Update for OpenSSL 0.9.7. No assembler code at the moment. This

will follow.
This commit is contained in:
Mark Murray
2003-01-28 22:58:14 +00:00
parent 143008a1fe
commit ab643b4d66
275 changed files with 12233 additions and 2462 deletions
+193 -286
View File
@@ -1,144 +1,115 @@
# $FreeBSD$
.include "Makefile.inc"
.PATH: ${LCRYPTO_SRC} ${LCRYPTO_SRC}/asn1 ${LCRYPTO_SRC}/bf \
${LCRYPTO_SRC}/bio ${LCRYPTO_SRC}/bn ${LCRYPTO_SRC}/buffer \
${LCRYPTO_SRC}/cast ${LCRYPTO_SRC}/comp ${LCRYPTO_SRC}/conf \
${LCRYPTO_SRC}/des ${LCRYPTO_SRC}/dh ${LCRYPTO_SRC}/dsa \
${LCRYPTO_SRC}/dso ${LCRYPTO_SRC}/err ${LCRYPTO_SRC}/evp \
${LCRYPTO_SRC}/hmac ${LCRYPTO_SRC}/lhash ${LCRYPTO_SRC}/md2 \
${LCRYPTO_SRC}/md4 ${LCRYPTO_SRC}/md5 ${LCRYPTO_SRC}/mdc2 \
${LCRYPTO_SRC}/objects ${LCRYPTO_SRC}/pem ${LCRYPTO_SRC}/pkcs7 \
${LCRYPTO_SRC}/pkcs12 ${LCRYPTO_SRC}/rand ${LCRYPTO_SRC}/rc2 \
${LCRYPTO_SRC}/rc4 ${LCRYPTO_SRC}/rc5 ${LCRYPTO_SRC}/ripemd \
${LCRYPTO_SRC}/rsa ${LCRYPTO_SRC}/../rsaref ${LCRYPTO_SRC}/sha \
${LCRYPTO_SRC}/stack ${LCRYPTO_SRC}/txt_db ${LCRYPTO_SRC}/x509 \
${LCRYPTO_SRC}/x509v3 ${.CURDIR}/man
.if ${MACHINE_ARCH} == "i386"
.PATH: ${.CURDIR}/i386
.endif
.if defined(MAKE_IDEA) && ${MAKE_IDEA} == YES
.PATH: ${LCRYPTO_SRC}/idea
.endif
LIB= crypto
SHLIB_MAJOR= 2
SHLIB_MAJOR= 3
NOLINT= true
.include "Makefile.inc"
# base sources
SRCS+= cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_dbg.c \
tmdiff.c uid.c
SRCS+= cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_clr.c \
mem_dbg.c o_time.c tmdiff.c uid.c
# aes
SRCS+= aes_cbc.c aes_cfb.c aes_core.c aes_ctr.c aes_ecb.c aes_misc.c aes_ofb.c
# asn1
SRCS+= a_bitstr.c a_bmp.c a_bool.c a_bytes.c a_d2i_fp.c a_digest.c \
SRCS+= a_bitstr.c a_bool.c a_bytes.c a_d2i_fp.c a_digest.c \
a_dup.c a_enum.c a_gentm.c a_hdr.c a_i2d_fp.c a_int.c \
a_mbstr.c a_meth.c a_null.c a_object.c a_octet.c a_print.c \
a_mbstr.c a_meth.c a_object.c a_octet.c a_print.c \
a_set.c a_sign.c a_strex.c a_strnid.c a_time.c a_type.c \
a_utctm.c a_utf8.c a_verify.c a_vis.c asn1_err.c asn1_lib.c \
asn1_par.c asn_pack.c d2i_dhp.c d2i_dsap.c d2i_pr.c d2i_pu.c \
d2i_r_pr.c d2i_r_pu.c d2i_s_pr.c d2i_s_pu.c evp_asn1.c \
f_enum.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c i2d_pr.c \
i2d_pu.c i2d_r_pr.c i2d_r_pu.c i2d_s_pr.c i2d_s_pu.c n_pkey.c \
nsseq.c p5_pbe.c p5_pbev2.c p7_dgst.c p7_enc.c p7_enc_c.c \
p7_evp.c p7_i_s.c p7_lib.c p7_recip.c p7_s_e.c p7_signd.c \
p7_signi.c p8_pkey.c t_bitst.c t_crl.c t_pkey.c t_req.c \
t_spki.c t_x509.c t_x509a.c x_algor.c x_attrib.c x_cinf.c \
x_crl.c x_exten.c x_info.c x_name.c x_pkey.c x_pubkey.c \
a_utctm.c a_utf8.c a_verify.c asn1_err.c asn1_lib.c \
asn1_par.c asn_moid.c asn_pack.c d2i_pr.c d2i_pu.c \
evp_asn1.c f_enum.c f_int.c f_string.c i2d_pr.c i2d_pu.c \
n_pkey.c nsseq.c p5_pbe.c p5_pbev2.c p8_pkey.c t_bitst.c \
t_crl.c t_pkey.c t_req.c t_spki.c t_x509.c t_x509a.c \
tasn_dec.c tasn_enc.c tasn_fre.c tasn_new.c tasn_typ.c \
tasn_utl.c x_algor.c x_attrib.c x_bignum.c x_crl.c \
x_exten.c x_info.c x_long.c x_name.c x_pkey.c x_pubkey.c \
x_req.c x_sig.c x_spki.c x_val.c x_x509.c x_x509a.c
# blowfish
SRCS+= bf_cfb64.c bf_ecb.c bf_ofb64.c bf_skey.c
.if ${MACHINE_ARCH} == "i386"
.if ${MACHINE_CPU:Mi686}
SRCS+= bf-686.s
.else
SRCS+= bf-586.s
.endif
.else
SRCS+= bf_enc.c
.endif
# bf
SRCS+= bf_cfb64.c bf_ecb.c bf_enc.c bf_ofb64.c bf_skey.c
# bio
SRCS+= b_dump.c b_print.c b_sock.c bf_buff.c bf_nbio.c bf_null.c \
bio_cb.c bio_err.c bio_lib.c bss_acpt.c bss_bio.c bss_conn.c \
bss_fd.c bss_file.c bss_log.c bss_mem.c bss_null.c bss_sock.c
SRCS+= b_dump.c b_print.c b_sock.c bf_buff.c bf_lbuf.c bf_nbio.c \
bf_null.c bio_cb.c bio_err.c bio_lib.c bss_acpt.c bss_bio.c \
bss_conn.c bss_fd.c bss_file.c bss_log.c bss_mem.c \
bss_null.c bss_sock.c
# bn
SRCS+= bn_add.c bn_blind.c bn_ctx.c bn_div.c bn_err.c \
bn_exp.c bn_exp2.c bn_gcd.c bn_lib.c bn_mont.c bn_mpi.c \
bn_mul.c bn_prime.c bn_print.c bn_rand.c bn_recp.c bn_shift.c \
bn_sqr.c bn_word.c
.if ${MACHINE_ARCH} == "i386"
SRCS+= bn-586.s co-586.s
.else
SRCS+= bn_asm.c
.endif
SRCS+= bn_add.c bn_asm.c bn_blind.c bn_ctx.c bn_div.c bn_err.c bn_exp.c \
bn_exp2.c bn_gcd.c bn_kron.c bn_lib.c bn_mod.c bn_mont.c \
bn_mpi.c bn_mul.c bn_prime.c bn_print.c bn_rand.c bn_recp.c \
bn_shift.c bn_sqr.c bn_sqrt.c bn_word.c
# buffer
SRCS+= buf_err.c buffer.c
SRCS+= buf_err.c buffer.c
# cast
SRCS+= c_cfb64.c c_ecb.c c_ofb64.c c_skey.c
.if ${MACHINE_ARCH} == "i386"
SRCS+= cast-586.s
.else
SRCS+= c_enc.c
.endif
SRCS+= c_cfb64.c c_ecb.c c_enc.c c_ofb64.c c_skey.c
# comp
SRCS+= c_rle.c c_zlib.c comp_lib.c
SRCS+= c_rle.c c_zlib.c comp_err.c comp_lib.c
# conf
SRCS+= conf_api.c conf_def.c conf_err.c conf_lib.c
SRCS+= conf_api.c conf_def.c conf_err.c conf_lib.c conf_mall.c conf_mod.c conf_sap.c
# des
SRCS+= cbc_cksm.c cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c \
ecb3_enc.c ecb_enc.c ede_cbcm_enc.c enc_read.c enc_writ.c \
fcrypt.c ofb64ede.c ofb64enc.c ofb_enc.c pcbc_enc.c \
qud_cksm.c rand_key.c read2pwd.c read_pwd.c rpc_enc.c \
set_key.c str2key.c xcbc_enc.c rnd_keys.c
.if ${MACHINE_ARCH} == "i386"
SRCS+= des-586.s crypt586.s
.else
SRCS+= des_enc.c fcrypt_b.c
.endif
SRCS+= cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c \
des_enc.c des_old.c des_old2.c ecb3_enc.c ecb_enc.c ede_cbcm_enc.c \
enc_read.c enc_writ.c fcrypt.c fcrypt_b.c ofb64ede.c ofb64enc.c \
ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read2pwd.c rnd_keys.c \
rpc_enc.c set_key.c str2key.c xcbc_enc.c
# dh
SRCS+= dh_check.c dh_err.c dh_gen.c dh_key.c dh_lib.c
SRCS+= dh_asn1.c dh_check.c dh_err.c dh_gen.c dh_key.c dh_lib.c
# dsa
SRCS+= dsa_asn1.c dsa_err.c dsa_gen.c dsa_key.c dsa_lib.c dsa_ossl.c \
dsa_sign.c dsa_vrf.c
# dsa
SRCS+= dsa_asn1.c dsa_err.c dsa_gen.c dsa_key.c dsa_lib.c dsa_ossl.c dsa_sign.c dsa_vrf.c
# dso
SRCS+= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \
dso_openssl.c
SRCS+= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c dso_openssl.c
# ec
SRCS+= ec_cvt.c ec_err.c ec_lib.c ec_mult.c ecp_mont.c ecp_nist.c \
ecp_recp.c ecp_smpl.c
# engine
SRCS+= eng_all.c eng_cnf.c eng_ctrl.c eng_dyn.c eng_err.c eng_fat.c \
eng_init.c eng_lib.c eng_list.c eng_openssl.c eng_pkey.c \
eng_table.c hw_4758_cca.c hw_4758_cca_err.c hw_aep.c hw_aep_err.c \
hw_atalla.c hw_atalla_err.c hw_cryptodev.c hw_cswift.c \
hw_cswift_err.c hw_ncipher.c hw_ncipher_err.c hw_nuron.c \
hw_nuron_err.c hw_sureware.c hw_sureware_err.c hw_ubsec.c \
hw_ubsec_err.c tb_cipher.c tb_dh.c tb_digest.c tb_dsa.c tb_rand.c \
tb_rsa.c
# err
SRCS+= err.c err_all.c err_prn.c
# evp
SRCS+= bio_b64.c bio_enc.c bio_md.c bio_ok.c c_all.c c_allc.c c_alld.c \
digest.c e_bf.c e_cast.c e_des.c e_des3.c e_idea.c e_null.c \
e_rc2.c e_rc4.c e_rc5.c e_xcbc_d.c encode.c evp_enc.c \
evp_err.c evp_key.c evp_lib.c evp_pbe.c evp_pkey.c m_dss.c \
m_dss1.c m_md2.c m_md4.c m_md5.c m_mdc2.c m_null.c m_ripemd.c \
m_sha.c m_sha1.c names.c p5_crpt.c p5_crpt2.c p_dec.c p_enc.c \
p_lib.c p_open.c p_seal.c p_sign.c p_verify.c
digest.c e_aes.c e_bf.c e_cast.c e_des.c e_des3.c e_idea.c \
e_null.c e_rc2.c e_rc4.c e_rc5.c e_xcbc_d.c encode.c evp_acnf.c \
evp_enc.c evp_err.c evp_key.c evp_lib.c evp_pbe.c evp_pkey.c \
m_dss.c m_dss1.c m_md2.c m_md4.c m_md5.c m_mdc2.c m_null.c \
m_ripemd.c m_sha.c m_sha1.c names.c openbsd_hw.c p5_crpt.c \
p5_crpt2.c p_dec.c p_enc.c p_lib.c p_open.c p_seal.c p_sign.c \
p_verify.c
# hmac
SRCS+= hmac.c
# idea
.if defined(MAKE_IDEA) && ${MAKE_IDEA} == YES
SRCS+= i_ecb.c i_cbc.c i_cfb64.c i_ofb64.c i_skey.c
SRCS+= i_cbc.c i_cfb64.c i_ecb.c i_ofb64.c i_skey.c
.endif
# krb5
#SRCS+= krb5_asn.c
# lhash
SRCS+= lh_stats.c lhash.c
@@ -150,233 +121,169 @@ SRCS+= md4_dgst.c md4_one.c
# md5
SRCS+= md5_dgst.c md5_one.c
.if ${MACHINE_ARCH} == "i386"
SRCS+= md5-586.s
.endif
# mdc2
SRCS+= mdc2dgst.c mdc2_one.c
SRCS+= mdc2_one.c mdc2dgst.c
# objects
SRCS+= o_names.c obj_dat.c obj_err.c obj_lib.c
# pem
SRCS+= pem_all.c pem_err.c pem_info.c pem_lib.c pem_seal.c pem_sign.c
# ocsp
SRCS+= ocsp_asn.c ocsp_cl.c ocsp_err.c ocsp_ext.c ocsp_ht.c \
ocsp_lib.c ocsp_prn.c ocsp_srv.c ocsp_vfy.c
# pkcs7
SRCS+= pk7_attr.c pk7_doit.c pk7_lib.c pk7_mime.c pk7_smime.c pkcs7err.c
# pem
SRCS+= pem_all.c pem_err.c pem_info.c pem_lib.c pem_oth.c pem_pk8.c \
pem_pkey.c pem_seal.c pem_sign.c pem_x509.c pem_xaux.c
# pkcs12
SRCS+= p12_add.c p12_attr.c p12_bags.c p12_crpt.c p12_crt.c p12_decr.c \
p12_init.c p12_key.c p12_kiss.c p12_lib.c p12_mac.c p12_mutl.c \
p12_npas.c p12_sbag.c p12_utl.c pk12err.c
SRCS+= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c \
p12_decr.c p12_init.c p12_key.c p12_kiss.c p12_mutl.c \
p12_npas.c p12_p8d.c p12_p8e.c p12_utl.c pk12err.c
# pkcs7
SRCS+= example.c pk7_asn1.c pk7_attr.c pk7_dgst.c pk7_doit.c \
pk7_lib.c pk7_mime.c pk7_smime.c pkcs7err.c
# rand
SRCS+= md_rand.c rand_egd.c rand_err.c rand_lib.c rand_win.c randfile.c
SRCS+= md_rand.c rand_egd.c rand_err.c rand_lib.c rand_unix.c randfile.c
# rc2
SRCS+= rc2_cbc.c rc2cfb64.c rc2_ecb.c rc2ofb64.c rc2_skey.c
SRCS+= rc2_cbc.c rc2_ecb.c rc2_skey.c rc2cfb64.c rc2ofb64.c
# rc4
SRCS+= rc4_skey.c
.if ${MACHINE_ARCH} == "i386"
SRCS+= rc4-586.s
.else
SRCS+= rc4_enc.c
.endif
SRCS+= rc4_enc.c rc4_skey.c
# rc5
SRCS+= rc5cfb64.c rc5_ecb.c rc5ofb64.c rc5_skey.c
.if ${MACHINE_ARCH} == "i386"
SRCS+= rc5-586.s
.else
SRCS+= rc5_enc.c
.endif
SRCS+= rc5_ecb.c rc5_enc.c rc5_skey.c rc5cfb64.c rc5ofb64.c
# ripemd
SRCS+= rmd_dgst.c rmd_one.c
.if ${MACHINE_ARCH} == "i386"
SRCS+= rmd-586.s
.endif
# rsa
.if defined(WITH_RSA) && ${WITH_RSA} == YES
SRCS+= rsa_chk.c rsa_eay.c rsa_err.c rsa_gen.c rsa_lib.c rsa_none.c \
rsa_null.c rsa_oaep.c rsa_pk1.c rsa_saos.c rsa_sign.c rsa_ssl.c
.endif
SRCS+= rsa_asn1.c rsa_chk.c rsa_eay.c rsa_err.c rsa_gen.c rsa_lib.c \
rsa_none.c rsa_null.c rsa_oaep.c rsa_pk1.c rsa_saos.c \
rsa_sign.c rsa_ssl.c
# sha
SRCS+= sha_dgst.c sha_one.c sha1_one.c sha1dgst.c
.if ${MACHINE_ARCH} == "i386"
SRCS+= sha1-586.s
.endif
SRCS+= sha1_one.c sha1dgst.c sha_dgst.c sha_one.c
# stack
SRCS+= stack.c
# threads
SRCS+= th-lock.c
# txt_db
SRCS+= txt_db.c
# ui
SRCS+= ui_compat.c ui_err.c ui_lib.c ui_openssl.c ui_util.c
# x509
SRCS+= by_dir.c by_file.c x509_att.c x509_cmp.c x509_d2.c x509_def.c \
x509_err.c x509_ext.c x509_lu.c x509_obj.c x509_r2x.c \
x509_req.c x509_set.c x509_trs.c x509_txt.c x509_v3.c \
x509_vfy.c x509name.c x509rset.c x509spki.c x509type.c x_all.c
SRCS+= by_dir.c by_file.c x509_att.c x509_cmp.c x509_d2.c \
x509_def.c x509_err.c x509_ext.c x509_lu.c x509_obj.c \
x509_r2x.c x509_req.c x509_set.c x509_trs.c x509_txt.c \
x509_v3.c x509_vfy.c x509cset.c x509name.c x509rset.c \
x509spki.c x509type.c x_all.c
# x509v3
SRCS+= v3_akey.c v3_alt.c v3_bcons.c v3_bitst.c v3_conf.c v3_cpols.c \
v3_crld.c v3_enum.c v3_extku.c v3_genn.c v3_ia5.c v3_info.c \
v3_int.c v3_lib.c v3_pku.c v3_prn.c v3_purp.c v3_skey.c \
v3_sxnet.c v3_utl.c v3err.c
SRCS+= v3_akey.c v3_akeya.c v3_alt.c v3_bcons.c v3_bitst.c \
v3_conf.c v3_cpols.c v3_crld.c v3_enum.c v3_extku.c \
v3_genn.c v3_ia5.c v3_info.c v3_int.c v3_lib.c v3_ocsp.c \
v3_pku.c v3_prn.c v3_purp.c v3_skey.c v3_sxnet.c v3_utl.c v3err.c
POD1+= apps/CA.pl.pod apps/asn1parse.pod apps/ca.pod \
apps/ciphers.pod apps/crl.pod \
apps/crl2pkcs7.pod apps/dgst.pod apps/dhparam.pod apps/dsa.pod \
apps/dsaparam.pod apps/enc.pod apps/gendsa.pod apps/genrsa.pod \
apps/nseq.pod apps/openssl.pod apps/passwd.pod apps/pkcs12.pod \
apps/pkcs7.pod apps/pkcs8.pod apps/rand.pod apps/req.pod \
apps/rsa.pod apps/rsautl.pod apps/s_client.pod \
apps/s_server.pod apps/sess_id.pod apps/smime.pod \
apps/speed.pod apps/spkac.pod apps/verify.pod apps/version.pod \
apps/x509.pod
POD3+= crypto/BIO_ctrl.pod crypto/BIO_f_base64.pod \
crypto/BIO_f_buffer.pod crypto/BIO_f_cipher.pod \
crypto/BIO_f_md.pod crypto/BIO_f_null.pod crypto/BIO_f_ssl.pod \
crypto/BIO_find_type.pod crypto/BIO_new.pod \
crypto/BIO_new_bio_pair.pod crypto/BIO_push.pod \
crypto/BIO_read.pod crypto/BIO_s_accept.pod \
crypto/BIO_s_bio.pod crypto/BIO_s_connect.pod \
crypto/BIO_s_fd.pod crypto/BIO_s_file.pod crypto/BIO_s_mem.pod \
crypto/BIO_s_null.pod crypto/BIO_s_socket.pod \
crypto/BIO_set_callback.pod crypto/BIO_should_retry.pod \
crypto/BN_CTX_new.pod crypto/BN_CTX_start.pod \
crypto/BN_add.pod crypto/BN_add_word.pod crypto/BN_bn2bin.pod \
crypto/BN_cmp.pod crypto/BN_copy.pod \
crypto/BN_generate_prime.pod crypto/BN_mod_inverse.pod \
crypto/BN_mod_mul_montgomery.pod \
crypto/BN_mod_mul_reciprocal.pod crypto/BN_new.pod \
crypto/BN_num_bytes.pod crypto/BN_rand.pod \
crypto/BN_set_bit.pod crypto/BN_zero.pod \
crypto/CRYPTO_set_ex_data.pod crypto/DH_generate_key.pod \
crypto/DH_generate_parameters.pod \
crypto/DH_get_ex_new_index.pod crypto/DH_new.pod \
crypto/DH_set_method.pod crypto/DH_size.pod \
crypto/DSA_SIG_new.pod crypto/DSA_do_sign.pod \
crypto/DSA_dup_DH.pod crypto/DSA_generate_key.pod \
crypto/DSA_generate_parameters.pod \
crypto/DSA_get_ex_new_index.pod crypto/DSA_new.pod \
crypto/DSA_set_method.pod crypto/DSA_sign.pod \
crypto/DSA_size.pod crypto/ERR_GET_LIB.pod \
crypto/ERR_clear_error.pod crypto/ERR_error_string.pod \
crypto/ERR_get_error.pod crypto/ERR_load_crypto_strings.pod \
crypto/ERR_load_strings.pod crypto/ERR_print_errors.pod \
crypto/ERR_put_error.pod crypto/ERR_remove_state.pod \
crypto/EVP_DigestInit.pod crypto/EVP_EncryptInit.pod \
crypto/EVP_OpenInit.pod crypto/EVP_SealInit.pod \
crypto/EVP_SignInit.pod crypto/EVP_VerifyInit.pod \
crypto/OPENSSL_VERSION_NUMBER.pod \
crypto/OpenSSL_add_all_algorithms.pod crypto/RAND_add.pod \
crypto/RAND_bytes.pod crypto/RAND_cleanup.pod \
crypto/RAND_egd.pod crypto/RAND_load_file.pod \
crypto/RAND_set_rand_method.pod crypto/RSA_blinding_on.pod \
crypto/RSA_check_key.pod crypto/RSA_generate_key.pod \
crypto/RSA_get_ex_new_index.pod crypto/RSA_new.pod \
crypto/RSA_padding_add_PKCS1_type_1.pod crypto/RSA_print.pod \
crypto/RSA_private_encrypt.pod crypto/RSA_public_encrypt.pod \
crypto/RSA_set_method.pod crypto/RSA_sign.pod \
crypto/RSA_sign_ASN1_OCTET_STRING.pod crypto/RSA_size.pod \
crypto/bio.pod crypto/blowfish.pod crypto/bn.pod \
crypto/bn_internal.pod crypto/buffer.pod crypto/crypto.pod \
crypto/d2i_DHparams.pod crypto/d2i_RSAPublicKey.pod \
crypto/des.pod crypto/des_modes.pod crypto/dh.pod \
crypto/dsa.pod crypto/err.pod crypto/evp.pod crypto/hmac.pod \
crypto/lh_stats.pod crypto/lhash.pod crypto/md5.pod \
crypto/mdc2.pod crypto/rand.pod crypto/rc4.pod \
crypto/ripemd.pod crypto/rsa.pod crypto/sha.pod \
crypto/threads.pod
POD3+= ssl/SSL_CIPHER_get_name.pod \
ssl/SSL_CTX_add_extra_chain_cert.pod \
ssl/SSL_CTX_add_session.pod ssl/SSL_CTX_flush_sessions.pod \
ssl/SSL_CTX_free.pod ssl/SSL_CTX_get_ex_new_index.pod \
ssl/SSL_CTX_get_verify_mode.pod \
ssl/SSL_CTX_load_verify_locations.pod ssl/SSL_CTX_new.pod \
ssl/SSL_CTX_sess_set_cache_size.pod ssl/SSL_CTX_sess_set_get_cb.pod \
ssl/SSL_CTX_sessions.pod ssl/SSL_CTX_set_cipher_list.pod \
ssl/SSL_CTX_set_client_CA_list.pod \
ssl/SSL_CTX_set_client_cert_cb.pod \
ssl/SSL_CTX_set_default_passwd_cb.pod ssl/SSL_CTX_set_options.pod\
ssl/SSL_CTX_set_session_cache_mode.pod \
ssl/SSL_CTX_set_session_id_context.pod \
ssl/SSL_CTX_set_ssl_version.pod \
ssl/SSL_CTX_set_timeout.pod ssl/SSL_CTX_set_verify.pod \
ssl/SSL_CTX_use_certificate.pod ssl/SSL_SESSION_free.pod \
ssl/SSL_SESSION_get_ex_new_index.pod \
ssl/SSL_SESSION_get_time.pod \
ssl/SSL_accept.pod ssl/SSL_clear.pod ssl/SSL_connect.pod \
ssl/SSL_do_handshake.pod \
ssl/SSL_free.pod ssl/SSL_get_ciphers.pod \
ssl/SSL_get_client_CA_list.pod ssl/SSL_get_current_cipher.pod \
ssl/SSL_get_error.pod ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod \
ssl/SSL_get_ex_new_index.pod ssl/SSL_get_fd.pod \
ssl/SSL_get_peer_cert_chain.pod ssl/SSL_get_peer_certificate.pod \
ssl/SSL_get_rbio.pod ssl/SSL_get_session.pod \
ssl/SSL_get_verify_result.pod ssl/SSL_library_init.pod \
ssl/SSL_load_client_CA_file.pod ssl/SSL_new.pod ssl/SSL_pending.pod \
ssl/SSL_read.pod ssl/SSL_set_bio.pod ssl/SSL_set_fd.pod \
ssl/SSL_set_session.pod ssl/SSL_set_verify_result.pod \
ssl/SSL_shutdown.pod ssl/SSL_write.pod ssl/d2i_SSL_SESSION.pod \
ssl/ssl.pod ssl/SSL_CTX_sess_number.pod ssl/SSL_CTX_set_mode.pod \
ssl/SSL_get_version.pod ssl/SSL_set_connect_state.pod \
ssl/SSL_set_shutdown.pod ssl/SSL_alert_type_string.pod \
ssl/SSL_COMP_add_compression_method.pod ssl/SSL_CTX_ctrl.pod \
ssl/SSL_CTX_set_cert_store.pod \
ssl/SSL_CTX_set_cert_verify_callback.pod \
ssl/SSL_CTX_set_info_callback.pod ssl/SSL_CTX_set_quiet_shutdown.pod \
ssl/SSL_CTX_set_tmp_dh_callback.pod \
ssl/SSL_CTX_set_tmp_rsa_callback.pod ssl/SSL_get_default_timeout.pod \
ssl/SSL_get_SSL_CTX.pod ssl/SSL_rstate_string.pod \
ssl/SSL_session_reused.pod ssl/SSL_state_string.pod \
ssl/SSL_want.pod
POD5+= apps/config.pod
.if defined(WANT_OPENSSL_MANPAGES)
.for section in 1 3 5
.for pod in ${POD${section}}
.for target in ${pod:T:S/.pod/.${section}/g}
MAN+= ${target}
.endfor
.endfor
.endfor
.endif
MAN+= des_crypt.3
MLINKS= des_crypt.3 des_read_password.3 \
des_crypt.3 des_read_2password.3 des_crypt.3 des_string_to_key.3 \
des_crypt.3 des_string_to_2key.3 des_crypt.3 des_read_pw_string.3 \
des_crypt.3 des_random_key.3 des_crypt.3 des_set_key.3 \
des_crypt.3 des_key_sched.3 des_crypt.3 des_ecb_encrypt.3 \
des_crypt.3 des_3ecb_encrypt.3 des_crypt.3 des_cbc_encrypt.3 \
des_crypt.3 des_3cbc_encrypt.3 des_crypt.3 des_pcbc_encrypt.3 \
des_crypt.3 des_cfb_encrypt.3 des_crypt.3 des_ofb_encrypt.3 \
des_crypt.3 des_cbc_cksum.3 des_crypt.3 des_quad_cksum.3 \
des_crypt.3 des_enc_read.3 des_crypt.3 des_enc_write.3 \
des_crypt.3 des_set_odd_parity.3 des_crypt.3 des_is_weak_key.3
MAN3= ASN1_OBJECT_new.3 ASN1_STRING_length.3 ASN1_STRING_new.3 \
ASN1_STRING_print_ex.3 BIO_ctrl.3 BIO_f_base64.3 BIO_f_buffer.3 \
BIO_f_cipher.3 BIO_f_md.3 BIO_f_null.3 BIO_f_ssl.3 BIO_find_type.3 \
BIO_new.3 BIO_push.3 BIO_read.3 BIO_s_accept.3 BIO_s_bio.3 \
BIO_s_connect.3 BIO_s_fd.3 BIO_s_file.3 BIO_s_mem.3 BIO_s_null.3 \
BIO_s_socket.3 BIO_set_callback.3 BIO_should_retry.3 BN_CTX_new.3 \
BN_CTX_start.3 BN_add.3 BN_add_word.3 BN_bn2bin.3 BN_cmp.3 \
BN_copy.3 BN_generate_prime.3 BN_mod_inverse.3 BN_mod_mul_montgomery.3 \
BN_mod_mul_reciprocal.3 BN_new.3 BN_num_bytes.3 BN_rand.3 \
BN_set_bit.3 BN_swap.3 BN_zero.3 CRYPTO_set_ex_data.3 \
DH_generate_key.3 DH_generate_parameters.3 DH_get_ex_new_index.3 \
DH_new.3 DH_set_method.3 DH_size.3 DSA_SIG_new.3 DSA_do_sign.3 \
DSA_dup_DH.3 DSA_generate_key.3 DSA_generate_parameters.3 \
DSA_get_ex_new_index.3 DSA_new.3 DSA_set_method.3 DSA_sign.3 \
DSA_size.3 ERR_GET_LIB.3 ERR_clear_error.3 ERR_error_string.3 \
ERR_get_error.3 ERR_load_crypto_strings.3 ERR_load_strings.3 \
ERR_print_errors.3 ERR_put_error.3 ERR_remove_state.3 \
EVP_BytesToKey.3 EVP_DigestInit.3 EVP_EncryptInit.3 EVP_OpenInit.3 \
EVP_PKEY_new.3 EVP_PKEY_set1_RSA.3 EVP_SealInit.3 EVP_SignInit.3 \
EVP_VerifyInit.3 OBJ_nid2obj.3 OPENSSL_VERSION_NUMBER.3 \
OpenSSL_add_all_algorithms.3 PKCS12_create.3 PKCS12_parse.3 \
PKCS7_decrypt.3 PKCS7_encrypt.3 PKCS7_sign.3 PKCS7_verify.3 \
RAND_add.3 RAND_bytes.3 RAND_cleanup.3 RAND_egd.3 RAND_load_file.3 \
RAND_set_rand_method.3 RSA_blinding_on.3 RSA_check_key.3 \
RSA_generate_key.3 RSA_get_ex_new_index.3 RSA_new.3 \
RSA_padding_add_PKCS1_type_1.3 RSA_print.3 RSA_private_encrypt.3 \
RSA_public_encrypt.3 RSA_set_method.3 RSA_sign.3 \
RSA_sign_ASN1_OCTET_STRING.3 RSA_size.3 SMIME_read_PKCS7.3 \
SMIME_write_PKCS7.3 X509_NAME_ENTRY_get_object.3 \
X509_NAME_add_entry_by_txt.3 X509_NAME_get_index_by_NID.3 \
X509_NAME_print_ex.3 X509_new.3 bio.3 blowfish.3 bn.3 bn_internal.3 \
buffer.3 crypto.3 d2i_ASN1_OBJECT.3 d2i_DHparams.3 d2i_DSAPublicKey.3 \
d2i_PKCS8PrivateKey.3 d2i_RSAPublicKey.3 d2i_X509.3 d2i_X509_ALGOR.3 \
d2i_X509_CRL.3 d2i_X509_NAME.3 d2i_X509_REQ.3 d2i_X509_SIG.3 \
des.3 des_modes.3 dh.3 dsa.3 engine.3 err.3 evp.3 hmac.3 \
lh_stats.3 lhash.3 md5.3 mdc2.3 pem.3 rand.3 rc4.3 ripemd.3 \
rsa.3 sha.3 threads.3 ui.3 ui_compat.3
INCS= ${HDRS} openssl/evp.h openssl/opensslconf.h
INCSDIR= ${INCLUDEDIR}/openssl
INCSLINKS= openssl/des.h ${INCLUDEDIR}/des.h
afterinstall:
.if !defined(NOPIC)
SYMLINKS+= lib${LIB}.so.${SHLIB_MAJOR} ${LIBDIR}/libdes.so.3
SYMLINKS+= lib${LIB}.so.${SHLIB_MAJOR} ${LIBDIR}/libdes.so
.endif
SYMLINKS+= lib${LIB}.a ${LIBDIR}/libdes.a
.if !defined(NOPROFILE)
SYMLINKS+= lib${LIB}_p.a ${LIBDIR}/libdes_p.a
.endif
.include <bsd.lib.mk>
.if defined(MAKE_IDEA) && ${MAKE_IDEA} == YES
_ideapath= ${LCRYPTO_SRC}/crypto/idea
.endif
.PATH: \
${LCRYPTO_SRC}/crypto \
${LCRYPTO_SRC}/crypto/aes \
${LCRYPTO_SRC}/crypto/asn1 \
${LCRYPTO_SRC}/crypto/bf \
${LCRYPTO_SRC}/crypto/bio \
${LCRYPTO_SRC}/crypto/bn \
${LCRYPTO_SRC}/crypto/buffer \
${LCRYPTO_SRC}/crypto/cast \
${LCRYPTO_SRC}/crypto/comp \
${LCRYPTO_SRC}/crypto/conf \
${LCRYPTO_SRC}/crypto/des \
${LCRYPTO_SRC}/crypto/dh \
${LCRYPTO_SRC}/crypto/dsa \
${LCRYPTO_SRC}/crypto/dso \
${LCRYPTO_SRC}/crypto/ec \
${LCRYPTO_SRC}/crypto/engine \
${LCRYPTO_SRC}/crypto/err \
${LCRYPTO_SRC}/crypto/evp \
${LCRYPTO_SRC}/crypto/hmac \
${_ideapath} \
${LCRYPTO_SRC}/crypto/krb5 \
${LCRYPTO_SRC}/crypto/lhash \
${LCRYPTO_SRC}/crypto/md2 \
${LCRYPTO_SRC}/crypto/md4 \
${LCRYPTO_SRC}/crypto/md5 \
${LCRYPTO_SRC}/crypto/mdc2 \
${LCRYPTO_SRC}/crypto/objects \
${LCRYPTO_SRC}/crypto/ocsp \
${LCRYPTO_SRC}/crypto/pem \
${LCRYPTO_SRC}/crypto/pkcs12 \
${LCRYPTO_SRC}/crypto/pkcs7 \
${LCRYPTO_SRC}/crypto/rand \
${LCRYPTO_SRC}/crypto/rc2 \
${LCRYPTO_SRC}/crypto/rc4 \
${LCRYPTO_SRC}/crypto/rc5 \
${LCRYPTO_SRC}/crypto/ripemd \
${LCRYPTO_SRC}/crypto/rsa \
${LCRYPTO_SRC}/crypto/sha \
${LCRYPTO_SRC}/crypto/stack \
${LCRYPTO_SRC}/crypto/threads \
${LCRYPTO_SRC}/crypto/txt_db \
${LCRYPTO_SRC}/crypto/ui \
${LCRYPTO_SRC}/crypto/x509 \
${LCRYPTO_SRC}/crypto/x509v3 \
${LCRYPTO_SRC} \
${.CURDIR}/man
+70 -23
View File
@@ -1,33 +1,71 @@
# $FreeBSD$
LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl/crypto
CFLAGS+= -DTERMIOS -DANSI_SOURCE -I${LCRYPTO_SRC} -I${.OBJDIR}
LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl
LCRYPTO_DOC= ${.CURDIR}/../../../crypto/openssl/doc
CFLAGS+= -DTERMIOS -DANSI_SOURCE -DOPENSSL_NO_KRB5
CFLAGS+= -I${LCRYPTO_SRC} -I${LCRYPTO_SRC}/crypto -I${.OBJDIR}
.if !defined(MAKE_IDEA) || ${MAKE_IDEA} != YES
CFLAGS+= -DNO_IDEA
CFLAGS+= -DNO_IDEA
.else
_idea_h= idea/idea.h
.endif
.if ${MACHINE_ARCH} == "i386"
CFLAGS+= -DL_ENDIAN -DSHA1_ASM -DBN_ASM -DMD5_ASM -DRMD160_ASM
CFLAGS+= -DL_ENDIAN
.elif ${MACHINE_ARCH} == "alpha"
# no ENDIAN stuff defined for alpha (64-bit)
.endif
WITH_RSA?= YES
HDRS+= asn1/asn1.h asn1/asn1_mac.h bio/bio.h bf/blowfish.h bn/bn.h \
buffer/buffer.h cast/cast.h comp/comp.h conf/conf.h crypto.h \
des/des.h dh/dh.h dsa/dsa.h ../e_os.h ../e_os2.h ebcdic.h \
err/err.h hmac/hmac.h lhash/lhash.h md2/md2.h \
md5/md5.h mdc2/mdc2.h objects/objects.h opensslv.h pem/pem.h \
pem/pem2.h pkcs12/pkcs12.h pkcs7/pkcs7.h rand/rand.h rc2/rc2.h \
rc4/rc4.h rc5/rc5.h ripemd/ripemd.h rsa/rsa.h stack/safestack.h \
sha/sha.h stack/stack.h tmdiff.h txt_db/txt_db.h x509/x509.h \
x509/x509_vfy.h x509v3/x509v3.h symhacks.h objects/obj_mac.h \
md4/md4.h dso/dso.h conf/conf_api.h
.if defined(MAKE_IDEA) && ${MAKE_IDEA} == YES
HDRS+= idea/idea.h
.endif
HDRS+= \
../e_os.h ../e_os2.h \
crypto.h \
ebcdic.h \
opensslv.h \
ossl_typ.h \
symhacks.h \
tmdiff.h \
aes/aes.h aes/aes_locl.h \
asn1/asn1.h asn1/asn1_mac.h asn1/asn1t.h \
bio/bio.h \
bf/blowfish.h \
bn/bn.h \
buffer/buffer.h \
cast/cast.h \
comp/comp.h \
conf/conf.h conf/conf_api.h \
des/des.h des/des_old.h \
dh/dh.h \
dsa/dsa.h \
dso/dso.h \
ec/ec.h \
engine/eng_int.h engine/engine.h engine/hw_4758_cca_err.h \
engine/hw_aep_err.h engine/hw_atalla_err.h engine/hw_cswift_err.h \
engine/hw_ncipher_err.h engine/hw_nuron_err.h engine/hw_sureware_err.h \
engine/hw_ubsec_err.h \
err/err.h \
hmac/hmac.h \
${_idea_h} \
krb5/krb5_asn.h \
lhash/lhash.h \
md2/md2.h \
md4/md4.h \
md5/md5.h \
mdc2/mdc2.h \
ocsp/ocsp.h \
objects/objects.h objects/obj_mac.h \
pem/pem.h pem/pem2.h \
pkcs12/pkcs12.h pkcs7/pkcs7.h \
rand/rand.h \
rc2/rc2.h rc4/rc4.h rc5/rc5.h \
ripemd/ripemd.h \
rsa/rsa.h \
stack/stack.h stack/safestack.h \
sha/sha.h \
txt_db/txt_db.h \
ui/ui.h ui/ui_compat.h ui/ui_locl.h \
x509/x509.h x509/x509_vfy.h x509v3/x509v3.h
SRCS+= buildinf.h openssl/opensslconf.h openssl/evp.h
CLEANFILES+= buildinf.h openssl/opensslconf.h openssl/evp.h
@@ -41,11 +79,11 @@ buildinf.h:
echo " #define DATE \"`LC_ALL=C date`\""; \
echo "#endif" ) > ${.TARGET}
openssl/opensslconf.h: ../libcrypto/opensslconf-${MACHINE_ARCH}.h
openssl/opensslconf.h: ../../lib/libcrypto/opensslconf-${MACHINE_ARCH}.h
mkdir -p openssl
cp ${.OODATE} ${.TARGET}
openssl/evp.h: ${LCRYPTO_SRC}/evp/evp.h
openssl/evp.h: ${LCRYPTO_SRC}/crypto/evp/evp.h
mkdir -p openssl
.if !defined(MAKE_IDEA) || ${MAKE_IDEA} != YES
sed '/^#ifndef NO_IDEA$$/,/^#endif$$/d' ${.OODATE} > ${.TARGET}
@@ -54,8 +92,17 @@ openssl/evp.h: ${LCRYPTO_SRC}/evp/evp.h
.endif
SRCS+= ${HDRS:T:S;^;openssl/;}
.for h in ${HDRS:S/^/${LCRYPTO_SRC}\//}
.for h in ${HDRS:S/^/${LCRYPTO_SRC}\/crypto\//}
openssl/${h:T}: ${h}
mkdir -p openssl
${INSTALL} -C -m 444 ${h} openssl
.endfor
man-update:
for i in `( cd ${LCRYPTO_DOC}/${LIB}${PROG} ; ls *.pod )` ; do \
cp ${LCRYPTO_DOC}/${LIB}/$$i . ;\
pod2man --section=3 --release="0.9.7" --center="OpenSSL" \
$$i > ${.CURDIR}/man/$${i%%.pod}.3 ;\
rm $$i ;\
echo $${i%%.pod} ;\
done
-509
View File
@@ -1,509 +0,0 @@
.\" $FreeBSD$
.TH DES_CRYPT 3
.SH NAME
des_read_password, des_read_2password,
des_string_to_key, des_string_to_2key, des_read_pw_string,
des_random_key, des_set_key,
des_key_sched, des_ecb_encrypt, des_ecb3_encrypt, des_cbc_encrypt,
des_3cbc_encrypt,
des_pcbc_encrypt, des_cfb_encrypt, des_ofb_encrypt,
des_cbc_cksum, des_quad_cksum,
des_enc_read, des_enc_write, des_set_odd_parity,
des_is_weak_key, crypt \- (non USA) DES encryption
.SH SYNOPSIS
.nf
.nj
.ft B
#include <openssl/des.h>
.PP
.B int des_read_password(key,prompt,verify)
des_cblock *key;
char *prompt;
int verify;
.PP
.B int des_read_2password(key1,key2,prompt,verify)
des_cblock *key1,*key2;
char *prompt;
int verify;
.PP
.B int des_string_to_key(str,key)
char *str;
des_cblock *key;
.PP
.B int des_string_to_2keys(str,key1,key2)
char *str;
des_cblock *key1,*key2;
.PP
.B int des_read_pw_string(buf,length,prompt,verify)
char *buf;
int length;
char *prompt;
int verify;
.PP
.B int des_random_key(key)
des_cblock *key;
.PP
.B int des_set_key(key,schedule)
des_cblock *key;
des_key_schedule schedule;
.PP
.B int des_key_sched(key,schedule)
des_cblock *key;
des_key_schedule schedule;
.PP
.B int des_ecb_encrypt(input,output,schedule,encrypt)
des_cblock *input;
des_cblock *output;
des_key_schedule schedule;
int encrypt;
.PP
.B int des_ecb3_encrypt(input,output,ks1,ks2,encrypt)
des_cblock *input;
des_cblock *output;
des_key_schedule ks1,ks2;
int encrypt;
.PP
.B int des_cbc_encrypt(input,output,length,schedule,ivec,encrypt)
des_cblock *input;
des_cblock *output;
long length;
des_key_schedule schedule;
des_cblock *ivec;
int encrypt;
.PP
.B int des_3cbc_encrypt(input,output,length,sk1,sk2,ivec1,ivec2,encrypt)
des_cblock *input;
des_cblock *output;
long length;
des_key_schedule sk1;
des_key_schedule sk2;
des_cblock *ivec1;
des_cblock *ivec2;
int encrypt;
.PP
.B int des_pcbc_encrypt(input,output,length,schedule,ivec,encrypt)
des_cblock *input;
des_cblock *output;
long length;
des_key_schedule schedule;
des_cblock *ivec;
int encrypt;
.PP
.B int des_cfb_encrypt(input,output,numbits,length,schedule,ivec,encrypt)
unsigned char *input;
unsigned char *output;
int numbits;
long length;
des_key_schedule schedule;
des_cblock *ivec;
int encrypt;
.PP
.B int des_ofb_encrypt(input,output,numbits,length,schedule,ivec)
unsigned char *input,*output;
int numbits;
long length;
des_key_schedule schedule;
des_cblock *ivec;
.PP
.B unsigned long des_cbc_cksum(input,output,length,schedule,ivec)
des_cblock *input;
des_cblock *output;
long length;
des_key_schedule schedule;
des_cblock *ivec;
.PP
.B unsigned long des_quad_cksum(input,output,length,out_count,seed)
des_cblock *input;
des_cblock *output;
long length;
int out_count;
des_cblock *seed;
.PP
.B int des_check_key;
.PP
.B int des_enc_read(fd,buf,len,sched,iv)
int fd;
char *buf;
int len;
des_key_schedule sched;
des_cblock *iv;
.PP
.B int des_enc_write(fd,buf,len,sched,iv)
int fd;
char *buf;
int len;
des_key_schedule sched;
des_cblock *iv;
.PP
.B extern int des_rw_mode;
.PP
.B void des_set_odd_parity(key)
des_cblock *key;
.PP
.B int des_is_weak_key(key)
des_cblock *key;
.PP
.B char *crypt(passwd,salt)
char *passwd;
char *salt;
.PP
.fi
.SH DESCRIPTION
This library contains a fast implementation of the DES encryption
algorithm.
.PP
There are two phases to the use of DES encryption.
The first is the generation of a
.I des_key_schedule
from a key,
the second is the actual encryption.
A des key is of type
.I des_cblock.
This type is made from 8 characters with odd parity.
The least significant bit in the character is the parity bit.
The key schedule is an expanded form of the key; it is used to speed the
encryption process.
.PP
.I des_read_password
writes the string specified by prompt to the standard output,
turns off echo and reads an input string from standard input
until terminated with a newline.
If verify is non-zero, it prompts and reads the input again and verifies
that both entered passwords are the same.
The entered string is converted into a des key by using the
.I des_string_to_key
routine.
The new key is placed in the
.I des_cblock
that was passed (by reference) to the routine.
If there were no errors,
.I des_read_password
returns 0,
-1 is returned if there was a terminal error and 1 is returned for
any other error.
.PP
.I des_read_2password
operates in the same way as
.I des_read_password
except that it generates 2 keys by using the
.I des_string_to_2key
function.
.PP
.I des_read_pw_string
is called by
.I des_read_password
to read and verify a string from a terminal device.
The string is returned in
.I buf.
The size of
.I buf
is passed to the routine via the
.I length
parameter.
.PP
.I des_string_to_key
converts a string into a valid des key.
.PP
.I des_string_to_2key
converts a string into 2 valid des keys.
This routine is best suited for used to generate keys for use with
.I des_ecb3_encrypt.
.PP
.I des_random_key
returns a random key that is made of a combination of process id,
time and an increasing counter.
.PP
Before a des key can be used it is converted into a
.I des_key_schedule
via the
.I des_set_key
routine.
If the
.I des_check_key
flag is non-zero,
.I des_set_key
will check that the key passed is of odd parity and is not a week or
semi-weak key.
If the parity is wrong,
then -1 is returned.
If the key is a weak key,
then -2 is returned.
If an error is returned,
the key schedule is not generated.
.PP
.I des_key_sched
is another name for the
.I des_set_key
function.
.PP
The following routines mostly operate on an input and output stream of
.I des_cblock's.
.PP
.I des_ecb_encrypt
is the basic DES encryption routine that encrypts or decrypts a single 8-byte
.I des_cblock
in
.I electronic code book
mode.
It always transforms the input data, pointed to by
.I input,
into the output data,
pointed to by the
.I output
argument.
If the
.I encrypt
argument is non-zero (DES_ENCRYPT),
the
.I input
(cleartext) is encrypted in to the
.I output
(ciphertext) using the key_schedule specified by the
.I schedule
argument,
previously set via
.I des_set_key.
If
.I encrypt
is zero (DES_DECRYPT),
the
.I input
(now ciphertext)
is decrypted into the
.I output
(now cleartext).
Input and output may overlap.
No meaningful value is returned.
.PP
.I des_ecb3_encrypt
encrypts/decrypts the
.I input
block by using triple ecb DES encryption.
This involves encrypting the input with
.I ks1,
decryption with the key schedule
.I ks2,
and then encryption with the first again.
This routine greatly reduces the chances of brute force breaking of
DES and has the advantage of if
.I ks1
and
.I ks2
are the same, it is equivalent to just encryption using ecb mode and
.I ks1
as the key.
.PP
.I des_cbc_encrypt
encrypts/decrypts using the
.I cipher-block-chaining
mode of DES.
If the
.I encrypt
argument is non-zero,
the routine cipher-block-chain encrypts the cleartext data pointed to by the
.I input
argument into the ciphertext pointed to by the
.I output
argument,
using the key schedule provided by the
.I schedule
argument,
and initialisation vector provided by the
.I ivec
argument.
If the
.I length
argument is not an integral multiple of eight bytes,
the last block is copied to a temporary area and zero filled.
The output is always
an integral multiple of eight bytes.
To make multiple cbc encrypt calls on a large amount of data appear to
be one
.I des_cbc_encrypt
call, the
.I ivec
of subsequent calls should be the last 8 bytes of the output.
.PP
.I des_3cbc_encrypt
encrypts/decrypts the
.I input
block by using triple cbc DES encryption.
This involves encrypting the input with key schedule
.I ks1,
decryption with the key schedule
.I ks2,
and then encryption with the first again.
2 initialisation vectors are required,
.I ivec1
and
.I ivec2.
Unlike
.I des_cbc_encrypt,
these initialisation vectors are modified by the subroutine.
This routine greatly reduces the chances of brute force breaking of
DES and has the advantage of if
.I ks1
and
.I ks2
are the same, it is equivalent to just encryption using cbc mode and
.I ks1
as the key.
.PP
.I des_pcbc_encrypt
encrypt/decrypts using a modified block chaining mode.
It provides better error propagation characteristics than cbc
encryption.
.PP
.I des_cfb_encrypt
encrypt/decrypts using cipher feedback mode. This method takes an
array of characters as input and outputs and array of characters. It
does not require any padding to 8 character groups. Note: the ivec
variable is changed and the new changed value needs to be passed to
the next call to this function. Since this function runs a complete
DES ecb encryption per numbits, this function is only suggested for
use when sending small numbers of characters.
.PP
.I des_ofb_encrypt
encrypt using output feedback mode. This method takes an
array of characters as input and outputs and array of characters. It
does not require any padding to 8 character groups. Note: the ivec
variable is changed and the new changed value needs to be passed to
the next call to this function. Since this function runs a complete
DES ecb encryption per numbits, this function is only suggested for
use when sending small numbers of characters.
.PP
.I des_cbc_cksum
produces an 8 byte checksum based on the input stream (via cbc encryption).
The last 4 bytes of the checksum is returned and the complete 8 bytes is
placed in
.I output.
.PP
.I des_quad_cksum
returns a 4 byte checksum from the input bytes.
The algorithm can be iterated over the input,
depending on
.I out_count,
1, 2, 3 or 4 times.
If
.I output
is non-NULL,
the 8 bytes generated by each pass are written into
.I output.
.PP
.I des_enc_write
is used to write
.I len
bytes
to file descriptor
.I fd
from buffer
.I buf.
The data is encrypted via
.I pcbc_encrypt
(default) using
.I sched
for the key and
.I iv
as a starting vector.
The actual data send down
.I fd
consists of 4 bytes (in network byte order) containing the length of the
following encrypted data. The encrypted data then follows, padded with random
data out to a multiple of 8 bytes.
.PP
.I des_enc_read
is used to read
.I len
bytes
from file descriptor
.I fd
into buffer
.I buf.
The data being read from
.I fd
is assumed to have come from
.I des_enc_write
and is decrypted using
.I sched
for the key schedule and
.I iv
for the initial vector.
The
.I des_enc_read/des_enc_write
pair can be used to read/write to files, pipes and sockets.
I have used them in implementing a version of rlogin in which all
data is encrypted.
.PP
.I des_rw_mode
is used to specify the encryption mode to use with
.I des_enc_read
and
.I des_end_write.
If set to
.I DES_PCBC_MODE
(the default), des_pcbc_encrypt is used.
If set to
.I DES_CBC_MODE
des_cbc_encrypt is used.
These two routines and the variable are not part of the normal MIT library.
.PP
.I des_set_odd_parity
sets the parity of the passed
.I key
to odd. This routine is not part of the standard MIT library.
.PP
.I des_is_weak_key
returns 1 is the passed key is a weak key (pick again :-),
0 if it is ok.
This routine is not part of the standard MIT library.
.PP
.I crypt
is a replacement for the normal system crypt.
It is much faster than the system crypt.
.PP
.SH FILES
/usr/include/openssl/des.h
.br
/usr/lib/libcrypto.a
.PP
The encryption routines have been tested on 16bit, 32bit and 64bit
machines of various endian and even works under VMS.
.PP
.SH BUGS
.PP
If you think this manual is sparse,
read the des_crypt(3) manual from the MIT kerberos (or bones outside
of the USA) distribution.
.PP
.I des_cfb_encrypt
and
.I des_ofb_encrypt
operates on input of 8 bits. What this means is that if you set
numbits to 12, and length to 2, the first 12 bits will come from the 1st
input byte and the low half of the second input byte. The second 12
bits will have the low 8 bits taken from the 3rd input byte and the
top 4 bits taken from the 4th input byte. The same holds for output.
This function has been implemented this way because most people will
be using a multiple of 8 and because once you get into pulling bytes input
bytes apart things get ugly!
.PP
.I des_read_pw_string
is the most machine/OS dependent function and normally generates the
most problems when porting this code.
.PP
.I des_string_to_key
is probably different from the MIT version since there are lots
of fun ways to implement one-way encryption of a text string.
.PP
The routines are optimised for 32 bit machines and so are not efficient
on IBM PCs.
.PP
NOTE: extensive work has been done on this library since this document
was origionally written. Please try to read des.doc from the libdes
distribution since it is far more upto date and documents more of the
functions. Libdes is now also being shipped as part of SSLeay, a
general cryptographic library that amonst other things implements
netscapes SSL protocoll. The most recent version can be found in
SSLeay distributions.
.SH AUTHOR
Eric Young (eay@cryptsoft.com)
+176
View File
@@ -0,0 +1,176 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Mon Jan 13 19:26:45 2003
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD. Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "ASN1_OBJECT_new 3"
.TH ASN1_OBJECT_new 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
ASN1_OBJECT_new, ASN1_OBJECT_free, \- object allocation functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 2
\& ASN1_OBJECT *ASN1_OBJECT_new(void);
\& void ASN1_OBJECT_free(ASN1_OBJECT *a);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an
\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0.
.PP
\&\fIASN1_OBJECT_new()\fR allocates and initializes a \s-1ASN1_OBJECT\s0 structure.
.PP
\&\fIASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR.
.SH "NOTES"
.IX Header "NOTES"
Although \fIASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it
is almost never used in applications. The \s-1ASN1\s0 object utility functions
such as \fIOBJ_nid2obj()\fR are used instead.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
If the allocation fails, \fIASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
code that can be obtained by ERR_get_error(3).
Otherwise it returns a pointer to the newly allocated structure.
.PP
\&\fIASN1_OBJECT_free()\fR returns no value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
ERR_get_error(3), d2i_ASN1_OBJECT(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIASN1_OBJECT_new()\fR and \fIASN1_OBJECT_free()\fR are available in all versions of SSLeay and OpenSSL.
@@ -0,0 +1,221 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Mon Jan 13 19:26:46 2003
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD. Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "ASN1_STRING_length 3"
.TH ASN1_STRING_length 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length,
ASN1_STRING_length_set, ASN1_STRING_type, ASN1_STRING_data \-
\&\s-1ASN1_STRING\s0 utility functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 2
\& int ASN1_STRING_length(ASN1_STRING *x);
\& unsigned char * ASN1_STRING_data(ASN1_STRING *x);
.Ve
.Vb 1
\& ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a);
.Ve
.Vb 1
\& int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
.Ve
.Vb 1
\& int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
.Ve
.Vb 1
\& int ASN1_STRING_type(ASN1_STRING *x);
.Ve
.Vb 1
\& int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions allow an \fB\s-1ASN1_STRING\s0\fR structure to be manipulated.
.PP
\&\fIASN1_STRING_length()\fR returns the length of the content of \fBx\fR.
.PP
\&\fIASN1_STRING_data()\fR returns an internal pointer to the data of \fBx\fR.
Since this is an internal pointer it should \fBnot\fR be freed or
modified in any way.
.PP
\&\fIASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR.
.PP
\&\fIASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two
are identical. The string types and content are compared.
.PP
\&\fIASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer
\&\fBdata\fR or length \fBlen\fR. The supplied data is copied. If \fBlen\fR
is \-1 then the length is determined by strlen(data).
.PP
\&\fIASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants
such as \fBV_ASN1_OCTET_STRING\fR.
.PP
\&\fIASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the
converted data is allocated in a buffer in \fB*out\fR. The length of
\&\fBout\fR is returned or a negative error code. The buffer \fB*out\fR
should be free using \fIOPENSSL_free()\fR.
.SH "NOTES"
.IX Header "NOTES"
Almost all \s-1ASN1\s0 types in OpenSSL are represented as an \fB\s-1ASN1_STRING\s0\fR
structure. Other types such as \fB\s-1ASN1_OCTET_STRING\s0\fR are simply typedefed
to \fB\s-1ASN1_STRING\s0\fR and the functions call the \fB\s-1ASN1_STRING\s0\fR equivalents.
\&\fB\s-1ASN1_STRING\s0\fR is also used for some \fB\s-1CHOICE\s0\fR types which consist
entirely of primitive string types such as \fBDirectoryString\fR and
\&\fBTime\fR.
.PP
These functions should \fBnot\fR be used to examine or modify \fB\s-1ASN1_INTEGER\s0\fR
or \fB\s-1ASN1_ENUMERATED\s0\fR types: the relevant \fB\s-1INTEGER\s0\fR or \fB\s-1ENUMERATED\s0\fR
utility functions should be used instead.
.PP
In general it cannot be assumed that the data returned by \fIASN1_STRING_data()\fR
is null terminated or does not contain embedded nulls. The actual format
of the data will depend on the actual string type itself: for example
for and IA5String the data will be \s-1ASCII\s0, for a BMPString two bytes per
character in big endian format, UTF8String will be in \s-1UTF8\s0 format.
.PP
Similar care should be take to ensure the data is in the correct format
when calling \fIASN1_STRING_set()\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
.SH "SEE ALSO"
.IX Header "SEE ALSO"
ERR_get_error(3)
.SH "HISTORY"
.IX Header "HISTORY"
+177
View File
@@ -0,0 +1,177 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Mon Jan 13 19:26:47 2003
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD. Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "ASN1_STRING_new 3"
.TH ASN1_STRING_new 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \-
\&\s-1ASN1_STRING\s0 allocation functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 3
\& ASN1_STRING * ASN1_STRING_new(void);
\& ASN1_STRING * ASN1_STRING_type_new(int type);
\& void ASN1_STRING_free(ASN1_STRING *a);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type
is undefined.
.PP
\&\fIASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of
type \fBtype\fR.
.PP
\&\fIASN1_STRING_free()\fR frees up \fBa\fR.
.SH "NOTES"
.IX Header "NOTES"
Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example
\&\fIASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING).
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIASN1_STRING_new()\fR and \fIASN1_STRING_type_new()\fR return a valid
\&\s-1ASN1_STRING\s0 structure or \fB\s-1NULL\s0\fR if an error occurred.
.PP
\&\fIASN1_STRING_free()\fR does not return a value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
ERR_get_error(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\s-1TBA\s0
@@ -0,0 +1,230 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Mon Jan 13 19:26:48 2003
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD. Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "ASN1_STRING_print_ex 3"
.TH ASN1_STRING_print_ex 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp \- \s-1ASN1_STRING\s0 output routines.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/asn1.h>
.Ve
.Vb 3
\& int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
\& int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
\& int ASN1_STRING_print(BIO *out, ASN1_STRING *str);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions output an \fB\s-1ASN1_STRING\s0\fR structure. \fB\s-1ASN1_STRING\s0\fR is used to
represent all the \s-1ASN1\s0 string types.
.PP
\&\fIASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by
the options \fBflags\fR. \fIASN1_STRING_print_ex_fp()\fR is identical except it outputs
to \fBfp\fR instead.
.PP
\&\fIASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to
\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR\s0, \s-1LF\s0)
with '.'.
.SH "NOTES"
.IX Header "NOTES"
\&\fIASN1_STRING_print()\fR is a legacy function which should be avoided in new applications.
.PP
Although there are a large number of options frequently \fB\s-1ASN1_STRFLAGS_RFC2253\s0\fR is
suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLAGS_RFC2253\s0 & ~ASN1_STRFLAGS_ESC_MSB\fR.
.PP
The complete set of supported options for \fBflags\fR is listed below.
.PP
Various characters can be escaped. If \fB\s-1ASN1_STRFLGS_ESC_2253\s0\fR is set the characters
determined by \s-1RFC2253\s0 are escaped. If \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0\fR is set control
characters are escaped. If \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR is set characters with the
\&\s-1MSB\s0 set are escaped: this option should \fBnot\fR be used if the terminal correctly
interprets \s-1UTF8\s0 sequences.
.PP
Escaping takes several forms.
.PP
If the character being escaped is a 16 bit character then the form \*(L"\eWXXXX\*(R" is used
using exactly four characters for the hex representation. If it is 32 bits then
\&\*(L"\eUXXXXXXXX\*(R" is used using eight characters of its hex representation. These forms
will only be used if \s-1UTF8\s0 conversion is not set (see below).
.PP
Printable characters are normally escaped using the backslash '\e' character. If
\&\fB\s-1ASN1_STRFLGS_ESC_QUOTE\s0\fR is set then the whole string is instead surrounded by
double quote characters: this is arguably more readable than the backslash
notation. Other characters use the \*(L"\eXX\*(R" using exactly two characters of the hex
representation.
.PP
If \fB\s-1ASN1_STRFLGS_UTF8_CONVERT\s0\fR is set then characters are converted to \s-1UTF8\s0
format first. If the terminal supports the display of \s-1UTF8\s0 sequences then this
option will correctly display multi byte characters.
.PP
If \fB\s-1ASN1_STRFLGS_IGNORE_TYPE\s0\fR is set then the string type is not interpreted at
all: everything is assumed to be one byte per character. This is primarily for
debugging purposes and can result in confusing output in multi character strings.
.PP
If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out
before its value (for example \*(L"\s-1BMPSTRING\s0\*(R"), this actually uses \fIASN1_tag2str()\fR.
.PP
The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just
outputs the value of the string using the form #XXXX using hex format for each
octet.
.PP
If \fB\s-1ASN1_STRFLGS_DUMP_ALL\s0\fR is set then any type is dumped.
.PP
Normally non character string types (such as \s-1OCTET\s0 \s-1STRING\s0) are assumed to be
one byte per character, if \fB\s-1ASN1_STRFLAGS_DUMP_UNKNOWN\s0\fR is set then they will
be dumped instead.
.PP
When a type is dumped normally just the content octets are printed, if
\&\fB\s-1ASN1_STRFLGS_DUMP_DER\s0\fR is set then the complete encoding is dumped
instead (including tag and length octets).
.PP
\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253\s0. It is
equivalent to:
\s-1ASN1_STRFLGS_ESC_2253\s0 | \s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 |
\s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0 \s-1ASN1_STRFLGS_DUMP_DER\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
X509_NAME_print_ex(3),
ASN1_tag2str(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\s-1TBA\s0
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:01 2002
.\" Mon Jan 13 19:26:49 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_ctrl 3"
.TH BIO_ctrl 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_ctrl 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset,
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:01 2002
.\" Mon Jan 13 19:26:50 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_f_base64 3"
.TH BIO_f_base64 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_f_base64 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_f_base64 \- base64 \s-1BIO\s0 filter
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:02 2002
.\" Mon Jan 13 19:26:52 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_f_buffer 3"
.TH BIO_f_buffer 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_f_buffer 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_f_buffer \- buffering \s-1BIO\s0
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:03 2002
.\" Mon Jan 13 19:26:53 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_f_cipher 3"
.TH BIO_f_cipher 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_f_cipher 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher \s-1BIO\s0 filter
+3 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:03 2002
.\" Mon Jan 13 19:26:54 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_f_md 3"
.TH BIO_f_md 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_f_md 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest \s-1BIO\s0 filter
@@ -168,7 +168,7 @@ Any data written or read through a digest \s-1BIO\s0 using \fIBIO_read()\fR and
digest calculation and returns the digest value. \fIBIO_puts()\fR is
not supported.
.PP
\&\fIBIO_reset()\fR reinitializes a digest \s-1BIO\s0.
\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO\s0.
.PP
\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this
must be called to initialize a digest \s-1BIO\s0 before any data is
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:04 2002
.\" Mon Jan 13 19:26:55 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_f_null 3"
.TH BIO_f_null 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_f_null 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_f_null \- null filter
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:05 2002
.\" Mon Jan 13 19:26:56 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_f_ssl 3"
.TH BIO_f_ssl 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_f_ssl 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes,
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:05 2002
.\" Mon Jan 13 19:26:57 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_find_type 3"
.TH BIO_find_type 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_find_type 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_find_type, BIO_next \- \s-1BIO\s0 chain traversal
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:06 2002
.\" Mon Jan 13 19:26:58 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_new 3"
.TH BIO_new 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_new 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all \- \s-1BIO\s0 allocation and freeing functions
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:07 2002
.\" Mon Jan 13 19:26:59 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_push 3"
.TH BIO_push 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_push 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_push, BIO_pop \- add and remove BIOs from a chain.
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:08 2002
.\" Mon Jan 13 19:27:01 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_read 3"
.TH BIO_read 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_read 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_read, BIO_write, BIO_gets, BIO_puts \- \s-1BIO\s0 I/O functions
+24 -13
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:08 2002
.\" Mon Jan 13 19:27:02 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,10 +138,10 @@
.\" ======================================================================
.\"
.IX Title "BIO_s_accept 3"
.TH BIO_s_accept 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_s_accept 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_s_accept, BIO_set_nbio, BIO_set_accept_port, BIO_get_accept_port,
BIO_s_accept, BIO_set_accept_port, BIO_get_accept_port,
BIO_set_nbio_accept, BIO_set_accept_bios, BIO_set_bind_mode,
BIO_get_bind_mode, BIO_do_accept \- accept \s-1BIO\s0
.SH "SYNOPSIS"
@@ -150,22 +150,22 @@ BIO_get_bind_mode, BIO_do_accept \- accept \s-1BIO\s0
\& #include <openssl/bio.h>
.Ve
.Vb 1
\& BIO_METHOD * BIO_s_accept(void);
\& BIO_METHOD *BIO_s_accept(void);
.Ve
.Vb 2
\& #define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
\& #define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
\& long BIO_set_accept_port(BIO *b, char *name);
\& char *BIO_get_accept_port(BIO *b);
.Ve
.Vb 1
\& BIO *BIO_new_accept(char *host_port);
.Ve
.Vb 2
\& #define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL)
\& #define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
\& long BIO_set_nbio_accept(BIO *b, int n);
\& long BIO_set_accept_bios(BIO *b, char *bio);
.Ve
.Vb 2
\& #define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
\& #define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
\& long BIO_set_bind_mode(BIO *b, long mode);
\& long BIO_get_bind_mode(BIO *b, long dummy);
.Ve
.Vb 3
\& #define BIO_BIND_NORMAL 0
@@ -173,14 +173,14 @@ BIO_get_bind_mode, BIO_do_accept \- accept \s-1BIO\s0
\& #define BIO_BIND_REUSEADDR 2
.Ve
.Vb 1
\& #define BIO_do_accept(b) BIO_do_handshake(b)
\& int BIO_do_accept(BIO *b);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper
round the platform's \s-1TCP/IP\s0 socket accept routines.
.PP
Using accept BIOs \s-1TCP/IP\s0 connections can be accepted and data
Using accept BIOs, \s-1TCP/IP\s0 connections can be accepted and data
transferred using only \s-1BIO\s0 routines. In this way any platform
specific operations are hidden by the \s-1BIO\s0 abstraction.
.PP
@@ -238,7 +238,7 @@ using \s-1BIO_BIND_REUSEADDR\s0.
called, after the accept \s-1BIO\s0 has been setup, it will attempt
to create the accept socket and bind an address to it. Second
and subsequent calls to \fIBIO_do_accept()\fR will await an incoming
connection.
connection, or request a retry in non blocking mode.
.SH "NOTES"
.IX Header "NOTES"
When an accept \s-1BIO\s0 is at the end of a chain it will await an
@@ -275,6 +275,17 @@ perform I/O using the accept \s-1BIO\s0 itself. This is often undesirable
however because the accept \s-1BIO\s0 will still accept additional incoming
connections. This can be resolved by using \fIBIO_pop()\fR (see above)
and freeing up the accept \s-1BIO\s0 after the initial connection.
.PP
If the underlying accept socket is non-blocking and \fIBIO_do_accept()\fR is
called to await an incoming connection it is possible for
\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT\s0. If this happens
then it is an indication that an accept attempt would block: the application
should take appropriate action to wait until the underlying socket has
accepted a connection and retry the call.
.PP
\&\fIBIO_set_accept_port()\fR, \fIBIO_get_accept_port()\fR, \fIBIO_set_nbio_accept()\fR,
\&\fIBIO_set_accept_bios()\fR, \fIBIO_set_bind_mode()\fR, \fIBIO_get_bind_mode()\fR and
\&\fIBIO_do_accept()\fR are macros.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\s-1TBA\s0
+57 -4
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:09 2002
.\" Mon Jan 13 19:27:03 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_s_bio 3"
.TH BIO_s_bio 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_s_bio 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr,
@@ -223,7 +223,9 @@ If the size is not initialized a default value is used. This is currently
\&\fIBIO_new_bio_pair()\fR combines the calls to \fIBIO_new()\fR, \fIBIO_make_bio_pair()\fR and
\&\fIBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR
with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is
zero then the default size is used.
zero then the default size is used. \fIBIO_new_bio_pair()\fR does not check whether
\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO\s0, the values are overwritten,
\&\fIBIO_free()\fR is not called.
.PP
\&\fIBIO_get_write_guarantee()\fR and \fIBIO_ctrl_get_write_guarantee()\fR return the maximum
length of data that can be currently written to the \s-1BIO\s0. Writes larger than this
@@ -263,9 +265,60 @@ buffer. \fIBIO_read()\fR will initially fail and \fIBIO_should_read()\fR will be
the application then waits for data to be available on the underlying transport
before flushing the write buffer it will never succeed because the request was
never sent!
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in
\&\fBbio1\fR and \fBbio2\fR, or 0 on failure, with \s-1NULL\s0 pointers stored into the
locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more information.
.PP
[\s-1XXXXX:\s0 More return values need to be added here]
.SH "EXAMPLE"
.IX Header "EXAMPLE"
\&\s-1TBA\s0
The \s-1BIO\s0 pair can be used to have full control over the network access of an
application. The application can call \fIselect()\fR on the socket as required
without having to go through the SSL-interface.
.PP
.Vb 6
\& BIO *internal_bio, *network_bio;
\& ...
\& BIO_new_bio_pair(internal_bio, 0, network_bio, 0);
\& SSL_set_bio(ssl, internal_bio, internal_bio);
\& SSL_operations();
\& ...
.Ve
.Vb 9
\& application | TLS-engine
\& | |
\& +----------> SSL_operations()
\& | /\e ||
\& | || \e/
\& | BIO-pair (internal_bio)
\& +----------< BIO-pair (network_bio)
\& | |
\& socket |
.Ve
.Vb 4
\& ...
\& SSL_free(ssl); /* implicitly frees internal_bio */
\& BIO_free(network_bio);
\& ...
.Ve
As the \s-1BIO\s0 pair will only buffer the data and never directly access the
connection, it behaves non-blocking and will return as soon as the write
buffer is full or the read buffer is drained. Then the application has to
flush the write buffer and/or fill the read buffer.
.PP
Use the \fIBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0
and must be transfered to the network. Use \fIBIO_ctrl_get_read_request()\fR to
find out, how many bytes must be written into the buffer before the
\&\fISSL_operation()\fR can successfully be continued.
.SH "WARNING"
.IX Header "WARNING"
As the data is buffered, \fISSL_operation()\fR may return with a \s-1ERROR_SSL_WANT_READ\s0
condition, but there is still data in the write buffer. An application must
not rely on the error value of \fISSL_operation()\fR but must assure that the
write buffer is always flushed first. Otherwise a deadlock may occur as
the peer might be waiting for the data before being able to continue.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
SSL_set_bio(3), ssl(3), bio(3),
+25 -14
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:09 2002
.\" Mon Jan 13 19:27:04 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_s_connect 3"
.TH BIO_s_connect 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_s_connect 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port,
@@ -153,28 +153,31 @@ BIO_set_nbio, BIO_do_connect \- connect \s-1BIO\s0
.Vb 1
\& BIO_METHOD * BIO_s_connect(void);
.Ve
.Vb 1
\& BIO *BIO_new_connect(char *name);
.Ve
.Vb 8
\& #define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
\& #define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
\& #define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)
\& #define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
\& #define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
\& #define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
\& #define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2)
\& #define BIO_get_conn_int_port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port)
\& long BIO_set_conn_hostname(BIO *b, char *name);
\& long BIO_set_conn_port(BIO *b, char *port);
\& long BIO_set_conn_ip(BIO *b, char *ip);
\& long BIO_set_conn_int_port(BIO *b, char *port);
\& char *BIO_get_conn_hostname(BIO *b);
\& char *BIO_get_conn_port(BIO *b);
\& char *BIO_get_conn_ip(BIO *b, dummy);
\& long BIO_get_conn_int_port(BIO *b, int port);
.Ve
.Vb 1
\& #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
\& long BIO_set_nbio(BIO *b, long n);
.Ve
.Vb 1
\& #define BIO_do_connect(b) BIO_do_handshake(b)
\& int BIO_do_connect(BIO *b);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper
round the platform's \s-1TCP/IP\s0 socket connection routines.
.PP
Using connect BIOs \s-1TCP/IP\s0 connections can be made and data
Using connect BIOs, \s-1TCP/IP\s0 connections can be made and data
transferred using only \s-1BIO\s0 routines. In this way any platform
specific operations are hidden by the \s-1BIO\s0 abstraction.
.PP
@@ -197,7 +200,7 @@ to the same host again.
it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of
type (int *).
.PP
\&\fIBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname
\&\fIBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname.
The hostname can be an \s-1IP\s0 address. The hostname can also include the
port in the form hostname:port . It is also acceptable to use the
form \*(L"hostname/any/other/path\*(R" or \*(L"hostname:port/any/other/path\*(R".
@@ -230,6 +233,9 @@ is set. Blocking I/O is the default. The call to \fIBIO_set_nbio()\fR
should be made before the connection is established because
non blocking I/O is set during the connect process.
.PP
\&\fIBIO_new_connect()\fR combines \fIBIO_new()\fR and \fIBIO_set_conn_hostname()\fR into
a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR.
.PP
\&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO\s0. It returns 1
if the connection was established successfully. A zero or negative
value is returned if the connection could not be established, the
@@ -264,6 +270,11 @@ connection process with the reason \s-1BIO_RR_CONNECT\s0. If this is returned
then this is an indication that a connection attempt would block,
the application should then take appropriate action to wait until
the underlying socket has connected and retry the call.
.PP
\&\fIBIO_set_conn_hostname()\fR, \fIBIO_set_conn_port()\fR, \fIBIO_set_conn_ip()\fR,
\&\fIBIO_set_conn_int_port()\fR, \fIBIO_get_conn_hostname()\fR, \fIBIO_get_conn_port()\fR,
\&\fIBIO_get_conn_ip()\fR, \fIBIO_get_conn_int_port()\fR, \fIBIO_set_nbio()\fR and
\&\fIBIO_do_connect()\fR are macros.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method.
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:10 2002
.\" Mon Jan 13 19:27:05 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_s_fd 3"
.TH BIO_s_fd 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_s_fd 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor \s-1BIO\s0
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:11 2002
.\" Mon Jan 13 19:27:06 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_s_file 3"
.TH BIO_s_file 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_s_file 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp,
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:11 2002
.\" Mon Jan 13 19:27:08 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_s_mem 3"
.TH BIO_s_mem 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_s_mem 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf,
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:12 2002
.\" Mon Jan 13 19:27:09 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_s_null 3"
.TH BIO_s_null 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_s_null 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_s_null \- null data sink
+9 -7
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:13 2002
.\" Mon Jan 13 19:27:10 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_s_socket 3"
.TH BIO_s_socket 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_s_socket 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_s_socket, BIO_new_socket \- socket \s-1BIO\s0
@@ -148,11 +148,11 @@ BIO_s_socket, BIO_new_socket \- socket \s-1BIO\s0
\& #include <openssl/bio.h>
.Ve
.Vb 1
\& BIO_METHOD * BIO_s_socket(void);
\& BIO_METHOD *BIO_s_socket(void);
.Ve
.Vb 2
\& #define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
\& #define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
\& long BIO_set_fd(BIO *b, int fd, long close_flag);
\& long BIO_get_fd(BIO *b, int *c);
.Ve
.Vb 1
\& BIO *BIO_new_socket(int sock, int close_flag);
@@ -169,10 +169,10 @@ If the close flag is set then the socket is shut down and closed
when the \s-1BIO\s0 is freed.
.PP
\&\fIBIO_set_fd()\fR sets the socket of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close
flag to \fBc\fR.
flag to \fBclose_flag\fR.
.PP
\&\fIBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL\s0, it also
returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of type (int *).
returns the socket. If \fBc\fR is not \s-1NULL\s0 it should be of type (int *).
.PP
\&\fIBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR.
.SH "NOTES"
@@ -184,6 +184,8 @@ The reason for having separate file descriptor and socket BIOs is that on some
platforms sockets are not file descriptors and use distinct I/O routines,
Windows is one such platform. Any code mixing the two will not work on
all platforms.
.PP
\&\fIBIO_set_fd()\fR and \fIBIO_get_fd()\fR are macros.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method.
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:13 2002
.\" Mon Jan 13 19:27:11 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_set_callback 3"
.TH BIO_set_callback 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_set_callback 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg,
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:14 2002
.\" Mon Jan 13 19:27:12 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_should_retry 3"
.TH BIO_should_retry 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BIO_should_retry 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_should_retry, BIO_should_read, BIO_should_write,
+3 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:14 2002
.\" Mon Jan 13 19:27:13 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_CTX_new 3"
.TH BN_CTX_new 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH BN_CTX_new 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BN_CTX_new, BN_CTX_init, BN_CTX_free \- allocate and free \s-1BN_CTX\s0 structures
@@ -181,7 +181,7 @@ ERR_get_error(3).
\&\fIBN_CTX_init()\fR and \fIBN_CTX_free()\fR have no return values.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
bn(3), err(3), BN_add(3),
bn(3), ERR_get_error(3), BN_add(3),
BN_CTX_start(3)
.SH "HISTORY"
.IX Header "HISTORY"
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:15 2002
.\" Mon Jan 13 19:27:14 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_CTX_start 3"
.TH BN_CTX_start 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BN_CTX_start 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary \s-1BIGNUM\s0 variables
+67 -36
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:16 2002
.\" Mon Jan 13 19:27:15 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,11 +138,12 @@
.\" ======================================================================
.\"
.IX Title "BN_add 3"
.TH BN_add 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH BN_add 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BN_add, BN_sub, BN_mul, BN_div, BN_sqr, BN_mod, BN_mod_mul, BN_exp,
BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs
BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,
BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd \-
arithmetic operations on BIGNUMs
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
@@ -157,20 +158,34 @@ BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs
.Vb 1
\& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
.Ve
.Vb 1
\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
.Ve
.Vb 2
\& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
\& BN_CTX *ctx);
.Ve
.Vb 1
\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
.Ve
.Vb 1
\& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
.Ve
.Vb 1
\& int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
.Ve
.Vb 2
\& int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
\& int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
\& BN_CTX *ctx);
.Ve
.Vb 2
\& int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
\& BN_CTX *ctx);
.Ve
.Vb 2
\& int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
\& BN_CTX *ctx);
.Ve
.Vb 1
\& int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
.Ve
.Vb 1
\& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
.Ve
@@ -183,45 +198,59 @@ BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIBN_add()\fR adds \fBa\fR and \fBb\fR and places the result in \fBr\fR (\f(CW\*(C`r=a+b\*(C'\fR).
\&\fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBb\fR.
\&\fIBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR).
\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR.
.PP
\&\fIBN_sub()\fR subtracts \fBb\fR from \fBa\fR and places the result in \fBr\fR (\f(CW\*(C`r=a\-b\*(C'\fR).
\&\fIBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR).
.PP
\&\fIBN_mul()\fR multiplies \fBa\fR and \fBb\fR and places the result in \fBr\fR (\f(CW\*(C`r=a*b\*(C'\fR).
\&\fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBb\fR.
\&\fIBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR).
\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR.
For multiplication by powers of 2, use BN_lshift(3).
.PP
\&\fIBN_div()\fR divides \fBa\fR by \fBd\fR and places the result in \fBdv\fR and the
remainder in \fBrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fBdv\fR and \fBrem\fR may
be \s-1NULL\s0, in which case the respective value is not returned.
For division by powers of 2, use \fIBN_rshift\fR\|(3).
.PP
\&\fIBN_sqr()\fR takes the square of \fBa\fR and places the result in \fBr\fR
(\f(CW\*(C`r=a^2\*(C'\fR). \fBr\fR and \fBa\fR may be the same \fB\s-1BIGNUM\s0\fR.
\&\fIBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR
(\f(CW\*(C`r=a^2\*(C'\fR). \fIr\fR and \fIa\fR may be the same \fB\s-1BIGNUM\s0\fR.
This function is faster than BN_mul(r,a,a).
.PP
\&\fIBN_mod()\fR find the remainder of \fBa\fR divided by \fBm\fR and places it in
\&\fBrem\fR (\f(CW\*(C`rem=a%m\*(C'\fR).
\&\fIBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the
remainder in \fIrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fIdv\fR and \fIrem\fR may
be \fB\s-1NULL\s0\fR, in which case the respective value is not returned.
The result is rounded towards zero; thus if \fIa\fR is negative, the
remainder will be zero or negative.
For division by powers of 2, use \fIBN_rshift\fR\|(3).
.PP
\&\fIBN_mod_mul()\fR multiplies \fBa\fR by \fBb\fR and finds the remainder when
divided by \fBm\fR (\f(CW\*(C`r=(a*b)%m\*(C'\fR). \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR
or \fBb\fR. For a more efficient algorithm, see
BN_mod_mul_montgomery(3); for repeated
computations using the same modulus, see BN_mod_mul_reciprocal(3).
\&\fIBN_mod()\fR corresponds to \fIBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR.
.PP
\&\fIBN_exp()\fR raises \fBa\fR to the \fBp\fR\-th power and places the result in \fBr\fR
\&\fIBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative
remainder in \fIr\fR.
.PP
\&\fIBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative
result in \fIr\fR.
.PP
\&\fIBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the
non-negative result in \fIr\fR.
.PP
\&\fIBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative
remainder respective to modulus \fIm\fR (\f(CW\*(C`r=(a*b) mod m\*(C'\fR). \fIr\fR may be
the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for
repeated computations using the same modulus, see
BN_mod_mul_montgomery(3) and
BN_mod_mul_reciprocal(3).
.PP
\&\fIBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the
result in \fIr\fR.
.PP
\&\fIBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR
(\f(CW\*(C`r=a^p\*(C'\fR). This function is faster than repeated applications of
\&\fIBN_mul()\fR.
.PP
\&\fIBN_mod_exp()\fR computes \fBa\fR to the \fBp\fR\-th power modulo \fBm\fR (\f(CW\*(C`r=a^p %
\&\fIBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p %
m\*(C'\fR). This function uses less time and space than \fIBN_exp()\fR.
.PP
\&\fIBN_gcd()\fR computes the greatest common divisor of \fBa\fR and \fBb\fR and
places the result in \fBr\fR. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or
\&\fBb\fR.
\&\fIBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and
places the result in \fIr\fR. \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or
\&\fIb\fR.
.PP
For all functions, \fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for
For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for
temporary variables; see BN_CTX_new(3).
.PP
Unless noted otherwise, the result \fB\s-1BIGNUM\s0\fR must be different from
@@ -233,11 +262,13 @@ value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*(
The error codes can be obtained by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
bn(3), err(3), BN_CTX_new(3),
bn(3), ERR_get_error(3), BN_CTX_new(3),
BN_add_word(3), BN_set_bit(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIBN_add()\fR, \fIBN_sub()\fR, \fIBN_div()\fR, \fIBN_sqr()\fR, \fIBN_mod()\fR, \fIBN_mod_mul()\fR,
\&\fIBN_add()\fR, \fIBN_sub()\fR, \fIBN_sqr()\fR, \fIBN_div()\fR, \fIBN_mod()\fR, \fIBN_mod_mul()\fR,
\&\fIBN_mod_exp()\fR and \fIBN_gcd()\fR are available in all versions of SSLeay and
OpenSSL. The \fBctx\fR argument to \fIBN_mul()\fR was added in SSLeay
OpenSSL. The \fIctx\fR argument to \fIBN_mul()\fR was added in SSLeay
0.9.1b. \fIBN_exp()\fR appeared in SSLeay 0.9.0.
\&\fIBN_nnmod()\fR, \fIBN_mod_add()\fR, \fIBN_mod_sub()\fR, and \fIBN_mod_sqr()\fR were added in
OpenSSL 0.9.7.
+3 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:16 2002
.\" Mon Jan 13 19:27:17 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_add_word 3"
.TH BN_add_word 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH BN_add_word 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic
@@ -188,7 +188,7 @@ on error. The error codes can be obtained by ERR_get_error(3).
\&\fIBN_mod_word()\fR and \fIBN_div_word()\fR return \fBa\fR%\fBw\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
bn(3), err(3), BN_add(3)
bn(3), ERR_get_error(3), BN_add(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIBN_add_word()\fR and \fIBN_mod_word()\fR are available in all versions of
+3 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:17 2002
.\" Mon Jan 13 19:27:18 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_bn2bin 3"
.TH BN_bn2bin 3 "0.9.6e" "2002-07-30" "OpenSSL"
.TH BN_bn2bin 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn,
@@ -221,7 +221,7 @@ returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error.
The error codes can be obtained by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
bn(3), err(3), BN_zero(3),
bn(3), ERR_get_error(3), BN_zero(3),
ASN1_INTEGER_to_BN(3),
BN_num_bytes(3)
.SH "HISTORY"
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:18 2002
.\" Mon Jan 13 19:27:19 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_cmp 3"
.TH BN_cmp 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH BN_cmp 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- \s-1BIGNUM\s0 comparison and test functions
+3 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:18 2002
.\" Mon Jan 13 19:27:20 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_copy 3"
.TH BN_copy 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH BN_copy 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BN_copy, BN_dup \- copy BIGNUMs
@@ -164,7 +164,7 @@ the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be ob
by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
bn(3), err(3)
bn(3), ERR_get_error(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIBN_copy()\fR and \fIBN_dup()\fR are available in all versions of SSLeay and OpenSSL.
+3 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:19 2002
.\" Mon Jan 13 19:27:21 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_generate_prime 3"
.TH BN_generate_prime 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH BN_generate_prime 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality
@@ -220,7 +220,7 @@ prime with an error probability of less than 0.25^\fBchecks\fR, and
The error codes can be obtained by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
bn(3), err(3), rand(3)
bn(3), ERR_get_error(3), rand(3)
.SH "HISTORY"
.IX Header "HISTORY"
The \fBcb_arg\fR arguments to \fIBN_generate_prime()\fR and to \fIBN_is_prime()\fR
+3 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:19 2002
.\" Mon Jan 13 19:27:22 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_mod_inverse 3"
.TH BN_mod_inverse 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH BN_mod_inverse 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BN_mod_inverse \- compute inverse modulo n
@@ -165,7 +165,7 @@ variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR.
\&\s-1NULL\s0 on error. The error codes can be obtained by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
bn(3), err(3), BN_add(3)
bn(3), ERR_get_error(3), BN_add(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIBN_mod_inverse()\fR is available in all versions of SSLeay and OpenSSL.
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:20 2002
.\" Mon Jan 13 19:27:23 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_mod_mul_montgomery 3"
.TH BN_mod_mul_montgomery 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BN_mod_mul_montgomery 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init,
@@ -180,22 +180,23 @@ using the same modulus.
\&\fIBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure.
\&\fIBN_MONT_CTX_init()\fR initializes an existing uninitialized \fB\s-1BN_MONT_CTX\s0\fR.
.PP
\&\fIBN_MONT_CTX_set()\fR sets up the \fBmont\fR structure from the modulus \fBm\fR
\&\fIBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR
by precomputing its inverse and a value R.
.PP
\&\fIBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fBfrom\fR to \fBto\fR.
\&\fIBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR.
.PP
\&\fIBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if
it was created by \fIBN_MONT_CTX_new()\fR, also the structure itself.
.PP
\&\fIBN_mod_mul_montgomery()\fR computes Mont(\fBa\fR,\fBb\fR):=\fBa\fR*\fBb\fR*R^\-1 and places
the result in \fBr\fR.
\&\fIBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places
the result in \fIr\fR.
.PP
\&\fIBN_from_montgomery()\fR performs the Montgomery reduction \fBr\fR = \fBa\fR*R^\-1.
\&\fIBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1.
.PP
\&\fIBN_to_montgomery()\fR computes Mont(\fBa\fR,R^2), i.e. \fBa\fR*R.
\&\fIBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R.
Note that \fIa\fR must be non-negative and smaller than the modulus.
.PP
For all functions, \fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for
For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for
temporary variables.
.PP
The \fB\s-1BN_MONT_CTX\s0\fR structure is defined as follows:
@@ -222,9 +223,13 @@ on error.
.PP
For the other functions, 1 is returned for success, 0 on error.
The error codes can be obtained by ERR_get_error(3).
.SH "WARNING"
.IX Header "WARNING"
The inputs must be reduced modulo \fBm\fR, otherwise the result will be
outside the expected range.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
bn(3), err(3), BN_add(3),
bn(3), ERR_get_error(3), BN_add(3),
BN_CTX_new(3)
.SH "HISTORY"
.IX Header "HISTORY"
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:21 2002
.\" Mon Jan 13 19:27:25 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_mod_mul_reciprocal 3"
.TH BN_mod_mul_reciprocal 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BN_mod_mul_reciprocal 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init,
@@ -211,7 +211,7 @@ For the other functions, 1 is returned for success, 0 on error.
The error codes can be obtained by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
bn(3), err(3), BN_add(3),
bn(3), ERR_get_error(3), BN_add(3),
BN_CTX_new(3)
.SH "HISTORY"
.IX Header "HISTORY"
+3 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:21 2002
.\" Mon Jan 13 19:27:26 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_new 3"
.TH BN_new 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH BN_new 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BN_new, BN_init, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs
@@ -184,7 +184,7 @@ by ERR_get_error(3).
values.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
bn(3), err(3)
bn(3), ERR_get_error(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIBN_new()\fR, \fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR are available in
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:22 2002
.\" Mon Jan 13 19:27:27 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_num_bytes 3"
.TH BN_num_bytes 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH BN_num_bytes 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BN_num_bits, BN_num_bytes, BN_num_bits_word \- get \s-1BIGNUM\s0 size
+3 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:22 2002
.\" Mon Jan 13 19:27:28 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_rand 3"
.TH BN_rand 3 "0.9.6e" "2002-07-30" "OpenSSL"
.TH BN_rand 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BN_rand, BN_pseudo_rand \- generate pseudo-random number
@@ -186,7 +186,7 @@ The functions return 1 on success, 0 on error.
The error codes can be obtained by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
bn(3), err(3), rand(3),
bn(3), ERR_get_error(3), rand(3),
RAND_add(3), RAND_bytes(3)
.SH "HISTORY"
.IX Header "HISTORY"
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:23 2002
.\" Mon Jan 13 19:27:29 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_set_bit 3"
.TH BN_set_bit 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH BN_set_bit 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift,
+160
View File
@@ -0,0 +1,160 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Mon Jan 13 19:27:30 2003
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD. Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "BN_swap 3"
.TH BN_swap 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BN_swap \- exchange BIGNUMs
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/bn.h>
.Ve
.Vb 1
\& void BN_swap(BIGNUM *a, BIGNUM *b);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR.
.PP
bn(3)
.SH "HISTORY"
.IX Header "HISTORY"
BN_swap was added in OpenSSL 0.9.7.
+6 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:24 2002
.\" Mon Jan 13 19:27:31 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_zero 3"
.TH BN_zero 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH BN_zero 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- \s-1BIGNUM\s0 assignment
@@ -153,7 +153,7 @@ operations
\& int BN_one(BIGNUM *a);
.Ve
.Vb 1
\& BIGNUM *BN_value_one(void);
\& const BIGNUM *BN_value_one(void);
.Ve
.Vb 2
\& int BN_set_word(BIGNUM *a, unsigned long w);
@@ -190,3 +190,6 @@ bn(3), BN_bn2bin(3)
\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR are available in all versions of
SSLeay and OpenSSL. \fIBN_value_one()\fR and \fIBN_get_word()\fR were added in
SSLeay 0.8.
.PP
\&\fIBN_value_one()\fR was changed to return a true const \s-1BIGNUM\s0 * in OpenSSL
0.9.7.
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:24 2002
.\" Mon Jan 13 19:27:32 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "CRYPTO_set_ex_data 3"
.TH CRYPTO_set_ex_data 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH CRYPTO_set_ex_data 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
CRYPTO_set_ex_data, CRYPTO_get_ex_data \- internal application specific data functions
+3 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:25 2002
.\" Mon Jan 13 19:27:33 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DH_generate_key 3"
.TH DH_generate_key 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH DH_generate_key 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
DH_generate_key, DH_compute_key \- perform Diffie-Hellman key exchange
@@ -179,7 +179,7 @@ on error.
The error codes can be obtained by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
dh(3), err(3), rand(3), DH_size(3)
dh(3), ERR_get_error(3), rand(3), DH_size(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIDH_generate_key()\fR and \fIDH_compute_key()\fR are available in all versions
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:25 2002
.\" Mon Jan 13 19:27:34 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DH_generate_parameters 3"
.TH DH_generate_parameters 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH DH_generate_parameters 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
DH_generate_parameters, DH_check \- generate and check Diffie-Hellman parameters
@@ -196,7 +196,8 @@ If \fBgenerator\fR is not 2 or 5, \fBdh->g\fR=\fBgenerator\fR is not
a usable generator.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
dh(3), err(3), rand(3), DH_free(3)
dh(3), ERR_get_error(3), rand(3),
DH_free(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIDH_check()\fR is available in all versions of SSLeay and OpenSSL.
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:26 2002
.\" Mon Jan 13 19:27:36 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DH_get_ex_new_index 3"
.TH DH_get_ex_new_index 3 "0.9.6e" "2002-07-30" "OpenSSL"
.TH DH_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data \- add application specific data to \s-1DH\s0 structures
+3 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:27 2002
.\" Mon Jan 13 19:27:37 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DH_new 3"
.TH DH_new 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH DH_new 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
DH_new, DH_free \- allocate and free \s-1DH\s0 objects
@@ -168,7 +168,7 @@ a pointer to the newly allocated structure.
\&\fIDH_free()\fR returns no value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
dh(3), err(3),
dh(3), ERR_get_error(3),
DH_generate_parameters(3),
DH_generate_key(3)
.SH "HISTORY"
+57 -25
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:27 2002
.\" Mon Jan 13 19:27:38 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,51 +138,63 @@
.\" ======================================================================
.\"
.IX Title "DH_set_method 3"
.TH DH_set_method 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH DH_set_method 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
DH_set_default_method, DH_get_default_method, DH_set_method,
DH_new_method, DH_OpenSSL \- select \s-1DH\s0 method
DH_set_default_method, DH_get_default_method,
DH_set_method, DH_new_method, DH_OpenSSL \- select \s-1DH\s0 method
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
.Vb 2
\& #include <openssl/dh.h>
\& #include <openssl/engine.h>
.Ve
.Vb 1
\& void DH_set_default_method(DH_METHOD *meth);
\& void DH_set_default_method(const DH_METHOD *meth);
.Ve
.Vb 1
\& DH_METHOD *DH_get_default_method(void);
\& const DH_METHOD *DH_get_default_method(void);
.Ve
.Vb 1
\& DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
\& int DH_set_method(DH *dh, const DH_METHOD *meth);
.Ve
.Vb 1
\& DH *DH_new_method(DH_METHOD *meth);
\& DH *DH_new_method(ENGINE *engine);
.Ve
.Vb 1
\& DH_METHOD *DH_OpenSSL(void);
\& const DH_METHOD *DH_OpenSSL(void);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman
operations. By modifying the method, alternative implementations
such as hardware accelerators may be used.
such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for
important information about how these \s-1DH\s0 \s-1API\s0 functions are affected by the use
of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
.PP
Initially, the default is to use the OpenSSL internal implementation.
\&\fIDH_OpenSSL()\fR returns a pointer to that method.
Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as
returned by \fIDH_OpenSSL()\fR.
.PP
\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \fB\s-1DH\s0\fR
structures created later.
\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0
structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set
as a default for \s-1DH\s0, so this function is no longer recommended.
.PP
\&\fIDH_get_default_method()\fR returns a pointer to the current default
method.
\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD\s0.
However, the meaningfulness of this result is dependant on whether the \s-1ENGINE\s0
\&\s-1API\s0 is being used, so this function is no longer recommended.
.PP
\&\fIDH_set_method()\fR selects \fBmeth\fR for all operations using the structure \fBdh\fR.
\&\fIDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR.
This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method
was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will be released during the
change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0
implementations (eg. from an \s-1ENGINE\s0 module that supports embedded
hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0
for the key can have unexpected results.
.PP
\&\fIDH_new_method()\fR allocates and initializes a \fB\s-1DH\s0\fR structure so that
\&\fBmethod\fR will be used for the \s-1DH\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR,
the default method is used.
\&\fIDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will
be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default \s-1ENGINE\s0 for \s-1DH\s0
operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by
\&\fIDH_set_default_method()\fR is used.
.SH "THE DH_METHOD STRUCTURE"
.IX Header "THE DH_METHOD STRUCTURE"
.Vb 4
@@ -229,12 +241,22 @@ the default method is used.
.PP
\&\fIDH_set_default_method()\fR returns no value.
.PP
\&\fIDH_set_method()\fR returns a pointer to the \fB\s-1DH_METHOD\s0\fR previously
associated with \fBdh\fR.
\&\fIDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as
the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous
method was supplied by an \s-1ENGINE\s0).
.PP
\&\fIDH_new_method()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be
obtained by ERR_get_error(3) if the allocation fails. Otherwise it
\&\fIDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by
ERR_get_error(3) if the allocation fails. Otherwise it
returns a pointer to the newly allocated structure.
.SH "NOTES"
.IX Header "NOTES"
As of version 0.9.7, \s-1DH_METHOD\s0 implementations are grouped together with other
algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a
default \s-1ENGINE\s0 is specified for \s-1DH\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function,
that will override any \s-1DH\s0 defaults set using the \s-1DH\s0 \s-1API\s0 (ie.
\&\fIDH_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way
to control default implementations for use in \s-1DH\s0 and other cryptographic
algorithms.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
dh(3), DH_new(3)
@@ -242,3 +264,13 @@ dh(3), DH_new(3)
.IX Header "HISTORY"
\&\fIDH_set_default_method()\fR, \fIDH_get_default_method()\fR, \fIDH_set_method()\fR,
\&\fIDH_new_method()\fR and \fIDH_OpenSSL()\fR were added in OpenSSL 0.9.4.
.PP
\&\fIDH_set_default_openssl_method()\fR and \fIDH_get_default_openssl_method()\fR replaced
\&\fIDH_set_default_method()\fR and \fIDH_get_default_method()\fR respectively, and
\&\fIDH_set_method()\fR and \fIDH_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than
\&\fB\s-1DH_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For
0.9.7, the handling of defaults in the \s-1ENGINE\s0 \s-1API\s0 was restructured so that this
change was reversed, and behaviour of the other functions resembled more closely
the previous behaviour. The behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now
transparently overrides the behaviour of defaults in the \s-1DH\s0 \s-1API\s0 without
requiring changing these function prototypes.
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:28 2002
.\" Mon Jan 13 19:27:39 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DH_size 3"
.TH DH_size 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH DH_size 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
DH_size \- get Diffie-Hellman prime size
+4 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:29 2002
.\" Mon Jan 13 19:27:40 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_SIG_new 3"
.TH DSA_SIG_new 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH DSA_SIG_new 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
DSA_SIG_new, DSA_SIG_free \- allocate and free \s-1DSA\s0 signature objects
@@ -169,7 +169,8 @@ to the newly allocated structure.
\&\fIDSA_SIG_free()\fR returns no value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
dsa(3), err(3), DSA_do_sign(3)
dsa(3), ERR_get_error(3),
DSA_do_sign(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIDSA_SIG_new()\fR and \fIDSA_SIG_free()\fR were added in OpenSSL 0.9.3.
+3 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:29 2002
.\" Mon Jan 13 19:27:41 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_do_sign 3"
.TH DSA_do_sign 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH DSA_do_sign 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
DSA_do_sign, DSA_do_verify \- raw \s-1DSA\s0 signature operations
@@ -175,7 +175,7 @@ on error. The error codes can be obtained by
ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
dsa(3), err(3), rand(3),
dsa(3), ERR_get_error(3), rand(3),
DSA_SIG_new(3),
DSA_sign(3)
.SH "HISTORY"
+4 -4
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:30 2002
.\" Mon Jan 13 19:27:42 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_dup_DH 3"
.TH DSA_dup_DH 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH DSA_dup_DH 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
DSA_dup_DH \- create a \s-1DH\s0 structure out of \s-1DSA\s0 structure
@@ -148,7 +148,7 @@ DSA_dup_DH \- create a \s-1DH\s0 structure out of \s-1DSA\s0 structure
\& #include <openssl/dsa.h>
.Ve
.Vb 1
\& DH * DSA_dup_DH(DSA *r);
\& DH * DSA_dup_DH(const DSA *r);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
@@ -164,7 +164,7 @@ error codes can be obtained by ERR_get_error(3).
Be careful to avoid small subgroup attacks when using this.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
dh(3), dsa(3), err(3)
dh(3), dsa(3), ERR_get_error(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIDSA_dup_DH()\fR was added in OpenSSL 0.9.4.
+4 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:30 2002
.\" Mon Jan 13 19:27:43 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_generate_key 3"
.TH DSA_generate_key 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH DSA_generate_key 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
DSA_generate_key \- generate \s-1DSA\s0 key pair
@@ -162,7 +162,8 @@ The \s-1PRNG\s0 must be seeded prior to calling \fIDSA_generate_key()\fR.
The error codes can be obtained by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
dsa(3), err(3), rand(3), DSA_generate_parameters(3)
dsa(3), ERR_get_error(3), rand(3),
DSA_generate_parameters(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIDSA_generate_key()\fR is available since SSLeay 0.8.
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:31 2002
.\" Mon Jan 13 19:27:44 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_generate_parameters 3"
.TH DSA_generate_parameters 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH DSA_generate_parameters 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
DSA_generate_parameters \- generate \s-1DSA\s0 parameters
@@ -209,7 +209,7 @@ obtained by ERR_get_error(3).
Seed lengths > 20 are not supported.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
dsa(3), err(3), rand(3),
dsa(3), ERR_get_error(3), rand(3),
DSA_free(3)
.SH "HISTORY"
.IX Header "HISTORY"
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:32 2002
.\" Mon Jan 13 19:27:45 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_get_ex_new_index 3"
.TH DSA_get_ex_new_index 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH DSA_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specific data to \s-1DSA\s0 structures
+5 -4
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:32 2002
.\" Mon Jan 13 19:27:46 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_new 3"
.TH DSA_new 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH DSA_new 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
DSA_new, DSA_free \- allocate and free \s-1DSA\s0 objects
@@ -155,7 +155,8 @@ DSA_new, DSA_free \- allocate and free \s-1DSA\s0 objects
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure.
\&\fIDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to
calling DSA_new_method(\s-1NULL\s0).
.PP
\&\fIDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are
erased before the memory is returned to the system.
@@ -169,7 +170,7 @@ to the newly allocated structure.
\&\fIDSA_free()\fR returns no value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
dsa(3), err(3),
dsa(3), ERR_get_error(3),
DSA_generate_parameters(3),
DSA_generate_key(3)
.SH "HISTORY"
+59 -26
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:33 2002
.\" Mon Jan 13 19:27:47 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,27 +138,28 @@
.\" ======================================================================
.\"
.IX Title "DSA_set_method 3"
.TH DSA_set_method 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH DSA_set_method 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
DSA_set_default_method, DSA_get_default_method, DSA_set_method,
DSA_new_method, DSA_OpenSSL \- select \s-1DSA\s0 method
DSA_set_default_method, DSA_get_default_method,
DSA_set_method, DSA_new_method, DSA_OpenSSL \- select \s-1DSA\s0 method
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
.Vb 2
\& #include <openssl/dsa.h>
\& #include <openssl/engine.h>
.Ve
.Vb 1
\& void DSA_set_default_method(DSA_METHOD *meth);
\& void DSA_set_default_method(const DSA_METHOD *meth);
.Ve
.Vb 1
\& DSA_METHOD *DSA_get_default_method(void);
\& const DSA_METHOD *DSA_get_default_method(void);
.Ve
.Vb 1
\& DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth);
\& int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
.Ve
.Vb 1
\& DSA *DSA_new_method(DSA_METHOD *meth);
\& DSA *DSA_new_method(ENGINE *engine);
.Ve
.Vb 1
\& DSA_METHOD *DSA_OpenSSL(void);
@@ -167,22 +168,35 @@ DSA_new_method, DSA_OpenSSL \- select \s-1DSA\s0 method
.IX Header "DESCRIPTION"
A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0
operations. By modifying the method, alternative implementations
such as hardware accelerators may be used.
such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for
important information about how these \s-1DSA\s0 \s-1API\s0 functions are affected by the use
of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
.PP
Initially, the default is to use the OpenSSL internal implementation.
\&\fIDSA_OpenSSL()\fR returns a pointer to that method.
Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation,
as returned by \fIDSA_OpenSSL()\fR.
.PP
\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \fB\s-1DSA\s0\fR
structures created later.
\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0
structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has
been set as a default for \s-1DSA\s0, so this function is no longer recommended.
.PP
\&\fIDSA_get_default_method()\fR returns a pointer to the current default
method.
\&\s-1DSA_METHOD\s0. However, the meaningfulness of this result is dependant on
whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer
recommended.
.PP
\&\fIDSA_set_method()\fR selects \fBmeth\fR for all operations using the structure \fBdsa\fR.
\&\fIDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key
\&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the
previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will
be released during the change. It is possible to have \s-1DSA\s0 keys that only
work with certain \s-1DSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module
that supports embedded hardware-protected keys), and in such cases
attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected
results.
.PP
\&\fIDSA_new_method()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure so that
\&\fBmethod\fR will be used for the \s-1DSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR,
the default method is used.
\&\fIDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR
will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default engine
for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0
controlled by \fIDSA_set_default_method()\fR is used.
.SH "THE DSA_METHOD STRUCTURE"
.IX Header "THE DSA_METHOD STRUCTURE"
struct
@@ -237,18 +251,27 @@ struct
.Ve
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIDSA_OpenSSL()\fR and \fIDSA_get_default_method()\fR return pointers to the
respective \fB\s-1DSA_METHOD\s0\fRs.
\&\fIDSA_OpenSSL()\fR and \fIDSA_get_default_method()\fR return pointers to the respective
\&\fB\s-1DSA_METHOD\s0\fRs.
.PP
\&\fIDSA_set_default_method()\fR returns no value.
.PP
\&\fIDSA_set_method()\fR returns a pointer to the \fB\s-1DSA_METHOD\s0\fR previously
associated with \fBdsa\fR.
\&\fIDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as
the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous
method was supplied by an \s-1ENGINE\s0).
.PP
\&\fIDSA_new_method()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be
\&\fIDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be
obtained by ERR_get_error(3) if the allocation
fails. Otherwise it returns a pointer to the newly allocated
structure.
fails. Otherwise it returns a pointer to the newly allocated structure.
.SH "NOTES"
.IX Header "NOTES"
As of version 0.9.7, \s-1DSA_METHOD\s0 implementations are grouped together with other
algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a
default \s-1ENGINE\s0 is specified for \s-1DSA\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function,
that will override any \s-1DSA\s0 defaults set using the \s-1DSA\s0 \s-1API\s0 (ie.
\&\fIDSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way
to control default implementations for use in \s-1DSA\s0 and other cryptographic
algorithms.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
dsa(3), DSA_new(3)
@@ -256,3 +279,13 @@ dsa(3), DSA_new(3)
.IX Header "HISTORY"
\&\fIDSA_set_default_method()\fR, \fIDSA_get_default_method()\fR, \fIDSA_set_method()\fR,
\&\fIDSA_new_method()\fR and \fIDSA_OpenSSL()\fR were added in OpenSSL 0.9.4.
.PP
\&\fIDSA_set_default_openssl_method()\fR and \fIDSA_get_default_openssl_method()\fR replaced
\&\fIDSA_set_default_method()\fR and \fIDSA_get_default_method()\fR respectively, and
\&\fIDSA_set_method()\fR and \fIDSA_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than
\&\fB\s-1DSA_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For
0.9.7, the handling of defaults in the \s-1ENGINE\s0 \s-1API\s0 was restructured so that this
change was reversed, and behaviour of the other functions resembled more closely
the previous behaviour. The behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now
transparently overrides the behaviour of defaults in the \s-1DSA\s0 \s-1API\s0 without
requiring changing these function prototypes.
+3 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:33 2002
.\" Mon Jan 13 19:27:49 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_sign 3"
.TH DSA_sign 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH DSA_sign 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
DSA_sign, DSA_sign_setup, DSA_verify \- \s-1DSA\s0 signatures
@@ -194,7 +194,7 @@ ERR_get_error(3).
Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30
.SH "SEE ALSO"
.IX Header "SEE ALSO"
dsa(3), err(3), rand(3),
dsa(3), ERR_get_error(3), rand(3),
DSA_do_sign(3)
.SH "HISTORY"
.IX Header "HISTORY"
+3 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:34 2002
.\" Mon Jan 13 19:27:50 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_size 3"
.TH DSA_size 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH DSA_size 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
DSA_size \- get \s-1DSA\s0 signature size
@@ -148,7 +148,7 @@ DSA_size \- get \s-1DSA\s0 signature size
\& #include <openssl/dsa.h>
.Ve
.Vb 1
\& int DSA_size(DSA *dsa);
\& int DSA_size(const DSA *dsa);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:35 2002
.\" Mon Jan 13 19:27:51 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ERR_GET_LIB 3"
.TH ERR_GET_LIB 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH ERR_GET_LIB 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
\&\s-1ERR_GET_LIB\s0, \s-1ERR_GET_FUNC\s0, \s-1ERR_GET_REASON\s0 \- get library, function and
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:35 2002
.\" Mon Jan 13 19:27:52 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ERR_clear_error 3"
.TH ERR_clear_error 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH ERR_clear_error 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
ERR_clear_error \- clear the error queue
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:36 2002
.\" Mon Jan 13 19:27:53 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ERR_error_string 3"
.TH ERR_error_string 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH ERR_error_string 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
ERR_error_string, ERR_error_string_n, ERR_lib_error_string,
+26 -13
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:36 2002
.\" Mon Jan 13 19:27:54 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,37 +138,46 @@
.\" ======================================================================
.\"
.IX Title "ERR_get_error 3"
.TH ERR_get_error 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH ERR_get_error 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
ERR_get_error, ERR_peek_error, ERR_get_error_line, ERR_peek_error_line,
ERR_get_error_line_data, ERR_peek_error_line_data \- obtain error code and data
ERR_get_error, ERR_peek_error, ERR_peek_last_error,
ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line,
ERR_get_error_line_data, ERR_peek_error_line_data,
ERR_peek_last_error_line_data \- obtain error code and data
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/err.h>
.Ve
.Vb 2
.Vb 3
\& unsigned long ERR_get_error(void);
\& unsigned long ERR_peek_error(void);
\& unsigned long ERR_peek_last_error(void);
.Ve
.Vb 2
.Vb 3
\& unsigned long ERR_get_error_line(const char **file, int *line);
\& unsigned long ERR_peek_error_line(const char **file, int *line);
\& unsigned long ERR_peek_last_error_line(const char **file, int *line);
.Ve
.Vb 4
.Vb 6
\& unsigned long ERR_get_error_line_data(const char **file, int *line,
\& const char **data, int *flags);
\& unsigned long ERR_peek_error_line_data(const char **file, int *line,
\& const char **data, int *flags);
\& unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
\& const char **data, int *flags);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIERR_get_error()\fR returns the last error code from the thread's error
\&\fIERR_get_error()\fR returns the earliest error code from the thread's error
queue and removes the entry. This function can be called repeatedly
until there are no more error codes to return.
.PP
\&\fIERR_peek_error()\fR returns the last error code from the thread's
\&\fIERR_peek_error()\fR returns the earliest error code from the thread's
error queue without modifying it.
.PP
\&\fIERR_peek_last_error()\fR returns the latest error code from the thread's
error queue without modifying it.
.PP
See ERR_GET_LIB(3) for obtaining information about
@@ -176,12 +185,14 @@ location and reason of the error, and
ERR_error_string(3) for human-readable error
messages.
.PP
\&\fIERR_get_error_line()\fR and \fIERR_peek_error_line()\fR are the same as the
above, but they additionally store the file name and line number where
\&\fIERR_get_error_line()\fR, \fIERR_peek_error_line()\fR and
\&\fIERR_peek_last_error_line()\fR are the same as the above, but they
additionally store the file name and line number where
the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR.
.PP
\&\fIERR_get_error_line_data()\fR and \fIERR_peek_error_line_data()\fR store
additional data and flags associated with the error code in *\fBdata\fR
\&\fIERR_get_error_line_data()\fR, \fIERR_peek_error_line_data()\fR and
\&\fIERR_get_last_error_line_data()\fR store additional data and flags
associated with the error code in *\fBdata\fR
and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string
if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR. If it has been allocated by \fIOPENSSL_malloc()\fR,
*\fBflags\fR&\fB\s-1ERR_TXT_MALLOCED\s0\fR is true.
@@ -198,3 +209,5 @@ ERR_GET_LIB(3)
\&\fIERR_peek_error_line()\fR are available in all versions of SSLeay and
OpenSSL. \fIERR_get_error_line_data()\fR and \fIERR_peek_error_line_data()\fR
were added in SSLeay 0.9.0.
\&\fIERR_peek_last_error()\fR, \fIERR_peek_last_error_line()\fR and
\&\fIERR_peek_last_error_line_data()\fR were added in OpenSSL 0.9.7.
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:37 2002
.\" Mon Jan 13 19:27:55 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ERR_load_crypto_strings 3"
.TH ERR_load_crypto_strings 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH ERR_load_crypto_strings 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \-
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:38 2002
.\" Mon Jan 13 19:27:56 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ERR_load_strings 3"
.TH ERR_load_strings 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH ERR_load_strings 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
ERR_load_strings, \s-1ERR_PACK\s0, ERR_get_next_error_library \- load
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:38 2002
.\" Mon Jan 13 19:27:57 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ERR_print_errors 3"
.TH ERR_print_errors 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH ERR_print_errors 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
ERR_print_errors, ERR_print_errors_fp \- print error messages
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:39 2002
.\" Mon Jan 13 19:27:58 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ERR_put_error 3"
.TH ERR_put_error 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH ERR_put_error 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
ERR_put_error, ERR_add_error_data \- record an error
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:39 2002
.\" Mon Jan 13 19:27:59 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ERR_remove_state 3"
.TH ERR_remove_state 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH ERR_remove_state 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
ERR_remove_state \- free a thread's error queue
+204
View File
@@ -0,0 +1,204 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Mon Jan 13 19:28:01 2003
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD. Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "EVP_BytesToKey 3"
.TH EVP_BytesToKey 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
.Vb 1
\& EVP_BytesToKey - password based encryption routine
.Ve
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
.Ve
.Vb 4
\& int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
\& const unsigned char *salt,
\& const unsigned char *data, int datal, int count,
\& unsigned char *key,unsigned char *iv);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is
the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use.
The \fBsalt\fR paramter is used as a salt in the derivation: it should point to
an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing
\&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the
iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR
and \fBiv\fR respectively.
.SH "NOTES"
.IX Header "NOTES"
A typical application of this function is to derive keying material for an
encryption algorithm from a password in the \fBdata\fR parameter.
.PP
Increasing the \fBcount\fR parameter slows down the algorithm which makes it
harder for an attacker to peform a brute force attack using a large number
of candidate passwords.
.PP
If the total key and \s-1IV\s0 length is less than the digest length and
\&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5
otherwise a non standard extension is used to derive the extra data.
.PP
Newer applications should use more standard algorithms such as PKCS#5
v2.0 for key derivation.
.SH "KEY DERIVATION ALGORITHM"
.IX Header "KEY DERIVATION ALGORITHM"
The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until
enough data is available for the key and \s-1IV\s0. D_i is defined as:
.PP
.Vb 1
\& D_i = HASH^count(D_(i-1) || data || salt)
.Ve
where || denotes concatentaion, D_0 is empty, \s-1HASH\s0 is the digest
algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data)
is HASH(HASH(data)) and so on.
.PP
The initial bytes are used for the key and the subsequent bytes for
the \s-1IV\s0.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_BytesToKey()\fR returns the size of the derived key in bytes.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
evp(3), rand(3),
EVP_EncryptInit(3),
.SH "HISTORY"
.IX Header "HISTORY"
+96 -39
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:40 2002
.\" Mon Jan 13 19:28:02 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,12 +138,13 @@
.\" ======================================================================
.\"
.IX Title "EVP_DigestInit 3"
.TH EVP_DigestInit 3 "0.9.6e" "2002-07-30" "OpenSSL"
.TH EVP_DigestInit 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal, \s-1EVP_MAX_MD_SIZE\s0,
EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size,
EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, \s-1EVP_MAX_MD_SIZE\s0,
EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \-
\&\s-1EVP\s0 digest routines
@@ -152,17 +153,33 @@ EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \-
.Vb 1
\& #include <openssl/evp.h>
.Ve
.Vb 2
\& void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
\& EVP_MD_CTX *EVP_MD_CTX_create(void);
.Ve
.Vb 4
\& void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
\& void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
\& void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
\& int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
\& int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
\& int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
\& unsigned int *s);
.Ve
.Vb 2
\& int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
\& void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
.Ve
.Vb 1
\& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);
.Ve
.Vb 3
\& int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
\& int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
\& unsigned int *s);
.Ve
.Vb 1
\& #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
\& int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
.Ve
.Vb 1
\& int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
\& #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
.Ve
.Vb 4
\& #define EVP_MD_type(e) ((e)->type)
@@ -177,15 +194,15 @@ EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \-
\& #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest)
.Ve
.Vb 9
\& EVP_MD *EVP_md_null(void);
\& EVP_MD *EVP_md2(void);
\& EVP_MD *EVP_md5(void);
\& EVP_MD *EVP_sha(void);
\& EVP_MD *EVP_sha1(void);
\& EVP_MD *EVP_dss(void);
\& EVP_MD *EVP_dss1(void);
\& EVP_MD *EVP_mdc2(void);
\& EVP_MD *EVP_ripemd160(void);
\& const EVP_MD *EVP_md_null(void);
\& const EVP_MD *EVP_md2(void);
\& const EVP_MD *EVP_md5(void);
\& const EVP_MD *EVP_sha(void);
\& const EVP_MD *EVP_sha1(void);
\& const EVP_MD *EVP_dss(void);
\& const EVP_MD *EVP_dss1(void);
\& const EVP_MD *EVP_mdc2(void);
\& const EVP_MD *EVP_ripemd160(void);
.Ve
.Vb 3
\& const EVP_MD *EVP_get_digestbyname(const char *name);
@@ -196,25 +213,48 @@ EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \-
.IX Header "DESCRIPTION"
The \s-1EVP\s0 digest routines are a high level interface to message digests.
.PP
\&\fIEVP_DigestInit()\fR initializes a digest context \fBctx\fR to use a digest
\&\fBtype\fR: this will typically be supplied by a function such as
\&\fIEVP_sha1()\fR.
\&\fIEVP_MD_CTX_init()\fR initializes digest contet \fBctx\fR.
.PP
\&\fIEVP_MD_CTX_create()\fR allocates, initializes and returns a digest contet.
.PP
\&\fIEVP_DigestInit_ex()\fR sets up digest context \fBctx\fR to use a digest
\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized before calling this
function. \fBtype\fR will typically be supplied by a functionsuch as \fIEVP_sha1()\fR.
If \fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used.
.PP
\&\fIEVP_DigestUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
digest context \fBctx\fR. This function can be called several times on the
same \fBctx\fR to hash additional data.
.PP
\&\fIEVP_DigestFinal()\fR retrieves the digest value from \fBctx\fR and places
\&\fIEVP_DigestFinal_ex()\fR retrieves the digest value from \fBctx\fR and places
it in \fBmd\fR. If the \fBs\fR parameter is not \s-1NULL\s0 then the number of
bytes of data written (i.e. the length of the digest) will be written
to the integer at \fBs\fR, at most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written.
After calling \fIEVP_DigestFinal()\fR no additional calls to \fIEVP_DigestUpdate()\fR
can be made, but \fIEVP_DigestInit()\fR can be called to initialize a new
After calling \fIEVP_DigestFinal_ex()\fR no additional calls to \fIEVP_DigestUpdate()\fR
can be made, but \fIEVP_DigestInit_ex()\fR can be called to initialize a new
digest operation.
.PP
\&\fIEVP_MD_CTX_copy()\fR can be used to copy the message digest state from
\&\fIEVP_MD_CTX_cleanup()\fR cleans up digest context \fBctx\fR, it should be called
after a digest context is no longer needed.
.PP
\&\fIEVP_MD_CTX_destroy()\fR cleans up digest context \fBctx\fR and frees up the
space allocated to it, it should be called only on a context created
using \fIEVP_MD_CTX_create()\fR.
.PP
\&\fIEVP_MD_CTX_copy_ex()\fR can be used to copy the message digest state from
\&\fBin\fR to \fBout\fR. This is useful if large amounts of data are to be
hashed which only differ in the last few bytes.
hashed which only differ in the last few bytes. \fBout\fR must be initialized
before calling this function.
.PP
\&\fIEVP_DigestInit()\fR behaves in the same way as \fIEVP_DigestInit_ex()\fR except
the passed context \fBctx\fR does not have to be initialized, and it always
uses the default digest implementation.
.PP
\&\fIEVP_DigestFinal()\fR is similar to \fIEVP_DigestFinal_ex()\fR except the digest
contet \fBctx\fR is automatically cleaned up.
.PP
\&\fIEVP_MD_CTX_copy()\fR is similar to \fIEVP_MD_CTX_copy_ex()\fR except the destination
\&\fBout\fR does not have to be initialized.
.PP
\&\fIEVP_MD_size()\fR and \fIEVP_MD_CTX_size()\fR return the size of the message digest
when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the
@@ -252,9 +292,10 @@ an \s-1ASN1_OBJECT\s0 structure respectively. The digest table must be initializ
using, for example, \fIOpenSSL_add_all_digests()\fR for these functions to work.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR do not return values.
\&\fIEVP_DigestInit_ex()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal_ex()\fR return 1 for
success and 0 for failure.
.PP
\&\fIEVP_MD_CTX_copy()\fR returns 1 if successful or 0 for failure.
\&\fIEVP_MD_CTX_copy_ex()\fR returns 1 if successful or 0 for failure.
.PP
\&\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR and \fIEVP_MD_type()\fR return the \s-1NID\s0 of the
corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if none exists.
@@ -277,6 +318,19 @@ transparent to the digest used and much more flexible.
.PP
\&\s-1SHA1\s0 is the digest of choice for new applications. The other digest algorithms
are still in common use.
.PP
For most applications the \fBimpl\fR parameter to \fIEVP_DigestInit_ex()\fR will be
set to \s-1NULL\s0 to use the default digest implementation.
.PP
The functions \fIEVP_DigestInit()\fR, \fIEVP_DigestFinal()\fR and \fIEVP_MD_CTX_copy()\fR are
obsolete but are retained to maintain compatibility with existing code. New
applications should use \fIEVP_DigestInit_ex()\fR, \fIEVP_DigestFinal_ex()\fR and
\&\fIEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context
instead of initializing and cleaning it up on each call and allow non default
implementations of digests to be specified.
.PP
In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use
memory leaks will occur.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the
@@ -314,11 +368,13 @@ digest name passed on the command line.
\& exit(1);
\& }
.Ve
.Vb 4
\& EVP_DigestInit(&mdctx, md);
.Vb 6
\& EVP_MD_CTX_init(&mdctx);
\& EVP_DigestInit_ex(&mdctx, md, NULL);
\& EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
\& EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
\& EVP_DigestFinal(&mdctx, md_value, &md_len);
\& EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
\& EVP_MD_CTX_cleanup(&mdctx);
.Ve
.Vb 4
\& printf("Digest is: ");
@@ -328,16 +384,9 @@ digest name passed on the command line.
.Ve
.SH "BUGS"
.IX Header "BUGS"
Several of the functions do not return values: maybe they should. Although the
internal digest operations will never fail some future hardware based operations
might.
.PP
The link between digests and signing algorithms results in a situation where
\&\fIEVP_sha1()\fR must be used with \s-1RSA\s0 and \fIEVP_dss1()\fR must be used with \s-1DSS\s0
even though they are identical digests.
.PP
The size of an \fB\s-1EVP_MD_CTX\s0\fR structure is determined at compile time: this results
in code that must be recompiled if the size of \fB\s-1EVP_MD_CTX\s0\fR increases.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
evp(3), hmac(3), md2(3),
@@ -347,3 +396,11 @@ sha(3), dgst(1)
.IX Header "HISTORY"
\&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR are
available in all versions of SSLeay and OpenSSL.
.PP
\&\fIEVP_MD_CTX_init()\fR, \fIEVP_MD_CTX_create()\fR, \fIEVP_MD_CTX_copy_ex()\fR,
\&\fIEVP_MD_CTX_cleanup()\fR, \fIEVP_MD_CTX_destroy()\fR, \fIEVP_DigestInit_ex()\fR
and \fIEVP_DigestFinal_ex()\fR were added in OpenSSL 0.9.7.
.PP
\&\fIEVP_md_null()\fR, \fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR,
\&\fIEVP_dss()\fR, \fIEVP_dss1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR were
changed to return truely const \s-1EVP_MD\s0 * in OpenSSL 0.9.7.
+233 -75
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:41 2002
.\" Mon Jan 13 19:28:03 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,50 +138,76 @@
.\" ======================================================================
.\"
.IX Title "EVP_EncryptInit 3"
.TH EVP_EncryptInit 3 "0.9.6e" "2002-07-30" "OpenSSL"
.TH EVP_EncryptInit 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal, EVP_DecryptInit,
EVP_DecryptUpdate, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherUpdate,
EVP_CipherFinal, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl,
EVP_CIPHER_CTX_cleanup, EVP_get_cipherbyname, EVP_get_cipherbynid,
EVP_get_cipherbyobj, EVP_CIPHER_nid, EVP_CIPHER_block_size,
EVP_CIPHER_key_length, EVP_CIPHER_iv_length, EVP_CIPHER_flags,
EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_nid,
EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length,
EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type,
EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1,
EVP_CIPHER_asn1_to_param \- \s-1EVP\s0 cipher routines
EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate,
EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate,
EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate,
EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length,
EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX_cleanup, EVP_EncryptInit,
EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal,
EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname,
EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid,
EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length,
EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher,
EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length,
EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data,
EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags,
EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param,
EVP_CIPHER_CTX_set_padding \- \s-1EVP\s0 cipher routines
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
.Ve
.Vb 1
\& int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
.Ve
.Vb 6
\& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
\& unsigned char *key, unsigned char *iv);
\& int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
\& ENGINE *impl, unsigned char *key, unsigned char *iv);
\& int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
\& int *outl, unsigned char *in, int inl);
\& int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
\& int *outl);
.Ve
.Vb 6
\& int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
\& ENGINE *impl, unsigned char *key, unsigned char *iv);
\& int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
\& int *outl, unsigned char *in, int inl);
\& int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
\& int *outl);
.Ve
.Vb 6
\& int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
\& ENGINE *impl, unsigned char *key, unsigned char *iv, int enc);
\& int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
\& int *outl, unsigned char *in, int inl);
\& int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
\& int *outl);
.Ve
.Vb 4
\& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
\& unsigned char *key, unsigned char *iv);
\& int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
\& int *outl);
.Ve
.Vb 6
.Vb 4
\& int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
\& unsigned char *key, unsigned char *iv);
\& int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
\& int *outl, unsigned char *in, int inl);
\& int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
\& int *outl);
.Ve
.Vb 6
.Vb 4
\& int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
\& unsigned char *key, unsigned char *iv, int enc);
\& int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
\& int *outl, unsigned char *in, int inl);
\& int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
\& int *outl);
.Ve
.Vb 3
.Vb 4
\& int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
\& int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
\& int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
\& int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
@@ -221,14 +247,19 @@ EVP_CIPHER_asn1_to_param \- \s-1EVP\s0 cipher routines
The \s-1EVP\s0 cipher routines are a high level interface to certain
symmetric ciphers.
.PP
\&\fIEVP_EncryptInit()\fR initializes a cipher context \fBctx\fR for encryption
with cipher \fBtype\fR. \fBtype\fR is normally supplied by a function such
as \fIEVP_des_cbc()\fR . \fBkey\fR is the symmetric key to use and \fBiv\fR is the
\&\s-1IV\s0 to use (if necessary), the actual number of bytes used for the
key and \s-1IV\s0 depends on the cipher. It is possible to set all parameters
to \s-1NULL\s0 except \fBtype\fR in an initial call and supply the remaining
parameters in subsequent calls, all of which have \fBtype\fR set to \s-1NULL\s0.
This is done when the default cipher parameters are not appropriate.
\&\fIEVP_CIPHER_CTX_init()\fR initializes cipher contex \fBctx\fR.
.PP
\&\fIEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption
with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized
before calling this function. \fBtype\fR is normally supplied
by a function such as \fIEVP_des_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the
default implementation is used. \fBkey\fR is the symmetric key to use
and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes
used for the key and \s-1IV\s0 depends on the cipher. It is possible to set
all parameters to \s-1NULL\s0 except \fBtype\fR in an initial call and supply
the remaining parameters in subsequent calls, all of which have \fBtype\fR
set to \s-1NULL\s0. This is done when the default cipher parameters are not
appropriate.
.PP
\&\fIEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and
writes the encrypted version to \fBout\fR. This function can be called
@@ -236,32 +267,49 @@ multiple times to encrypt successive blocks of data. The amount
of data written depends on the block alignment of the encrypted data:
as a result the amount of data written may be anything from zero bytes
to (inl + cipher_block_size \- 1) so \fBoutl\fR should contain sufficient
room. The actual number of bytes written is placed in \fBoutl\fR.
room. The actual number of bytes written is placed in \fBoutl\fR.
.PP
\&\fIEVP_EncryptFinal()\fR encrypts the \*(L"final\*(R" data, that is any data that
remains in a partial block. It uses standard block padding (aka \s-1PKCS\s0
padding). The encrypted final data is written to \fBout\fR which should
have sufficient space for one cipher block. The number of bytes written
is placed in \fBoutl\fR. After this function is called the encryption operation
is finished and no further calls to \fIEVP_EncryptUpdate()\fR should be made.
If padding is enabled (the default) then \fIEVP_EncryptFinal_ex()\fR encrypts
the \*(L"final\*(R" data, that is any data that remains in a partial block.
It uses standard block padding (aka \s-1PKCS\s0 padding). The encrypted
final data is written to \fBout\fR which should have sufficient space for
one cipher block. The number of bytes written is placed in \fBoutl\fR. After
this function is called the encryption operation is finished and no further
calls to \fIEVP_EncryptUpdate()\fR should be made.
.PP
\&\fIEVP_DecryptInit()\fR, \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal()\fR are the
If padding is disabled then \fIEVP_EncryptFinal_ex()\fR will not encrypt any more
data and it will return an error if any data remains in a partial block:
that is if the total data length is not a multiple of the block size.
.PP
\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal_ex()\fR are the
corresponding decryption operations. \fIEVP_DecryptFinal()\fR will return an
error code if the final block is not correctly formatted. The parameters
and restrictions are identical to the encryption operations except that
the decrypted data buffer \fBout\fR passed to \fIEVP_DecryptUpdate()\fR should
have sufficient room for (\fBinl\fR + cipher_block_size) bytes unless the
cipher block size is 1 in which case \fBinl\fR bytes is sufficient.
error code if padding is enabled and the final block is not correctly
formatted. The parameters and restrictions are identical to the encryption
operations except that if padding is enabled the decrypted data buffer \fBout\fR
passed to \fIEVP_DecryptUpdate()\fR should have sufficient room for
(\fBinl\fR + cipher_block_size) bytes unless the cipher block size is 1 in
which case \fBinl\fR bytes is sufficient.
.PP
\&\fIEVP_CipherInit()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal()\fR are functions
that can be used for decryption or encryption. The operation performed
depends on the value of the \fBenc\fR parameter. It should be set to 1 for
encryption, 0 for decryption and \-1 to leave the value unchanged (the
actual value of 'enc' being supplied in a previous call).
\&\fIEVP_CipherInit_ex()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal_ex()\fR are
functions that can be used for decryption or encryption. The operation
performed depends on the value of the \fBenc\fR parameter. It should be set
to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged
(the actual value of 'enc' being supplied in a previous call).
.PP
\&\fIEVP_CIPHER_CTX_cleanup()\fR clears all information from a cipher context.
It should be called after all operations using a cipher are complete
so sensitive information does not remain in memory.
\&\fIEVP_CIPHER_CTX_cleanup()\fR clears all information from a cipher context
and free up any allocated memory associate with it. It should be called
after all operations using a cipher are complete so sensitive information
does not remain in memory.
.PP
\&\fIEVP_EncryptInit()\fR, \fIEVP_DecryptInit()\fR and \fIEVP_CipherInit()\fR behave in a
similar way to \fIEVP_EncryptInit_ex()\fR, EVP_DecryptInit_ex and
\&\fIEVP_CipherInit_ex()\fR except the \fBctx\fR paramter does not need to be
initialized and they always use the default cipher implementation.
.PP
\&\fIEVP_EncryptFinal()\fR, \fIEVP_DecryptFinal()\fR and \fIEVP_CipherFinal()\fR behave in a
similar way to \fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptFinal_ex()\fR and
\&\fIEVP_CipherFinal_ex()\fR except \fBctx\fR is automatically cleaned up
after the call.
.PP
\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR
return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an
@@ -272,6 +320,13 @@ passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The
value is an internal value which may not have a corresponding \s-1OBJECT\s0
\&\s-1IDENTIFIER\s0.
.PP
\&\fIEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. By default
encryption operations are padded using standard block padding and the
padding is checked and removed when decrypting. If the \fBpad\fR parameter
is zero then no padding is performed, the total amount of data encrypted
or decrypted must then be a multiple of the block size or an error will
occur.
.PP
\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key
length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR
structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length
@@ -331,14 +386,14 @@ and set. Currently only the \s-1RC2\s0 effective key length and the number of ro
\&\s-1RC5\s0 can be set.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_EncryptInit()\fR, \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal()\fR return 1 for success
and 0 for failure.
EVP_CIPHER_CTX_init, \fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptUpdate()\fR and
\&\fIEVP_EncryptFinal_ex()\fR return 1 for success and 0 for failure.
.PP
\&\fIEVP_DecryptInit()\fR and \fIEVP_DecryptUpdate()\fR return 1 for success and 0 for failure.
\&\fIEVP_DecryptFinal()\fR returns 0 if the decrypt failed or 1 for success.
\&\fIEVP_DecryptInit_ex()\fR and \fIEVP_DecryptUpdate()\fR return 1 for success and 0 for failure.
\&\fIEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success.
.PP
\&\fIEVP_CipherInit()\fR and \fIEVP_CipherUpdate()\fR return 1 for success and 0 for failure.
\&\fIEVP_CipherFinal()\fR returns 0 for a decryption failure or 1 for success.
\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherUpdate()\fR return 1 for success and 0 for failure.
\&\fIEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success.
.PP
\&\fIEVP_CIPHER_CTX_cleanup()\fR returns 1 for success and 0 for failure.
.PP
@@ -353,6 +408,8 @@ size.
\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key
length.
.PP
\&\fIEVP_CIPHER_CTX_set_padding()\fR always returns 1.
.PP
\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0
length or zero if the cipher does not use an \s-1IV\s0.
.PP
@@ -428,24 +485,25 @@ encrypted then 5 padding bytes of value 5 will be added.
.PP
When decrypting the final block is checked to see if it has the correct form.
.PP
Although the decryption operation can produce an error, it is not a strong
test that the input data or key is correct. A random block has better than
1 in 256 chance of being of the correct format and problems with the
input data earlier on will not produce a final decrypt error.
Although the decryption operation can produce an error if padding is enabled,
it is not a strong test that the input data or key is correct. A random block
has better than 1 in 256 chance of being of the correct format and problems with
the input data earlier on will not produce a final decrypt error.
.PP
The functions \fIEVP_EncryptInit()\fR, \fIEVP_EncryptUpdate()\fR, \fIEVP_EncryptFinal()\fR,
\&\fIEVP_DecryptInit()\fR, \fIEVP_DecryptUpdate()\fR, \fIEVP_CipherInit()\fR and \fIEVP_CipherUpdate()\fR
and \fIEVP_CIPHER_CTX_cleanup()\fR did not return errors in OpenSSL version 0.9.5a or
earlier. Software only versions of encryption algorithms will never return
error codes for these functions, unless there is a programming error (for example
and attempt to set the key before the cipher is set in \fIEVP_EncryptInit()\fR ).
If padding is disabled then the decryption operation will always succeed if
the total amount of data decrypted is a multiple of the block size.
.PP
The functions \fIEVP_EncryptInit()\fR, \fIEVP_EncryptFinal()\fR, \fIEVP_DecryptInit()\fR,
\&\fIEVP_CipherInit()\fR and \fIEVP_CipherFinal()\fR are obsolete but are retained for
compatibility with existing code. New code should use \fIEVP_EncryptInit_ex()\fR,
\&\fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR,
\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherFinal_ex()\fR because they can reuse an
existing context without allocating and freeing it up on each call.
.SH "BUGS"
.IX Header "BUGS"
For \s-1RC5\s0 the number of rounds can currently only be set to 8, 12 or 16. This is
a limitation of the current \s-1RC5\s0 code rather than the \s-1EVP\s0 interface.
.PP
It should be possible to disable \s-1PKCS\s0 padding: currently it isn't.
.PP
\&\s-1EVP_MAX_KEY_LENGTH\s0 and \s-1EVP_MAX_IV_LENGTH\s0 only refer to the internal ciphers with
default key lengths. If custom ciphers exceed these values the results are
unpredictable. This is because it has become standard practice to define a
@@ -459,28 +517,128 @@ Get the number of rounds used in \s-1RC5:\s0
.PP
.Vb 2
\& int nrounds;
\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &i);
\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds);
.Ve
Get the \s-1RC2\s0 effective key length:
.PP
.Vb 2
\& int key_bits;
\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits);
.Ve
Set the number of rounds used in \s-1RC5:\s0
.PP
.Vb 2
\& int nrounds;
\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, i, NULL);
\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL);
.Ve
Set the number of rounds used in \s-1RC2:\s0
Set the effective key length used in \s-1RC2:\s0
.PP
.Vb 2
\& int nrounds;
\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, i, NULL);
\& int key_bits;
\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
.Ve
Encrypt a string using blowfish:
.PP
.Vb 14
\& int do_crypt(char *outfile)
\& {
\& unsigned char outbuf[1024];
\& int outlen, tmplen;
\& /* Bogus key and IV: we'd normally set these from
\& * another source.
\& */
\& unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
\& unsigned char iv[] = {1,2,3,4,5,6,7,8};
\& char intext[] = "Some Crypto Text";
\& EVP_CIPHER_CTX ctx;
\& FILE *out;
\& EVP_CIPHER_CTX_init(&ctx);
\& EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv);
.Ve
.Vb 25
\& if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext)))
\& {
\& /* Error */
\& return 0;
\& }
\& /* Buffer passed to EVP_EncryptFinal() must be after data just
\& * encrypted to avoid overwriting it.
\& */
\& if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen))
\& {
\& /* Error */
\& return 0;
\& }
\& outlen += tmplen;
\& EVP_CIPHER_CTX_cleanup(&ctx);
\& /* Need binary mode for fopen because encrypted data is
\& * binary data. Also cannot use strlen() on it because
\& * it wont be null terminated and may contain embedded
\& * nulls.
\& */
\& out = fopen(outfile, "wb");
\& fwrite(outbuf, 1, outlen, out);
\& fclose(out);
\& return 1;
\& }
.Ve
The ciphertext from the above example can be decrypted using the \fBopenssl\fR
utility with the command line:
.PP
.Vb 1
\& S<openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 -d>
.Ve
General encryption, decryption function example using \s-1FILE\s0 I/O and \s-1RC2\s0 with an
80 bit key:
.PP
.Vb 16
\& int do_crypt(FILE *in, FILE *out, int do_encrypt)
\& {
\& /* Allow enough space in output buffer for additional block */
\& inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
\& int inlen, outlen;
\& /* Bogus key and IV: we'd normally set these from
\& * another source.
\& */
\& unsigned char key[] = "0123456789";
\& unsigned char iv[] = "12345678";
\& /* Don't set key or IV because we will modify the parameters */
\& EVP_CIPHER_CTX_init(&ctx);
\& EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt);
\& EVP_CIPHER_CTX_set_key_length(&ctx, 10);
\& /* We finished modifying parameters so now we can set key and IV */
\& EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt);
.Ve
.Vb 17
\& for(;;)
\& {
\& inlen = fread(inbuf, 1, 1024, in);
\& if(inlen <= 0) break;
\& if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen))
\& {
\& /* Error */
\& return 0;
\& }
\& fwrite(outbuf, 1, outlen, out);
\& }
\& if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen))
\& {
\& /* Error */
\& return 0;
\& }
\& fwrite(outbuf, 1, outlen, out);
.Ve
.Vb 3
\& EVP_CIPHER_CTX_cleanup(&ctx);
\& return 1;
\& }
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
evp(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIEVP_CIPHER_CTX_init()\fR, \fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptFinal_ex()\fR,
\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR, \fIEVP_CipherInit_ex()\fR,
\&\fIEVP_CipherFinal_ex()\fR and \fIEVP_CIPHER_CTX_set_padding()\fR appeared in
OpenSSL 0.9.7.
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:41 2002
.\" Mon Jan 13 19:28:05 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "EVP_OpenInit 3"
.TH EVP_OpenInit 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH EVP_OpenInit 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- \s-1EVP\s0 envelope decryption
+180
View File
@@ -0,0 +1,180 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Mon Jan 13 19:28:06 2003
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD. Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "EVP_PKEY_new 3"
.TH EVP_PKEY_new 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/evp.h>
.Ve
.Vb 2
\& EVP_PKEY *EVP_PKEY_new(void);
\& void EVP_PKEY_free(EVP_PKEY *key);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fIEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR
structure which is used by OpenSSL to store private keys.
.PP
\&\fIEVP_PKEY_free()\fR frees up the private key \fBkey\fR.
.SH "NOTES"
.IX Header "NOTES"
The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions
which require a general private key without reference to any
particular algorithm.
.PP
The structure returned by \fIEVP_PKEY_new()\fR is empty. To add a
private key to this empty structure the functions described in
EVP_PKEY_set1_RSA(3) should be used.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_PKEY_new()\fR returns either the newly allocated \fB\s-1EVP_PKEY\s0\fR
structure of \fB\s-1NULL\s0\fR if an error occurred.
.PP
\&\fIEVP_PKEY_free()\fR does not return a value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
EVP_PKEY_set1_RSA(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\s-1TBA\s0
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:06 2002
.\" Mon Jan 13 19:28:07 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -137,96 +137,81 @@
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "BIO_new_bio_pair 3"
.TH BIO_new_bio_pair 3 "0.9.6e" "2000-11-12" "OpenSSL"
.IX Title "EVP_PKEY_set1_RSA 3"
.TH EVP_PKEY_set1_RSA 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BIO_new_bio_pair \- create a new \s-1BIO\s0 pair
EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY,
EVP_PKEY_type \- \s-1EVP_PKEY\s0 assignment functions.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/bio.h>
\& #include <openssl/evp.h>
.Ve
.Vb 4
\& int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key);
\& int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key);
\& int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key);
\& int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
.Ve
.Vb 4
\& RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
\& DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
\& DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
\& EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
.Ve
.Vb 4
\& int EVP_PKEY_assign_RSA(EVP_PKEY *pkey,RSA *key);
\& int EVP_PKEY_assign_DSA(EVP_PKEY *pkey,DSA *key);
\& int EVP_PKEY_assign_DH(EVP_PKEY *pkey,DH *key);
\& int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
.Ve
.Vb 1
\& int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2);
\& int EVP_PKEY_type(int type);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIBIO_new_bio_pair()\fR creates a buffering \s-1BIO\s0 pair. It has two endpoints between
data can be buffered. Its typical use is to connect one endpoint as underlying
input/output \s-1BIO\s0 to an \s-1SSL\s0 and access the other one controlled by the program
instead of accessing the network connection directly.
\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and
\&\fIEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR.
.PP
The two new BIOs \fBbio1\fR and \fBbio2\fR are symmetric with respect to their
functionality. The size of their buffers is determined by \fBwritebuf1\fR and
\&\fBwritebuf2\fR. If the size give is 0, the default size is used.
\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and
\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or
\&\fB\s-1NULL\s0\fR if the key is not of the correct type.
.PP
\&\fIBIO_new_bio_pair()\fR does not check whether \fBbio1\fR or \fBbio2\fR do point to
some other \s-1BIO\s0, the values are overwritten, \fIBIO_free()\fR is not called.
\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR
and \fIEVP_PKEY_assign_EC_KEY()\fR also set the referenced key to \fBkey\fR
however these use the supplied \fBkey\fR internally and so \fBkey\fR
will be freed when the parent \fBpkey\fR is freed.
.PP
The two BIOs, even though forming a \s-1BIO\s0 pair and must be \fIBIO_free()\fR'ed
separately. This can be of importance, as some SSL-functions like \fISSL_set_bio()\fR
or \fISSL_free()\fR call \fIBIO_free()\fR implicitly, so that the peer-BIO is left
untouched and must also be \fIBIO_free()\fR'ed.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
The \s-1BIO\s0 pair can be used to have full control over the network access of an
application. The application can call \fIselect()\fR on the socket as required
without having to go through the SSL-interface.
\&\fIEVP_PKEY_type()\fR returns the type of key corresponding to the value
\&\fBtype\fR. The type of a key can be obtained with
EVP_PKEY_type(pkey->type). The return value will be \s-1EVP_PKEY_RSA\s0,
\&\s-1EVP_PKEY_DSA\s0, \s-1EVP_PKEY_DH\s0 or \s-1EVP_PKEY_EC\s0 for the corresponding
key types or NID_undef if the key type is unassigned.
.SH "NOTES"
.IX Header "NOTES"
In accordance with the OpenSSL naming convention the key obtained
from or assigned to the \fBpkey\fR using the \fB1\fR functions must be
freed as well as \fBpkey\fR.
.PP
.Vb 6
\& BIO *internal_bio, *network_bio;
\& ...
\& BIO_new_bio_pair(internal_bio, 0, network_bio, 0);
\& SSL_set_bio(ssl, internal_bio);
\& SSL_operations();
\& ...
.Ve
.Vb 9
\& application | TLS-engine
\& | |
\& +----------> SSL_operations()
\& | /\e ||
\& | || \e/
\& | BIO-pair (internal_bio)
\& +----------< BIO-pair (network_bio)
\& | |
\& socket |
.Ve
.Vb 4
\& ...
\& SSL_free(ssl); /* implicitly frees internal_bio */
\& BIO_free(network_bio);
\& ...
.Ve
As the \s-1BIO\s0 pair will only buffer the data and never directly access the
connection, it behaves non-blocking and will return as soon as the write
buffer is full or the read buffer is drained. Then the application has to
flush the write buffer and/or fill the read buffer.
.PP
Use the \fIBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0
and must be transfered to the network. Use \fIBIO_ctrl_get_read_request()\fR to
find out, how many bytes must be written into the buffer before the
\&\fISSL_operation()\fR can successfully be continued.
.SH "IMPORTANT"
.IX Header "IMPORTANT"
As the data is buffered, \fISSL_operation()\fR may return with a \s-1ERROR_SSL_WANT_READ\s0
condition, but there is still data in the write buffer. An application must
not rely on the error value of \fISSL_operation()\fR but must assure that the
write buffer is always flushed first. Otherwise a deadlock may occur as
the peer might be waiting for the data before being able to continue.
\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR
\&\fIEVP_PKEY_assign_EC_KEY()\fR are implemented as macros.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
The following return values can occur:
.Ip "1" 4
.IX Item "1"
The \s-1BIO\s0 pair was created successfully. The new BIOs are available in
\&\fBbio1\fR and \fBbio2\fR.
.Ip "0" 4
The operation failed. The \s-1NULL\s0 pointer is stored into the locations for
\&\fBbio1\fR and \fBbio2\fR. Check the error stack for more information.
\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and
\&\fIEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure.
.PP
\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and
\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if
an error occurred.
.PP
\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR
and \fIEVP_PKEY_assign_EC_KEY()\fR return 1 for success and 0 for failure.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
SSL_set_bio(3), ssl(3), bio(3),
BIO_ctrl_pending(3),
BIO_ctrl_get_read_request(3)
EVP_PKEY_new(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\s-1TBA\s0
+3 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:42 2002
.\" Mon Jan 13 19:28:08 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "EVP_SealInit 3"
.TH EVP_SealInit 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH EVP_SealInit 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- \s-1EVP\s0 envelope encryption
@@ -209,3 +209,4 @@ EVP_EncryptInit(3),
EVP_OpenInit(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIEVP_SealFinal()\fR did not return a value before OpenSSL 0.9.7.
+28 -16
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:43 2002
.\" Mon Jan 13 19:28:10 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "EVP_SignInit 3"
.TH EVP_SignInit 3 "0.9.6e" "2002-07-30" "OpenSSL"
.TH EVP_SignInit 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions
@@ -148,11 +148,14 @@ EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions
\& #include <openssl/evp.h>
.Ve
.Vb 3
\& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
\& void EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
\& int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
\& int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
\& int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey);
.Ve
.Vb 1
\& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
.Ve
.Vb 1
\& int EVP_PKEY_size(EVP_PKEY *pkey);
.Ve
.SH "DESCRIPTION"
@@ -160,9 +163,9 @@ EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions
The \s-1EVP\s0 signature routines are a high level interface to digital
signatures.
.PP
\&\fIEVP_SignInit()\fR initializes a signing context \fBctx\fR to using digest
\&\fBtype\fR: this will typically be supplied by a function such as
\&\fIEVP_sha1()\fR.
\&\fIEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest
\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized with
\&\fIEVP_MD_CTX_init()\fR before calling this function.
.PP
\&\fIEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
signature context \fBctx\fR. This function can be called several times on the
@@ -172,17 +175,17 @@ same \fBctx\fR to include additional data.
and places the signature in \fBsig\fR. If the \fBs\fR parameter is not \s-1NULL\s0
then the number of bytes of data written (i.e. the length of the signature)
will be written to the integer at \fBs\fR, at most EVP_PKEY_size(pkey) bytes
will be written. After calling \fIEVP_SignFinal()\fR no additional calls to
\&\fIEVP_SignUpdate()\fR can be made, but \fIEVP_SignInit()\fR can be called to initialize
a new signature operation.
will be written.
.PP
\&\fIEVP_SignInit()\fR initializes a signing context \fBctx\fR to use the default
implementation of digest \fBtype\fR.
.PP
\&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. The actual
signature returned by \fIEVP_SignFinal()\fR may be smaller.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_SignInit()\fR and \fIEVP_SignUpdate()\fR do not return values.
.PP
\&\fIEVP_SignFinal()\fR returns 1 for success and 0 for failure.
\&\fIEVP_SignInit_ex()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR return 1
for success and 0 for failure.
.PP
\&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes.
.PP
@@ -201,11 +204,18 @@ EVP_DigestInit(3).
When signing with \s-1DSA\s0 private keys the random number generator must be seeded
or the operation will fail. The random number generator does not need to be
seeded for \s-1RSA\s0 signatures.
.PP
The call to \fIEVP_SignFinal()\fR internally finalizes a copy of the digest context.
This means that calls to \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR can be called
later to digest and sign additional data.
.PP
Since only a copy of the digest context is ever finalized the context must
be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak
will occur.
.SH "BUGS"
.IX Header "BUGS"
Several of the functions do not return values: maybe they should. Although the
internal digest operations will never fail some future hardware based operations
might.
Older versions of this documentation wrongly stated that calls to
\&\fIEVP_SignUpdate()\fR could not be made after calling \fIEVP_SignFinal()\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
EVP_VerifyInit(3),
@@ -217,3 +227,5 @@ sha(3), dgst(1)
.IX Header "HISTORY"
\&\fIEVP_SignInit()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR are
available in all versions of SSLeay and OpenSSL.
.PP
\&\fIEVP_SignInit_ex()\fR was added in OpenSSL 0.9.7.
+28 -13
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:43 2002
.\" Mon Jan 13 19:28:11 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "EVP_VerifyInit 3"
.TH EVP_VerifyInit 3 "0.9.6e" "2002-07-30" "OpenSSL"
.TH EVP_VerifyInit 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- \s-1EVP\s0 signature verification functions
@@ -148,29 +148,35 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- \s-1EVP\s0 signature verifi
\& #include <openssl/evp.h>
.Ve
.Vb 3
\& void EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
\& void EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
\& int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
\& int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
\& int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey);
.Ve
.Vb 1
\& int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP\s0 signature verification routines are a high level interface to digital
signatures.
.PP
\&\fIEVP_VerifyInit()\fR initializes a verification context \fBctx\fR to using digest
\&\fBtype\fR: this will typically be supplied by a function such as \fIEVP_sha1()\fR.
\&\fIEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest
\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized by calling
\&\fIEVP_MD_CTX_init()\fR before calling this function.
.PP
\&\fIEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
verification context \fBctx\fR. This function can be called several times on the
same \fBctx\fR to include additional data.
.PP
\&\fIEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR
and against the \fBsiglen\fR bytes at \fBsigbuf\fR. After calling \fIEVP_VerifyFinal()\fR
no additional calls to \fIEVP_VerifyUpdate()\fR can be made, but \fIEVP_VerifyInit()\fR
can be called to initialize a new verification operation.
and against the \fBsiglen\fR bytes at \fBsigbuf\fR.
.PP
\&\fIEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default
implementation of digest \fBtype\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_VerifyInit()\fR and \fIEVP_VerifyUpdate()\fR do not return values.
\&\fIEVP_VerifyInit_ex()\fR and \fIEVP_VerifyUpdate()\fR return 1 for success and 0 for
failure.
.PP
\&\fIEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some
other error occurred.
@@ -186,11 +192,18 @@ Due to the link between message digests and public key algorithms the correct
digest algorithm must be used with the correct public key type. A list of
algorithms and associated public key algorithms appears in
EVP_DigestInit(3).
.PP
The call to \fIEVP_VerifyFinal()\fR internally finalizes a copy of the digest context.
This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can be called
later to digest and verify additional data.
.PP
Since only a copy of the digest context is ever finalized the context must
be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak
will occur.
.SH "BUGS"
.IX Header "BUGS"
Several of the functions do not return values: maybe they should. Although the
internal digest operations will never fail some future hardware based operations
might.
Older versions of this documentation wrongly stated that calls to
\&\fIEVP_VerifyUpdate()\fR could not be made after calling \fIEVP_VerifyFinal()\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
evp(3),
@@ -203,3 +216,5 @@ sha(3), dgst(1)
.IX Header "HISTORY"
\&\fIEVP_VerifyInit()\fR, \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR are
available in all versions of SSLeay and OpenSSL.
.PP
\&\fIEVP_VerifyInit_ex()\fR was added in OpenSSL 0.9.7
+292
View File
@@ -0,0 +1,292 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Mon Jan 13 19:28:12 2003
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD. Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "OBJ_nid2obj 3"
.TH OBJ_nid2obj 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid,
OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup \- \s-1ASN1\s0 object utility
functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 3
\& ASN1_OBJECT * OBJ_nid2obj(int n);
\& const char * OBJ_nid2ln(int n);
\& const char * OBJ_nid2sn(int n);
.Ve
.Vb 3
\& int OBJ_obj2nid(const ASN1_OBJECT *o);
\& int OBJ_ln2nid(const char *ln);
\& int OBJ_sn2nid(const char *sn);
.Ve
.Vb 1
\& int OBJ_txt2nid(const char *s);
.Ve
.Vb 2
\& ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name);
\& int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
.Ve
.Vb 2
\& int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
\& ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o);
.Ve
.Vb 2
\& int OBJ_create(const char *oid,const char *sn,const char *ln);
\& void OBJ_cleanup(void);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are
a representation of the \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (\s-1OID\s0) type.
.PP
\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to
an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively,
or \fB\s-1NULL\s0\fR is an error occurred.
.PP
\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR return the corresponding \s-1NID\s0
for the object \fBo\fR, the long name <ln> or the short name <sn> respectively
or NID_undef if an error occurred.
.PP
\&\fIOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string <s>. \fBs\fR can be
a long name, a short name or the numerical respresentation of an object.
.PP
\&\fIOBJ_txt2obj()\fR converts the text string \fBs\fR into an \s-1ASN1_OBJECT\s0 structure.
If \fBno_name\fR is 0 then long names and short names will be interpreted
as well as numerical forms. If \fBno_name\fR is 1 only the numerical form
is acceptable.
.PP
\&\fIOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fBa\fR into a textual representation.
The representation is written as a null terminated string to \fBbuf\fR
at most \fBbuf_len\fR bytes are written, truncating the result if necessary.
The total amount of space required is returned. If \fBno_name\fR is 0 then
if the object has a long or short name then that will be used, otherwise
the numerical form will be used. If \fBno_name\fR is 1 then the numerical
form will always be used.
.PP
\&\fIOBJ_cmp()\fR compares \fBa\fR to \fBb\fR. If the two are identical 0 is returned.
.PP
\&\fIOBJ_dup()\fR returns a copy of \fBo\fR.
.PP
\&\fIOBJ_create()\fR adds a new object to the internal table. \fBoid\fR is the
numerical form of the object, \fBsn\fR the short name and \fBln\fR the
long name. A new \s-1NID\s0 is returned for the created object.
.PP
\&\fIOBJ_cleanup()\fR cleans up OpenSSLs internal object table: this should
be called before an application exits if any new objects were added
using \fIOBJ_create()\fR.
.SH "NOTES"
.IX Header "NOTES"
Objects in OpenSSL can have a short name, a long name and a numerical
identifier (\s-1NID\s0) associated with them. A standard set of objects is
represented in an internal table. The appropriate values are defined
in the header file \fBobjects.h\fR.
.PP
For example the \s-1OID\s0 for commonName has the following definitions:
.PP
.Vb 3
\& #define SN_commonName "CN"
\& #define LN_commonName "commonName"
\& #define NID_commonName 13
.Ve
New objects can be added by calling \fIOBJ_create()\fR.
.PP
Table objects have certain advantages over other objects: for example
their NIDs can be used in a C language switch statement. They are
also static constant structures which are shared: that is there
is only a single constant structure for each table object.
.PP
Objects which are not in the table have the \s-1NID\s0 value NID_undef.
.PP
Objects do not need to be in the internal tables to be processed,
the functions \fIOBJ_txt2obj()\fR and \fIOBJ_obj2txt()\fR can process the numerical
form of an \s-1OID\s0.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Create an object for \fBcommonName\fR:
.PP
.Vb 2
\& ASN1_OBJECT *o;
\& o = OBJ_nid2obj(NID_commonName);
.Ve
Check if an object is \fBcommonName\fR
.PP
.Vb 2
\& if (OBJ_obj2nid(obj) == NID_commonName)
\& /* Do something */
.Ve
Create a new \s-1NID\s0 and initialize an object from it:
.PP
.Vb 3
\& int new_nid;
\& ASN1_OBJECT *obj;
\& new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
.Ve
.Vb 1
\& obj = OBJ_nid2obj(new_nid);
.Ve
Create a new object directly:
.PP
.Vb 1
\& obj = OBJ_txt2obj("1.2.3.4", 1);
.Ve
.SH "BUGS"
.IX Header "BUGS"
\&\fIOBJ_obj2txt()\fR is awkward and messy to use: it doesn't follow the
convention of other OpenSSL functions where the buffer can be set
to \fB\s-1NULL\s0\fR to determine the amount of data that should be written.
Instead \fBbuf\fR must point to a valid buffer and \fBbuf_len\fR should
be set to a positive value. A buffer length of 80 should be more
than enough to handle any \s-1OID\s0 encountered in practice.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an
error occurred.
.PP
\&\fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR
on error.
.PP
\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR and \fIOBJ_txt2nid()\fR return
a \s-1NID\s0 or \fBNID_undef\fR on error.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
ERR_get_error(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\s-1TBA\s0
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:44 2002
.\" Mon Jan 13 19:28:13 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "OPENSSL_VERSION_NUMBER 3"
.TH OPENSSL_VERSION_NUMBER 3 "0.9.6e" "2002-07-30" "OpenSSL"
.TH OPENSSL_VERSION_NUMBER 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
\&\s-1OPENSSL_VERSION_NUMBER\s0, SSLeay, SSLeay_version \- get OpenSSL version number
@@ -211,6 +211,10 @@ or \*(L"built on: date not available\*(R" otherwise.
.IX Item "SSLEAY_PLATFORM"
The \*(L"Configure\*(R" target of the library build in the form \*(L"platform: ...\*(R"
if available or \*(L"platform: information not available\*(R" otherwise.
.Ip "\s-1SSLEAY_DIR\s0" 4
.IX Item "SSLEAY_DIR"
The \*(L"\s-1OPENSSLDIR\s0\*(R" setting of the library build in the form \*(L"\s-1OPENSSLDIR:\s0 \*(R"..."\*(L"
if available or \*(R"\s-1OPENSSLDIR:\s0 N/A" otherwise.
.PP
For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned.
.SH "RETURN VALUE"
@@ -223,3 +227,4 @@ crypto(3)
.IX Header "HISTORY"
\&\fISSLeay()\fR and \s-1SSLEAY_VERSION_NUMBER\s0 are available in all versions of SSLeay and OpenSSL.
\&\s-1OPENSSL_VERSION_NUMBER\s0 is available in all versions of OpenSSL.
\&\fB\s-1SSLEAY_DIR\s0\fR was added in OpenSSL 0.9.7.
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:44 2002
.\" Mon Jan 13 19:28:15 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "OpenSSL_add_all_algorithms 3"
.TH OpenSSL_add_all_algorithms 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH OpenSSL_add_all_algorithms 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests \-
+192
View File
@@ -0,0 +1,192 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Mon Jan 13 19:28:16 2003
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD. Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "PKCS12_create 3"
.TH PKCS12_create 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
PKCS12_create \- create a PKCS#12 structure
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/pkcs12.h>
.Ve
.Vb 2
\& PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca,
\& int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIPKCS12_create()\fR creates a PKCS#12 structure.
.PP
\&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for
the supplied certifictate and key. \fBpkey\fR is the private key to include in
the structure and \fBcert\fR its corresponding certificates. \fBca\fR, if not \fB\s-1NULL\s0\fR
is an optional set of certificates to also include in the structure.
.PP
\&\fBnid_key\fR and \fBnid_cert\fR are the encryption algorithms that should be used
for the key and certificate respectively. \fBiter\fR is the encryption algorithm
iteration count to use and \fBmac_iter\fR is the \s-1MAC\s0 iteration count to use.
\&\fBkeytype\fR is the type of key.
.SH "NOTES"
.IX Header "NOTES"
The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBiter\fR, \fBmac_iter\fR and \fBkeytype\fR
can all be set to zero and sensible defaults will be used.
.PP
These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0
encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0
(currently 2048) and a \s-1MAC\s0 iteration count of 1.
.PP
The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with
old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility
is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER\s0.
.PP
\&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension
that is only currently interpreted by \s-1MSIE\s0. If set to zero the flag is omitted,
if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR
it can be used for signing and encryption. This option was useful for old
export grade software which could use signing only keys of arbitrary size but
had restrictions on the permissible sizes of keys which could be used for
encryption.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
d2i_PKCS12(3)
.SH "HISTORY"
.IX Header "HISTORY"
PKCS12_create was added in OpenSSL 0.9.3
+182
View File
@@ -0,0 +1,182 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Mon Jan 13 19:28:17 2003
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD. Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "PKCS12_parse 3"
.TH PKCS12_parse 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
PKCS12_parse \- parse a PKCS#12 structure
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/pkcs12.h>
.Ve
int PKCS12_parse(\s-1PKCS12\s0 *p12, const char *pass, \s-1EVP_PKEY\s0 **pkey, X509 **cert, STACK_OF(X509) **ca);
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure.
.PP
\&\fBp12\fR is the \fB\s-1PKCS12\s0\fR structure to parse. \fBpass\fR is the passphrase to use.
If successful the private key will be written to \fB*pkey\fR, the corresponding
certificate to \fB*cert\fR and any additional certificates to \fB*ca\fR.
.SH "NOTES"
.IX Header "NOTES"
The parameters \fBpkey\fR and \fBcert\fR cannot be \fB\s-1NULL\s0\fR. \fBca\fR can be <\s-1NULL\s0>
in which case additional certificates will be discarded. \fB*ca\fR can also
be a valid \s-1STACK\s0 in which case additional certificates are appended to
\&\fB*ca\fR. If \fB*ca\fR is \fB\s-1NULL\s0\fR a new \s-1STACK\s0 will be allocated.
.PP
The \fBfriendlyName\fR and \fBlocalKeyID\fR attributes (if present) on each certificate
will be stored in the \fBalias\fR and \fBkeyid\fR attributes of the \fBX509\fR structure.
.SH "BUGS"
.IX Header "BUGS"
Only a single private key and corresponding certificate is returned by this function.
More complex PKCS#12 files with multiple private keys will only return the first
match.
.PP
Only \fBfriendlyName\fR and \fBlocalKeyID\fR attributes are currently stored in certificates.
Other attributes are discarded.
.PP
Attributes currently cannot be store in the private key \fB\s-1EVP_PKEY\s0\fR structure.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
d2i_PKCS12(3)
.SH "HISTORY"
.IX Header "HISTORY"
PKCS12_parse was added in OpenSSL 0.9.3
+183
View File
@@ -0,0 +1,183 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Mon Jan 13 19:28:18 2003
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD. Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "PKCS7_decrypt 3"
.TH PKCS7_decrypt 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
int PKCS7_decrypt(\s-1PKCS7\s0 *p7, \s-1EVP_PKEY\s0 *pkey, X509 *cert, \s-1BIO\s0 *data, int flags);
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData
structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the
recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and
\&\fBflags\fR is an optional set of flags.
.SH "NOTES"
.IX Header "NOTES"
\&\fIOpenSSL_add_all_algorithms()\fR (or equivalent) should be called before using this
function or errors about unknown algorithms will occur.
.PP
Although the recipients certificate is not needed to decrypt the data it is needed
to locate the appropriate (of possible several) recipients in the PKCS#7 structure.
.PP
The following flags can be passed in the \fBflags\fR parameter.
.PP
If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted
from the content. If the content is not of type \fBtext/plain\fR then an error is
returned.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIPKCS7_decrypt()\fR returns either 1 for success or 0 for failure.
The error can be obtained from \fIERR_get_error\fR\|(3)
.SH "BUGS"
.IX Header "BUGS"
\&\fIPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would
be better if it could look up the correct key and certificate from a database.
.PP
The lack of single pass processing and need to hold all data in memory as
mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
ERR_get_error(3), PKCS7_encrypt(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5
+195
View File
@@ -0,0 +1,195 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Mon Jan 13 19:28:19 2003
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD. Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "PKCS7_encrypt 3"
.TH PKCS7_encrypt 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
PKCS7_encrypt \- create a PKCS#7 envelopedData structure
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\s-1PKCS7\s0 *PKCS7_encrypt(STACK_OF(X509) *certs, \s-1BIO\s0 *in, const \s-1EVP_CIPHER\s0 *cipher, int flags);
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR
is a list of recipient certificates. \fBin\fR is the content to be encrypted.
\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags.
.SH "NOTES"
.IX Header "NOTES"
Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient certificates
supplied to this function must all contain \s-1RSA\s0 public keys, though they do not have to
be signed using the \s-1RSA\s0 algorithm.
.PP
\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use because
most clients will support it.
.PP
Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 bit
\&\s-1RC2\s0. These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR respectively.
.PP
The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of its
parameters.
.PP
Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME
envelopedData containing an S/MIME signed message. This can be readily produced
by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to
\&\fIPKCS7_encrypt()\fR.
.PP
The following flags can be passed in the \fBflags\fR parameter.
.PP
If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended
to the data.
.PP
Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required
by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This
option should be used if the supplied data is in binary format otherwise the translation
will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then \fB\s-1PKCS7_TEXT\s0\fR is ignored.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIPKCS7_encrypt()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred.
The error can be obtained from \fIERR_get_error\fR\|(3).
.SH "BUGS"
.IX Header "BUGS"
The lack of single pass processing and need to hold all data in memory as
mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
ERR_get_error(3), PKCS7_decrypt(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5
+215
View File
@@ -0,0 +1,215 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Mon Jan 13 19:28:20 2003
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD. Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "PKCS7_sign 3"
.TH PKCS7_sign 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
PKCS7_sign \- create a PKCS#7 signedData structure
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\s-1PKCS7\s0 *PKCS7_sign(X509 *signcert, \s-1EVP_PKEY\s0 *pkey, STACK_OF(X509) *certs, \s-1BIO\s0 *data, int flags);
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR
is the certificate to sign with, \fBpkey\fR is the corresponsding private key.
\&\fBcerts\fR is an optional additional set of certificates to include in the
PKCS#7 structure (for example any intermediate CAs in the chain).
.PP
The data to be signed is read from \s-1BIO\s0 \fBdata\fR.
.PP
\&\fBflags\fR is an optional set of flags.
.SH "NOTES"
.IX Header "NOTES"
Any of the following flags (ored together) can be passed in the \fBflags\fR parameter.
.PP
Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If
the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended
to the data.
.PP
If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the
\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the \fBsigncert\fR
parameter though. This can reduce the size of the signature if the signers certificate
can be obtained by other means: for example a previously signed message.
.PP
The data being signed is included in the \s-1PKCS7\s0 structure, unless \fB\s-1PKCS7_DETACHED\s0\fR
is set in which case it is omitted. This is used for \s-1PKCS7\s0 detached signatures
which are used in S/MIME plaintext signed messages for example.
.PP
Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required
by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This
option should be used if the supplied data is in binary format otherwise the translation
will corrupt it.
.PP
The signedData structure includes several PKCS#7 autenticatedAttributes including
the signing time, the PKCS#7 content type and the supported list of ciphers in
an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no authenticatedAttributes
will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are
omitted.
.PP
If present the SMIMECapabilities attribute indicates support for the following
algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any
of these algorithms is disabled then it will not be included.
.SH "BUGS"
.IX Header "BUGS"
\&\fIPKCS7_sign()\fR is somewhat limited. It does not support multiple signers, some
advanced attributes such as counter signatures are not supported.
.PP
The \s-1SHA1\s0 digest algorithm is currently always used.
.PP
When the signed data is not detached it will be stored in memory within the
\&\fB\s-1PKCS7\s0\fR structure. This effectively limits the size of messages which can be
signed due to memory restraints. There should be a way to sign data without
having to hold it all in memory, this would however require fairly major
revisions of the OpenSSL \s-1ASN1\s0 code.
.PP
Clear text signing does not store the content in memory but the way \fIPKCS7_sign()\fR
operates means that two passes of the data must typically be made: one to compute
the signatures and a second to output the data along with the signature. There
should be a way to process the data with only a single pass.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred.
The error can be obtained from \fIERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
ERR_get_error(3), PKCS7_verify(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIPKCS7_sign()\fR was added to OpenSSL 0.9.5
+245
View File
@@ -0,0 +1,245 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Mon Jan 13 19:28:22 2003
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD. Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.\"
.\" For nroff, turn off justification. Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "PKCS7_verify 3"
.TH PKCS7_verify 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
PKCS7_verify \- verify a PKCS#7 signedData structure
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
int PKCS7_verify(\s-1PKCS7\s0 *p7, STACK_OF(X509) *certs, X509_STORE *store, \s-1BIO\s0 *indata, \s-1BIO\s0 *out, int flags);
.PP
int PKCS7_get0_signers(\s-1PKCS7\s0 *p7, STACK_OF(X509) *certs, int flags);
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0
structure to verify. \fBcerts\fR is a set of certificates in which to search for
the signer's certificate. \fBstore\fR is a trusted certficate store (used for
chain verification). \fBindata\fR is the signed data if the content is not
present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR
if it is not \s-1NULL\s0.
.PP
\&\fBflags\fR is an optional set of flags, which can be used to modify the verify
operation.
.PP
\&\fIPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does
\&\fBnot\fR check their validity or whether any signatures are valid. The \fBcerts\fR
and \fBflags\fR parameters have the same meanings as in \fIPKCS7_verify()\fR.
.SH "VERIFY PROCESS"
.IX Header "VERIFY PROCESS"
Normally the verify process proceeds as follows.
.PP
Initially some sanity checks are performed on \fBp7\fR. The type of \fBp7\fR must
be signedData. There must be at least one signature on the data and if
the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR.
.PP
An attempt is made to locate all the signer's certificates, first looking in
the \fBcerts\fR parameter (if it is not \fB\s-1NULL\s0\fR) and then looking in any certificates
contained in the \fBp7\fR structure itself. If any signer's certificates cannot be
located the operation fails.
.PP
Each signer's certificate is chain verified using the \fBsmimesign\fR purpose and
the supplied trusted certificate store. Any internal certificates in the message
are used as untrusted CAs. If any chain verify fails an error code is returned.
.PP
Finally the signed content is read (and written to \fBout\fR is it is not \s-1NULL\s0) and
the signature's checked.
.PP
If all signature's verify correctly then the function is successful.
.PP
Any of the following flags (ored together) can be passed in the \fBflags\fR parameter
to change the default verify behaviour. Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is
meaningful to \fIPKCS7_get0_signers()\fR.
.PP
If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not
searched when locating the signer's certificate. This means that all the signers
certificates must be in the \fBcerts\fR parameter.
.PP
If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted
from the content. If the content is not of type \fBtext/plain\fR then an error is
returned.
.PP
If \fB\s-1PKCS7_NOVERIFY\s0\fR is set the signer's certificates are not chain verified.
.PP
If \fB\s-1PKCS7_NOCHAIN\s0\fR is set then the certificates contained in the message are
not used as untrusted CAs. This means that the whole verify chain (apart from
the signer's certificate) must be contained in the trusted store.
.PP
If \fB\s-1PKCS7_NOSIGS\s0\fR is set then the signatures on the data are not checked.
.SH "NOTES"
.IX Header "NOTES"
One application of \fB\s-1PKCS7_NOINTERN\s0\fR is to only accept messages signed by
a small number of certificates. The acceptable certificates would be passed
in the \fBcerts\fR parameter. In this case if the signer is not one of the
certificates supplied in \fBcerts\fR then the verify will fail because the
signer cannot be found.
.PP
Care should be taken when modifying the default verify behaviour, for example
setting \fBPKCS7_NOVERIFY|PKCS7_NOSIGS\fR will totally disable all verification
and any signed message will be considered valid. This combination is however
useful if one merely wishes to write the content to \fBout\fR and its validity
is not considered important.
.PP
Chain verification should arguably be performed using the signing time rather
than the current time. However since the signing time is supplied by the
signer it cannot be trusted without additional evidence (such as a trusted
timestamp).
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIPKCS7_verify()\fR returns 1 for a successful verification and zero or a negative
value if an error occurs.
.PP
\&\fIPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred.
.PP
The error can be obtained from ERR_get_error(3)
.SH "BUGS"
.IX Header "BUGS"
The trusted certificate store is not searched for the signers certificate,
this is primarily due to the inadequacies of the current \fBX509_STORE\fR
functionality.
.PP
The lack of single pass processing and need to hold all data in memory as
mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
ERR_get_error(3), PKCS7_sign(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIPKCS7_verify()\fR was added to OpenSSL 0.9.5
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:45 2002
.\" Mon Jan 13 19:28:23 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RAND_add 3"
.TH RAND_add 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH RAND_add 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen \- add
+4 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:46 2002
.\" Mon Jan 13 19:28:24 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RAND_bytes 3"
.TH RAND_bytes 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH RAND_bytes 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
RAND_bytes, RAND_pseudo_bytes \- generate random data
@@ -174,7 +174,8 @@ functions return \-1 if they are not supported by the current \s-1RAND\s0
method.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
rand(3), err(3), RAND_add(3)
rand(3), ERR_get_error(3),
RAND_add(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIRAND_bytes()\fR is available in all versions of SSLeay and OpenSSL. It
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:46 2002
.\" Mon Jan 13 19:28:25 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RAND_cleanup 3"
.TH RAND_cleanup 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH RAND_cleanup 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
RAND_cleanup \- erase the \s-1PRNG\s0 state
+21 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:47 2002
.\" Mon Jan 13 19:28:26 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RAND_egd 3"
.TH RAND_egd 3 "0.9.6e" "2001-02-17" "OpenSSL"
.TH RAND_egd 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
RAND_egd \- query entropy gathering daemon
@@ -151,6 +151,9 @@ RAND_egd \- query entropy gathering daemon
\& int RAND_egd(const char *path);
\& int RAND_egd_bytes(const char *path, int bytes);
.Ve
.Vb 1
\& int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIRAND_egd()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR.
@@ -166,6 +169,11 @@ When only one secret key must
be generated, it is not necessary to request the full amount 255 bytes from
the \s-1EGD\s0 socket. This can be advantageous, since the amount of entropy
that can be retrieved from \s-1EGD\s0 over time is limited.
.PP
\&\fIRAND_query_egd_bytes()\fR performs the actual query of the \s-1EGD\s0 daemon on socket
\&\fBpath\fR. If \fBbuf\fR is given, \fBbytes\fR bytes are queried and written into
\&\fBbuf\fR. If \fBbuf\fR is \s-1NULL\s0, \fBbytes\fR bytes are queried and used to seed the
OpenSSL built-in \s-1PRNG\s0 using RAND_add(3).
.SH "NOTES"
.IX Header "NOTES"
On systems without /dev/*random devices providing entropy from the kernel,
@@ -185,11 +193,18 @@ available from
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html .
\&\s-1PRNGD\s0 does employ an internal \s-1PRNG\s0 itself and can therefore never run
out of entropy.
.PP
OpenSSL automatically queries \s-1EGD\s0 when entropy is requested via \fIRAND_bytes()\fR
or the status is checked via \fIRAND_status()\fR for the first time, if the socket
is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool.
.SH "RETURN VALUE"
.IX Header "RETURN VALUE"
\&\fIRAND_egd()\fR and \fIRAND_egd_bytes()\fR return the number of bytes read from the
daemon on success, and \-1 if the connection failed or the daemon did not
return enough data to fully seed the \s-1PRNG\s0.
.PP
\&\fIRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on
success, and \-1 if the connection failed. The \s-1PRNG\s0 state is not considered.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
rand(3), RAND_add(3),
@@ -199,3 +214,7 @@ RAND_cleanup(3)
\&\fIRAND_egd()\fR is available since OpenSSL 0.9.5.
.PP
\&\fIRAND_egd_bytes()\fR is available since OpenSSL 0.9.6.
.PP
\&\fIRAND_query_egd_bytes()\fR is available since OpenSSL 0.9.7.
.PP
The automatic query of /var/run/egd-pool et al was added in OpenSSL 0.9.7.
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:47 2002
.\" Mon Jan 13 19:28:28 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RAND_load_file 3"
.TH RAND_load_file 3 "0.9.6e" "2001-05-19" "OpenSSL"
.TH RAND_load_file 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
RAND_load_file, RAND_write_file, RAND_file_name \- \s-1PRNG\s0 seed file
+35 -12
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:48 2002
.\" Mon Jan 13 19:28:29 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RAND_set_rand_method 3"
.TH RAND_set_rand_method 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH RAND_set_rand_method 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select \s-1RAND\s0 method
@@ -148,24 +148,32 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select \s-1RAND\s0 me
\& #include <openssl/rand.h>
.Ve
.Vb 1
\& void RAND_set_rand_method(RAND_METHOD *meth);
\& void RAND_set_rand_method(const RAND_METHOD *meth);
.Ve
.Vb 1
\& RAND_METHOD *RAND_get_rand_method(void);
\& const RAND_METHOD *RAND_get_rand_method(void);
.Ve
.Vb 1
\& RAND_METHOD *RAND_SSLeay(void);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random
number generation. By modifying the method, alternative
implementations such as hardware RNGs may be used. Initially, the
default is to use the OpenSSL internal implementation. \fIRAND_SSLeay()\fR
returns a pointer to that method.
A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number
generation. By modifying the method, alternative implementations such as
hardware RNGs may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for important
information about how these \s-1RAND\s0 \s-1API\s0 functions are affected by the use of
\&\fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
.PP
\&\fIRAND_set_rand_method()\fR sets the \s-1RAND\s0 method to \fBmeth\fR.
\&\fIRAND_get_rand_method()\fR returns a pointer to the current method.
Initially, the default \s-1RAND_METHOD\s0 is the OpenSSL internal implementation, as
returned by \fIRAND_SSLeay()\fR.
.PP
\&\fIRAND_set_default_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. \fB\s-1NB\s0\fR: This is
true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1RAND\s0, so this function
is no longer recommended.
.PP
\&\fIRAND_get_default_method()\fR returns a pointer to the current \s-1RAND_METHOD\s0.
However, the meaningfulness of this result is dependant on whether the \s-1ENGINE\s0
\&\s-1API\s0 is being used, so this function is no longer recommended.
.SH "THE RAND_METHOD STRUCTURE"
.IX Header "THE RAND_METHOD STRUCTURE"
.Vb 9
@@ -187,10 +195,25 @@ Each component may be \s-1NULL\s0 if the function is not implemented.
.IX Header "RETURN VALUES"
\&\fIRAND_set_rand_method()\fR returns no value. \fIRAND_get_rand_method()\fR and
\&\fIRAND_SSLeay()\fR return pointers to the respective methods.
.SH "NOTES"
.IX Header "NOTES"
As of version 0.9.7, \s-1RAND_METHOD\s0 implementations are grouped together with other
algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a
default \s-1ENGINE\s0 is specified for \s-1RAND\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function,
that will override any \s-1RAND\s0 defaults set using the \s-1RAND\s0 \s-1API\s0 (ie.
\&\fIRAND_set_rand_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way
to control default implementations for use in \s-1RAND\s0 and other cryptographic
algorithms.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
rand(3)
rand(3), engine(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIRAND_set_rand_method()\fR, \fIRAND_get_rand_method()\fR and \fIRAND_SSLeay()\fR are
available in all versions of OpenSSL.
.PP
In the engine version of version 0.9.6, \fIRAND_set_rand_method()\fR was altered to
take an \s-1ENGINE\s0 pointer as its argument. As of version 0.9.7, that has been
reverted as the \s-1ENGINE\s0 \s-1API\s0 transparently overrides \s-1RAND\s0 defaults if used,
otherwise \s-1RAND\s0 \s-1API\s0 functions work as before. \fIRAND_set_rand_engine()\fR was also
introduced in version 0.9.7.
+2 -2
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:49 2002
.\" Mon Jan 13 19:28:30 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA_blinding_on 3"
.TH RSA_blinding_on 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH RSA_blinding_on 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
RSA_blinding_on, RSA_blinding_off \- protect the \s-1RSA\s0 operation from timing attacks
+22 -4
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:49 2002
.\" Mon Jan 13 19:28:31 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA_check_key 3"
.TH RSA_check_key 3 "0.9.6e" "2002-07-30" "OpenSSL"
.TH RSA_check_key 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
RSA_check_key \- validate private \s-1RSA\s0 keys
@@ -174,9 +174,27 @@ This function does not work on \s-1RSA\s0 public keys that have only the modulus
and public exponent elements populated. It performs integrity checks on all
the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private
key data too.
.PP
Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work
transparently with any underlying \s-1ENGINE\s0 implementation because it uses the
key data in the \s-1RSA\s0 structure directly. An \s-1ENGINE\s0 implementation can
override the way key data is stored and handled, and can even provide
support for \s-1HSM\s0 keys \- in which case the \s-1RSA\s0 structure may contain \fBno\fR
key data at all! If the \s-1ENGINE\s0 in question is only being used for
acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key data
is complete and untouched, but this can't be assumed in the general case.
.SH "BUGS"
.IX Header "BUGS"
A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA\s0 \s-1API\s0 functions might need
to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure
elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and
completely violating encapsulation and object-orientation in the process).
The best fix will probably be to introduce a \*(L"\fIcheck_key()\fR\*(R" handler to the
\&\s-1RSA_METHOD\s0 function table so that alternative implementations can also
provide their own verifiers.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
rsa(3), err(3)
rsa(3), ERR_get_error(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIRSA_check()\fR appeared in OpenSSL 0.9.4.
\&\fIRSA_check_key()\fR appeared in OpenSSL 0.9.4.
+4 -3
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:50 2002
.\" Mon Jan 13 19:28:32 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA_generate_key 3"
.TH RSA_generate_key 3 "0.9.6e" "2002-07-30" "OpenSSL"
.TH RSA_generate_key 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
RSA_generate_key \- generate \s-1RSA\s0 key pair
@@ -186,7 +186,8 @@ error codes can be obtained by ERR_get_error(3).
\&\fIRSA_generate_key()\fR goes into an infinite loop for illegal input values.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
err(3), rand(3), rsa(3), RSA_free(3)
ERR_get_error(3), rand(3), rsa(3),
RSA_free(3)
.SH "HISTORY"
.IX Header "HISTORY"
The \fBcb_arg\fR argument was added in SSLeay 0.9.0.
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:50 2002
.\" Mon Jan 13 19:28:33 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA_get_ex_new_index 3"
.TH RSA_get_ex_new_index 3 "0.9.6e" "2000-11-12" "OpenSSL"
.TH RSA_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \- add application specific data to \s-1RSA\s0 structures
+7 -4
View File
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
.\" Tue Jul 30 09:21:51 2002
.\" Mon Jan 13 19:28:34 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA_new 3"
.TH RSA_new 3 "0.9.6e" "2000-04-13" "OpenSSL"
.TH RSA_new 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
RSA_new, RSA_free \- allocate and free \s-1RSA\s0 objects
@@ -155,7 +155,8 @@ RSA_new, RSA_free \- allocate and free \s-1RSA\s0 objects
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure.
\&\fIRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to
calling RSA_new_method(\s-1NULL\s0).
.PP
\&\fIRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is
erased before the memory is returned to the system.
@@ -168,7 +169,9 @@ a pointer to the newly allocated structure.
\&\fIRSA_free()\fR returns no value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
err(3), rsa(3), RSA_generate_key(3)
ERR_get_error(3), rsa(3),
RSA_generate_key(3),
RSA_new_method(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIRSA_new()\fR and \fIRSA_free()\fR are available in all versions of SSLeay and OpenSSL.

Some files were not shown because too many files have changed in this diff Show More