s0 *a, const \s-1SSL_SESSION\s0 *b);" 4 | ||||
| .IX Item "int SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b);" | ||||
| .PD 0 | ||||
| .IP "void \fBSSL_SESSION_free\fR(\s-1SSL_SESSION\s0 *ss);" 4 | ||||
| .IX Item "void SSL_SESSION_free(SSL_SESSION *ss);" | ||||
| .IP "char *\fBSSL_SESSION_get_app_data\fR(\s-1SSL_SESSION\s0 *s);" 4 | ||||
| .IX Item "char *SSL_SESSION_get_app_data(SSL_SESSION *s);" | ||||
| .IP "char *\fBSSL_SESSION_get_ex_data\fR(const \s-1SSL_SESSION\s0 *s, int idx);" 4 | ||||
| .IX Item "char *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx);" | ||||
| .IP "int \fBSSL_SESSION_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 | ||||
| .IX Item "int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" | ||||
| .IP "long \fBSSL_SESSION_get_time\fR(const \s-1SSL_SESSION\s0 *s);" 4 | ||||
| .IX Item "long SSL_SESSION_get_time(const SSL_SESSION *s);" | ||||
| .IP "long \fBSSL_SESSION_get_timeout\fR(const \s-1SSL_SESSION\s0 *s);" 4 | ||||
| .IX Item "long SSL_SESSION_get_timeout(const SSL_SESSION *s);" | ||||
| .IP "unsigned long \fBSSL_SESSION_hash\fR(const \s-1SSL_SESSION\s0 *a);" 4 | ||||
| .IX Item "unsigned long SSL_SESSION_hash(const SSL_SESSION *a);" | ||||
| .IP "\s-1SSL_SESSION\s0 *\fBSSL_SESSION_new\fR(void);" 4 | ||||
| .IX Item "SSL_SESSION *SSL_SESSION_new(void);" | ||||
| .IP "int \fBSSL_SESSION_print\fR(\s-1BIO\s0 *bp, const \s-1SSL_SESSION\s0 *x);" 4 | ||||
| .IX Item "int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x);" | ||||
| .IP "int \fBSSL_SESSION_print_fp\fR(\s-1FILE\s0 *fp, const \s-1SSL_SESSION\s0 *x);" 4 | ||||
| .IX Item "int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x);" | ||||
| .IP "int \fBSSL_SESSION_set_app_data\fR(\s-1SSL_SESSION\s0 *s, char *a);" 4 | ||||
| .IX Item "int SSL_SESSION_set_app_data(SSL_SESSION *s, char *a);" | ||||
| .IP "int \fBSSL_SESSION_set_ex_data\fR(\s-1SSL_SESSION\s0 *s, int idx, char *arg);" 4 | ||||
| .IX Item "int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, char *arg);" | ||||
| .IP "long \fBSSL_SESSION_set_time\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 | ||||
| .IX Item "long SSL_SESSION_set_time(SSL_SESSION *s, long t);" | ||||
| .IP "long \fBSSL_SESSION_set_timeout\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 | ||||
| .IX Item "long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);" | ||||
| .PD | ||||
| .SS "Dealing with Connections" | ||||
| .IX Subsection "Dealing with Connections" | ||||
| Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 | ||||
| connection defined in the \fB\s-1SSL\s0\fR structure. | ||||
| .IP "int \fBSSL_accept\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_accept(SSL *ssl);" | ||||
| .PD 0 | ||||
| .IP "int \fBSSL_add_dir_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *dir);" 4 | ||||
| .IX Item "int SSL_add_dir_cert_subjects_to_stack(STACK *stack, const char *dir);" | ||||
| .IP "int \fBSSL_add_file_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *file);" 4 | ||||
| .IX Item "int SSL_add_file_cert_subjects_to_stack(STACK *stack, const char *file);" | ||||
| .IP "int \fBSSL_add_client_CA\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 | ||||
| .IX Item "int SSL_add_client_CA(SSL *ssl, X509 *x);" | ||||
| .IP "char *\fBSSL_alert_desc_string\fR(int value);" 4 | ||||
| .IX Item "char *SSL_alert_desc_string(int value);" | ||||
| .IP "char *\fBSSL_alert_desc_string_long\fR(int value);" 4 | ||||
| .IX Item "char *SSL_alert_desc_string_long(int value);" | ||||
| .IP "char *\fBSSL_alert_type_string\fR(int value);" 4 | ||||
| .IX Item "char *SSL_alert_type_string(int value);" | ||||
| .IP "char *\fBSSL_alert_type_string_long\fR(int value);" 4 | ||||
| .IX Item "char *SSL_alert_type_string_long(int value);" | ||||
| .IP "int \fBSSL_check_private_key\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_check_private_key(const SSL *ssl);" | ||||
| .IP "void \fBSSL_clear\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "void SSL_clear(SSL *ssl);" | ||||
| .IP "long \fBSSL_clear_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "long SSL_clear_num_renegotiations(SSL *ssl);" | ||||
| .IP "int \fBSSL_connect\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_connect(SSL *ssl);" | ||||
| .IP "int \fBSSL_copy_session_id\fR(\s-1SSL\s0 *t, const \s-1SSL\s0 *f);" 4 | ||||
| .IX Item "int SSL_copy_session_id(SSL *t, const SSL *f);" | ||||
| .PD | ||||
| Sets the session details for \fBt\fR to be the same as in \fBf\fR. Returns 1 on | ||||
| success or 0 on failure. | ||||
| .IP "long \fBSSL_ctrl\fR(\s-1SSL\s0 *ssl, int cmd, long larg, char *parg);" 4 | ||||
| .IX Item "long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);" | ||||
| .PD 0 | ||||
| .IP "int \fBSSL_do_handshake\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_do_handshake(SSL *ssl);" | ||||
| .IP "\s-1SSL\s0 *\fBSSL_dup\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "SSL *SSL_dup(SSL *ssl);" | ||||
| .PD | ||||
| \&\fBSSL_dup()\fR allows applications to configure an \s-1SSL\s0 handle for use | ||||
| in multiple \s-1SSL\s0 connections, and then duplicate it prior to initiating | ||||
| each connection with the duplicated handle. | ||||
| Use of \fBSSL_dup()\fR avoids the need to repeat the configuration of the | ||||
| handles for each connection. | ||||
| .Sp | ||||
| For \fBSSL_dup()\fR to work, the connection \s-1MUST\s0 be in its initial state | ||||
| and \s-1MUST NOT\s0 have not yet have started the \s-1SSL\s0 handshake. | ||||
| For connections that are not in their initial state \fBSSL_dup()\fR just | ||||
| increments an internal reference count and returns the \fIsame\fR | ||||
| handle. | ||||
| It may be possible to use \fBSSL_clear\fR\|(3) to recycle an \s-1SSL\s0 handle | ||||
| that is not in its initial state for re-use, but this is best | ||||
| avoided. | ||||
| Instead, save and restore the session, if desired, and construct a | ||||
| fresh handle for each connection. | ||||
| .IP "\s-1STACK\s0 *\fBSSL_dup_CA_list\fR(\s-1STACK\s0 *sk);" 4 | ||||
| .IX Item "STACK *SSL_dup_CA_list(STACK *sk);" | ||||
| .PD 0 | ||||
| .IP "void \fBSSL_free\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "void SSL_free(SSL *ssl);" | ||||
| .IP "\s-1SSL_CTX\s0 *\fBSSL_get_SSL_CTX\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);" | ||||
| .IP "char *\fBSSL_get_app_data\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "char *SSL_get_app_data(SSL *ssl);" | ||||
| .IP "X509 *\fBSSL_get_certificate\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "X509 *SSL_get_certificate(const SSL *ssl);" | ||||
| .IP "const char *\fBSSL_get_cipher\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "const char *SSL_get_cipher(const SSL *ssl);" | ||||
| .IP "int \fBSSL_is_dtls\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_is_dtls(const SSL *ssl);" | ||||
| .IP "int \fBSSL_get_cipher_bits\fR(const \s-1SSL\s0 *ssl, int *alg_bits);" 4 | ||||
| .IX Item "int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits);" | ||||
| .IP "char *\fBSSL_get_cipher_list\fR(const \s-1SSL\s0 *ssl, int n);" 4 | ||||
| .IX Item "char *SSL_get_cipher_list(const SSL *ssl, int n);" | ||||
| .IP "char *\fBSSL_get_cipher_name\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "char *SSL_get_cipher_name(const SSL *ssl);" | ||||
| .IP "char *\fBSSL_get_cipher_version\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "char *SSL_get_cipher_version(const SSL *ssl);" | ||||
| .IP "\s-1STACK\s0 *\fBSSL_get_ciphers\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "STACK *SSL_get_ciphers(const SSL *ssl);" | ||||
| .IP "\s-1STACK\s0 *\fBSSL_get_client_CA_list\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "STACK *SSL_get_client_CA_list(const SSL *ssl);" | ||||
| .IP "\s-1SSL_CIPHER\s0 *\fBSSL_get_current_cipher\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);" | ||||
| .IP "long \fBSSL_get_default_timeout\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "long SSL_get_default_timeout(const SSL *ssl);" | ||||
| .IP "int \fBSSL_get_error\fR(const \s-1SSL\s0 *ssl, int i);" 4 | ||||
| .IX Item "int SSL_get_error(const SSL *ssl, int i);" | ||||
| .IP "char *\fBSSL_get_ex_data\fR(const \s-1SSL\s0 *ssl, int idx);" 4 | ||||
| .IX Item "char *SSL_get_ex_data(const SSL *ssl, int idx);" | ||||
| .IP "int \fBSSL_get_ex_data_X509_STORE_CTX_idx\fR(void);" 4 | ||||
| .IX Item "int SSL_get_ex_data_X509_STORE_CTX_idx(void);" | ||||
| .IP "int \fBSSL_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 | ||||
| .IX Item "int SSL_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" | ||||
| .IP "int \fBSSL_get_fd\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_get_fd(const SSL *ssl);" | ||||
| .IP "void (*\fBSSL_get_info_callback\fR(const \s-1SSL\s0 *ssl);)()" 4 | ||||
| .IX Item "void (*SSL_get_info_callback(const SSL *ssl);)()" | ||||
| .IP "int \fBSSL_get_key_update_type\fR(\s-1SSL\s0 *s);" 4 | ||||
| .IX Item "int SSL_get_key_update_type(SSL *s);" | ||||
| .IP "\s-1STACK\s0 *\fBSSL_get_peer_cert_chain\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "STACK *SSL_get_peer_cert_chain(const SSL *ssl);" | ||||
| .IP "X509 *\fBSSL_get_peer_certificate\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "X509 *SSL_get_peer_certificate(const SSL *ssl);" | ||||
| .IP "const \s-1STACK_OF\s0(\s-1SCT\s0) *\fBSSL_get0_peer_scts\fR(\s-1SSL\s0 *s);" 4 | ||||
| .IX Item "const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);" | ||||
| .IP "\s-1EVP_PKEY\s0 *\fBSSL_get_privatekey\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "EVP_PKEY *SSL_get_privatekey(const SSL *ssl);" | ||||
| .IP "int \fBSSL_get_quiet_shutdown\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_get_quiet_shutdown(const SSL *ssl);" | ||||
| .IP "\s-1BIO\s0 *\fBSSL_get_rbio\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "BIO *SSL_get_rbio(const SSL *ssl);" | ||||
| .IP "int \fBSSL_get_read_ahead\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_get_read_ahead(const SSL *ssl);" | ||||
| .IP "\s-1SSL_SESSION\s0 *\fBSSL_get_session\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "SSL_SESSION *SSL_get_session(const SSL *ssl);" | ||||
| .IP "char *\fBSSL_get_shared_ciphers\fR(const \s-1SSL\s0 *ssl, char *buf, int size);" 4 | ||||
| .IX Item "char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int size);" | ||||
| .IP "int \fBSSL_get_shutdown\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_get_shutdown(const SSL *ssl);" | ||||
| .IP "const \s-1SSL_METHOD\s0 *\fBSSL_get_ssl_method\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "const SSL_METHOD *SSL_get_ssl_method(SSL *ssl);" | ||||
| .IP "int \fBSSL_get_state\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_get_state(const SSL *ssl);" | ||||
| .IP "long \fBSSL_get_time\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "long SSL_get_time(const SSL *ssl);" | ||||
| .IP "long \fBSSL_get_timeout\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "long SSL_get_timeout(const SSL *ssl);" | ||||
| .IP "int (*\fBSSL_get_verify_callback\fR(const \s-1SSL\s0 *ssl))(int, X509_STORE_CTX *)" 4 | ||||
| .IX Item "int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *)" | ||||
| .IP "int \fBSSL_get_verify_mode\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_get_verify_mode(const SSL *ssl);" | ||||
| .IP "long \fBSSL_get_verify_result\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "long SSL_get_verify_result(const SSL *ssl);" | ||||
| .IP "char *\fBSSL_get_version\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "char *SSL_get_version(const SSL *ssl);" | ||||
| .IP "\s-1BIO\s0 *\fBSSL_get_wbio\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "BIO *SSL_get_wbio(const SSL *ssl);" | ||||
| .IP "int \fBSSL_in_accept_init\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_in_accept_init(SSL *ssl);" | ||||
| .IP "int \fBSSL_in_before\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_in_before(SSL *ssl);" | ||||
| .IP "int \fBSSL_in_connect_init\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_in_connect_init(SSL *ssl);" | ||||
| .IP "int \fBSSL_in_init\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_in_init(SSL *ssl);" | ||||
| .IP "int \fBSSL_is_init_finished\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_is_init_finished(SSL *ssl);" | ||||
| .IP "int \fBSSL_key_update\fR(\s-1SSL\s0 *s, int updatetype);" 4 | ||||
| .IX Item "int SSL_key_update(SSL *s, int updatetype);" | ||||
| .IP "\s-1STACK\s0 *\fBSSL_load_client_CA_file\fR(const char *file);" 4 | ||||
| .IX Item "STACK *SSL_load_client_CA_file(const char *file);" | ||||
| .IP "\s-1SSL\s0 *\fBSSL_new\fR(\s-1SSL_CTX\s0 *ctx);" 4 | ||||
| .IX Item "SSL *SSL_new(SSL_CTX *ctx);" | ||||
| .IP "int SSL_up_ref(\s-1SSL\s0 *s);" 4 | ||||
| .IX Item "int SSL_up_ref(SSL *s);" | ||||
| .IP "long \fBSSL_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "long SSL_num_renegotiations(SSL *ssl);" | ||||
| .IP "int \fBSSL_peek\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 | ||||
| .IX Item "int SSL_peek(SSL *ssl, void *buf, int num);" | ||||
| .IP "int \fBSSL_pending\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_pending(const SSL *ssl);" | ||||
| .IP "int \fBSSL_read\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 | ||||
| .IX Item "int SSL_read(SSL *ssl, void *buf, int num);" | ||||
| .IP "int \fBSSL_renegotiate\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_renegotiate(SSL *ssl);" | ||||
| .IP "char *\fBSSL_rstate_string\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "char *SSL_rstate_string(SSL *ssl);" | ||||
| .IP "char *\fBSSL_rstate_string_long\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "char *SSL_rstate_string_long(SSL *ssl);" | ||||
| .IP "long \fBSSL_session_reused\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "long SSL_session_reused(SSL *ssl);" | ||||
| .IP "void \fBSSL_set_accept_state\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "void SSL_set_accept_state(SSL *ssl);" | ||||
| .IP "void \fBSSL_set_app_data\fR(\s-1SSL\s0 *ssl, char *arg);" 4 | ||||
| .IX Item "void SSL_set_app_data(SSL *ssl, char *arg);" | ||||
| .IP "void \fBSSL_set_bio\fR(\s-1SSL\s0 *ssl, \s-1BIO\s0 *rbio, \s-1BIO\s0 *wbio);" 4 | ||||
| .IX Item "void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);" | ||||
| .IP "int \fBSSL_set_cipher_list\fR(\s-1SSL\s0 *ssl, char *str);" 4 | ||||
| .IX Item "int SSL_set_cipher_list(SSL *ssl, char *str);" | ||||
| .IP "void \fBSSL_set_client_CA_list\fR(\s-1SSL\s0 *ssl, \s-1STACK\s0 *list);" 4 | ||||
| .IX Item "void SSL_set_client_CA_list(SSL *ssl, STACK *list);" | ||||
| .IP "void \fBSSL_set_connect_state\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "void SSL_set_connect_state(SSL *ssl);" | ||||
| .IP "int \fBSSL_set_ct_validation_callback\fR(\s-1SSL\s0 *ssl, ssl_ct_validation_cb callback, void *arg);" 4 | ||||
| .IX Item "int SSL_set_ct_validation_callback(SSL *ssl, ssl_ct_validation_cb callback, void *arg);" | ||||
| .IP "int \fBSSL_set_ex_data\fR(\s-1SSL\s0 *ssl, int idx, char *arg);" 4 | ||||
| .IX Item "int SSL_set_ex_data(SSL *ssl, int idx, char *arg);" | ||||
| .IP "int \fBSSL_set_fd\fR(\s-1SSL\s0 *ssl, int fd);" 4 | ||||
| .IX Item "int SSL_set_fd(SSL *ssl, int fd);" | ||||
| .IP "void \fBSSL_set_info_callback\fR(\s-1SSL\s0 *ssl, void (*cb);(void))" 4 | ||||
| .IX Item "void SSL_set_info_callback(SSL *ssl, void (*cb);(void))" | ||||
| .IP "void \fBSSL_set_msg_callback\fR(\s-1SSL\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 | ||||
| .IX Item "void SSL_set_msg_callback(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));" | ||||
| .IP "void \fBSSL_set_msg_callback_arg\fR(\s-1SSL\s0 *ctx, void *arg);" 4 | ||||
| .IX Item "void SSL_set_msg_callback_arg(SSL *ctx, void *arg);" | ||||
| .IP "unsigned long \fBSSL_clear_options\fR(\s-1SSL\s0 *ssl, unsigned long op);" 4 | ||||
| .IX Item "unsigned long SSL_clear_options(SSL *ssl, unsigned long op);" | ||||
| .IP "unsigned long \fBSSL_get_options\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "unsigned long SSL_get_options(SSL *ssl);" | ||||
| .IP "unsigned long \fBSSL_set_options\fR(\s-1SSL\s0 *ssl, unsigned long op);" 4 | ||||
| .IX Item "unsigned long SSL_set_options(SSL *ssl, unsigned long op);" | ||||
| .IP "void \fBSSL_set_quiet_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 | ||||
| .IX Item "void SSL_set_quiet_shutdown(SSL *ssl, int mode);" | ||||
| .IP "void \fBSSL_set_read_ahead\fR(\s-1SSL\s0 *ssl, int yes);" 4 | ||||
| .IX Item "void SSL_set_read_ahead(SSL *ssl, int yes);" | ||||
| .IP "int \fBSSL_set_rfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 | ||||
| .IX Item "int SSL_set_rfd(SSL *ssl, int fd);" | ||||
| .IP "int \fBSSL_set_session\fR(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *session);" 4 | ||||
| .IX Item "int SSL_set_session(SSL *ssl, SSL_SESSION *session);" | ||||
| .IP "void \fBSSL_set_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 | ||||
| .IX Item "void SSL_set_shutdown(SSL *ssl, int mode);" | ||||
| .IP "int \fBSSL_set_ssl_method\fR(\s-1SSL\s0 *ssl, const \s-1SSL_METHOD\s0 *meth);" 4 | ||||
| .IX Item "int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *meth);" | ||||
| .IP "void \fBSSL_set_time\fR(\s-1SSL\s0 *ssl, long t);" 4 | ||||
| .IX Item "void SSL_set_time(SSL *ssl, long t);" | ||||
| .IP "void \fBSSL_set_timeout\fR(\s-1SSL\s0 *ssl, long t);" 4 | ||||
| .IX Item "void SSL_set_timeout(SSL *ssl, long t);" | ||||
| .IP "void \fBSSL_set_verify\fR(\s-1SSL\s0 *ssl, int mode, int (*callback);(void))" 4 | ||||
| .IX Item "void SSL_set_verify(SSL *ssl, int mode, int (*callback);(void))" | ||||
| .IP "void \fBSSL_set_verify_result\fR(\s-1SSL\s0 *ssl, long arg);" 4 | ||||
| .IX Item "void SSL_set_verify_result(SSL *ssl, long arg);" | ||||
| .IP "int \fBSSL_set_wfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 | ||||
| .IX Item "int SSL_set_wfd(SSL *ssl, int fd);" | ||||
| .IP "int \fBSSL_shutdown\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_shutdown(SSL *ssl);" | ||||
| .IP "\s-1OSSL_HANDSHAKE_STATE\s0 \fBSSL_get_state\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);" | ||||
| .PD | ||||
| Returns the current handshake state. | ||||
| .IP "char *\fBSSL_state_string\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "char *SSL_state_string(const SSL *ssl);" | ||||
| .PD 0 | ||||
| .IP "char *\fBSSL_state_string_long\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "char *SSL_state_string_long(const SSL *ssl);" | ||||
| .IP "long \fBSSL_total_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "long SSL_total_renegotiations(SSL *ssl);" | ||||
| .IP "int \fBSSL_use_PrivateKey\fR(\s-1SSL\s0 *ssl, \s-1EVP_PKEY\s0 *pkey);" 4 | ||||
| .IX Item "int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);" | ||||
| .IP "int \fBSSL_use_PrivateKey_ASN1\fR(int type, \s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 | ||||
| .IX Item "int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len);" | ||||
| .IP "int \fBSSL_use_PrivateKey_file\fR(\s-1SSL\s0 *ssl, const char *file, int type);" 4 | ||||
| .IX Item "int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);" | ||||
| .IP "int \fBSSL_use_RSAPrivateKey\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *rsa);" 4 | ||||
| .IX Item "int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);" | ||||
| .IP "int \fBSSL_use_RSAPrivateKey_ASN1\fR(\s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 | ||||
| .IX Item "int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);" | ||||
| .IP "int \fBSSL_use_RSAPrivateKey_file\fR(\s-1SSL\s0 *ssl, const char *file, int type);" 4 | ||||
| .IX Item "int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);" | ||||
| .IP "int \fBSSL_use_certificate\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 | ||||
| .IX Item "int SSL_use_certificate(SSL *ssl, X509 *x);" | ||||
| .IP "int \fBSSL_use_certificate_ASN1\fR(\s-1SSL\s0 *ssl, int len, unsigned char *d);" 4 | ||||
| .IX Item "int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);" | ||||
| .IP "int \fBSSL_use_certificate_file\fR(\s-1SSL\s0 *ssl, const char *file, int type);" 4 | ||||
| .IX Item "int SSL_use_certificate_file(SSL *ssl, const char *file, int type);" | ||||
| .IP "int \fBSSL_use_cert_and_key\fR(\s-1SSL\s0 *ssl, X509 *x, \s-1EVP_PKEY\s0 *pkey, \s-1STACK_OF\s0(X509) *chain, int override);" 4 | ||||
| .IX Item "int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);" | ||||
| .IP "int \fBSSL_version\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_version(const SSL *ssl);" | ||||
| .IP "int \fBSSL_want\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_want(const SSL *ssl);" | ||||
| .IP "int \fBSSL_want_nothing\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_want_nothing(const SSL *ssl);" | ||||
| .IP "int \fBSSL_want_read\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_want_read(const SSL *ssl);" | ||||
| .IP "int \fBSSL_want_write\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_want_write(const SSL *ssl);" | ||||
| .IP "int \fBSSL_want_x509_lookup\fR(const \s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "int SSL_want_x509_lookup(const SSL *ssl);" | ||||
| .IP "int \fBSSL_write\fR(\s-1SSL\s0 *ssl, const void *buf, int num);" 4 | ||||
| .IX Item "int SSL_write(SSL *ssl, const void *buf, int num);" | ||||
| .IP "void \fBSSL_set_psk_client_callback\fR(\s-1SSL\s0 *ssl, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" 4 | ||||
| .IX Item "void SSL_set_psk_client_callback(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" | ||||
| .IP "int \fBSSL_use_psk_identity_hint\fR(\s-1SSL\s0 *ssl, const char *hint);" 4 | ||||
| .IX Item "int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);" | ||||
| .IP "void \fBSSL_set_psk_server_callback\fR(\s-1SSL\s0 *ssl, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *identity, unsigned char *psk, int max_psk_len));" 4 | ||||
| .IX Item "void SSL_set_psk_server_callback(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));" | ||||
| .IP "const char *\fBSSL_get_psk_identity_hint\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "const char *SSL_get_psk_identity_hint(SSL *ssl);" | ||||
| .IP "const char *\fBSSL_get_psk_identity\fR(\s-1SSL\s0 *ssl);" 4 | ||||
| .IX Item "const char *SSL_get_psk_identity(SSL *ssl);" | ||||
| .PD | ||||
| .SH "RETURN VALUES" | ||||
| .IX Header "RETURN VALUES" | ||||
| See the individual manual pages for details. | ||||
| .SH "SEE ALSO" | ||||
| .IX Header "SEE ALSO" | ||||
| \&\fBopenssl\fR\|(1), \fBcrypto\fR\|(7), | ||||
| \&\fBCRYPTO_get_ex_new_index\fR\|(3), | ||||
| \&\fBSSL_accept\fR\|(3), \fBSSL_clear\fR\|(3), | ||||
| \&\fBSSL_connect\fR\|(3), | ||||
| \&\fBSSL_CIPHER_get_name\fR\|(3), | ||||
| \&\fBSSL_COMP_add_compression_method\fR\|(3), | ||||
| \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), | ||||
| \&\fBSSL_CTX_add_session\fR\|(3), | ||||
| \&\fBSSL_CTX_ctrl\fR\|(3), | ||||
| \&\fBSSL_CTX_flush_sessions\fR\|(3), | ||||
| \&\fBSSL_CTX_get_verify_mode\fR\|(3), | ||||
| \&\fBSSL_CTX_load_verify_locations\fR\|(3) | ||||
| \&\fBSSL_CTX_new\fR\|(3), | ||||
| \&\fBSSL_CTX_sess_number\fR\|(3), | ||||
| \&\fBSSL_CTX_sess_set_cache_size\fR\|(3), | ||||
| \&\fBSSL_CTX_sess_set_get_cb\fR\|(3), | ||||
| \&\fBSSL_CTX_sessions\fR\|(3), | ||||
| \&\fBSSL_CTX_set_cert_store\fR\|(3), | ||||
| \&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), | ||||
| \&\fBSSL_CTX_set_cipher_list\fR\|(3), | ||||
| \&\fBSSL_CTX_set_client_CA_list\fR\|(3), | ||||
| \&\fBSSL_CTX_set_client_cert_cb\fR\|(3), | ||||
| \&\fBSSL_CTX_set_default_passwd_cb\fR\|(3), | ||||
| \&\fBSSL_CTX_set_generate_session_id\fR\|(3), | ||||
| \&\fBSSL_CTX_set_info_callback\fR\|(3), | ||||
| \&\fBSSL_CTX_set_max_cert_list\fR\|(3), | ||||
| \&\fBSSL_CTX_set_mode\fR\|(3), | ||||
| \&\fBSSL_CTX_set_msg_callback\fR\|(3), | ||||
| \&\fBSSL_CTX_set_options\fR\|(3), | ||||
| \&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), | ||||
| \&\fBSSL_CTX_set_read_ahead\fR\|(3), | ||||
| \&\fBSSL_CTX_set_security_level\fR\|(3), | ||||
| \&\fBSSL_CTX_set_session_cache_mode\fR\|(3), | ||||
| \&\fBSSL_CTX_set_session_id_context\fR\|(3), | ||||
| \&\fBSSL_CTX_set_ssl_version\fR\|(3), | ||||
| \&\fBSSL_CTX_set_timeout\fR\|(3), | ||||
| \&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), | ||||
| \&\fBSSL_CTX_set_verify\fR\|(3), | ||||
| \&\fBSSL_CTX_use_certificate\fR\|(3), | ||||
| \&\fBSSL_alert_type_string\fR\|(3), | ||||
| \&\fBSSL_do_handshake\fR\|(3), | ||||
| \&\fBSSL_enable_ct\fR\|(3), | ||||
| \&\fBSSL_get_SSL_CTX\fR\|(3), | ||||
| \&\fBSSL_get_ciphers\fR\|(3), | ||||
| \&\fBSSL_get_client_CA_list\fR\|(3), | ||||
| \&\fBSSL_get_default_timeout\fR\|(3), | ||||
| \&\fBSSL_get_error\fR\|(3), | ||||
| \&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), | ||||
| \&\fBSSL_get_fd\fR\|(3), | ||||
| \&\fBSSL_get_peer_cert_chain\fR\|(3), | ||||
| \&\fBSSL_get_rbio\fR\|(3), | ||||
| \&\fBSSL_get_session\fR\|(3), | ||||
| \&\fBSSL_get_verify_result\fR\|(3), | ||||
| \&\fBSSL_get_version\fR\|(3), | ||||
| \&\fBSSL_load_client_CA_file\fR\|(3), | ||||
| \&\fBSSL_new\fR\|(3), | ||||
| \&\fBSSL_pending\fR\|(3), | ||||
| \&\fBSSL_read_ex\fR\|(3), | ||||
| \&\fBSSL_read\fR\|(3), | ||||
| \&\fBSSL_rstate_string\fR\|(3), | ||||
| \&\fBSSL_session_reused\fR\|(3), | ||||
| \&\fBSSL_set_bio\fR\|(3), | ||||
| \&\fBSSL_set_connect_state\fR\|(3), | ||||
| \&\fBSSL_set_fd\fR\|(3), | ||||
| \&\fBSSL_set_session\fR\|(3), | ||||
| \&\fBSSL_set_shutdown\fR\|(3), | ||||
| \&\fBSSL_shutdown\fR\|(3), | ||||
| \&\fBSSL_state_string\fR\|(3), | ||||
| \&\fBSSL_want\fR\|(3), | ||||
| \&\fBSSL_write_ex\fR\|(3), | ||||
| \&\fBSSL_write\fR\|(3), | ||||
| \&\fBSSL_SESSION_free\fR\|(3), | ||||
| \&\fBSSL_SESSION_get_time\fR\|(3), | ||||
| \&\fBd2i_SSL_SESSION\fR\|(3), | ||||
| \&\fBSSL_CTX_set_psk_client_callback\fR\|(3), | ||||
| \&\fBSSL_CTX_use_psk_identity_hint\fR\|(3), | ||||
| \&\fBSSL_get_psk_identity\fR\|(3), | ||||
| \&\fBDTLSv1_listen\fR\|(3) | ||||
| .SH "HISTORY" | ||||
| .IX Header "HISTORY" | ||||
| \&\fBSSLv2_client_method\fR, \fBSSLv2_server_method\fR and \fBSSLv2_method\fR were removed | ||||
| in OpenSSL 1.1.0. | ||||
| .PP | ||||
| The return type of \fBSSL_copy_session_id\fR was changed from void to int in | ||||
| OpenSSL 1.1.0. | ||||
| .SH "COPYRIGHT" | ||||
| .IX Header "COPYRIGHT" | ||||
| Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. | ||||
| .PP | ||||
| Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use | ||||
| this file except in compliance with the License.  You can obtain a copy | ||||
| in the file \s-1LICENSE\s0 in the source distribution or at | ||||
| <https://www.openssl.org/source/license.html>. | ||||
							
								
								
									
										206
									
								
								deps/openssl/mingw64/share/man/man7/x509.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										206
									
								
								deps/openssl/mingw64/share/man/man7/x509.7
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,206 @@ | ||||
| .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) | ||||
| .\" | ||||
| .\" Standard preamble: | ||||
| .\" ======================================================================== | ||||
| .de Sp \" Vertical space (when we can't use .PP) | ||||
| .if t .sp .5v | ||||
| .if n .sp | ||||
| .. | ||||
| .de Vb \" Begin verbatim text | ||||
| .ft CW | ||||
| .nf | ||||
| .ne \\$1 | ||||
| .. | ||||
| .de Ve \" End verbatim text | ||||
| .ft R | ||||
| .fi | ||||
| .. | ||||
| .\" Set up some character translations and predefined strings.  \*(-- will | ||||
| .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | ||||
| .\" double quote, and \*(R" will give a right double quote.  \*(C+ will | ||||
| .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and | ||||
| .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff, | ||||
| .\" nothing in troff, for use with C<>. | ||||
| .tr \(*W- | ||||
| .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | ||||
| .ie n \{\ | ||||
| .    ds -- \(*W- | ||||
| .    ds PI pi | ||||
| .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | ||||
| .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch | ||||
| .    ds L" "" | ||||
| .    ds R" "" | ||||
| .    ds C` "" | ||||
| .    ds C' "" | ||||
| 'br\} | ||||
| .el\{\ | ||||
| .    ds -- \|\(em\| | ||||
| .    ds PI \(*p | ||||
| .    ds L" `` | ||||
| .    ds R" '' | ||||
| .    ds C` | ||||
| .    ds C' | ||||
| 'br\} | ||||
| .\" | ||||
| .\" Escape single quotes in literal strings from groff's Unicode transform. | ||||
| .ie \n(.g .ds Aq \(aq | ||||
| .el       .ds Aq ' | ||||
| .\" | ||||
| .\" If the F register is >0, we'll generate index entries on stderr for | ||||
| .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | ||||
| .\" entries marked with X<> in POD.  Of course, you'll have to process the | ||||
| .\" output yourself in some meaningful fashion. | ||||
| .\" | ||||
| .\" Avoid warning from groff about undefined register 'F'. | ||||
| .de IX | ||||
| .. | ||||
| .nr rF 0 | ||||
| .if \n(.g .if rF .nr rF 1 | ||||
| .if (\n(rF:(\n(.g==0)) \{\ | ||||
| .    if \nF \{\ | ||||
| .        de IX | ||||
| .        tm Index:\\$1\t\\n%\t"\\$2" | ||||
| .. | ||||
| .        if !\nF==2 \{\ | ||||
| .            nr % 0 | ||||
| .            nr F 2 | ||||
| .        \} | ||||
| .    \} | ||||
| .\} | ||||
| .rr rF | ||||
| .\" | ||||
| .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | ||||
| .\" Fear.  Run.  Save yourself.  No user-serviceable parts. | ||||
| .    \" fudge factors for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds #H 0 | ||||
| .    ds #V .8m | ||||
| .    ds #F .3m | ||||
| .    ds #[ \f1 | ||||
| .    ds #] \fP | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds #H ((1u-(\\\\n(.fu%2u))*.13m) | ||||
| .    ds #V .6m | ||||
| .    ds #F 0 | ||||
| .    ds #[ \& | ||||
| .    ds #] \& | ||||
| .\} | ||||
| .    \" simple accents for nroff and troff | ||||
| .if n \{\ | ||||
| .    ds ' \& | ||||
| .    ds ` \& | ||||
| .    ds ^ \& | ||||
| .    ds , \& | ||||
| .    ds ~ ~ | ||||
| .    ds / | ||||
| .\} | ||||
| .if t \{\ | ||||
| .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | ||||
| .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | ||||
| .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | ||||
| .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | ||||
| .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | ||||
| .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | ||||
| .\} | ||||
| .    \" troff and (daisy-wheel) nroff accents | ||||
| .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | ||||
| .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | ||||
| .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | ||||
| .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | ||||
| .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | ||||
| .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | ||||
| .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | ||||
| .ds ae a\h'-(\w'a'u*4/10)'e | ||||
| .ds Ae A\h'-(\w'A'u*4/10)'E | ||||
| .    \" corrections for vroff | ||||
| .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | ||||
| .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | ||||
| .    \" for low resolution devices (crt and lpr) | ||||
| .if \n(.H>23 .if \n(.V>19 \ | ||||
| \{\ | ||||
| .    ds : e | ||||
| .    ds 8 ss | ||||
| .    ds o a | ||||
| .    ds d- d\h'-1'\(ga | ||||
| .    ds D- D\h'-1'\(hy | ||||
| .    ds th \o'bp' | ||||
| .    ds Th \o'LP' | ||||
| .    ds ae ae | ||||
| .    ds Ae AE | ||||
| .\} | ||||
| .rm #[ #] #H #V #F C | ||||
| .\" ======================================================================== | ||||
| .\" | ||||
| .IX Title "X509 7" | ||||
| .TH X509 7 "2020-04-21" "1.1.1g" "OpenSSL" | ||||
| .\" For nroff, turn off justification.  Always turn off hyphenation; it makes | ||||
| .\" way too many mistakes in technical documents. | ||||
| .if n .ad l | ||||
| .nh | ||||
| .SH "NAME" | ||||
| x509 \- X.509 certificate handling | ||||
| .SH "SYNOPSIS" | ||||
| .IX Header "SYNOPSIS" | ||||
| .Vb 1 | ||||
| \& #include <openssl/x509.h> | ||||
| .Ve | ||||
| .SH "DESCRIPTION" | ||||
| .IX Header "DESCRIPTION" | ||||
| An X.509 certificate is a structured grouping of information about | ||||
| an individual, a device, or anything one can imagine.  A X.509 \s-1CRL\s0 | ||||
| (certificate revocation list) is a tool to help determine if a | ||||
| certificate is still valid.  The exact definition of those can be | ||||
| found in the X.509 document from ITU-T, or in \s-1RFC3280\s0 from \s-1PKIX.\s0 | ||||
| In OpenSSL, the type X509 is used to express such a certificate, and | ||||
| the type X509_CRL is used to express a \s-1CRL.\s0 | ||||
| .PP | ||||
| A related structure is a certificate request, defined in PKCS#10 from | ||||
| \&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896.\s0  In OpenSSL, the type | ||||
| X509_REQ is used to express such a certificate request. | ||||
| .PP | ||||
| To handle some complex parts of a certificate, there are the types | ||||
| X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express | ||||
| a certificate attributes), X509_EXTENSION (to express a certificate | ||||
| extension) and a few more. | ||||
| .PP | ||||
| Finally, there's the supertype X509_INFO, which can contain a \s-1CRL,\s0 a | ||||
| certificate and a corresponding private key. | ||||
| .PP | ||||
| \&\fBX509_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_\fR\fI\s-1XXX\s0\fR functions | ||||
| handle X.509 certificates, with some exceptions, shown below. | ||||
| .PP | ||||
| \&\fBX509_CRL_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_CRL_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_CRL_\fR\fI\s-1XXX\s0\fR | ||||
| functions handle X.509 CRLs. | ||||
| .PP | ||||
| \&\fBX509_REQ_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_REQ_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_REQ_\fR\fI\s-1XXX\s0\fR | ||||
| functions handle PKCS#10 certificate requests. | ||||
| .PP | ||||
| \&\fBX509_NAME_\fR\fI\s-1XXX\s0\fR functions handle certificate names. | ||||
| .PP | ||||
| \&\fBX509_ATTRIBUTE_\fR\fI\s-1XXX\s0\fR functions handle certificate attributes. | ||||
| .PP | ||||
| \&\fBX509_EXTENSION_\fR\fI\s-1XXX\s0\fR functions handle certificate extensions. | ||||
| .SH "SEE ALSO" | ||||
| .IX Header "SEE ALSO" | ||||
| \&\fBX509_NAME_ENTRY_get_object\fR\|(3), | ||||
| \&\fBX509_NAME_add_entry_by_txt\fR\|(3), | ||||
| \&\fBX509_NAME_add_entry_by_NID\fR\|(3), | ||||
| \&\fBX509_NAME_print_ex\fR\|(3), | ||||
| \&\fBX509_NAME_new\fR\|(3), | ||||
| \&\fBd2i_X509\fR\|(3), | ||||
| \&\fBd2i_X509_ALGOR\fR\|(3), | ||||
| \&\fBd2i_X509_CRL\fR\|(3), | ||||
| \&\fBd2i_X509_NAME\fR\|(3), | ||||
| \&\fBd2i_X509_REQ\fR\|(3), | ||||
| \&\fBd2i_X509_SIG\fR\|(3), | ||||
| \&\fBX509v3\fR\|(3), | ||||
| \&\fBcrypto\fR\|(7) | ||||
| .SH "COPYRIGHT" | ||||
| .IX Header "COPYRIGHT" | ||||
| Copyright 2003\-2017 The OpenSSL Project Authors. All Rights Reserved. | ||||
| .PP | ||||
| Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use | ||||
| this file except in compliance with the License.  You can obtain a copy | ||||
| in the file \s-1LICENSE\s0 in the source distribution or at | ||||
| <https://www.openssl.org/source/license.html>. | ||||
		Reference in New Issue
	
	Block a user