diff options
662 files changed, 3303 insertions, 2204 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index 0d66a556b7b6..4b68f4832909 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -7,6 +7,42 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1 and 1.1.1a [20 Nov 2018] + + *) Timing vulnerability in DSA signature generation + + The OpenSSL DSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. + (CVE-2018-0734) + [Paul Dale] + + *) Timing vulnerability in ECDSA signature generation + + The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser. + (CVE-2018-0735) + [Paul Dale] + + *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for + the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names + are retained for backwards compatibility. + [Antoine Salon] + + *) Fixed the issue that RAND_add()/RAND_seed() silently discards random input + if its length exceeds 4096 bytes. The limit has been raised to a buffer size + of two gigabytes and the error handling improved. + + This issue was reported to OpenSSL by Dr. Falko Strenzke. It has been + categorized as a normal bug, not a security issue, because the DRBG reseeds + automatically and is fully functional even without additional randomness + provided by the application. + Changes between 1.1.0i and 1.1.1 [11 Sep 2018] *) Add a new ClientHello callback. Provides a callback interface that gives @@ -13103,4 +13139,3 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 bytes sent in the client random. [Edward Bishop <ebishop@spyglass.com>] - diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure index 3baa8ce016f8..d5dc36c285ba 100755 --- a/crypto/openssl/Configure +++ b/crypto/openssl/Configure @@ -1013,13 +1013,18 @@ if (scalar(@seed_sources) == 0) { if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) { die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1; warn <<_____ if scalar(@seed_sources) == 1; -You have selected the --with-rand-seed=none option, which effectively disables -automatic reseeding of the OpenSSL random generator. All operations depending -on the random generator such as creating keys will not work unless the random -generator is seeded manually by the application. -Please read the 'Note on random number generation' section in the INSTALL -instructions and the RAND_DRBG(7) manual page for more details. +============================== WARNING =============================== +You have selected the --with-rand-seed=none option, which effectively +disables automatic reseeding of the OpenSSL random generator. +All operations depending on the random generator such as creating keys +will not work unless the random generator is seeded manually by the +application. + +Please read the 'Note on random number generation' section in the +INSTALL instructions and the RAND_DRBG(7) manual page for more details. +============================== WARNING =============================== + _____ } push @{$config{openssl_other_defines}}, @@ -2174,6 +2179,16 @@ EOF # Massage the result + # If the user configured no-shared, we allow no shared sources + if ($disabled{shared}) { + foreach (keys %{$unified_info{shared_sources}}) { + foreach (keys %{$unified_info{shared_sources}->{$_}}) { + delete $unified_info{sources}->{$_}; + } + } + $unified_info{shared_sources} = {}; + } + # If we depend on a header file or a perl module, add an inclusion of # its directory to allow smoothe inclusion foreach my $dest (keys %{$unified_info{depends}}) { @@ -2198,8 +2213,8 @@ EOF next unless defined($unified_info{includes}->{$dest}->{$k}); my @incs = reverse @{$unified_info{includes}->{$dest}->{$k}}; foreach my $obj (grep /\.o$/, - (keys %{$unified_info{sources}->{$dest}}, - keys %{$unified_info{shared_sources}->{$dest}})) { + (keys %{$unified_info{sources}->{$dest} // {}}, + keys %{$unified_info{shared_sources}->{$dest} // {}})) { foreach my $inc (@incs) { unshift @{$unified_info{includes}->{$obj}->{$k}}, $inc unless grep { $_ eq $inc } @{$unified_info{includes}->{$obj}->{$k}}; @@ -2238,6 +2253,42 @@ EOF [ @{$unified_info{includes}->{$dest}->{source}} ]; } } + + # For convenience collect information regarding directories where + # files are generated, those generated files and the end product + # they end up in where applicable. Then, add build rules for those + # directories + my %loopinfo = ( "lib" => [ @{$unified_info{libraries}} ], + "dso" => [ @{$unified_info{engines}} ], + "bin" => [ @{$unified_info{programs}} ], + "script" => [ @{$unified_info{scripts}} ] ); + foreach my $type (keys %loopinfo) { + foreach my $product (@{$loopinfo{$type}}) { + my %dirs = (); + my $pd = dirname($product); + + foreach (@{$unified_info{sources}->{$product} // []}, + @{$unified_info{shared_sources}->{$product} // []}) { + my $d = dirname($_); + + # We don't want to create targets for source directories + # when building out of source + next if ($config{sourcedir} ne $config{builddir} + && $d =~ m|^\Q$config{sourcedir}\E|); + # We already have a "test" target, and the current directory + # is just silly to make a target for + next if $d eq "test" || $d eq "."; + + $dirs{$d} = 1; + push @{$unified_info{dirinfo}->{$d}->{deps}}, $_ + if $d ne $pd; + } + foreach (keys %dirs) { + push @{$unified_info{dirinfo}->{$_}->{products}->{$type}}, + $product; + } + } + } } # For the schemes that need it, we provide the old *_obj configs @@ -2712,10 +2763,16 @@ print <<"EOF"; ********************************************************************** *** *** -*** If you want to report a building issue, please include the *** -*** output from this command: *** +*** OpenSSL has been successfully configured *** +*** *** +*** If you encounter a problem while building, please open an *** +*** issue on GitHub <https://github.com/openssl/openssl/issues> *** +*** and include the output from the following command: *** +*** *** +*** perl configdata.pm --dump *** *** *** -*** perl configdata.pm --dump *** +*** (If you are new to OpenSSL, you might want to consult the *** +*** 'Troubleshooting' section in the INSTALL file first) *** *** *** ********************************************************************** EOF diff --git a/crypto/openssl/INSTALL b/crypto/openssl/INSTALL index ff0aa6d12792..4ce6651b6b34 100644 --- a/crypto/openssl/INSTALL +++ b/crypto/openssl/INSTALL @@ -614,8 +614,8 @@ Windows, and as a comma separated list of libraries on VMS. RANLIB The library archive indexer. - RC The Windows resources manipulator. - RCFLAGS Flags for the Windows reources manipulator. + RC The Windows resource compiler. + RCFLAGS Flags for the Windows resource compiler. RM The command to remove files and directories. These cannot be mixed with compiling / linking flags given @@ -969,7 +969,7 @@ BUILDFILE Use a different build file name than the platform default - ("Makefile" on Unixly platforms, "makefile" on native Windows, + ("Makefile" on Unix-like platforms, "makefile" on native Windows, "descrip.mms" on OpenVMS). This requires that there is a corresponding build file template. See Configurations/README for further information. @@ -1171,7 +1171,7 @@ part of the file name, i.e. for OpenSSL 1.1.x, 1.1 is somehow part of the name. - On most POSIXly platforms, shared libraries are named libcrypto.so.1.1 + On most POSIX platforms, shared libraries are named libcrypto.so.1.1 and libssl.so.1.1. on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll @@ -1202,7 +1202,7 @@ The seeding method can be configured using the --with-rand-seed option, which can be used to specify a comma separated list of seed methods. However in most cases OpenSSL will choose a suitable default method, - so it is not necessary to explicitely provide this option. Note also + so it is not necessary to explicitly provide this option. Note also that not all methods are available on all platforms. I) On operating systems which provide a suitable randomness source (in diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS index 45c183c9b291..b95e93027f83 100644 --- a/crypto/openssl/NEWS +++ b/crypto/openssl/NEWS @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] + + o Timing vulnerability in DSA signature generation (CVE-2018-0734) + o Timing vulnerability in ECDSA signature generation (CVE-2018-0735) + Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3 diff --git a/crypto/openssl/README b/crypto/openssl/README index e70acb3139b6..affb172e8ba8 100644 --- a/crypto/openssl/README +++ b/crypto/openssl/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1 11 Sep 2018 + OpenSSL 1.1.1a 20 Nov 2018 Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/openssl/apps/app_rand.c b/crypto/openssl/apps/app_rand.c index 28caad41a7d8..2b0bbde03423 100644 --- a/crypto/openssl/apps/app_rand.c +++ b/crypto/openssl/apps/app_rand.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,7 +26,6 @@ void app_RAND_load_conf(CONF *c, const char *section) if (RAND_load_file(randfile, -1) < 0) { BIO_printf(bio_err, "Can't load %s into RNG\n", randfile); ERR_print_errors(bio_err); - return; } if (save_rand_file == NULL) save_rand_file = OPENSSL_strdup(randfile); diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c index 9be656054a45..653e3973e04d 100644 --- a/crypto/openssl/apps/apps.c +++ b/crypto/openssl/apps/apps.c @@ -1831,6 +1831,12 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti) opt_getprog(), typestr); continue; } + if (*valstr == '\0') { + BIO_printf(bio_err, + "%s: No value provided for Subject Attribute %s, skipped\n", + opt_getprog(), typestr); + continue; + } if (!X509_NAME_add_entry_by_NID(n, nid, chtype, valstr, strlen((char *)valstr), -1, ismulti ? -1 : 0)) diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h index 5b98d27500ce..d9eb650eb211 100644 --- a/crypto/openssl/apps/apps.h +++ b/crypto/openssl/apps/apps.h @@ -369,7 +369,7 @@ typedef struct string_int_pair_st { # define OPT_FMT_SMIME (1L << 3) # define OPT_FMT_ENGINE (1L << 4) # define OPT_FMT_MSBLOB (1L << 5) -# define OPT_FMT_NETSCAPE (1L << 6) +/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */ # define OPT_FMT_NSS (1L << 7) # define OPT_FMT_TEXT (1L << 8) # define OPT_FMT_HTTP (1L << 9) @@ -378,8 +378,8 @@ typedef struct string_int_pair_st { # define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME) # define OPT_FMT_ANY ( \ OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \ - OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \ - OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK) + OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \ + OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK) char *opt_progname(const char *argv0); char *opt_getprog(void); diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c index 48f7cd197387..69207c0662ed 100644 --- a/crypto/openssl/apps/ca.c +++ b/crypto/openssl/apps/ca.c @@ -605,7 +605,7 @@ end_of_options: /* * outdir is a directory spec, but access() for VMS demands a * filename. We could use the DEC C routine to convert the - * directory syntax to Unixly, and give that to app_isdir, + * directory syntax to Unix, and give that to app_isdir, * but for now the fopen will catch the error if it's not a * directory */ @@ -976,7 +976,7 @@ end_of_options: BIO_printf(bio_err, "Write out database with %d new entries\n", sk_X509_num(cert_sk)); - if (!rand_ser + if (serialfile != NULL && !save_serial(serialfile, "new", serial, NULL)) goto end; @@ -1044,7 +1044,8 @@ end_of_options: if (sk_X509_num(cert_sk)) { /* Rename the database and the serial file */ - if (!rotate_serial(serialfile, "new", "old")) + if (serialfile != NULL + && !rotate_serial(serialfile, "new", "old")) goto end; if (!rotate_index(dbfile, "new", "old")) @@ -1177,10 +1178,9 @@ end_of_options: } /* we have a CRL number that need updating */ - if (crlnumberfile != NULL) - if (!rand_ser - && !save_serial(crlnumberfile, "new", crlnumber, NULL)) - goto end; + if (crlnumberfile != NULL + && !save_serial(crlnumberfile, "new", crlnumber, NULL)) + goto end; BN_free(crlnumber); crlnumber = NULL; @@ -1195,9 +1195,10 @@ end_of_options: PEM_write_bio_X509_CRL(Sout, crl); - if (crlnumberfile != NULL) /* Rename the crlnumber file */ - if (!rotate_serial(crlnumberfile, "new", "old")) - goto end; + /* Rename the crlnumber file */ + if (crlnumberfile != NULL + && !rotate_serial(crlnumberfile, "new", "old")) + goto end; } /*****************************************************************/ diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c index eb822c2696eb..7fd78624bbcc 100644 --- a/crypto/openssl/apps/ocsp.c +++ b/crypto/openssl/apps/ocsp.c @@ -950,6 +950,7 @@ static void spawn_loop(void) sleep(30); break; case 0: /* child */ + OPENSSL_free(kidpids); signal(SIGINT, SIG_DFL); signal(SIGTERM, SIG_DFL); if (termsig) @@ -976,6 +977,7 @@ static void spawn_loop(void) } /* The loop above can only break on termsig */ + OPENSSL_free(kidpids); syslog(LOG_INFO, "terminating on signal: %d", termsig); killall(0, kidpids); } diff --git a/crypto/openssl/apps/openssl.cnf b/crypto/openssl/apps/openssl.cnf index a1520e496915..24538651ebb7 100644 --- a/crypto/openssl/apps/openssl.cnf +++ b/crypto/openssl/apps/openssl.cnf @@ -11,7 +11,6 @@ # This definition stops the following lines choking if HOME isn't # defined. HOME = . -RANDFILE = $ENV::HOME/.rnd # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid @@ -58,7 +57,6 @@ crlnumber = $dir/crlnumber # the current crl number # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert # The extensions to add to the cert diff --git a/crypto/openssl/apps/opt.c b/crypto/openssl/apps/opt.c index cc1418449e29..666856535d5e 100644 --- a/crypto/openssl/apps/opt.c +++ b/crypto/openssl/apps/opt.c @@ -168,7 +168,6 @@ static OPT_PAIR formats[] = { {"smime", OPT_FMT_SMIME}, {"engine", OPT_FMT_ENGINE}, {"msblob", OPT_FMT_MSBLOB}, - {"netscape", OPT_FMT_NETSCAPE}, {"nss", OPT_FMT_NSS}, {"text", OPT_FMT_TEXT}, {"http", OPT_FMT_HTTP}, diff --git a/crypto/openssl/apps/rehash.c b/crypto/openssl/apps/rehash.c index de7217cb1003..bb41d3129f9c 100644 --- a/crypto/openssl/apps/rehash.c +++ b/crypto/openssl/apps/rehash.c @@ -1,6 +1,6 @@ /* * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com> + * Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com> * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/apps/rsa.c b/crypto/openssl/apps/rsa.c index 6458b3d9c5aa..fdd02dce3241 100644 --- a/crypto/openssl/apps/rsa.c +++ b/crypto/openssl/apps/rsa.c @@ -38,8 +38,8 @@ typedef enum OPTION_choice { const OPTIONS rsa_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, - {"inform", OPT_INFORM, 'f', "Input format, one of DER NET PEM"}, - {"outform", OPT_OUTFORM, 'f', "Output format, one of DER NET PEM PVK"}, + {"inform", OPT_INFORM, 'f', "Input format, one of DER PEM"}, + {"outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK"}, {"in", OPT_IN, 's', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"}, @@ -269,6 +269,9 @@ int rsa_main(int argc, char **argv) } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); + if (pk == NULL) + goto end; + EVP_PKEY_set1_RSA(pk, rsa); if (outformat == FORMAT_PVK) { if (pubin) { diff --git a/crypto/openssl/apps/s_cb.c b/crypto/openssl/apps/s_cb.c index 46b386428461..2d4568f40ccb 100644 --- a/crypto/openssl/apps/s_cb.c +++ b/crypto/openssl/apps/s_cb.c @@ -394,7 +394,8 @@ int ssl_print_groups(BIO *out, SSL *s, int noshared) int ssl_print_tmp_key(BIO *out, SSL *s) { EVP_PKEY *key; - if (!SSL_get_server_tmp_key(s, &key)) + + if (!SSL_get_peer_tmp_key(s, &key)) return 1; BIO_puts(out, "Server Temp Key: "); switch (EVP_PKEY_id(key)) { diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c index e3bb1a672d01..ac7dca607ba4 100644 --- a/crypto/openssl/apps/s_server.c +++ b/crypto/openssl/apps/s_server.c @@ -193,9 +193,8 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity, if (strlen(psk_identity) != identity_len || memcmp(psk_identity, identity, identity_len) != 0) { - BIO_printf(bio_s_out, - "PSK warning: client identity not what we expected" - " (got '%s' expected '%s')\n", identity, psk_identity); + *sess = NULL; + return 1; } if (psksess != NULL) { @@ -1622,6 +1621,11 @@ int s_server_main(int argc, char *argv[]) goto end; } #endif + if (early_data && (www > 0 || rev)) { + BIO_printf(bio_err, + "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n"); + goto end; + } #ifndef OPENSSL_NO_SCTP if (protocol == IPPROTO_SCTP) { diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c index a4879179e414..40e990408ab9 100644 --- a/crypto/openssl/apps/speed.c +++ b/crypto/openssl/apps/speed.c @@ -2896,7 +2896,7 @@ int speed_main(int argc, char **argv) if (rsa_count <= 1) { /* if longer than 10s, don't do any more */ - for (testnum++; testnum < EC_NUM; testnum++) + for (testnum++; testnum < ECDSA_NUM; testnum++) ecdsa_doit[testnum] = 0; } } diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c index d40960c0b93f..81291a9a4f90 100644 --- a/crypto/openssl/apps/x509.c +++ b/crypto/openssl/apps/x509.c @@ -67,10 +67,10 @@ typedef enum OPTION_choice { const OPTIONS x509_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'f', - "Input format - default PEM (one of DER, NET or PEM)"}, + "Input format - default PEM (one of DER or PEM)"}, {"in", OPT_IN, '<', "Input file - default stdin"}, {"outform", OPT_OUTFORM, 'f', - "Output format - default PEM (one of DER, NET or PEM)"}, + "Output format - default PEM (one of DER or PEM)"}, {"out", OPT_OUT, '>', "Output file - default stdout"}, {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"}, {"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"}, diff --git a/crypto/openssl/crypto/LPdir_unix.c b/crypto/openssl/crypto/LPdir_unix.c index 356089d7fd34..b1022895c855 100644 --- a/crypto/openssl/crypto/LPdir_unix.c +++ b/crypto/openssl/crypto/LPdir_unix.c @@ -51,7 +51,7 @@ #endif /* - * The POSIXly macro for the maximum number of characters in a file path is + * The POSIX macro for the maximum number of characters in a file path is * NAME_MAX. However, some operating systems use PATH_MAX instead. * Therefore, it seems natural to first check for PATH_MAX and use that, and * if it doesn't exist, use NAME_MAX. diff --git a/crypto/openssl/crypto/async/arch/async_posix.h b/crypto/openssl/crypto/async/arch/async_posix.h index b07c2cb01beb..62449fe60e04 100644 --- a/crypto/openssl/crypto/async/arch/async_posix.h +++ b/crypto/openssl/crypto/async/arch/async_posix.h @@ -17,7 +17,8 @@ # include <unistd.h> -# if _POSIX_VERSION >= 200112L +# if _POSIX_VERSION >= 200112L \ + && (_POSIX_VERSION < 200809L || defined(__GLIBC__)) # include <pthread.h> diff --git a/crypto/openssl/crypto/bio/b_sock2.c b/crypto/openssl/crypto/bio/b_sock2.c index 823732d64e1a..5d82ab22dc30 100644 --- a/crypto/openssl/crypto/bio/b_sock2.c +++ b/crypto/openssl/crypto/bio/b_sock2.c @@ -133,7 +133,9 @@ int BIO_connect(int sock, const BIO_ADDR *addr, int options) */ int BIO_bind(int sock, const BIO_ADDR *addr, int options) { +# ifndef OPENSSL_SYS_WINDOWS int on = 1; +# endif if (sock == -1) { BIOerr(BIO_F_BIO_BIND, BIO_R_INVALID_SOCKET); diff --git a/crypto/openssl/crypto/bio/bio_lib.c b/crypto/openssl/crypto/bio/bio_lib.c index 95eef7d4bf5b..ca375b911ae8 100644 --- a/crypto/openssl/crypto/bio/bio_lib.c +++ b/crypto/openssl/crypto/bio/bio_lib.c @@ -52,7 +52,7 @@ static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len, argi = (int)len; } - if (inret && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { + if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { if (*processed > INT_MAX) return -1; inret = *processed; @@ -60,7 +60,7 @@ static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len, ret = b->callback(b, oper, argp, argi, argl, inret); - if (ret >= 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { + if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { *processed = (size_t)ret; ret = 1; } diff --git a/crypto/openssl/crypto/bio/bss_log.c b/crypto/openssl/crypto/bio/bss_log.c index 4324f2412681..e9ab932ec295 100644 --- a/crypto/openssl/crypto/bio/bss_log.c +++ b/crypto/openssl/crypto/bio/bss_log.c @@ -408,4 +408,9 @@ static void xcloselog(BIO *bp) # endif /* Unix */ +#else /* NO_SYSLOG */ +const BIO_METHOD *BIO_s_log(void) +{ + return NULL; +} #endif /* NO_SYSLOG */ diff --git a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c b/crypto/openssl/crypto/bn/asm/x86_64-gcc.c index d38f33716477..31839ba060fa 100644 --- a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/openssl/crypto/bn/asm/x86_64-gcc.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -64,12 +64,6 @@ * machine. */ -# if defined(_WIN64) || !defined(__LP64__) -# define BN_ULONG unsigned long long -# else -# define BN_ULONG unsigned long -# endif - # undef mul # undef mul_add diff --git a/crypto/openssl/crypto/bn/bn_exp.c b/crypto/openssl/crypto/bn/bn_exp.c index 2c92d7eac9d5..c026ffcb339c 100644 --- a/crypto/openssl/crypto/bn/bn_exp.c +++ b/crypto/openssl/crypto/bn/bn_exp.c @@ -1077,7 +1077,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, * is not only slower but also makes each bit vulnerable to * EM (and likely other) side-channel attacks like One&Done * (for details see "One&Done: A Single-Decryption EM-Based - * Attack on OpenSSL’s Constant-Time Blinded RSA" by M. Alam, + * Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam, * H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and * M. Prvulovic, in USENIX Security'18) */ diff --git a/crypto/openssl/crypto/bn/bn_lib.c b/crypto/openssl/crypto/bn/bn_lib.c index 266a3dd3046b..80f910c80779 100644 --- a/crypto/openssl/crypto/bn/bn_lib.c +++ b/crypto/openssl/crypto/bn/bn_lib.c @@ -767,26 +767,30 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) b->neg ^= t; /*- - * Idea behind BN_FLG_STATIC_DATA is actually to - * indicate that data may not be written to. - * Intention is actually to treat it as it's - * read-only data, and some (if not most) of it does - * reside in read-only segment. In other words - * observation of BN_FLG_STATIC_DATA in - * BN_consttime_swap should be treated as fatal - * condition. It would either cause SEGV or - * effectively cause data corruption. - * BN_FLG_MALLOCED refers to BN structure itself, - * and hence must be preserved. Remaining flags are - * BN_FLG_CONSTIME and BN_FLG_SECURE. Latter must be - * preserved, because it determines how x->d was - * allocated and hence how to free it. This leaves - * BN_FLG_CONSTTIME that one can do something about. - * To summarize it's sufficient to mask and swap - * BN_FLG_CONSTTIME alone. BN_FLG_STATIC_DATA should - * be treated as fatal. + * BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention + * is actually to treat it as it's read-only data, and some (if not most) + * of it does reside in read-only segment. In other words observation of + * BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal + * condition. It would either cause SEGV or effectively cause data + * corruption. + * + * BN_FLG_MALLOCED: refers to BN structure itself, and hence must be + * preserved. + * + * BN_FLG_SECURE: must be preserved, because it determines how x->d was + * allocated and hence how to free it. + * + * BN_FLG_CONSTTIME: sufficient to mask and swap + * + * BN_FLG_FIXED_TOP: indicates that we haven't called bn_correct_top() on + * the data, so the d array may be padded with additional 0 values (i.e. + * top could be greater than the minimal value that it could be). We should + * be swapping it */ - t = ((a->flags ^ b->flags) & BN_FLG_CONSTTIME) & condition; + +#define BN_CONSTTIME_SWAP_FLAGS (BN_FLG_CONSTTIME | BN_FLG_FIXED_TOP) + + t = ((a->flags ^ b->flags) & BN_CONSTTIME_SWAP_FLAGS) & condition; a->flags ^= t; b->flags ^= t; diff --git a/crypto/openssl/crypto/build.info b/crypto/openssl/crypto/build.info index b515b7318efb..2c619c62e843 100644 --- a/crypto/openssl/crypto/build.info +++ b/crypto/openssl/crypto/build.info @@ -2,7 +2,7 @@ LIBS=../libcrypto SOURCE[../libcrypto]=\ cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \ ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \ - threads_pthread.c threads_win.c threads_none.c \ + threads_pthread.c threads_win.c threads_none.c getenv.c \ o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \ {- $target{uplink_aux_src} -} EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \ diff --git a/crypto/openssl/crypto/conf/conf_api.c b/crypto/openssl/crypto/conf/conf_api.c index 72fe2da1ad78..5e57d749ce5e 100644 --- a/crypto/openssl/crypto/conf/conf_api.c +++ b/crypto/openssl/crypto/conf/conf_api.c @@ -10,6 +10,7 @@ /* Part of the code in here was originally in conf.c, which is now removed */ #include "e_os.h" +#include "internal/cryptlib.h" #include <stdlib.h> #include <string.h> #include <openssl/conf.h> @@ -82,7 +83,7 @@ char *_CONF_get_string(const CONF *conf, const char *section, if (v != NULL) return v->value; if (strcmp(section, "ENV") == 0) { - p = getenv(name); + p = ossl_safe_getenv(name); if (p != NULL) return p; } @@ -95,7 +96,7 @@ char *_CONF_get_string(const CONF *conf, const char *section, else return NULL; } else - return getenv(name); + return ossl_safe_getenv(name); } static unsigned long conf_value_hash(const CONF_VALUE *v) diff --git a/crypto/openssl/crypto/conf/conf_mod.c b/crypto/openssl/crypto/conf/conf_mod.c index df53609cc47e..51f262e774dd 100644 --- a/crypto/openssl/crypto/conf/conf_mod.c +++ b/crypto/openssl/crypto/conf/conf_mod.c @@ -480,11 +480,8 @@ char *CONF_get1_default_config_file(void) char *file, *sep = ""; int len; - if (!OPENSSL_issetugid()) { - file = getenv("OPENSSL_CONF"); - if (file) - return OPENSSL_strdup(file); - } + if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL) + return OPENSSL_strdup(file); len = strlen(X509_get_default_cert_area()); #ifndef OPENSSL_SYS_VMS diff --git a/crypto/openssl/crypto/cryptlib.c b/crypto/openssl/crypto/cryptlib.c index b1e535a69596..1cd77c96d2f7 100644 --- a/crypto/openssl/crypto/cryptlib.c +++ b/crypto/openssl/crypto/cryptlib.c @@ -204,7 +204,7 @@ int OPENSSL_isservice(void) if (_OPENSSL_isservice.p == NULL) { HANDLE mod = GetModuleHandle(NULL); - FARPROC f; + FARPROC f = NULL; if (mod != NULL) f = GetProcAddress(mod, "_OPENSSL_isservice"); diff --git a/crypto/openssl/crypto/ct/ct_log.c b/crypto/openssl/crypto/ct/ct_log.c index be6681dca74e..c1bca3e1415e 100644 --- a/crypto/openssl/crypto/ct/ct_log.c +++ b/crypto/openssl/crypto/ct/ct_log.c @@ -137,7 +137,7 @@ static int ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *sec int CTLOG_STORE_load_default_file(CTLOG_STORE *store) { - const char *fpath = getenv(CTLOG_FILE_EVP); + const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP); if (fpath == NULL) fpath = CTLOG_FILE; diff --git a/crypto/openssl/crypto/dsa/dsa_gen.c b/crypto/openssl/crypto/dsa/dsa_gen.c index 46f4f01ee0e4..383d853b6d37 100644 --- a/crypto/openssl/crypto/dsa/dsa_gen.c +++ b/crypto/openssl/crypto/dsa/dsa_gen.c @@ -327,6 +327,12 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, if (mctx == NULL) goto err; + /* make sure L > N, otherwise we'll get trapped in an infinite loop */ + if (L <= N) { + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS); + goto err; + } + if (evpmd == NULL) { if (N == 160) evpmd = EVP_sha1(); diff --git a/crypto/openssl/crypto/dsa/dsa_ossl.c b/crypto/openssl/crypto/dsa/dsa_ossl.c index ac1f65a51a75..7a0b0874c54e 100644 --- a/crypto/openssl/crypto/dsa/dsa_ossl.c +++ b/crypto/openssl/crypto/dsa/dsa_ossl.c @@ -9,6 +9,7 @@ #include <stdio.h> #include "internal/cryptlib.h" +#include "internal/bn_int.h" #include <openssl/bn.h> #include <openssl/sha.h> #include "dsa_locl.h" @@ -23,6 +24,8 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa); static int dsa_init(DSA *dsa); static int dsa_finish(DSA *dsa); +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx); static DSA_METHOD openssl_dsa_meth = { "OpenSSL DSA method", @@ -178,9 +181,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, { BN_CTX *ctx = NULL; BIGNUM *k, *kinv = NULL, *r = *rp; - BIGNUM *l, *m; + BIGNUM *l; int ret = 0; - int q_bits; + int q_bits, q_words; if (!dsa->p || !dsa->q || !dsa->g) { DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS); @@ -189,8 +192,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, k = BN_new(); l = BN_new(); - m = BN_new(); - if (k == NULL || l == NULL || m == NULL) + if (k == NULL || l == NULL) goto err; if (ctx_in == NULL) { @@ -201,9 +203,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, /* Preallocate space */ q_bits = BN_num_bits(dsa->q); - if (!BN_set_bit(k, q_bits) - || !BN_set_bit(l, q_bits) - || !BN_set_bit(m, q_bits)) + q_words = bn_get_top(dsa->q); + if (!bn_wexpand(k, q_words + 2) + || !bn_wexpand(l, q_words + 2)) goto err; /* Get random k */ @@ -221,6 +223,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, } while (BN_is_zero(k)); BN_set_flags(k, BN_FLG_CONSTTIME); + BN_set_flags(l, BN_FLG_CONSTTIME); if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, @@ -238,14 +241,17 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, * small timing information leakage. We then choose the sum that is * one bit longer than the modulus. * - * TODO: revisit the BN_copy aiming for a memory access agnostic - * conditional copy. + * There are some concerns about the efficacy of doing this. More + * specificly refer to the discussion starting with: + * https://github.com/openssl/openssl/pull/7486#discussion_r228323705 + * The fix is to rework BN so these gymnastics aren't required. */ if (!BN_add(l, k, dsa->q) - || !BN_add(m, l, dsa->q) - || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m)) + || !BN_add(k, l, dsa->q)) goto err; + BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2); + if ((dsa)->meth->bn_mod_exp != NULL) { if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx, dsa->method_mont_p)) @@ -258,8 +264,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, if (!BN_mod(r, r, dsa->q, ctx)) goto err; - /* Compute part of 's = inv(k) (m + xr) mod q' */ - if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL) + /* Compute part of 's = inv(k) (m + xr) mod q' */ + if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL) goto err; BN_clear_free(*kinvp); @@ -273,7 +279,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BN_CTX_free(ctx); BN_clear_free(k); BN_clear_free(l); - BN_clear_free(m); return ret; } @@ -393,3 +398,31 @@ static int dsa_finish(DSA *dsa) BN_MONT_CTX_free(dsa->method_mont_p); return 1; } + +/* + * Compute the inverse of k modulo q. + * Since q is prime, Fermat's Little Theorem applies, which reduces this to + * mod-exp operation. Both the exponent and modulus are public information + * so a mod-exp that doesn't leak the base is sufficient. A newly allocated + * BIGNUM is returned which the caller must free. + */ +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx) +{ + BIGNUM *res = NULL; + BIGNUM *r, *e; + + if ((r = BN_new()) == NULL) + return NULL; + + BN_CTX_start(ctx); + if ((e = BN_CTX_get(ctx)) != NULL + && BN_set_word(r, 2) + && BN_sub(e, q, r) + && BN_mod_exp_mont(r, k, e, q, ctx, NULL)) + res = r; + else + BN_free(r); + BN_CTX_end(ctx); + return res; +} diff --git a/crypto/openssl/crypto/ec/ec_ameth.c b/crypto/openssl/crypto/ec/ec_ameth.c index 21302685d877..a3164b5b2ed9 100644 --- a/crypto/openssl/crypto/ec/ec_ameth.c +++ b/crypto/openssl/crypto/ec/ec_ameth.c @@ -699,7 +699,7 @@ static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid) if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0) return 0; - if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0) + if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0) return 0; kdf_md = EVP_get_digestbynid(kdfmd_nid); @@ -864,7 +864,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) ecdh_nid = NID_dh_cofactor_kdf; if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) { - kdf_type = EVP_PKEY_ECDH_KDF_X9_62; + kdf_type = EVP_PKEY_ECDH_KDF_X9_63; if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0) goto err; } else diff --git a/crypto/openssl/crypto/ec/ec_mult.c b/crypto/openssl/crypto/ec/ec_mult.c index 7e1b3650e76a..0e0a5e1394af 100644 --- a/crypto/openssl/crypto/ec/ec_mult.c +++ b/crypto/openssl/crypto/ec/ec_mult.c @@ -206,8 +206,8 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, */ cardinality_bits = BN_num_bits(cardinality); group_top = bn_get_top(cardinality); - if ((bn_wexpand(k, group_top + 1) == NULL) - || (bn_wexpand(lambda, group_top + 1) == NULL)) { + if ((bn_wexpand(k, group_top + 2) == NULL) + || (bn_wexpand(lambda, group_top + 2) == NULL)) { ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); goto err; } @@ -244,7 +244,7 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, * k := scalar + 2*cardinality */ kbit = BN_is_bit_set(lambda, cardinality_bits); - BN_consttime_swap(kbit, k, lambda, group_top + 1); + BN_consttime_swap(kbit, k, lambda, group_top + 2); group_top = bn_get_top(group->field); if ((bn_wexpand(s->X, group_top) == NULL) diff --git a/crypto/openssl/crypto/ec/ec_pmeth.c b/crypto/openssl/crypto/ec/ec_pmeth.c index 5bee031b9201..f4ad0749ef45 100644 --- a/crypto/openssl/crypto/ec/ec_pmeth.c +++ b/crypto/openssl/crypto/ec/ec_pmeth.c @@ -209,7 +209,7 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx, if (!pkey_ec_derive(ctx, ktmp, &ktmplen)) goto err; /* Do KDF stuff */ - if (!ECDH_KDF_X9_62(key, *keylen, ktmp, ktmplen, + if (!ecdh_KDF_X9_63(key, *keylen, ktmp, ktmplen, dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md)) goto err; rv = 1; @@ -281,7 +281,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case EVP_PKEY_CTRL_EC_KDF_TYPE: if (p1 == -2) return dctx->kdf_type; - if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_62) + if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_63) return -2; dctx->kdf_type = p1; return 1; diff --git a/crypto/openssl/crypto/ec/ecdh_kdf.c b/crypto/openssl/crypto/ec/ecdh_kdf.c index d47486eb346d..d686f9d897df 100644 --- a/crypto/openssl/crypto/ec/ecdh_kdf.c +++ b/crypto/openssl/crypto/ec/ecdh_kdf.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,12 +10,13 @@ #include <string.h> #include <openssl/ec.h> #include <openssl/evp.h> +#include "ec_lcl.h" -/* Key derivation function from X9.62/SECG */ +/* Key derivation function from X9.63/SECG */ /* Way more than we will ever need */ #define ECDH_KDF_MAX (1 << 30) -int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, +int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, const unsigned char *sinfo, size_t sinfolen, const EVP_MD *md) @@ -66,3 +67,15 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, EVP_MD_CTX_free(mctx); return rv; } + +/*- + * The old name for ecdh_KDF_X9_63 + * Retained for ABI compatibility + */ +int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md) +{ + return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md); +} diff --git a/crypto/openssl/crypto/engine/eng_devcrypto.c b/crypto/openssl/crypto/engine/eng_devcrypto.c index 9deaf5c6188c..4a0ba09a38be 100644 --- a/crypto/openssl/crypto/engine/eng_devcrypto.c +++ b/crypto/openssl/crypto/engine/eng_devcrypto.c @@ -28,6 +28,13 @@ # define CHECK_BSD_STYLE_MACROS #endif +/* + * ONE global file descriptor for all sessions. This allows operations + * such as digest session data copying (see digest_copy()), but is also + * saner... why re-open /dev/crypto for every session? + */ +static int cfd; + /****************************************************************************** * * Ciphers @@ -39,7 +46,6 @@ *****/ struct cipher_ctx { - int cfd; struct session_op sess; /* to pass from init to do_cipher */ @@ -69,7 +75,7 @@ static const struct cipher_data_st { { NID_aes_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC }, { NID_aes_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC }, #ifndef OPENSSL_NO_RC4 - { NID_rc4, 1, 16, 0, CRYPTO_ARC4 }, + { NID_rc4, 1, 16, 0, EVP_CIPH_STREAM_CIPHER, CRYPTO_ARC4 }, #endif #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_CTR) { NID_aes_128_ctr, 16, 128 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR }, @@ -135,19 +141,13 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, const struct cipher_data_st *cipher_d = get_cipher_data(EVP_CIPHER_CTX_nid(ctx)); - if ((cipher_ctx->cfd = open("/dev/crypto", O_RDWR, 0)) < 0) { - SYSerr(SYS_F_OPEN, errno); - return 0; - } - memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess)); cipher_ctx->sess.cipher = cipher_d->devcryptoid; cipher_ctx->sess.keylen = cipher_d->keylen; cipher_ctx->sess.key = (void *)key; cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT; - if (ioctl(cipher_ctx->cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) { + if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) { SYSerr(SYS_F_IOCTL, errno); - close(cipher_ctx->cfd); return 0; } @@ -186,7 +186,7 @@ static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, cryp.flags = COP_FLAG_WRITE_IV; #endif - if (ioctl(cipher_ctx->cfd, CIOCCRYPT, &cryp) < 0) { + if (ioctl(cfd, CIOCCRYPT, &cryp) < 0) { SYSerr(SYS_F_IOCTL, errno); return 0; } @@ -212,14 +212,10 @@ static int cipher_cleanup(EVP_CIPHER_CTX *ctx) struct cipher_ctx *cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); - if (ioctl(cipher_ctx->cfd, CIOCFSESSION, &cipher_ctx->sess) < 0) { + if (ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) < 0) { SYSerr(SYS_F_IOCTL, errno); return 0; } - if (close(cipher_ctx->cfd) < 0) { - SYSerr(SYS_F_CLOSE, errno); - return 0; - } return 1; } @@ -233,14 +229,10 @@ static int known_cipher_nids[OSSL_NELEM(cipher_data)]; static int known_cipher_nids_amount = -1; /* -1 indicates not yet initialised */ static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = { NULL, }; -static void prepare_cipher_methods() +static void prepare_cipher_methods(void) { size_t i; struct session_op sess; - int cfd; - - if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) - return; memset(&sess, 0, sizeof(sess)); sess.key = (void *)"01234567890123456789012345678901234567890123456789"; @@ -255,7 +247,7 @@ static void prepare_cipher_methods() sess.cipher = cipher_data[i].devcryptoid; sess.keylen = cipher_data[i].keylen; if (ioctl(cfd, CIOCGSESSION, &sess) < 0 - || ioctl(cfd, CIOCFSESSION, &sess) < 0) + || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0) continue; if ((known_cipher_methods[i] = @@ -281,8 +273,6 @@ static void prepare_cipher_methods() cipher_data[i].nid; } } - - close(cfd); } static const EVP_CIPHER *get_cipher_method(int nid) @@ -308,7 +298,7 @@ static void destroy_cipher_method(int nid) known_cipher_methods[i] = NULL; } -static void destroy_all_cipher_methods() +static void destroy_all_cipher_methods(void) { size_t i; @@ -329,11 +319,12 @@ static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher, /* * We only support digests if the cryptodev implementation supports multiple - * data updates. Otherwise, we would be forced to maintain a cache, which is - * perilous if there's a lot of data coming in (if someone wants to checksum - * an OpenSSL tarball, for example). + * data updates and session copying. Otherwise, we would be forced to maintain + * a cache, which is perilous if there's a lot of data coming in (if someone + * wants to checksum an OpenSSL tarball, for example). */ -#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL) +#if defined(CIOCCPHASH) && defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL) +#define IMPLEMENT_DIGEST /****************************************************************************** * @@ -346,7 +337,6 @@ static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher, *****/ struct digest_ctx { - int cfd; struct session_op sess; int init; }; @@ -413,19 +403,12 @@ static int digest_init(EVP_MD_CTX *ctx) const struct digest_data_st *digest_d = get_digest_data(EVP_MD_CTX_type(ctx)); - if (digest_ctx->init == 0 - && (digest_ctx->cfd = open("/dev/crypto", O_RDWR, 0)) < 0) { - SYSerr(SYS_F_OPEN, errno); - return 0; - } - digest_ctx->init = 1; memset(&digest_ctx->sess, 0, sizeof(digest_ctx->sess)); digest_ctx->sess.mac = digest_d->devcryptoid; - if (ioctl(digest_ctx->cfd, CIOCGSESSION, &digest_ctx->sess) < 0) { + if (ioctl(cfd, CIOCGSESSION, &digest_ctx->sess) < 0) { SYSerr(SYS_F_IOCTL, errno); - close(digest_ctx->cfd); return 0; } @@ -444,7 +427,7 @@ static int digest_op(struct digest_ctx *ctx, const void *src, size_t srclen, cryp.dst = NULL; cryp.mac = res; cryp.flags = flags; - return ioctl(ctx->cfd, CIOCCRYPT, &cryp); + return ioctl(cfd, CIOCCRYPT, &cryp); } static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) @@ -472,7 +455,7 @@ static int digest_final(EVP_MD_CTX *ctx, unsigned char *md) SYSerr(SYS_F_IOCTL, errno); return 0; } - if (ioctl(digest_ctx->cfd, CIOCFSESSION, &digest_ctx->sess) < 0) { + if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) { SYSerr(SYS_F_IOCTL, errno); return 0; } @@ -480,16 +463,38 @@ static int digest_final(EVP_MD_CTX *ctx, unsigned char *md) return 1; } -static int digest_cleanup(EVP_MD_CTX *ctx) +static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) { - struct digest_ctx *digest_ctx = - (struct digest_ctx *)EVP_MD_CTX_md_data(ctx); + struct digest_ctx *digest_from = + (struct digest_ctx *)EVP_MD_CTX_md_data(from); + struct digest_ctx *digest_to = + (struct digest_ctx *)EVP_MD_CTX_md_data(to); + struct cphash_op cphash; + + if (digest_from == NULL) + return 1; - if (close(digest_ctx->cfd) < 0) { - SYSerr(SYS_F_CLOSE, errno); + if (digest_from->init != 1) { + SYSerr(SYS_F_IOCTL, EINVAL); return 0; } + if (!digest_init(to)) { + SYSerr(SYS_F_IOCTL, errno); + return 0; + } + + cphash.src_ses = digest_from->sess.ses; + cphash.dst_ses = digest_to->sess.ses; + if (ioctl(cfd, CIOCCPHASH, &cphash) < 0) { + SYSerr(SYS_F_IOCTL, errno); + return 0; + } + return 1; +} + +static int digest_cleanup(EVP_MD_CTX *ctx) +{ return 1; } @@ -502,14 +507,10 @@ static int known_digest_nids[OSSL_NELEM(digest_data)]; static int known_digest_nids_amount = -1; /* -1 indicates not yet initialised */ static EVP_MD *known_digest_methods[OSSL_NELEM(digest_data)] = { NULL, }; -static void prepare_digest_methods() +static void prepare_digest_methods(void) { size_t i; struct session_op sess; - int cfd; - - if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) - return; memset(&sess, 0, sizeof(sess)); @@ -522,7 +523,7 @@ static void prepare_digest_methods() */ sess.mac = digest_data[i].devcryptoid; if (ioctl(cfd, CIOCGSESSION, &sess) < 0 - || ioctl(cfd, CIOCFSESSION, &sess) < 0) + || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0) continue; if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid, @@ -532,6 +533,7 @@ static void prepare_digest_methods() || !EVP_MD_meth_set_init(known_digest_methods[i], digest_init) || !EVP_MD_meth_set_update(known_digest_methods[i], digest_update) || !EVP_MD_meth_set_final(known_digest_methods[i], digest_final) + || !EVP_MD_meth_set_copy(known_digest_methods[i], digest_copy) || !EVP_MD_meth_set_cleanup(known_digest_methods[i], digest_cleanup) || !EVP_MD_meth_set_app_datasize(known_digest_methods[i], sizeof(struct digest_ctx))) { @@ -541,8 +543,6 @@ static void prepare_digest_methods() known_digest_nids[known_digest_nids_amount++] = digest_data[i].nid; } } - - close(cfd); } static const EVP_MD *get_digest_method(int nid) @@ -568,7 +568,7 @@ static void destroy_digest_method(int nid) known_digest_methods[i] = NULL; } -static void destroy_all_digest_methods() +static void destroy_all_digest_methods(void) { size_t i; @@ -598,9 +598,12 @@ static int devcrypto_digests(ENGINE *e, const EVP_MD **digest, static int devcrypto_unload(ENGINE *e) { destroy_all_cipher_methods(); -#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL) +#ifdef IMPLEMENT_DIGEST destroy_all_digest_methods(); #endif + + close(cfd); + return 1; } /* @@ -611,23 +614,30 @@ void engine_load_devcrypto_int() { ENGINE *e = NULL; - if (access("/dev/crypto", R_OK | W_OK) < 0) { - fprintf(stderr, - "/dev/crypto not present, not enabling devcrypto engine\n"); + if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) { + fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno)); return; } prepare_cipher_methods(); -#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL) +#ifdef IMPLEMENT_DIGEST prepare_digest_methods(); #endif - if ((e = ENGINE_new()) == NULL) + if ((e = ENGINE_new()) == NULL + || !ENGINE_set_destroy_function(e, devcrypto_unload)) { + ENGINE_free(e); + /* + * We know that devcrypto_unload() won't be called when one of the + * above two calls have failed, so we close cfd explicitly here to + * avoid leaking resources. + */ + close(cfd); return; + } if (!ENGINE_set_id(e, "devcrypto") || !ENGINE_set_name(e, "/dev/crypto engine") - || !ENGINE_set_destroy_function(e, devcrypto_unload) /* * Asymmetric ciphers aren't well supported with /dev/crypto. Among the BSD @@ -664,7 +674,7 @@ void engine_load_devcrypto_int() # endif #endif || !ENGINE_set_ciphers(e, devcrypto_ciphers) -#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL) +#ifdef IMPLEMENT_DIGEST || !ENGINE_set_digests(e, devcrypto_digests) #endif ) { diff --git a/crypto/openssl/crypto/engine/eng_list.c b/crypto/openssl/crypto/engine/eng_list.c index 4bc7ea173cdc..45c339c54157 100644 --- a/crypto/openssl/crypto/engine/eng_list.c +++ b/crypto/openssl/crypto/engine/eng_list.c @@ -317,8 +317,7 @@ ENGINE *ENGINE_by_id(const char *id) * Prevent infinite recursion if we're looking for the dynamic engine. */ if (strcmp(id, "dynamic")) { - if (OPENSSL_issetugid() - || (load_dir = getenv("OPENSSL_ENGINES")) == NULL) + if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == NULL) load_dir = ENGINESDIR; iterator = ENGINE_by_id("dynamic"); if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || diff --git a/crypto/openssl/crypto/err/openssl.txt b/crypto/openssl/crypto/err/openssl.txt index 2c8572ba64ad..5003d8735a4d 100644 --- a/crypto/openssl/crypto/err/openssl.txt +++ b/crypto/openssl/crypto/err/openssl.txt @@ -1014,6 +1014,7 @@ RAND_F_RAND_POOL_ACQUIRE_ENTROPY:122:rand_pool_acquire_entropy RAND_F_RAND_POOL_ADD:103:rand_pool_add RAND_F_RAND_POOL_ADD_BEGIN:113:rand_pool_add_begin RAND_F_RAND_POOL_ADD_END:114:rand_pool_add_end +RAND_F_RAND_POOL_ATTACH:124:rand_pool_attach RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed RAND_F_RAND_POOL_NEW:116:rand_pool_new RAND_F_RAND_WRITE_FILE:112:RAND_write_file diff --git a/crypto/openssl/crypto/evp/e_aes.c b/crypto/openssl/crypto/evp/e_aes.c index 0add393276bc..39eb4f379a99 100644 --- a/crypto/openssl/crypto/evp/e_aes.c +++ b/crypto/openssl/crypto/evp/e_aes.c @@ -2241,7 +2241,7 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (!cctx->aes.ccm.len_set) { /*- - * In case message length was not previously set explicitely via + * In case message length was not previously set explicitly via * Update(), set it now. */ ivec = EVP_CIPHER_CTX_iv_noconst(ctx); diff --git a/crypto/openssl/crypto/evp/e_rc2.c b/crypto/openssl/crypto/evp/e_rc2.c index 80afe316d764..aa0d14018687 100644 --- a/crypto/openssl/crypto/evp/e_rc2.c +++ b/crypto/openssl/crypto/evp/e_rc2.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -92,7 +92,8 @@ static int rc2_meth_to_magic(EVP_CIPHER_CTX *e) { int i; - EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i); + if (EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i) <= 0) + return 0; if (i == 128) return RC2_128_MAGIC; else if (i == 64) @@ -136,8 +137,9 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) return -1; if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1)) return -1; - EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); - if (EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0) + if (EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, + NULL) <= 0 + || EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0) return -1; } return i; diff --git a/crypto/openssl/crypto/evp/pmeth_lib.c b/crypto/openssl/crypto/evp/pmeth_lib.c index 633cb8863d6d..7fbf895e0732 100644 --- a/crypto/openssl/crypto/evp/pmeth_lib.c +++ b/crypto/openssl/crypto/evp/pmeth_lib.c @@ -837,21 +837,21 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey)) { - if (*pcheck) + if (pcheck != NULL) *pcheck = pmeth->check; } void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey)) { - if (*pcheck) + if (pcheck != NULL) *pcheck = pmeth->public_check; } void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey)) { - if (*pcheck) + if (pcheck != NULL) *pcheck = pmeth->param_check; } diff --git a/crypto/openssl/crypto/getenv.c b/crypto/openssl/crypto/getenv.c new file mode 100644 index 000000000000..7e98b645b0d1 --- /dev/null +++ b/crypto/openssl/crypto/getenv.c @@ -0,0 +1,31 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE +#endif + +#include <stdlib.h> +#include "internal/cryptlib.h" + +char *ossl_safe_getenv(const char *name) +{ +#if defined(__GLIBC__) && defined(__GLIBC_PREREQ) +# if __GLIBC_PREREQ(2, 17) +# define SECURE_GETENV + return secure_getenv(name); +# endif +#endif + +#ifndef SECURE_GETENV + if (OPENSSL_issetugid()) + return NULL; + return getenv(name); +#endif +} diff --git a/crypto/openssl/crypto/include/internal/ec_int.h b/crypto/openssl/crypto/include/internal/ec_int.h index bb4b5129d001..182c39cc8056 100644 --- a/crypto/openssl/crypto/include/internal/ec_int.h +++ b/crypto/openssl/crypto/include/internal/ec_int.h @@ -41,5 +41,13 @@ __owur int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, const BIGNUM *x, BN_CTX *ctx); +/*- + * ECDH Key Derivation Function as defined in ANSI X9.63 + */ +int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md); + # endif /* OPENSSL_NO_EC */ #endif diff --git a/crypto/openssl/crypto/include/internal/rand_int.h b/crypto/openssl/crypto/include/internal/rand_int.h index d91ee4c9342c..888cab1b8f66 100644 --- a/crypto/openssl/crypto/include/internal/rand_int.h +++ b/crypto/openssl/crypto/include/internal/rand_int.h @@ -45,18 +45,21 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg, void rand_drbg_cleanup_nonce(RAND_DRBG *drbg, unsigned char *out, size_t outlen); -size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len); +size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout); -void rand_drbg_cleanup_additional_data(unsigned char *out, size_t outlen); +void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out); /* * RAND_POOL functions */ RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len); +RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len, + size_t entropy); void rand_pool_free(RAND_POOL *pool); const unsigned char *rand_pool_buffer(RAND_POOL *pool); unsigned char *rand_pool_detach(RAND_POOL *pool); +void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer); size_t rand_pool_entropy(RAND_POOL *pool); size_t rand_pool_length(RAND_POOL *pool); diff --git a/crypto/openssl/crypto/kdf/hkdf.c b/crypto/openssl/crypto/kdf/hkdf.c index ec6090ad6a7b..ae46fad609ac 100644 --- a/crypto/openssl/crypto/kdf/hkdf.c +++ b/crypto/openssl/crypto/kdf/hkdf.c @@ -175,6 +175,18 @@ static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, return -2; } +static int pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx) +{ + HKDF_PKEY_CTX *kctx = ctx->data; + + OPENSSL_clear_free(kctx->key, kctx->key_len); + OPENSSL_clear_free(kctx->salt, kctx->salt_len); + OPENSSL_cleanse(kctx->info, kctx->info_len); + memset(kctx, 0, sizeof(*kctx)); + + return 1; +} + static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { @@ -236,7 +248,7 @@ const EVP_PKEY_METHOD hkdf_pkey_meth = { 0, 0, - 0, + pkey_hkdf_derive_init, pkey_hkdf_derive, pkey_hkdf_ctrl, pkey_hkdf_ctrl_str diff --git a/crypto/openssl/crypto/mem_sec.c b/crypto/openssl/crypto/mem_sec.c index c4190bed3348..9e0f6702f406 100644 --- a/crypto/openssl/crypto/mem_sec.c +++ b/crypto/openssl/crypto/mem_sec.c @@ -20,12 +20,8 @@ #include <string.h> -/* e_os.h includes unistd.h, which defines _POSIX_VERSION */ -#if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \ - && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \ - || defined(__sun) || defined(__hpux) || defined(__sgi) \ - || defined(__osf__) ) -# define IMPLEMENTED +/* e_os.h defines OPENSSL_SECURE_MEMORY if secure memory can be implemented */ +#ifdef OPENSSL_SECURE_MEMORY # include <stdlib.h> # include <assert.h> # include <unistd.h> @@ -51,7 +47,7 @@ # define MAP_ANON MAP_ANONYMOUS #endif -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY static size_t secure_mem_used; static int secure_mem_initialized; @@ -71,7 +67,7 @@ static int sh_allocated(const char *ptr); int CRYPTO_secure_malloc_init(size_t size, int minsize) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY int ret = 0; if (!secure_mem_initialized) { @@ -89,12 +85,12 @@ int CRYPTO_secure_malloc_init(size_t size, int minsize) return ret; #else return 0; -#endif /* IMPLEMENTED */ +#endif /* OPENSSL_SECURE_MEMORY */ } int CRYPTO_secure_malloc_done(void) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY if (secure_mem_used == 0) { sh_done(); secure_mem_initialized = 0; @@ -102,22 +98,22 @@ int CRYPTO_secure_malloc_done(void) sec_malloc_lock = NULL; return 1; } -#endif /* IMPLEMENTED */ +#endif /* OPENSSL_SECURE_MEMORY */ return 0; } int CRYPTO_secure_malloc_initialized(void) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY return secure_mem_initialized; #else return 0; -#endif /* IMPLEMENTED */ +#endif /* OPENSSL_SECURE_MEMORY */ } void *CRYPTO_secure_malloc(size_t num, const char *file, int line) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY void *ret; size_t actual_size; @@ -132,12 +128,12 @@ void *CRYPTO_secure_malloc(size_t num, const char *file, int line) return ret; #else return CRYPTO_malloc(num, file, line); -#endif /* IMPLEMENTED */ +#endif /* OPENSSL_SECURE_MEMORY */ } void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY if (secure_mem_initialized) /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */ return CRYPTO_secure_malloc(num, file, line); @@ -147,7 +143,7 @@ void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) void CRYPTO_secure_free(void *ptr, const char *file, int line) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY size_t actual_size; if (ptr == NULL) @@ -164,13 +160,13 @@ void CRYPTO_secure_free(void *ptr, const char *file, int line) CRYPTO_THREAD_unlock(sec_malloc_lock); #else CRYPTO_free(ptr, file, line); -#endif /* IMPLEMENTED */ +#endif /* OPENSSL_SECURE_MEMORY */ } void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY size_t actual_size; if (ptr == NULL) @@ -191,12 +187,12 @@ void CRYPTO_secure_clear_free(void *ptr, size_t num, return; OPENSSL_cleanse(ptr, num); CRYPTO_free(ptr, file, line); -#endif /* IMPLEMENTED */ +#endif /* OPENSSL_SECURE_MEMORY */ } int CRYPTO_secure_allocated(const void *ptr) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY int ret; if (!secure_mem_initialized) @@ -207,21 +203,21 @@ int CRYPTO_secure_allocated(const void *ptr) return ret; #else return 0; -#endif /* IMPLEMENTED */ +#endif /* OPENSSL_SECURE_MEMORY */ } size_t CRYPTO_secure_used(void) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY return secure_mem_used; #else return 0; -#endif /* IMPLEMENTED */ +#endif /* OPENSSL_SECURE_MEMORY */ } size_t CRYPTO_secure_actual_size(void *ptr) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY size_t actual_size; CRYPTO_THREAD_write_lock(sec_malloc_lock); @@ -239,7 +235,7 @@ size_t CRYPTO_secure_actual_size(void *ptr) /* * SECURE HEAP IMPLEMENTATION */ -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY /* @@ -647,4 +643,4 @@ static size_t sh_actual_size(char *ptr) OPENSSL_assert(sh_testbit(ptr, list, sh.bittable)); return sh.arena_size / (ONE << list); } -#endif /* IMPLEMENTED */ +#endif /* OPENSSL_SECURE_MEMORY */ diff --git a/crypto/openssl/crypto/o_fopen.c b/crypto/openssl/crypto/o_fopen.c index f08f99b414f5..7d51ad725426 100644 --- a/crypto/openssl/crypto/o_fopen.c +++ b/crypto/openssl/crypto/o_fopen.c @@ -25,14 +25,12 @@ # endif # endif +#include "e_os.h" #include "internal/cryptlib.h" #if !defined(OPENSSL_NO_STDIO) # include <stdio.h> -# ifdef _WIN32 -# include <windows.h> -# endif # ifdef __DJGPP__ # include <unistd.h> # endif diff --git a/crypto/openssl/crypto/pkcs12/p12_mutl.c b/crypto/openssl/crypto/pkcs12/p12_mutl.c index 88d1d66324e3..0cbbed364a21 100644 --- a/crypto/openssl/crypto/pkcs12/p12_mutl.c +++ b/crypto/openssl/crypto/pkcs12/p12_mutl.c @@ -7,13 +7,13 @@ * https://www.openssl.org/source/license.html */ -# include <stdio.h> -# include "internal/cryptlib.h" -# include <openssl/crypto.h> -# include <openssl/hmac.h> -# include <openssl/rand.h> -# include <openssl/pkcs12.h> -# include "p12_lcl.h" +#include <stdio.h> +#include "internal/cryptlib.h" +#include <openssl/crypto.h> +#include <openssl/hmac.h> +#include <openssl/rand.h> +#include <openssl/pkcs12.h> +#include "p12_lcl.h" int PKCS12_mac_present(const PKCS12 *p12) { @@ -44,7 +44,7 @@ void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, } } -# define TK26_MAC_KEY_LEN 32 +#define TK26_MAC_KEY_LEN 32 static int pkcs12_gen_gost_mac_key(const char *pass, int passlen, const unsigned char *salt, int saltlen, @@ -112,7 +112,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, if ((md_type_nid == NID_id_GostR3411_94 || md_type_nid == NID_id_GostR3411_2012_256 || md_type_nid == NID_id_GostR3411_2012_512) - && !getenv("LEGACY_GOST_PKCS12")) { + && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL) { md_size = TK26_MAC_KEY_LEN; if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter, md_size, key, md_type)) { diff --git a/crypto/openssl/crypto/poly1305/poly1305_ieee754.c b/crypto/openssl/crypto/poly1305/poly1305_ieee754.c index 995a02e5c139..7cfd968645ff 100644 --- a/crypto/openssl/crypto/poly1305/poly1305_ieee754.c +++ b/crypto/openssl/crypto/poly1305/poly1305_ieee754.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-20018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/crypto/rand/drbg_ctr.c b/crypto/openssl/crypto/rand/drbg_ctr.c index fe15164451e8..a243361b56e4 100644 --- a/crypto/openssl/crypto/rand/drbg_ctr.c +++ b/crypto/openssl/crypto/rand/drbg_ctr.c @@ -402,10 +402,10 @@ int drbg_ctr_init(RAND_DRBG *drbg) if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) { /* df initialisation */ static const unsigned char df_key[32] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f, - 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17, - 0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }; if (ctr->ctx_df == NULL) @@ -417,9 +417,9 @@ int drbg_ctr_init(RAND_DRBG *drbg) return 0; drbg->min_entropylen = ctr->keylen; - drbg->max_entropylen = DRBG_MINMAX_FACTOR * drbg->min_entropylen; + drbg->max_entropylen = DRBG_MAX_LENGTH; drbg->min_noncelen = drbg->min_entropylen / 2; - drbg->max_noncelen = DRBG_MINMAX_FACTOR * drbg->min_noncelen; + drbg->max_noncelen = DRBG_MAX_LENGTH; drbg->max_perslen = DRBG_MAX_LENGTH; drbg->max_adinlen = DRBG_MAX_LENGTH; } else { diff --git a/crypto/openssl/crypto/rand/drbg_lib.c b/crypto/openssl/crypto/rand/drbg_lib.c index 729b49c94372..a13282181d6d 100644 --- a/crypto/openssl/crypto/rand/drbg_lib.c +++ b/crypto/openssl/crypto/rand/drbg_lib.c @@ -82,6 +82,10 @@ static unsigned int slave_reseed_interval = SLAVE_RESEED_INTERVAL; static time_t master_reseed_time_interval = MASTER_RESEED_TIME_INTERVAL; static time_t slave_reseed_time_interval = SLAVE_RESEED_TIME_INTERVAL; +/* A logical OR of all used DRBG flag bits (currently there is only one) */ +static const unsigned int rand_drbg_used_flags = + RAND_DRBG_FLAG_CTR_NO_DF; + static RAND_DRBG *drbg_setup(RAND_DRBG *parent); static RAND_DRBG *rand_drbg_new(int secure, @@ -105,16 +109,27 @@ int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags) flags = rand_drbg_flags; } + /* If set is called multiple times - clear the old one */ + if (drbg->type != 0 && (type != drbg->type || flags != drbg->flags)) { + drbg->meth->uninstantiate(drbg); + rand_pool_free(drbg->adin_pool); + drbg->adin_pool = NULL; + } + drbg->state = DRBG_UNINITIALISED; drbg->flags = flags; drbg->type = type; switch (type) { default: + drbg->type = 0; + drbg->flags = 0; + drbg->meth = NULL; RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_UNSUPPORTED_DRBG_TYPE); return 0; case 0: /* Uninitialized; that's okay. */ + drbg->meth = NULL; return 1; case NID_aes_128_ctr: case NID_aes_192_ctr: @@ -123,8 +138,10 @@ int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags) break; } - if (ret == 0) + if (ret == 0) { + drbg->state = DRBG_ERROR; RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_ERROR_INITIALISING_DRBG); + } return ret; } @@ -147,7 +164,7 @@ int RAND_DRBG_set_defaults(int type, unsigned int flags) break; } - if ((flags & ~RAND_DRBG_USED_FLAGS) != 0) { + if ((flags & ~rand_drbg_used_flags) != 0) { RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_FLAGS); return 0; } @@ -224,11 +241,8 @@ static RAND_DRBG *rand_drbg_new(int secure, return drbg; -err: - if (drbg->secure) - OPENSSL_secure_free(drbg); - else - OPENSSL_free(drbg); + err: + RAND_DRBG_free(drbg); return NULL; } @@ -253,6 +267,7 @@ void RAND_DRBG_free(RAND_DRBG *drbg) if (drbg->meth != NULL) drbg->meth->uninstantiate(drbg); + rand_pool_free(drbg->adin_pool); CRYPTO_THREAD_lock_free(drbg->lock); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, drbg, &drbg->ex_data); @@ -312,11 +327,18 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, max_entropylen += drbg->max_noncelen; } + drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter); + if (drbg->reseed_next_counter) { + drbg->reseed_next_counter++; + if(!drbg->reseed_next_counter) + drbg->reseed_next_counter = 1; + } + if (drbg->get_entropy != NULL) entropylen = drbg->get_entropy(drbg, &entropy, min_entropy, min_entropylen, max_entropylen, 0); if (entropylen < min_entropylen - || entropylen > max_entropylen) { + || entropylen > max_entropylen) { RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_ENTROPY); goto end; } @@ -337,29 +359,15 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, } drbg->state = DRBG_READY; - drbg->generate_counter = 0; + drbg->reseed_gen_counter = 1; drbg->reseed_time = time(NULL); - if (drbg->reseed_counter > 0) { - if (drbg->parent == NULL) - drbg->reseed_counter++; - else - drbg->reseed_counter = drbg->parent->reseed_counter; - } + tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter); -end: + end: if (entropy != NULL && drbg->cleanup_entropy != NULL) drbg->cleanup_entropy(drbg, entropy, entropylen); - if (nonce != NULL && drbg->cleanup_nonce!= NULL ) + if (nonce != NULL && drbg->cleanup_nonce != NULL) drbg->cleanup_nonce(drbg, nonce, noncelen); - if (drbg->pool != NULL) { - if (drbg->state == DRBG_READY) { - RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, - RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED); - drbg->state = DRBG_ERROR; - } - rand_pool_free(drbg->pool); - drbg->pool = NULL; - } if (drbg->state == DRBG_READY) return 1; return 0; @@ -375,6 +383,7 @@ end: int RAND_DRBG_uninstantiate(RAND_DRBG *drbg) { if (drbg->meth == NULL) { + drbg->state = DRBG_ERROR; RANDerr(RAND_F_RAND_DRBG_UNINSTANTIATE, RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED); return 0; @@ -419,13 +428,21 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg, } drbg->state = DRBG_ERROR; + + drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter); + if (drbg->reseed_next_counter) { + drbg->reseed_next_counter++; + if(!drbg->reseed_next_counter) + drbg->reseed_next_counter = 1; + } + if (drbg->get_entropy != NULL) entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength, drbg->min_entropylen, drbg->max_entropylen, prediction_resistance); if (entropylen < drbg->min_entropylen - || entropylen > drbg->max_entropylen) { + || entropylen > drbg->max_entropylen) { RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ERROR_RETRIEVING_ENTROPY); goto end; } @@ -434,16 +451,11 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg, goto end; drbg->state = DRBG_READY; - drbg->generate_counter = 0; + drbg->reseed_gen_counter = 1; drbg->reseed_time = time(NULL); - if (drbg->reseed_counter > 0) { - if (drbg->parent == NULL) - drbg->reseed_counter++; - else - drbg->reseed_counter = drbg->parent->reseed_counter; - } + tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter); -end: + end: if (entropy != NULL && drbg->cleanup_entropy != NULL) drbg->cleanup_entropy(drbg, entropy, entropylen); if (drbg->state == DRBG_READY) @@ -475,10 +487,12 @@ int rand_drbg_restart(RAND_DRBG *drbg, const unsigned char *adin = NULL; size_t adinlen = 0; - if (drbg->pool != NULL) { + if (drbg->seed_pool != NULL) { RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR); - rand_pool_free(drbg->pool); - drbg->pool = NULL; + drbg->state = DRBG_ERROR; + rand_pool_free(drbg->seed_pool); + drbg->seed_pool = NULL; + return 0; } if (buffer != NULL) { @@ -486,24 +500,25 @@ int rand_drbg_restart(RAND_DRBG *drbg, if (drbg->max_entropylen < len) { RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_ENTROPY_INPUT_TOO_LONG); + drbg->state = DRBG_ERROR; return 0; } if (entropy > 8 * len) { RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_ENTROPY_OUT_OF_RANGE); + drbg->state = DRBG_ERROR; return 0; } /* will be picked up by the rand_drbg_get_entropy() callback */ - drbg->pool = rand_pool_new(entropy, len, len); - if (drbg->pool == NULL) + drbg->seed_pool = rand_pool_attach(buffer, len, entropy); + if (drbg->seed_pool == NULL) return 0; - - rand_pool_add(drbg->pool, buffer, len, entropy); } else { if (drbg->max_adinlen < len) { RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_ADDITIONAL_INPUT_TOO_LONG); + drbg->state = DRBG_ERROR; return 0; } adin = buffer; @@ -543,14 +558,8 @@ int rand_drbg_restart(RAND_DRBG *drbg, } } - /* check whether a given entropy pool was cleared properly during reseed */ - if (drbg->pool != NULL) { - drbg->state = DRBG_ERROR; - RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR); - rand_pool_free(drbg->pool); - drbg->pool = NULL; - return 0; - } + rand_pool_free(drbg->seed_pool); + drbg->seed_pool = NULL; return drbg->state == DRBG_READY; } @@ -600,7 +609,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, } if (drbg->reseed_interval > 0) { - if (drbg->generate_counter >= drbg->reseed_interval) + if (drbg->reseed_gen_counter >= drbg->reseed_interval) reseed_required = 1; } if (drbg->reseed_time_interval > 0) { @@ -609,8 +618,11 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, || now - drbg->reseed_time >= drbg->reseed_time_interval) reseed_required = 1; } - if (drbg->reseed_counter > 0 && drbg->parent != NULL) { - if (drbg->reseed_counter != drbg->parent->reseed_counter) + if (drbg->parent != NULL) { + unsigned int reseed_counter = tsan_load(&drbg->reseed_prop_counter); + if (reseed_counter > 0 + && tsan_load(&drbg->parent->reseed_prop_counter) + != reseed_counter) reseed_required = 1; } @@ -629,7 +641,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, return 0; } - drbg->generate_counter++; + drbg->reseed_gen_counter++; return 1; } @@ -647,9 +659,18 @@ int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen) unsigned char *additional = NULL; size_t additional_len; size_t chunk; - size_t ret; + size_t ret = 0; + + if (drbg->adin_pool == NULL) { + if (drbg->type == 0) + goto err; + drbg->adin_pool = rand_pool_new(0, 0, drbg->max_adinlen); + if (drbg->adin_pool == NULL) + goto err; + } - additional_len = rand_drbg_get_additional_data(&additional, drbg->max_adinlen); + additional_len = rand_drbg_get_additional_data(drbg->adin_pool, + &additional); for ( ; outlen > 0; outlen -= chunk, out += chunk) { chunk = outlen; @@ -661,9 +682,9 @@ int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen) } ret = 1; -err: - if (additional_len != 0) - OPENSSL_secure_clear_free(additional, additional_len); + err: + if (additional != NULL) + rand_drbg_cleanup_additional_data(drbg->adin_pool, additional); return ret; } @@ -682,7 +703,8 @@ int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, RAND_DRBG_get_nonce_fn get_nonce, RAND_DRBG_cleanup_nonce_fn cleanup_nonce) { - if (drbg->state != DRBG_UNINITIALISED) + if (drbg->state != DRBG_UNINITIALISED + || drbg->parent != NULL) return 0; drbg->get_entropy = get_entropy; drbg->cleanup_entropy = cleanup_entropy; @@ -859,7 +881,7 @@ static RAND_DRBG *drbg_setup(RAND_DRBG *parent) goto err; /* enable seed propagation */ - drbg->reseed_counter = 1; + tsan_store(&drbg->reseed_prop_counter, 1); /* * Ignore instantiation error to support just-in-time instantiation. @@ -948,11 +970,49 @@ static int drbg_bytes(unsigned char *out, int count) return ret; } +/* + * Calculates the minimum length of a full entropy buffer + * which is necessary to seed (i.e. instantiate) the DRBG + * successfully. + */ +size_t rand_drbg_seedlen(RAND_DRBG *drbg) +{ + /* + * If no os entropy source is available then RAND_seed(buffer, bufsize) + * is expected to succeed if and only if the buffer length satisfies + * the following requirements, which follow from the calculations + * in RAND_DRBG_instantiate(). + */ + size_t min_entropy = drbg->strength; + size_t min_entropylen = drbg->min_entropylen; + + /* + * Extra entropy for the random nonce in the absence of a + * get_nonce callback, see comment in RAND_DRBG_instantiate(). + */ + if (drbg->min_noncelen > 0 && drbg->get_nonce == NULL) { + min_entropy += drbg->strength / 2; + min_entropylen += drbg->min_noncelen; + } + + /* + * Convert entropy requirement from bits to bytes + * (dividing by 8 without rounding upwards, because + * all entropy requirements are divisible by 8). + */ + min_entropy >>= 3; + + /* Return a value that satisfies both requirements */ + return min_entropy > min_entropylen ? min_entropy : min_entropylen; +} + /* Implements the default OpenSSL RAND_add() method */ static int drbg_add(const void *buf, int num, double randomness) { int ret = 0; RAND_DRBG *drbg = RAND_DRBG_get0_master(); + size_t buflen; + size_t seedlen; if (drbg == NULL) return 0; @@ -960,20 +1020,49 @@ static int drbg_add(const void *buf, int num, double randomness) if (num < 0 || randomness < 0.0) return 0; - if (randomness > (double)drbg->max_entropylen) { + rand_drbg_lock(drbg); + seedlen = rand_drbg_seedlen(drbg); + + buflen = (size_t)num; + + if (buflen < seedlen || randomness < (double) seedlen) { +#if defined(OPENSSL_RAND_SEED_NONE) + /* + * If no os entropy source is available, a reseeding will fail + * inevitably. So we use a trick to mix the buffer contents into + * the DRBG state without forcing a reseeding: we generate a + * dummy random byte, using the buffer content as additional data. + * Note: This won't work with RAND_DRBG_FLAG_CTR_NO_DF. + */ + unsigned char dummy[1]; + + ret = RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen); + rand_drbg_unlock(drbg); + return ret; +#else + /* + * If an os entropy source is avaible then we declare the buffer content + * as additional data by setting randomness to zero and trigger a regular + * reseeding. + */ + randomness = 0.0; +#endif + } + + + if (randomness > (double)seedlen) { /* * The purpose of this check is to bound |randomness| by a * relatively small value in order to prevent an integer * overflow when multiplying by 8 in the rand_drbg_restart() - * call below. + * call below. Note that randomness is measured in bytes, + * not bits, so this value corresponds to eight times the + * security strength. */ - return 0; + randomness = (double)seedlen; } - rand_drbg_lock(drbg); - ret = rand_drbg_restart(drbg, buf, - (size_t)(unsigned int)num, - (size_t)(8*randomness)); + ret = rand_drbg_restart(drbg, buf, buflen, (size_t)(8 * randomness)); rand_drbg_unlock(drbg); return ret; diff --git a/crypto/openssl/crypto/rand/rand_err.c b/crypto/openssl/crypto/rand/rand_err.c index 31480a682838..6a870455d50a 100644 --- a/crypto/openssl/crypto/rand/rand_err.c +++ b/crypto/openssl/crypto/rand/rand_err.c @@ -44,6 +44,7 @@ static const ERR_STRING_DATA RAND_str_functs[] = { {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_BEGIN, 0), "rand_pool_add_begin"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "rand_pool_add_end"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ATTACH, 0), "rand_pool_attach"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_BYTES_NEEDED, 0), "rand_pool_bytes_needed"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"}, diff --git a/crypto/openssl/crypto/rand/rand_lcl.h b/crypto/openssl/crypto/rand/rand_lcl.h index 94ffc96f20e2..c3e9804dc07e 100644 --- a/crypto/openssl/crypto/rand/rand_lcl.h +++ b/crypto/openssl/crypto/rand/rand_lcl.h @@ -16,6 +16,9 @@ # include <openssl/hmac.h> # include <openssl/ec.h> # include <openssl/rand_drbg.h> +# include "internal/tsan_assist.h" + +# include "internal/numbers.h" /* How many times to read the TSC as a randomness source. */ # define TSC_READ_COUNT 4 @@ -32,18 +35,42 @@ -/* Max size of additional input and personalization string. */ -# define DRBG_MAX_LENGTH 4096 +/* + * Maximum input size for the DRBG (entropy, nonce, personalization string) + * + * NIST SP800 90Ar1 allows a maximum of (1 << 35) bits i.e., (1 << 32) bytes. + * + * We lower it to 'only' INT32_MAX bytes, which is equivalent to 2 gigabytes. + */ +# define DRBG_MAX_LENGTH INT32_MAX + + /* - * The quotient between max_{entropy,nonce}len and min_{entropy,nonce}len + * Maximum allocation size for RANDOM_POOL buffers + * + * The max_len value for the buffer provided to the rand_drbg_get_entropy() + * callback is currently 2^31 bytes (2 gigabytes), if a derivation function + * is used. Since this is much too large to be allocated, the rand_pool_new() + * function chooses more modest values as default pool length, bounded + * by RAND_POOL_MIN_LENGTH and RAND_POOL_MAX_LENGTH * - * The current factor is large enough that the RAND_POOL can store a - * random input which has a lousy entropy rate of 0.0625 bits per byte. - * This input will be sent through the derivation function which 'compresses' - * the low quality input into a high quality output. + * The choice of the RAND_POOL_FACTOR is large enough such that the + * RAND_POOL can store a random input which has a lousy entropy rate of + * 8/256 (= 0.03125) bits per byte. This input will be sent through the + * derivation function which 'compresses' the low quality input into a + * high quality output. + * + * The factor 1.5 below is the pessimistic estimate for the extra amount + * of entropy required when no get_nonce() callback is defined. + */ +# define RAND_POOL_FACTOR 256 +# define RAND_POOL_MAX_LENGTH (RAND_POOL_FACTOR * \ + 3 * (RAND_DRBG_STRENGTH / 16)) +/* + * = (RAND_POOL_FACTOR * \ + * 1.5 * (RAND_DRBG_STRENGTH / 8)) */ -# define DRBG_MINMAX_FACTOR 128 /* DRBG status values */ @@ -54,7 +81,7 @@ typedef enum drbg_status_e { } DRBG_STATUS; -/* intantiate */ +/* instantiate */ typedef int (*RAND_DRBG_instantiate_fn)(RAND_DRBG *ctx, const unsigned char *ent, size_t entlen, @@ -68,7 +95,7 @@ typedef int (*RAND_DRBG_reseed_fn)(RAND_DRBG *ctx, size_t entlen, const unsigned char *adin, size_t adinlen); -/* generat output */ +/* generate output */ typedef int (*RAND_DRBG_generate_fn)(RAND_DRBG *ctx, unsigned char *out, size_t outlen, @@ -122,10 +149,12 @@ struct rand_pool_st { unsigned char *buffer; /* points to the beginning of the random pool */ size_t len; /* current number of random bytes contained in the pool */ + int attached; /* true pool was attached to existing buffer */ + size_t min_len; /* minimum number of random bytes requested */ size_t max_len; /* maximum number of random bytes (allocated buffer size) */ size_t entropy; /* current entropy count in bits */ - size_t requested_entropy; /* requested entropy count in bits */ + size_t entropy_requested; /* requested entropy count in bits */ }; /* @@ -139,7 +168,7 @@ struct rand_drbg_st { int type; /* the nid of the underlying algorithm */ /* * Stores the value of the rand_fork_count global as of when we last - * reseeded. The DRG reseeds automatically whenever drbg->fork_count != + * reseeded. The DRBG reseeds automatically whenever drbg->fork_count != * rand_fork_count. Used to provide fork-safety and reseed this DRBG in * the child process. */ @@ -147,14 +176,19 @@ struct rand_drbg_st { unsigned short flags; /* various external flags */ /* - * The random pool is used by RAND_add()/drbg_add() to attach random + * The random_data is used by RAND_add()/drbg_add() to attach random * data to the global drbg, such that the rand_drbg_get_entropy() callback * can pull it during instantiation and reseeding. This is necessary to * reconcile the different philosophies of the RAND and the RAND_DRBG * with respect to how randomness is added to the RNG during reseeding * (see PR #4328). */ - struct rand_pool_st *pool; + struct rand_pool_st *seed_pool; + + /* + * Auxiliary pool for additional data. + */ + struct rand_pool_st *adin_pool; /* * The following parameters are setup by the per-type "init" function. @@ -180,7 +214,7 @@ struct rand_drbg_st { size_t max_perslen, max_adinlen; /* Counts the number of generate requests since the last reseed. */ - unsigned int generate_counter; + unsigned int reseed_gen_counter; /* * Maximum number of generate requests until a reseed is required. * This value is ignored if it is zero. @@ -203,7 +237,8 @@ struct rand_drbg_st { * is added by RAND_add() or RAND_seed() will have an immediate effect on * the output of RAND_bytes() resp. RAND_priv_bytes(). */ - unsigned int reseed_counter; + TSAN_QUALIFIER unsigned int reseed_prop_counter; + unsigned int reseed_next_counter; size_t seedlen; DRBG_STATUS state; @@ -245,7 +280,7 @@ extern int rand_fork_count; /* DRBG helpers */ int rand_drbg_restart(RAND_DRBG *drbg, const unsigned char *buffer, size_t len, size_t entropy); - +size_t rand_drbg_seedlen(RAND_DRBG *drbg); /* locking api */ int rand_drbg_lock(RAND_DRBG *drbg); int rand_drbg_unlock(RAND_DRBG *drbg); diff --git a/crypto/openssl/crypto/rand/rand_lib.c b/crypto/openssl/crypto/rand/rand_lib.c index e9bc9522101c..d8639c4a03f3 100644 --- a/crypto/openssl/crypto/rand/rand_lib.c +++ b/crypto/openssl/crypto/rand/rand_lib.c @@ -31,7 +31,7 @@ int rand_fork_count; static CRYPTO_RWLOCK *rand_nonce_lock; static int rand_nonce_count; -static int rand_cleaning_up = 0; +static int rand_inited = 0; #ifdef OPENSSL_RAND_SEED_RDTSC /* @@ -146,17 +146,13 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, return 0; } - pool = rand_pool_new(entropy, min_len, max_len); - if (pool == NULL) - return 0; - - if (drbg->pool) { - rand_pool_add(pool, - rand_pool_buffer(drbg->pool), - rand_pool_length(drbg->pool), - rand_pool_entropy(drbg->pool)); - rand_pool_free(drbg->pool); - drbg->pool = NULL; + if (drbg->seed_pool != NULL) { + pool = drbg->seed_pool; + pool->entropy_requested = entropy; + } else { + pool = rand_pool_new(entropy, min_len, max_len); + if (pool == NULL) + return 0; } if (drbg->parent) { @@ -178,6 +174,8 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, prediction_resistance, NULL, 0) != 0) bytes = bytes_needed; + drbg->reseed_next_counter + = tsan_load(&drbg->parent->reseed_prop_counter); rand_drbg_unlock(drbg->parent); rand_pool_add_end(pool, bytes, 8 * bytes); @@ -206,7 +204,8 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, } err: - rand_pool_free(pool); + if (drbg->seed_pool == NULL) + rand_pool_free(pool); return ret; } @@ -217,7 +216,8 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, unsigned char *out, size_t outlen) { - OPENSSL_secure_clear_free(out, outlen); + if (drbg->seed_pool == NULL) + OPENSSL_secure_clear_free(out, outlen); } @@ -279,14 +279,9 @@ void rand_drbg_cleanup_nonce(RAND_DRBG *drbg, * On success it allocates a buffer at |*pout| and returns the length of * the data. The buffer should get freed using OPENSSL_secure_clear_free(). */ -size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len) +size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout) { size_t ret = 0; - RAND_POOL *pool; - - pool = rand_pool_new(0, 0, max_len); - if (pool == NULL) - return 0; if (rand_pool_add_additional_data(pool) == 0) goto err; @@ -295,14 +290,12 @@ size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len) *pout = rand_pool_detach(pool); err: - rand_pool_free(pool); - return ret; } -void rand_drbg_cleanup_additional_data(unsigned char *out, size_t outlen) +void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out) { - OPENSSL_secure_clear_free(out, outlen); + rand_pool_reattach(pool, out); } void rand_fork(void) @@ -326,13 +319,15 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init) if (rand_nonce_lock == NULL) goto err2; - if (!rand_cleaning_up && !rand_pool_init()) + if (!rand_pool_init()) goto err3; + rand_inited = 1; return 1; err3: - rand_pool_cleanup(); + CRYPTO_THREAD_lock_free(rand_nonce_lock); + rand_nonce_lock = NULL; err2: CRYPTO_THREAD_lock_free(rand_meth_lock); rand_meth_lock = NULL; @@ -348,7 +343,8 @@ void rand_cleanup_int(void) { const RAND_METHOD *meth = default_RAND_meth; - rand_cleaning_up = 1; + if (!rand_inited) + return; if (meth != NULL && meth->cleanup != NULL) meth->cleanup(); @@ -362,6 +358,7 @@ void rand_cleanup_int(void) rand_meth_lock = NULL; CRYPTO_THREAD_lock_free(rand_nonce_lock); rand_nonce_lock = NULL; + rand_inited = 0; } /* @@ -370,7 +367,8 @@ void rand_cleanup_int(void) */ void RAND_keep_random_devices_open(int keep) { - rand_pool_keep_random_devices_open(keep); + if (RUN_ONCE(&rand_init, do_rand_init)) + rand_pool_keep_random_devices_open(keep); } /* @@ -405,7 +403,7 @@ int RAND_poll(void) /* fill random pool and seed the current legacy RNG */ pool = rand_pool_new(RAND_DRBG_STRENGTH, RAND_DRBG_STRENGTH / 8, - DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8)); + RAND_POOL_MAX_LENGTH); if (pool == NULL) return 0; @@ -430,17 +428,18 @@ err: * Allocate memory and initialize a new random pool */ -RAND_POOL *rand_pool_new(int entropy, size_t min_len, size_t max_len) +RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len) { RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); if (pool == NULL) { RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); - goto err; + return NULL; } pool->min_len = min_len; - pool->max_len = max_len; + pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ? + RAND_POOL_MAX_LENGTH : max_len; pool->buffer = OPENSSL_secure_zalloc(pool->max_len); if (pool->buffer == NULL) { @@ -448,7 +447,7 @@ RAND_POOL *rand_pool_new(int entropy, size_t min_len, size_t max_len) goto err; } - pool->requested_entropy = entropy; + pool->entropy_requested = entropy_requested; return pool; @@ -458,6 +457,38 @@ err: } /* + * Attach new random pool to the given buffer + * + * This function is intended to be used only for feeding random data + * provided by RAND_add() and RAND_seed() into the <master> DRBG. + */ +RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len, + size_t entropy) +{ + RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); + + if (pool == NULL) { + RANDerr(RAND_F_RAND_POOL_ATTACH, ERR_R_MALLOC_FAILURE); + return NULL; + } + + /* + * The const needs to be cast away, but attached buffers will not be + * modified (in contrary to allocated buffers which are zeroed and + * freed in the end). + */ + pool->buffer = (unsigned char *) buffer; + pool->len = len; + + pool->attached = 1; + + pool->min_len = pool->max_len = pool->len; + pool->entropy = entropy; + + return pool; +} + +/* * Free |pool|, securely erasing its buffer. */ void rand_pool_free(RAND_POOL *pool) @@ -465,7 +496,14 @@ void rand_pool_free(RAND_POOL *pool) if (pool == NULL) return; - OPENSSL_secure_clear_free(pool->buffer, pool->max_len); + /* + * Although it would be advisable from a cryptographical viewpoint, + * we are not allowed to clear attached buffers, since they are passed + * to rand_pool_attach() as `const unsigned char*`. + * (see corresponding comment in rand_pool_attach()). + */ + if (!pool->attached) + OPENSSL_secure_clear_free(pool->buffer, pool->max_len); OPENSSL_free(pool); } @@ -496,15 +534,27 @@ size_t rand_pool_length(RAND_POOL *pool) /* * Detach the |pool| buffer and return it to the caller. * It's the responsibility of the caller to free the buffer - * using OPENSSL_secure_clear_free(). + * using OPENSSL_secure_clear_free() or to re-attach it + * again to the pool using rand_pool_reattach(). */ unsigned char *rand_pool_detach(RAND_POOL *pool) { unsigned char *ret = pool->buffer; pool->buffer = NULL; + pool->entropy = 0; return ret; } +/* + * Re-attach the |pool| buffer. It is only allowed to pass + * the |buffer| which was previously detached from the same pool. + */ +void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer) +{ + pool->buffer = buffer; + OPENSSL_cleanse(pool->buffer, pool->len); + pool->len = 0; +} /* * If |entropy_factor| bits contain 1 bit of entropy, how many bytes does one @@ -524,7 +574,7 @@ unsigned char *rand_pool_detach(RAND_POOL *pool) */ size_t rand_pool_entropy_available(RAND_POOL *pool) { - if (pool->entropy < pool->requested_entropy) + if (pool->entropy < pool->entropy_requested) return 0; if (pool->len < pool->min_len) @@ -540,8 +590,8 @@ size_t rand_pool_entropy_available(RAND_POOL *pool) size_t rand_pool_entropy_needed(RAND_POOL *pool) { - if (pool->entropy < pool->requested_entropy) - return pool->requested_entropy - pool->entropy; + if (pool->entropy < pool->entropy_requested) + return pool->entropy_requested - pool->entropy; return 0; } @@ -601,6 +651,11 @@ int rand_pool_add(RAND_POOL *pool, return 0; } + if (pool->buffer == NULL) { + RANDerr(RAND_F_RAND_POOL_ADD, ERR_R_INTERNAL_ERROR); + return 0; + } + if (len > 0) { memcpy(pool->buffer + pool->len, buffer, len); pool->len += len; @@ -632,6 +687,11 @@ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len) return NULL; } + if (pool->buffer == NULL) { + RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, ERR_R_INTERNAL_ERROR); + return 0; + } + return pool->buffer + pool->len; } diff --git a/crypto/openssl/crypto/rand/rand_unix.c b/crypto/openssl/crypto/rand/rand_unix.c index 9c62a04ebf89..9d8ffdd53796 100644 --- a/crypto/openssl/crypto/rand/rand_unix.c +++ b/crypto/openssl/crypto/rand/rand_unix.c @@ -77,6 +77,17 @@ static uint64_t get_timer_bits(void); # endif #endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ +#if defined(OPENSSL_RAND_SEED_NONE) +/* none means none. this simplifies the following logic */ +# undef OPENSSL_RAND_SEED_OS +# undef OPENSSL_RAND_SEED_GETRANDOM +# undef OPENSSL_RAND_SEED_LIBRANDOM +# undef OPENSSL_RAND_SEED_DEVRANDOM +# undef OPENSSL_RAND_SEED_RDTSC +# undef OPENSSL_RAND_SEED_RDCPU +# undef OPENSSL_RAND_SEED_EGD +#endif + #if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \ !defined(OPENSSL_RAND_SEED_NONE) # error "UEFI and VXWorks only support seeding NONE" @@ -86,8 +97,6 @@ static uint64_t get_timer_bits(void); || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \ || defined(OPENSSL_SYS_UEFI)) -static ssize_t syscall_random(void *buf, size_t buflen); - # if defined(OPENSSL_SYS_VOS) # ifndef OPENSSL_RAND_SEED_OS @@ -244,6 +253,7 @@ static ssize_t sysctl_random(char *buf, size_t buflen) } # endif +# if defined(OPENSSL_RAND_SEED_GETRANDOM) /* * syscall_random(): Try to get random data using a system call * returns the number of bytes returned in buf, or < 0 on error. @@ -254,7 +264,7 @@ static ssize_t syscall_random(void *buf, size_t buflen) * Note: 'buflen' equals the size of the buffer which is used by the * get_entropy() callback of the RAND_DRBG. It is roughly bounded by * - * 2 * DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^13 + * 2 * RAND_POOL_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^14 * * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion * between size_t and ssize_t is safe even without a range check. @@ -302,8 +312,9 @@ static ssize_t syscall_random(void *buf, size_t buflen) return -1; # endif } +# endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */ -#if !defined(OPENSSL_RAND_SEED_NONE) && defined(OPENSSL_RAND_SEED_DEVRANDOM) +# if defined(OPENSSL_RAND_SEED_DEVRANDOM) static const char *random_device_paths[] = { DEVRANDOM }; static struct random_device { int fd; @@ -375,21 +386,13 @@ static void close_random_device(size_t n) rd->fd = -1; } -static void open_random_devices(void) -{ - size_t i; - - for (i = 0; i < OSSL_NELEM(random_devices); i++) - (void)get_random_device(i); -} - int rand_pool_init(void) { size_t i; for (i = 0; i < OSSL_NELEM(random_devices); i++) random_devices[i].fd = -1; - open_random_devices(); + return 1; } @@ -403,16 +406,13 @@ void rand_pool_cleanup(void) void rand_pool_keep_random_devices_open(int keep) { - if (keep) - open_random_devices(); - else + if (!keep) rand_pool_cleanup(); + keep_random_devices_open = keep; } -# else /* defined(OPENSSL_RAND_SEED_NONE) - * || !defined(OPENSSL_RAND_SEED_DEVRANDOM) - */ +# else /* !defined(OPENSSL_RAND_SEED_DEVRANDOM) */ int rand_pool_init(void) { @@ -427,9 +427,7 @@ void rand_pool_keep_random_devices_open(int keep) { } -# endif /* !defined(OPENSSL_RAND_SEED_NONE) - * && defined(OPENSSL_RAND_SEED_DEVRANDOM) - */ +# endif /* defined(OPENSSL_RAND_SEED_DEVRANDOM) */ /* * Try the various seeding methods in turn, exit when successful. @@ -450,14 +448,14 @@ void rand_pool_keep_random_devices_open(int keep) */ size_t rand_pool_acquire_entropy(RAND_POOL *pool) { -# ifdef OPENSSL_RAND_SEED_NONE +# if defined(OPENSSL_RAND_SEED_NONE) return rand_pool_entropy_available(pool); # else size_t bytes_needed; size_t entropy_available = 0; unsigned char *buffer; -# ifdef OPENSSL_RAND_SEED_GETRANDOM +# if defined(OPENSSL_RAND_SEED_GETRANDOM) { ssize_t bytes; /* Maximum allowed number of consecutive unsuccessful attempts */ @@ -487,7 +485,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) } # endif -# ifdef OPENSSL_RAND_SEED_DEVRANDOM +# if defined(OPENSSL_RAND_SEED_DEVRANDOM) bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); { size_t i; @@ -524,19 +522,19 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) } # endif -# ifdef OPENSSL_RAND_SEED_RDTSC +# if defined(OPENSSL_RAND_SEED_RDTSC) entropy_available = rand_acquire_entropy_from_tsc(pool); if (entropy_available > 0) return entropy_available; # endif -# ifdef OPENSSL_RAND_SEED_RDCPU +# if defined(OPENSSL_RAND_SEED_RDCPU) entropy_available = rand_acquire_entropy_from_cpu(pool); if (entropy_available > 0) return entropy_available; # endif -# ifdef OPENSSL_RAND_SEED_EGD +# if defined(OPENSSL_RAND_SEED_EGD) bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); if (bytes_needed > 0) { static const char *paths[] = { DEVRANDOM_EGD, NULL }; @@ -577,7 +575,7 @@ int rand_pool_add_nonce_data(RAND_POOL *pool) /* * Add process id, thread id, and a high resolution timestamp to - * ensure that the nonce is unique whith high probability for + * ensure that the nonce is unique with high probability for * different process instances. */ data.pid = getpid(); diff --git a/crypto/openssl/crypto/rand/randfile.c b/crypto/openssl/crypto/rand/randfile.c index c652ddcf1e6c..1b737d1ba2ba 100644 --- a/crypto/openssl/crypto/rand/randfile.c +++ b/crypto/openssl/crypto/rand/randfile.c @@ -16,6 +16,7 @@ #include <openssl/crypto.h> #include <openssl/rand.h> +#include <openssl/rand_drbg.h> #include <openssl/buffer.h> #ifdef OPENSSL_SYS_VMS @@ -48,7 +49,7 @@ # define S_ISREG(m) ((m) & S_IFREG) # endif -#define RAND_FILE_SIZE 1024 +#define RAND_BUF_SIZE 1024 #define RFILE ".rnd" #ifdef OPENSSL_SYS_VMS @@ -74,7 +75,16 @@ static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) = */ int RAND_load_file(const char *file, long bytes) { - unsigned char buf[RAND_FILE_SIZE]; + /* + * The load buffer size exceeds the chunk size by the comfortable amount + * of 'RAND_DRBG_STRENGTH' bytes (not bits!). This is done on purpose + * to avoid calling RAND_add() with a small final chunk. Instead, such + * a small final chunk will be added together with the previous chunk + * (unless it's the only one). + */ +#define RAND_LOAD_BUF_SIZE (RAND_BUF_SIZE + RAND_DRBG_STRENGTH) + unsigned char buf[RAND_LOAD_BUF_SIZE]; + #ifndef OPENSSL_NO_POSIX_IO struct stat sb; #endif @@ -98,8 +108,12 @@ int RAND_load_file(const char *file, long bytes) return -1; } - if (!S_ISREG(sb.st_mode) && bytes < 0) - bytes = 256; + if (bytes < 0) { + if (S_ISREG(sb.st_mode)) + bytes = sb.st_size; + else + bytes = RAND_DRBG_STRENGTH; + } #endif /* * On VMS, setbuf() will only take 32-bit pointers, and a compilation @@ -124,9 +138,9 @@ int RAND_load_file(const char *file, long bytes) for ( ; ; ) { if (bytes > 0) - n = (bytes < RAND_FILE_SIZE) ? (int)bytes : RAND_FILE_SIZE; + n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE; else - n = RAND_FILE_SIZE; + n = RAND_LOAD_BUF_SIZE; i = fread(buf, 1, n, in); #ifdef EINTR if (ferror(in) && errno == EINTR){ @@ -148,12 +162,18 @@ int RAND_load_file(const char *file, long bytes) OPENSSL_cleanse(buf, sizeof(buf)); fclose(in); + if (!RAND_status()) { + RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_RESEED_ERROR); + ERR_add_error_data(2, "Filename=", file); + return -1; + } + return ret; } int RAND_write_file(const char *file) { - unsigned char buf[RAND_FILE_SIZE]; + unsigned char buf[RAND_BUF_SIZE]; int ret = -1; FILE *out = NULL; #ifndef OPENSSL_NO_POSIX_IO @@ -222,9 +242,9 @@ int RAND_write_file(const char *file) chmod(file, 0600); #endif - ret = fwrite(buf, 1, RAND_FILE_SIZE, out); + ret = fwrite(buf, 1, RAND_BUF_SIZE, out); fclose(out); - OPENSSL_cleanse(buf, RAND_FILE_SIZE); + OPENSSL_cleanse(buf, RAND_BUF_SIZE); return ret; } @@ -262,11 +282,9 @@ const char *RAND_file_name(char *buf, size_t size) } } #else - if (OPENSSL_issetugid() != 0) { - use_randfile = 0; - } else if ((s = getenv("RANDFILE")) == NULL || *s == '\0') { + if ((s = ossl_safe_getenv("RANDFILE")) == NULL || *s == '\0') { use_randfile = 0; - s = getenv("HOME"); + s = ossl_safe_getenv("HOME"); } #endif diff --git a/crypto/openssl/crypto/rsa/rsa_lib.c b/crypto/openssl/crypto/rsa/rsa_lib.c index 72d1b5e0715d..49c34b7c36c9 100644 --- a/crypto/openssl/crypto/rsa/rsa_lib.c +++ b/crypto/openssl/crypto/rsa/rsa_lib.c @@ -125,8 +125,8 @@ void RSA_free(RSA *r) CRYPTO_THREAD_lock_free(r->lock); - BN_clear_free(r->n); - BN_clear_free(r->e); + BN_free(r->n); + BN_free(r->e); BN_clear_free(r->d); BN_clear_free(r->p); BN_clear_free(r->q); @@ -196,7 +196,7 @@ int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) r->e = e; } if (d != NULL) { - BN_free(r->d); + BN_clear_free(r->d); r->d = d; } @@ -213,11 +213,11 @@ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) return 0; if (p != NULL) { - BN_free(r->p); + BN_clear_free(r->p); r->p = p; } if (q != NULL) { - BN_free(r->q); + BN_clear_free(r->q); r->q = q; } @@ -235,15 +235,15 @@ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) return 0; if (dmp1 != NULL) { - BN_free(r->dmp1); + BN_clear_free(r->dmp1); r->dmp1 = dmp1; } if (dmq1 != NULL) { - BN_free(r->dmq1); + BN_clear_free(r->dmq1); r->dmq1 = dmq1; } if (iqmp != NULL) { - BN_free(r->iqmp); + BN_clear_free(r->iqmp); r->iqmp = iqmp; } diff --git a/crypto/openssl/crypto/rsa/rsa_meth.c b/crypto/openssl/crypto/rsa/rsa_meth.c index f5880a73d0f7..def19f375f92 100644 --- a/crypto/openssl/crypto/rsa/rsa_meth.c +++ b/crypto/openssl/crypto/rsa/rsa_meth.c @@ -163,13 +163,13 @@ int RSA_meth_set_priv_dec(RSA_METHOD *meth, /* Can be null */ int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) - (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) + (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx) { return meth->rsa_mod_exp; } int RSA_meth_set_mod_exp(RSA_METHOD *meth, - int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, + int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx)) { meth->rsa_mod_exp = mod_exp; diff --git a/crypto/openssl/crypto/rsa/rsa_ossl.c b/crypto/openssl/crypto/rsa/rsa_ossl.c index d581777eec9b..2b1b006c2801 100644 --- a/crypto/openssl/crypto/rsa/rsa_ossl.c +++ b/crypto/openssl/crypto/rsa/rsa_ossl.c @@ -680,10 +680,11 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) */ || !bn_mod_sub_fixed_top(r1, r1, m1, rsa->p) - /* r0 = r0 * iqmp mod p */ + /* r1 = r1 * iqmp mod p */ || !bn_to_mont_fixed_top(r1, r1, rsa->_method_mod_p, ctx) || !bn_mul_mont_fixed_top(r1, r1, rsa->iqmp, rsa->_method_mod_p, ctx) + /* r0 = r1 * q + m1 */ || !bn_mul_fixed_top(r0, r1, rsa->q, ctx) || !bn_mod_add_fixed_top(r0, r0, m1, rsa->n)) goto err; diff --git a/crypto/openssl/crypto/sha/asm/keccak1600-s390x.pl b/crypto/openssl/crypto/sha/asm/keccak1600-s390x.pl index 3bce19be9ea4..1184cf233eba 100755 --- a/crypto/openssl/crypto/sha/asm/keccak1600-s390x.pl +++ b/crypto/openssl/crypto/sha/asm/keccak1600-s390x.pl @@ -432,9 +432,9 @@ SHA3_absorb: lrvg %r0,0($inp) la $inp,8($inp) xg %r0,0(%r1) - la %r1,8(%r1) a${g}hi $len,-8 - stg %r0,-8(%r1) + stg %r0,0(%r1) + la %r1,8(%r1) brct $bsz,.Lblock_absorb stm${g} $inp,$len,$frame+3*$SIZE_T($sp) diff --git a/crypto/openssl/crypto/sha/asm/sha512p8-ppc.pl b/crypto/openssl/crypto/sha/asm/sha512p8-ppc.pl index 2792800b475c..0d4fdd292c07 100755 --- a/crypto/openssl/crypto/sha/asm/sha512p8-ppc.pl +++ b/crypto/openssl/crypto/sha/asm/sha512p8-ppc.pl @@ -166,8 +166,8 @@ $func: addi r11,r11,32 stvx v30,r10,$sp stvx v31,r11,$sp - li r11,-4096+255 - stw $vrsave,`$FRAME+6*$SIZE_T-4`($sp) # save vrsave + li r11,-4096+255 # 0xfffff0ff + stw $vrsave,`$FRAME-6*$SIZE_T-4`($sp) # save vrsave li $x10,0x10 $PUSH r26,`$FRAME-6*$SIZE_T`($sp) li $x20,0x20 @@ -286,24 +286,17 @@ $code.=<<___ if ($SZ==8); stvx_u $G,$x30,$ctx ___ $code.=<<___; - li r10,`$LOCALS+15` + addi $offload,$sp,`$LOCALS+15` mtlr $lrsave - li r11,`$LOCALS+31` mtspr 256,$vrsave - lvx v24,r10,$sp # ABI says so - addi r10,r10,32 - lvx v25,r11,$sp - addi r11,r11,32 - lvx v26,r10,$sp - addi r10,r10,32 - lvx v27,r11,$sp - addi r11,r11,32 - lvx v28,r10,$sp - addi r10,r10,32 - lvx v29,r11,$sp - addi r11,r11,32 - lvx v30,r10,$sp - lvx v31,r11,$sp + lvx v24,$x00,$offload # ABI says so + lvx v25,$x10,$offload + lvx v26,$x20,$offload + lvx v27,$x30,$offload + lvx v28,$x40,$offload + lvx v29,$x50,$offload + lvx v30,$x60,$offload + lvx v31,$x70,$offload $POP r26,`$FRAME-6*$SIZE_T`($sp) $POP r27,`$FRAME-5*$SIZE_T`($sp) $POP r28,`$FRAME-4*$SIZE_T`($sp) diff --git a/crypto/openssl/crypto/siphash/siphash.c b/crypto/openssl/crypto/siphash/siphash.c index ff84a29f8215..be74a38d934d 100644 --- a/crypto/openssl/crypto/siphash/siphash.c +++ b/crypto/openssl/crypto/siphash/siphash.c @@ -94,7 +94,19 @@ int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size) && hash_size != SIPHASH_MAX_DIGEST_SIZE) return 0; - ctx->hash_size = hash_size; + /* + * It's possible that the key was set first. If the hash size changes, + * we need to adjust v1 (see SipHash_Init(). + */ + + /* Start by adjusting the stored size, to make things easier */ + ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size); + + /* Now, adjust ctx->v1 if the old and the new size differ */ + if ((size_t)ctx->hash_size != hash_size) { + ctx->v1 ^= 0xee; + ctx->hash_size = hash_size; + } return 1; } diff --git a/crypto/openssl/crypto/sm2/sm2_crypt.c b/crypto/openssl/crypto/sm2/sm2_crypt.c index 9c69a4505487..4389fc731edd 100644 --- a/crypto/openssl/crypto/sm2/sm2_crypt.c +++ b/crypto/openssl/crypto/sm2/sm2_crypt.c @@ -11,6 +11,7 @@ #include "internal/sm2.h" #include "internal/sm2err.h" +#include "internal/ec_int.h" /* ecdh_KDF_X9_63() */ #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/bn.h> @@ -203,7 +204,7 @@ int sm2_encrypt(const EC_KEY *key, } /* X9.63 with no salt happens to match the KDF used in SM2 */ - if (!ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, + if (!ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, digest)) { SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB); goto done; @@ -344,7 +345,7 @@ int sm2_decrypt(const EC_KEY *key, if (BN_bn2binpad(x2, x2y2, field_size) < 0 || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0 - || !ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, + || !ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, digest)) { SM2err(SM2_F_SM2_DECRYPT, ERR_R_INTERNAL_ERROR); goto done; diff --git a/crypto/openssl/crypto/sm2/sm2_sign.c b/crypto/openssl/crypto/sm2/sm2_sign.c index e594ffd10a0b..0f9c14cb5f4c 100644 --- a/crypto/openssl/crypto/sm2/sm2_sign.c +++ b/crypto/openssl/crypto/sm2/sm2_sign.c @@ -12,6 +12,7 @@ #include "internal/sm2.h" #include "internal/sm2err.h" #include "internal/ec_int.h" /* ec_group_do_inverse_ord() */ +#include "internal/numbers.h" #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/err.h> diff --git a/crypto/openssl/crypto/ui/ui_openssl.c b/crypto/openssl/crypto/ui/ui_openssl.c index 45d48202b561..6b996134df49 100644 --- a/crypto/openssl/crypto/ui/ui_openssl.c +++ b/crypto/openssl/crypto/ui/ui_openssl.c @@ -415,6 +415,24 @@ static int open_console(UI *ui) is_a_tty = 0; else # endif +# ifdef ENXIO + /* + * Solaris can return ENXIO. + * This should be ok + */ + if (errno == ENXIO) + is_a_tty = 0; + else +# endif +# ifdef EIO + /* + * Linux can return EIO. + * This should be ok + */ + if (errno == EIO) + is_a_tty = 0; + else +# endif # ifdef ENODEV /* * MacOS X returns ENODEV (Operation not supported by device), diff --git a/crypto/openssl/crypto/x509/by_dir.c b/crypto/openssl/crypto/x509/by_dir.c index 11ac52ce3c55..b3760dbadf3a 100644 --- a/crypto/openssl/crypto/x509/by_dir.c +++ b/crypto/openssl/crypto/x509/by_dir.c @@ -73,7 +73,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, switch (cmd) { case X509_L_ADD_DIR: if (argl == X509_FILETYPE_DEFAULT) { - const char *dir = getenv(X509_get_default_cert_dir_env()); + const char *dir = ossl_safe_getenv(X509_get_default_cert_dir_env()); if (dir) ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); diff --git a/crypto/openssl/crypto/x509/by_file.c b/crypto/openssl/crypto/x509/by_file.c index 78d7fbdf4488..244512c9352b 100644 --- a/crypto/openssl/crypto/x509/by_file.c +++ b/crypto/openssl/crypto/x509/by_file.c @@ -46,7 +46,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, switch (cmd) { case X509_L_FILE_LOAD: if (argl == X509_FILETYPE_DEFAULT) { - file = getenv(X509_get_default_cert_file_env()); + file = ossl_safe_getenv(X509_get_default_cert_file_env()); if (file) ok = (X509_load_cert_crl_file(ctx, file, X509_FILETYPE_PEM) != 0); diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c index 3a60d412daf8..61e81922b4da 100644 --- a/crypto/openssl/crypto/x509/x509_vfy.c +++ b/crypto/openssl/crypto/x509/x509_vfy.c @@ -517,15 +517,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) /* check_purpose() makes the callback as needed */ if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca)) return 0; - /* Check pathlen if not self issued */ - if ((i > 1) && !(x->ex_flags & EXFLAG_SI) - && (x->ex_pathlen != -1) - && (plen > (x->ex_pathlen + proxy_path_length + 1))) { + /* Check pathlen */ + if ((i > 1) && (x->ex_pathlen != -1) + && (plen > (x->ex_pathlen + proxy_path_length))) { if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED)) return 0; } - /* Increment path length if not self issued */ - if (!(x->ex_flags & EXFLAG_SI)) + /* Increment path length if not a self issued intermediate CA */ + if (i > 0 && (x->ex_flags & EXFLAG_SI) == 0) plen++; /* * If this certificate is a proxy certificate, the next certificate diff --git a/crypto/openssl/doc/man1/ca.pod b/crypto/openssl/doc/man1/ca.pod index 9b282e6479a8..e998eabf8358 100644 --- a/crypto/openssl/doc/man1/ca.pod +++ b/crypto/openssl/doc/man1/ca.pod @@ -250,8 +250,10 @@ for all available algorithms. =item B<-subj arg> Supersedes subject name given in the request. -The arg must be formatted as I</type0=value0/type1=value1/type2=...>, -characters may be escaped by \ (backslash), no spaces are skipped. +The arg must be formatted as I</type0=value0/type1=value1/type2=...>. +Keyword characters may be escaped by \ (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the resulting certificate. =item B<-utf8> diff --git a/crypto/openssl/doc/man1/enc.pod b/crypto/openssl/doc/man1/enc.pod index 01cca4ea93f1..2136a9497849 100644 --- a/crypto/openssl/doc/man1/enc.pod +++ b/crypto/openssl/doc/man1/enc.pod @@ -257,7 +257,7 @@ ones provided by configured engines. The B<enc> program does not support authenticated encryption modes like CCM and GCM, and will not support such modes in the future. The B<enc> interface by necessity must begin streaming output (e.g., -to standard output when B<-out> is not used before the authentication +to standard output when B<-out> is not used) before the authentication tag could be validated, leading to the usage of B<enc> in pipelines that begin processing untrusted data and are not capable of rolling back upon authentication failure. The AEAD modes currently in common @@ -277,6 +277,7 @@ standard data format and performs the needed key/iv/nonce management. bf-cbc Blowfish in CBC mode bf Alias for bf-cbc + blowfish Alias for bf-cbc bf-cfb Blowfish in CFB mode bf-ecb Blowfish in ECB mode bf-ofb Blowfish in OFB mode @@ -288,6 +289,8 @@ standard data format and performs the needed key/iv/nonce management. cast5-ecb CAST5 in ECB mode cast5-ofb CAST5 in OFB mode + chacha20 ChaCha20 algorithm + des-cbc DES in CBC mode des Alias for des-cbc des-cfb DES in CFB mode @@ -334,6 +337,19 @@ standard data format and performs the needed key/iv/nonce management. rc5-ecb RC5 cipher in ECB mode rc5-ofb RC5 cipher in OFB mode + seed-cbc SEED cipher in CBC mode + seed Alias for seed-cbc + seed-cfb SEED cipher in CFB mode + seed-ecb SEED cipher in ECB mode + seed-ofb SEED cipher in OFB mode + + sm4-cbc SM4 cipher in CBC mode + sm4 Alias for sm4-cbc + sm4-cfb SM4 cipher in CFB mode + sm4-ctr SM4 cipher in CTR mode + sm4-ecb SM4 cipher in ECB mode + sm4-ofb SM4 cipher in OFB mode + aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode aes[128|192|256] Alias for aes-[128|192|256]-cbc aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode @@ -343,6 +359,15 @@ standard data format and performs the needed key/iv/nonce management. aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode + aria-[128|192|256]-cbc 128/192/256 bit ARIA in CBC mode + aria[128|192|256] Alias for aria-[128|192|256]-cbc + aria-[128|192|256]-cfb 128/192/256 bit ARIA in 128 bit CFB mode + aria-[128|192|256]-cfb1 128/192/256 bit ARIA in 1 bit CFB mode + aria-[128|192|256]-cfb8 128/192/256 bit ARIA in 8 bit CFB mode + aria-[128|192|256]-ctr 128/192/256 bit ARIA in CTR mode + aria-[128|192|256]-ecb 128/192/256 bit ARIA in ECB mode + aria-[128|192|256]-ofb 128/192/256 bit ARIA in OFB mode + camellia-[128|192|256]-cbc 128/192/256 bit Camellia in CBC mode camellia[128|192|256] Alias for camellia-[128|192|256]-cbc camellia-[128|192|256]-cfb 128/192/256 bit Camellia in 128 bit CFB mode @@ -362,26 +387,25 @@ Decode the same file openssl base64 -d -in file.b64 -out file.bin -Encrypt a file using triple DES in CBC mode using a prompted password: +Encrypt a file using AES-128 using a prompted password +and PBKDF2 key derivation: - openssl des3 -salt -in file.txt -out file.des3 + openssl enc -aes128 -pbkdf2 -in file.txt -out file.aes128 Decrypt a file using a supplied password: - openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword + openssl enc -aes128 -pbkdf2 -d -in file.aes128 -out file.txt \ + -pass pass:<password> Encrypt a file then base64 encode it (so it can be sent via mail for example) -using Blowfish in CBC mode: - - openssl bf -a -salt -in file.txt -out file.bf - -Base64 decode a file then decrypt it: +using AES-256 in CTR mode and PBKDF2 key derivation: - openssl bf -d -salt -a -in file.bf -out file.txt + openssl enc -aes-256-ctr -pbkdf2 -a -in file.txt -out file.aes256 -Decrypt some data using a supplied 40 bit RC4 key: +Base64 decode a file then decrypt it using a password supplied in a file: - openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405 + openssl enc -aes-256-ctr -pbkdf2 -d -a -in file.aes256 -out file.txt \ + -pass file:<passfile> =head1 BUGS diff --git a/crypto/openssl/doc/man1/openssl.pod b/crypto/openssl/doc/man1/openssl.pod index c656a34ec032..a39cf963d988 100644 --- a/crypto/openssl/doc/man1/openssl.pod +++ b/crypto/openssl/doc/man1/openssl.pod @@ -40,6 +40,9 @@ The B<openssl> program provides a rich variety of commands (I<command> in the SYNOPSIS above), each of which often has a wealth of options and arguments (I<command_opts> and I<command_args> in the SYNOPSIS). +Detailed documentation and use cases for most standard subcommands are available +(e.g., L<x509(1)> or L<openssl-x509(1)>). + Many commands use an external configuration file for some or all of their arguments and have a B<-config> option to specify that file. The environment variable B<OPENSSL_CONF> can be used to specify @@ -369,8 +372,38 @@ SM3 Digest =head2 Encoding and Cipher Commands +The following aliases provide convenient access to the most used encodings +and ciphers. + +Depending on how OpenSSL was configured and built, not all ciphers listed +here may be present. See L<enc(1)> for more information and command usage. + =over 4 +=item B<aes128>, B<aes-128-cbc>, B<aes-128-cfb>, B<aes-128-ctr>, B<aes-128-ecb>, B<aes-128-ofb> + +AES-128 Cipher + +=item B<aes192>, B<aes-192-cbc>, B<aes-192-cfb>, B<aes-192-ctr>, B<aes-192-ecb>, B<aes-192-ofb> + +AES-192 Cipher + +=item B<aes256>, B<aes-256-cbc>, B<aes-256-cfb>, B<aes-256-ctr>, B<aes-256-ecb>, B<aes-256-ofb> + +AES-256 Cipher + +=item B<aria128>, B<aria-128-cbc>, B<aria-128-cfb>, B<aria-128-ctr>, B<aria-128-ecb>, B<aria-128-ofb> + +Aria-128 Cipher + +=item B<aria192>, B<aria-192-cbc>, B<aria-192-cfb>, B<aria-192-ctr>, B<aria-192-ecb>, B<aria-192-ofb> + +Aria-192 Cipher + +=item B<aria256>, B<aria-256-cbc>, B<aria-256-cfb>, B<aria-256-ctr>, B<aria-256-ecb>, B<aria-256-ofb> + +Aria-256 Cipher + =item B<base64> Base64 Encoding @@ -379,6 +412,18 @@ Base64 Encoding Blowfish Cipher +=item B<camellia128>, B<camellia-128-cbc>, B<camellia-128-cfb>, B<camellia-128-ctr>, B<camellia-128-ecb>, B<camellia-128-ofb> + +Camellia-128 Cipher + +=item B<camellia192>, B<camellia-192-cbc>, B<camellia-192-cfb>, B<camellia-192-ctr>, B<camellia-192-ecb>, B<camellia-192-ofb> + +Camellia-192 Cipher + +=item B<camellia256>, B<camellia-256-cbc>, B<camellia-256-cfb>, B<camellia-256-ctr>, B<camellia-256-ecb>, B<camellia-256-ofb> + +Camellia-256 Cipher + =item B<cast>, B<cast-cbc> CAST Cipher @@ -387,6 +432,10 @@ CAST Cipher CAST5 Cipher +=item B<chacha20> + +Chacha20 Cipher + =item B<des>, B<des-cbc>, B<des-cfb>, B<des-ecb>, B<des-ede>, B<des-ede-cbc>, B<des-ede-cfb>, B<des-ede-ofb>, B<des-ofb> DES Cipher @@ -411,6 +460,14 @@ RC4 Cipher RC5 Cipher +=item B<seed>, B<seed-cbc>, B<seed-cfb>, B<seed-ecb>, B<seed-ofb> + +SEED Cipher + +=item B<sm4>, B<sm4-cbc>, B<sm4-cfb>, B<sm4-ctr>, B<sm4-ecb>, B<sm4-ofb> + +SM4 Cipher + =back =head1 OPTIONS diff --git a/crypto/openssl/doc/man1/req.pod b/crypto/openssl/doc/man1/req.pod index 113cd9b6c985..c76d63d6fd81 100644 --- a/crypto/openssl/doc/man1/req.pod +++ b/crypto/openssl/doc/man1/req.pod @@ -221,8 +221,10 @@ see L<openssl(1)/COMMAND SUMMARY>. Sets subject name for new request or supersedes the subject name when processing a request. -The arg must be formatted as I</type0=value0/type1=value1/type2=...>, -characters may be escaped by \ (backslash), no spaces are skipped. +The arg must be formatted as I</type0=value0/type1=value1/type2=...>. +Keyword characters may be escaped by \ (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the request. =item B<-multivalue-rdn> diff --git a/crypto/openssl/doc/man1/rsa.pod b/crypto/openssl/doc/man1/rsa.pod index 14a8fb1e2989..37f64616c00f 100644 --- a/crypto/openssl/doc/man1/rsa.pod +++ b/crypto/openssl/doc/man1/rsa.pod @@ -9,8 +9,8 @@ rsa - RSA key processing tool B<openssl> B<rsa> [B<-help>] -[B<-inform PEM|NET|DER>] -[B<-outform PEM|NET|DER>] +[B<-inform PEM|DER>] +[B<-outform PEM|DER>] [B<-in filename>] [B<-passin arg>] [B<-out filename>] @@ -53,16 +53,15 @@ utility. Print out a usage message. -=item B<-inform DER|NET|PEM> +=item B<-inform DER|PEM> This specifies the input format. The B<DER> option uses an ASN1 DER encoded form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format. The B<PEM> form is the default format: it consists of the B<DER> format base64 encoded with additional header and footer lines. On input PKCS#8 format private -keys are also accepted. The B<NET> form is a format is described in the B<NOTES> -section. +keys are also accepted. -=item B<-outform DER|NET|PEM> +=item B<-outform DER|PEM> This specifies the output format, the options have the same meaning and default as the B<-inform> option. @@ -158,17 +157,6 @@ The PEM B<RSAPublicKey> format uses the header and footer lines: -----BEGIN RSA PUBLIC KEY----- -----END RSA PUBLIC KEY----- -The B<NET> form is a format compatible with older Netscape servers -and Microsoft IIS .key files, this uses unsalted RC4 for its encryption. -It is not very secure and so should only be used when necessary. - -Some newer version of IIS have additional data in the exported .key -files. To use these with the utility, view the file with a binary editor -and look for the string "private-key", then trace back to the byte -sequence 0x30, 0x82 (this is an ASN1 SEQUENCE). Copy all the data -from this point onwards to another file and use that as the input -to the B<rsa> utility with the B<-inform NET> option. - =head1 EXAMPLES To remove the pass phrase on an RSA private key: @@ -197,9 +185,6 @@ Output the public part of a private key in B<RSAPublicKey> format: =head1 BUGS -The command line password arguments don't currently work with -B<NET> format. - There should be an option that automatically handles .key files, without having to manually edit them. diff --git a/crypto/openssl/doc/man1/s_server.pod b/crypto/openssl/doc/man1/s_server.pod index 07016fc46131..f4c4eda35313 100644 --- a/crypto/openssl/doc/man1/s_server.pod +++ b/crypto/openssl/doc/man1/s_server.pod @@ -405,13 +405,14 @@ Inhibit printing of session and certificate information. Sends a status message back to the client when it connects. This includes information about the ciphers used and various session parameters. The output is in HTML format so this option will normally be used with a -web browser. +web browser. Cannot be used in conjunction with B<-early_data>. =item B<-WWW> Emulates a simple web server. Pages will be resolved relative to the current directory, for example if the URL https://myhost/page.html is -requested the file ./page.html will be loaded. +requested the file ./page.html will be loaded. Cannot be used in conjunction +with B<-early_data>. =item B<-tlsextdebug> @@ -423,7 +424,8 @@ Emulates a simple web server. Pages will be resolved relative to the current directory, for example if the URL https://myhost/page.html is requested the file ./page.html will be loaded. The files loaded are assumed to contain a complete and correct HTTP response (lines that -are part of the HTTP response line and headers must end with CRLF). +are part of the HTTP response line and headers must end with CRLF). Cannot be +used in conjunction with B<-early_data>. =item B<-id_prefix val> @@ -488,7 +490,8 @@ output. =item B<-rev> Simple test server which just reverses the text received from the client -and sends it back to the server. Also sets B<-brief>. +and sends it back to the server. Also sets B<-brief>. Cannot be used in +conjunction with B<-early_data>. =item B<-async> @@ -711,7 +714,8 @@ greater than or equal to 0. =item B<-early_data> -Accept early data where possible. +Accept early data where possible. Cannot be used in conjunction with B<-www>, +B<-WWW>, B<-HTTP> or B<-rev>. =item B<-anti_replay>, B<-no_anti_replay> diff --git a/crypto/openssl/doc/man1/storeutl.pod b/crypto/openssl/doc/man1/storeutl.pod index 3f26ab500b83..083f0282469e 100644 --- a/crypto/openssl/doc/man1/storeutl.pod +++ b/crypto/openssl/doc/man1/storeutl.pod @@ -82,8 +82,11 @@ returned. =item B<-subject arg> Search for an object having the subject name B<arg>. -The arg must be formatted as I</type0=value0/type1=value1/type2=...>, -characters may be escaped by \ (backslash), no spaces are skipped. +The arg must be formatted as I</type0=value0/type1=value1/type2=...>. +Keyword characters may be escaped by \ (backslash), and whitespace is retained. +Empty values are permitted but are ignored for the search. That is, +a search with an empty value will have the same effect as not specifying +the type at all. =item B<-issuer arg> diff --git a/crypto/openssl/doc/man1/x509.pod b/crypto/openssl/doc/man1/x509.pod index 6e4d28815530..547da5da2368 100644 --- a/crypto/openssl/doc/man1/x509.pod +++ b/crypto/openssl/doc/man1/x509.pod @@ -9,8 +9,8 @@ x509 - Certificate display and signing utility B<openssl> B<x509> [B<-help>] -[B<-inform DER|PEM|NET>] -[B<-outform DER|PEM|NET>] +[B<-inform DER|PEM>] +[B<-outform DER|PEM>] [B<-keyform DER|PEM>] [B<-CAform DER|PEM>] [B<-CAkeyform DER|PEM>] @@ -86,16 +86,15 @@ various sections. Print out a usage message. -=item B<-inform DER|PEM|NET> +=item B<-inform DER|PEM> This specifies the input format normally the command will expect an X509 certificate but this can change if other options such as B<-req> are present. The DER format is the DER encoding of the certificate and PEM is the base64 encoding of the DER encoding with header and footer lines -added. The NET option is an obscure Netscape server format that is now -obsolete. The default format is PEM. +added. The default format is PEM. -=item B<-outform DER|PEM|NET> +=item B<-outform DER|PEM> This specifies the output format, the options have the same meaning and default as the B<-inform> option. diff --git a/crypto/openssl/doc/man3/DES_random_key.pod b/crypto/openssl/doc/man3/DES_random_key.pod index f543bea1ee7b..6e0394d637b2 100644 --- a/crypto/openssl/doc/man3/DES_random_key.pod +++ b/crypto/openssl/doc/man3/DES_random_key.pod @@ -99,7 +99,7 @@ algorithm. There are two phases to the use of DES encryption. The first is the generation of a I<DES_key_schedule> from a key, the second is the -actual encryption. A DES key is of type I<DES_cblock>. This type is +actual encryption. A DES key is of type I<DES_cblock>. This type consists of 8 bytes with odd parity. The least significant bit in each byte is the parity bit. The key schedule is an expanded form of the key; it is used to speed the encryption process. @@ -170,42 +170,42 @@ of 24 bytes. This is much better than CBC DES. DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with three keys. This means that each DES operation inside the CBC mode is -an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL. +C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL. The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by reusing I<ks1> for the final encryption. C<C=E(ks1,D(ks2,E(ks1,M)))>. This form of Triple-DES is used by the RSAREF library. -DES_pcbc_encrypt() encrypt/decrypts using the propagating cipher block +DES_pcbc_encrypt() encrypts/decrypts using the propagating cipher block chaining mode used by Kerberos v4. Its parameters are the same as DES_ncbc_encrypt(). -DES_cfb_encrypt() encrypt/decrypts using cipher feedback mode. This -method takes an array of characters as input and outputs and array of +DES_cfb_encrypt() encrypts/decrypts using cipher feedback mode. This +method takes an array of characters as input and outputs an array of characters. It does not require any padding to 8 character groups. Note: the I<ivec> variable is changed and the new changed value needs to be passed to the next call to this function. Since this function runs a complete DES ECB encryption per I<numbits>, this function is only -suggested for use when sending small numbers of characters. +suggested for use when sending a small number of characters. DES_cfb64_encrypt() -implements CFB mode of DES with 64bit feedback. Why is this +implements CFB mode of DES with 64-bit feedback. Why is this useful you ask? Because this routine will allow you to encrypt an -arbitrary number of bytes, no 8 byte padding. Each call to this +arbitrary number of bytes, without 8 byte padding. Each call to this routine will encrypt the input bytes to output and then update ivec and num. num contains 'how far' we are though ivec. If this does -not make much sense, read more about cfb mode of DES :-). +not make much sense, read more about CFB mode of DES. DES_ede3_cfb64_encrypt() and DES_ede2_cfb64_encrypt() is the same as DES_cfb64_encrypt() except that Triple-DES is used. DES_ofb_encrypt() encrypts using output feedback mode. This method -takes an array of characters as input and outputs and array of +takes an array of characters as input and outputs an array of characters. It does not require any padding to 8 character groups. Note: the I<ivec> variable is changed and the new changed value needs to be passed to the next call to this function. Since this function runs -a complete DES ECB encryption per numbits, this function is only -suggested for use when sending small numbers of characters. +a complete DES ECB encryption per I<numbits>, this function is only +suggested for use when sending a small number of characters. DES_ofb64_encrypt() is the same as DES_cfb64_encrypt() using Output Feed Back mode. @@ -232,10 +232,10 @@ The following are DES-based transformations: DES_fcrypt() is a fast version of the Unix crypt(3) function. This version takes only a small amount of space relative to other fast -crypt() implementations. This is different to the normal crypt in +crypt() implementations. This is different to the normal crypt() in that the third parameter is the buffer that the return value is written into. It needs to be at least 14 bytes long. This function -is thread safe, unlike the normal crypt. +is thread safe, unlike the normal crypt(). DES_crypt() is a faster replacement for the normal system crypt(). This function calls DES_fcrypt() with a static array passed as the diff --git a/crypto/openssl/doc/man3/EVP_DigestInit.pod b/crypto/openssl/doc/man3/EVP_DigestInit.pod index 0fedd17ce6c6..5ecbcc5e8992 100644 --- a/crypto/openssl/doc/man3/EVP_DigestInit.pod +++ b/crypto/openssl/doc/man3/EVP_DigestInit.pod @@ -310,16 +310,17 @@ This example digests the data "Test Message\n" and "Hello World\n", using the digest name passed on the command line. #include <stdio.h> + #include <string.h> #include <openssl/evp.h> - main(int argc, char *argv[]) + int main(int argc, char *argv[]) { EVP_MD_CTX *mdctx; const EVP_MD *md; char mess1[] = "Test Message\n"; char mess2[] = "Hello World\n"; unsigned char md_value[EVP_MAX_MD_SIZE]; - int md_len, i; + unsigned int md_len, i; if (argv[1] == NULL) { printf("Usage: mdtest digestname\n"); diff --git a/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod b/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod index e1a107c06e3c..4982e9205305 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -4,20 +4,55 @@ EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, +EVP_PKEY_CTX_ctrl_uint64, +EVP_PKEY_CTX_md, EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_get_signature_md, EVP_PKEY_CTX_set_mac_key, EVP_PKEY_CTX_set_rsa_padding, +EVP_PKEY_CTX_get_rsa_padding, EVP_PKEY_CTX_set_rsa_pss_saltlen, +EVP_PKEY_CTX_get_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_keygen_bits, EVP_PKEY_CTX_set_rsa_keygen_pubexp, +EVP_PKEY_CTX_set_rsa_keygen_primes, +EVP_PKEY_CTX_set_rsa_mgf1_md, +EVP_PKEY_CTX_get_rsa_mgf1_md, +EVP_PKEY_CTX_set_rsa_oaep_md, +EVP_PKEY_CTX_get_rsa_oaep_md, +EVP_PKEY_CTX_set0_rsa_oaep_label, +EVP_PKEY_CTX_get0_rsa_oaep_label, EVP_PKEY_CTX_set_dsa_paramgen_bits, EVP_PKEY_CTX_set_dh_paramgen_prime_len, +EVP_PKEY_CTX_set_dh_paramgen_subprime_len, EVP_PKEY_CTX_set_dh_paramgen_generator, +EVP_PKEY_CTX_set_dh_paramgen_type, +EVP_PKEY_CTX_set_dh_rfc5114, +EVP_PKEY_CTX_set_dhx_rfc5114, EVP_PKEY_CTX_set_dh_pad, EVP_PKEY_CTX_set_dh_nid, +EVP_PKEY_CTX_set_dh_kdf_type, +EVP_PKEY_CTX_get_dh_kdf_type, +EVP_PKEY_CTX_set0_dh_kdf_oid, +EVP_PKEY_CTX_get0_dh_kdf_oid, +EVP_PKEY_CTX_set_dh_kdf_md, +EVP_PKEY_CTX_get_dh_kdf_md, +EVP_PKEY_CTX_set_dh_kdf_outlen, +EVP_PKEY_CTX_get_dh_kdf_outlen, +EVP_PKEY_CTX_set0_dh_kdf_ukm, +EVP_PKEY_CTX_get0_dh_kdf_ukm, EVP_PKEY_CTX_set_ec_paramgen_curve_nid, EVP_PKEY_CTX_set_ec_param_enc, +EVP_PKEY_CTX_set_ecdh_cofactor_mode, +EVP_PKEY_CTX_get_ecdh_cofactor_mode, +EVP_PKEY_CTX_set_ecdh_kdf_type, +EVP_PKEY_CTX_get_ecdh_kdf_type, +EVP_PKEY_CTX_set_ecdh_kdf_md, +EVP_PKEY_CTX_get_ecdh_kdf_md, +EVP_PKEY_CTX_set_ecdh_kdf_outlen, +EVP_PKEY_CTX_get_ecdh_kdf_outlen, +EVP_PKEY_CTX_set0_ecdh_kdf_ukm, +EVP_PKEY_CTX_get0_ecdh_kdf_ukm, EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len - algorithm specific control operations @@ -27,9 +62,13 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2); + int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, uint64_t value); int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value); + int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); + int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd); @@ -38,22 +77,58 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len #include <openssl/rsa.h> int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad); + int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad); int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len); + int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *len); int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits); int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); + int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes); + int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); + int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); + int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len); + int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); #include <openssl/dsa.h> + int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); #include <openssl/dh.h> + int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len); + int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int len); int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen); + int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int type); int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad); int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid); + int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); + int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); + int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); + int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx); + int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid); + int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid); + int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); + int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); + int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); + int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); + int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); #include <openssl/ec.h> + int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc); + int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode); + int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx); + int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); + int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx); + int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); + int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); + int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); + int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); + int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len); int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id); @@ -73,6 +148,9 @@ and B<p2> is MAC key. This is used by Poly1305, SipHash, HMAC and CMAC. Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will instead call one of the algorithm specific macros below. +The function EVP_PKEY_CTX_ctrl_uint64() is a wrapper that directly passes a +uint64 value as B<p2> to EVP_PKEY_CTX_ctrl(). + The function EVP_PKEY_CTX_ctrl_str() allows an application to send an algorithm specific control operation to a context B<ctx> in string form. This is intended to be used for options specified on the command line or in text @@ -80,6 +158,9 @@ files. The commands supported are documented in the openssl utility command line pages for the option B<-pkeyopt> which is supported by the B<pkeyutl>, B<genpkey> and B<req> commands. +The function EVP_PKEY_CTX_md() sends a message digest control operation +to the context B<ctx>. The message digest is specified by its name B<md>. + All the remaining "functions" are implemented as macros. The EVP_PKEY_CTX_set_signature_md() macro sets the message digest type used @@ -99,12 +180,14 @@ L<EVP_PKEY_new_raw_private_key(3)> or similar functions instead of this macro. The EVP_PKEY_CTX_set_mac_key() macro can be used with any of the algorithms supported by the L<EVP_PKEY_new_raw_private_key(3)> function. -The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>. -The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding, -RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for no padding, -RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and decrypt only), -RSA_X931_PADDING for X9.31 padding (signature operations only) and -RSA_PKCS1_PSS_PADDING (sign and verify only). +=head2 RSA parameters + +The EVP_PKEY_CTX_set_rsa_padding() macro sets the RSA padding mode for B<ctx>. +The B<pad> parameter can take the value B<RSA_PKCS1_PADDING> for PKCS#1 +padding, B<RSA_SSLV23_PADDING> for SSLv23 padding, B<RSA_NO_PADDING> for +no padding, B<RSA_PKCS1_OAEP_PADDING> for OAEP padding (encrypt and +decrypt only), B<RSA_X931_PADDING> for X9.31 padding (signature operations +only) and B<RSA_PKCS1_PSS_PADDING> (sign and verify only). Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md() is used. If this macro is called for PKCS#1 padding the plaintext buffer is @@ -116,41 +199,154 @@ padding for RSA the algorithm identifier byte is added or checked and removed if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte. +The EVP_PKEY_CTX_get_rsa_padding() macro gets the RSA padding mode for B<ctx>. + The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro sets the RSA PSS salt length to -B<len> as its name implies it is only supported for PSS padding. Three special -values are supported: RSA_PSS_SALTLEN_DIGEST sets the salt length to the -digest length, RSA_PSS_SALTLEN_MAX sets the salt length to the maximum -permissible value. When verifying RSA_PSS_SALTLEN_AUTO causes the salt length +B<len>. As its name implies it is only supported for PSS padding. Three special +values are supported: B<RSA_PSS_SALTLEN_DIGEST> sets the salt length to the +digest length, B<RSA_PSS_SALTLEN_MAX> sets the salt length to the maximum +permissible value. When verifying B<RSA_PSS_SALTLEN_AUTO> causes the salt length to be automatically determined based on the B<PSS> block structure. If this macro is not called maximum salt length is used when signing and auto detection when verifying is used by default. +The EVP_PKEY_CTX_get_rsa_pss_saltlen() macro gets the RSA PSS salt length +for B<ctx>. The padding mode must have been set to B<RSA_PKCS1_PSS_PADDING>. + The EVP_PKEY_CTX_set_rsa_keygen_bits() macro sets the RSA key length for RSA key generation to B<bits>. If not specified 1024 bits is used. The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value -for RSA key generation to B<pubexp> currently it should be an odd integer. The +for RSA key generation to B<pubexp>. Currently it should be an odd integer. The B<pubexp> pointer is used internally by this function so it should not be -modified or free after the call. If this macro is not called then 65537 is used. +modified or freed after the call. If not specified 65537 is used. + +The EVP_PKEY_CTX_set_rsa_keygen_primes() macro sets the number of primes for +RSA key generation to B<primes>. If not specified 2 is used. + +The EVP_PKEY_CTX_set_rsa_mgf1_md() macro sets the MGF1 digest for RSA padding +schemes to B<md>. If not explicitly set the signing digest is used. The +padding mode must have been set to B<RSA_PKCS1_OAEP_PADDING> +or B<RSA_PKCS1_PSS_PADDING>. + +The EVP_PKEY_CTX_get_rsa_mgf1_md() macro gets the MGF1 digest for B<ctx>. +If not explicitly set the signing digest is used. The padding mode must have +been set to B<RSA_PKCS1_OAEP_PADDING> or B<RSA_PKCS1_PSS_PADDING>. + +The EVP_PKEY_CTX_set_rsa_oaep_md() macro sets the message digest type used +in RSA OAEP to B<md>. The padding mode must have been set to +B<RSA_PKCS1_OAEP_PADDING>. + +The EVP_PKEY_CTX_get_rsa_oaep_md() macro gets the message digest type used +in RSA OAEP to B<md>. The padding mode must have been set to +B<RSA_PKCS1_OAEP_PADDING>. + +The EVP_PKEY_CTX_set0_rsa_oaep_label() macro sets the RSA OAEP label to +B<label> and its length to B<len>. If B<label> is NULL or B<len> is 0, +the label is cleared. The library takes ownership of the label so the +caller should not free the original memory pointed to by B<label>. +The padding mode must have been set to B<RSA_PKCS1_OAEP_PADDING>. + +The EVP_PKEY_CTX_get0_rsa_oaep_label() macro gets the RSA OAEP label to +B<label>. The return value is the label length. The padding mode +must have been set to B<RSA_PKCS1_OAEP_PADDING>. The resulting pointer is owned +by the library and should not be freed by the caller. + +=head2 DSA parameters -The macro EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used +The EVP_PKEY_CTX_set_dsa_paramgen_bits() macro sets the number of bits used for DSA parameter generation to B<bits>. If not specified 1024 is used. -The macro EVP_PKEY_CTX_set_dh_paramgen_prime_len() sets the length of the DH +=head2 DH parameters + +The EVP_PKEY_CTX_set_dh_paramgen_prime_len() macro sets the length of the DH prime parameter B<p> for DH parameter generation. If this macro is not called -then 1024 is used. +then 1024 is used. Only accepts lengths greater than or equal to 256. + +The EVP_PKEY_CTX_set_dh_paramgen_subprime_len() macro sets the length of the DH +optional subprime parameter B<q> for DH parameter generation. The default is +256 if the prime is at least 2048 bits long or 160 otherwise. The DH +paramgen type must have been set to x9.42. The EVP_PKEY_CTX_set_dh_paramgen_generator() macro sets DH generator to B<gen> for DH parameter generation. If not specified 2 is used. +The EVP_PKEY_CTX_set_dh_paramgen_type() macro sets the key type for DH +parameter generation. Use 0 for PKCS#3 DH and 1 for X9.42 DH. +The default is 0. + The EVP_PKEY_CTX_set_dh_pad() macro sets the DH padding mode. If B<pad> is 1 the shared secret is padded with zeroes up to the size of the DH prime B<p>. If B<pad> is zero (the default) then no padding is performed. EVP_PKEY_CTX_set_dh_nid() sets the DH parameters to values corresponding to -B<nid>. The B<nid> parameter must be B<NID_ffdhe2048>, B<NID_ffdhe3072>, -B<NID_ffdhe4096>, B<NID_ffdhe6144> or B<NID_ffdhe8192>. This macro can be -called during parameter or key generation. +B<nid> as defined in RFC7919. The B<nid> parameter must be B<NID_ffdhe2048>, +B<NID_ffdhe3072>, B<NID_ffdhe4096>, B<NID_ffdhe6144>, B<NID_ffdhe8192> +or B<NID_undef> to clear the stored value. This macro can be called during +parameter or key generation. +The nid parameter and the rfc5114 parameter are mutually exclusive. + +The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are +synonymous. They set the DH parameters to the values defined in RFC5114. The +B<rfc5114> parameter must be 1, 2 or 3 corresponding to RFC5114 sections +2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called +during parameter generation. The B<ctx> must have a key type of +B<EVP_PKEY_DHX>. +The rfc5114 parameter and the nid parameter are mutually exclusive. + +=head2 DH key derivation function parameters + +Note that all of the following functions require that the B<ctx> parameter has +a private key type of B<EVP_PKEY_DHX>. When using key derivation, the output of +EVP_PKEY_derive() is the output of the KDF instead of the DH shared secret. +The KDF output is typically used as a Key Encryption Key (KEK) that in turn +encrypts a Content Encryption Key (CEK). + +The EVP_PKEY_CTX_set_dh_kdf_type() macro sets the key derivation function type +to B<kdf> for DH key derivation. Possible values are B<EVP_PKEY_DH_KDF_NONE> +and B<EVP_PKEY_DH_KDF_X9_42> which uses the key derivation specified in RFC2631 +(based on the keying algorithm described in X9.42). When using key derivation, +the B<kdf_oid>, B<kdf_md> and B<kdf_outlen> parameters must also be specified. + +The EVP_PKEY_CTX_get_dh_kdf_type() macro gets the key derivation function type +for B<ctx> used for DH key derivation. Possible values are B<EVP_PKEY_DH_KDF_NONE> +and B<EVP_PKEY_DH_KDF_X9_42>. + +The EVP_PKEY_CTX_set0_dh_kdf_oid() macro sets the key derivation function +object identifier to B<oid> for DH key derivation. This OID should identify +the algorithm to be used with the Content Encryption Key. +The library takes ownership of the object identifier so the caller should not +free the original memory pointed to by B<oid>. + +The EVP_PKEY_CTX_get0_dh_kdf_oid() macro gets the key derivation function oid +for B<ctx> used for DH key derivation. The resulting pointer is owned by the +library and should not be freed by the caller. + +The EVP_PKEY_CTX_set_dh_kdf_md() macro sets the key derivation function +message digest to B<md> for DH key derivation. Note that RFC2631 specifies +that this digest should be SHA1 but OpenSSL tolerates other digests. + +The EVP_PKEY_CTX_get_dh_kdf_md() macro gets the key derivation function +message digest for B<ctx> used for DH key derivation. + +The EVP_PKEY_CTX_set_dh_kdf_outlen() macro sets the key derivation function +output length to B<len> for DH key derivation. + +The EVP_PKEY_CTX_get_dh_kdf_outlen() macro gets the key derivation function +output length for B<ctx> used for DH key derivation. + +The EVP_PKEY_CTX_set0_dh_kdf_ukm() macro sets the user key material to +B<ukm> and its length to B<len> for DH key derivation. This parameter is optional +and corresponds to the partyAInfo field in RFC2631 terms. The specification +requires that it is 512 bits long but this is not enforced by OpenSSL. +The library takes ownership of the user key material so the caller should not +free the original memory pointed to by B<ukm>. + +The EVP_PKEY_CTX_get0_dh_kdf_ukm() macro gets the user key material for B<ctx>. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller. + +=head2 EC parameters The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter generation to B<nid>. For EC parameter generation this macro must be called @@ -158,7 +354,7 @@ or an error occurs because there is no default curve. This function can also be called to set the curve explicitly when generating an EC key. -The EVP_PKEY_CTX_set_ec_param_enc() sets the EC parameter encoding to +The EVP_PKEY_CTX_set_ec_param_enc() macro sets the EC parameter encoding to B<param_enc> when generating EC parameters or an EC key. The encoding can be B<OPENSSL_EC_EXPLICIT_CURVE> for explicit parameters (the default in versions of OpenSSL before 1.1.0) or B<OPENSSL_EC_NAMED_CURVE> to use named curve form. @@ -166,6 +362,53 @@ For maximum compatibility the named curve form should be used. Note: the B<OPENSSL_EC_NAMED_CURVE> value was only added to OpenSSL 1.1.0; previous versions should use 0 instead. +=head2 ECDH parameters + +The EVP_PKEY_CTX_set_ecdh_cofactor_mode() macro sets the cofactor mode to +B<cofactor_mode> for ECDH key derivation. Possible values are 1 to enable +cofactor key derivation, 0 to disable it and -1 to clear the stored cofactor +mode and fallback to the private key cofactor mode. + +The EVP_PKEY_CTX_get_ecdh_cofactor_mode() macro returns the cofactor mode for +B<ctx> used for ECDH key derivation. Possible values are 1 when cofactor key +derivation is enabled and 0 otherwise. + +=head2 ECDH key derivation function parameters + +The EVP_PKEY_CTX_set_ecdh_kdf_type() macro sets the key derivation function type +to B<kdf> for ECDH key derivation. Possible values are B<EVP_PKEY_ECDH_KDF_NONE> +and B<EVP_PKEY_ECDH_KDF_X9_63> which uses the key derivation specified in X9.63. +When using key derivation, the B<kdf_md> and B<kdf_outlen> parameters must +also be specified. + +The EVP_PKEY_CTX_get_ecdh_kdf_type() macro returns the key derivation function +type for B<ctx> used for ECDH key derivation. Possible values are +B<EVP_PKEY_ECDH_KDF_NONE> and B<EVP_PKEY_ECDH_KDF_X9_63>. + +The EVP_PKEY_CTX_set_ecdh_kdf_md() macro sets the key derivation function +message digest to B<md> for ECDH key derivation. Note that X9.63 specifies +that this digest should be SHA1 but OpenSSL tolerates other digests. + +The EVP_PKEY_CTX_get_ecdh_kdf_md() macro gets the key derivation function +message digest for B<ctx> used for ECDH key derivation. + +The EVP_PKEY_CTX_set_ecdh_kdf_outlen() macro sets the key derivation function +output length to B<len> for ECDH key derivation. + +The EVP_PKEY_CTX_get_ecdh_kdf_outlen() macro gets the key derivation function +output length for B<ctx> used for ECDH key derivation. + +The EVP_PKEY_CTX_set0_ecdh_kdf_ukm() macro sets the user key material to B<ukm> +for ECDH key derivation. This parameter is optional and corresponds to the +shared info in X9.63 terms. The library takes ownership of the user key material +so the caller should not free the original memory pointed to by B<ukm>. + +The EVP_PKEY_CTX_get0_ecdh_kdf_ukm() macro gets the user key material for B<ctx>. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller. + +=head2 Other parameters + The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len() macros are used to manipulate the special identifier field for specific signature algorithms such as SM2. The EVP_PKEY_CTX_set1_id() sets an ID pointed by B<id> with @@ -191,7 +434,7 @@ L<EVP_PKEY_decrypt(3)>, L<EVP_PKEY_sign(3)>, L<EVP_PKEY_verify(3)>, L<EVP_PKEY_verify_recover(3)>, -L<EVP_PKEY_derive(3)> +L<EVP_PKEY_derive(3)>, L<EVP_PKEY_keygen(3)> =head1 HISTORY diff --git a/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod b/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod index 1433a50a6ffe..e8f19cfc9980 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod @@ -68,12 +68,12 @@ error occurs. =back -EVP_PKEY_set_hkdf_md() sets the message digest associated with the HKDF. +EVP_PKEY_CTX_set_hkdf_md() sets the message digest associated with the HKDF. EVP_PKEY_CTX_set1_hkdf_salt() sets the salt to B<saltlen> bytes of the buffer B<salt>. Any existing value is replaced. -EVP_PKEY_CTX_set_hkdf_key() sets the key to B<keylen> bytes of the buffer +EVP_PKEY_CTX_set1_hkdf_key() sets the key to B<keylen> bytes of the buffer B<key>. Any existing value is replaced. EVP_PKEY_CTX_add1_hkdf_info() sets the info value to B<infolen> bytes of the diff --git a/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod b/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod index bd1193e24a5b..7578278a6cfc 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod @@ -32,7 +32,7 @@ The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro is used to set the salt length. If the key has usage restrictions then an error is returned if an attempt is made to set the salt length below the minimum value. It is otherwise similar to the B<RSA> operation except detection of the salt length (using -RSA_PSS_SALTLEN_AUTO is not supported for verification if the key has +RSA_PSS_SALTLEN_AUTO) is not supported for verification if the key has usage restrictions. The EVP_PKEY_CTX_set_signature_md() and EVP_PKEY_CTX_set_rsa_mgf1_md() macros @@ -43,7 +43,7 @@ similar to the B<RSA> versions. =head2 Key Generation -As with RSA key generation the EVP_PKEY_CTX_set_rsa_rsa_keygen_bits() +As with RSA key generation the EVP_PKEY_CTX_set_rsa_keygen_bits() and EVP_PKEY_CTX_set_rsa_keygen_pubexp() macros are supported for RSA-PSS: they have exactly the same meaning as for the RSA algorithm. diff --git a/crypto/openssl/doc/man3/EVP_PKEY_set1_RSA.pod b/crypto/openssl/doc/man3/EVP_PKEY_set1_RSA.pod index 749c52c375af..d10fc59d8bcc 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_set1_RSA.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_set1_RSA.pod @@ -6,8 +6,10 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, -EVP_PKEY_assign_EC_KEY, EVP_PKEY_get0_hmac, EVP_PKEY_type, EVP_PKEY_id, -EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine - EVP_PKEY assignment functions +EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, +EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, +EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, +EVP_PKEY_set1_engine - EVP_PKEY assignment functions =head1 SYNOPSIS @@ -24,6 +26,8 @@ EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine - EVP_PKEY assig EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); + const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); + const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey); @@ -33,6 +37,8 @@ EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine - EVP_PKEY assig int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key); int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key); int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); + int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); + int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); int EVP_PKEY_id(const EVP_PKEY *pkey); int EVP_PKEY_base_id(const EVP_PKEY *pkey); @@ -50,14 +56,15 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or B<NULL> if the key is not of the correct type. -EVP_PKEY_get0_hmac(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), -EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() also return the -referenced key in B<pkey> or B<NULL> if the key is not of the -correct type but the reference count of the returned key is -B<not> incremented and so must not be freed up after use. +EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(), +EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() +and EVP_PKEY_get0_EC_KEY() also return the referenced key in B<pkey> or B<NULL> +if the key is not of the correct type but the reference count of the +returned key is B<not> incremented and so must not be freed up after use. -EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() -and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key> +EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), +EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and +EVP_PKEY_assign_SIPHASH() also set the referenced key to B<key> however these use the supplied B<key> internally and so B<key> will be freed when the parent B<pkey> is freed. @@ -89,8 +96,9 @@ In accordance with the OpenSSL naming convention the key obtained from or assigned to the B<pkey> using the B<1> functions must be freed as well as B<pkey>. -EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() -and EVP_PKEY_assign_EC_KEY() are implemented as macros. +EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), +EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() +and EVP_PKEY_assign_SIPHASH() are implemented as macros. Most applications wishing to know a key type will simply call EVP_PKEY_base_id() and will not care about the actual type: @@ -119,8 +127,9 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if an error occurred. -EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() -and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure. +EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), +EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() +and EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure. EVP_PKEY_base_id(), EVP_PKEY_id() and EVP_PKEY_type() return a key type or B<NID_undef> (equivalently B<EVP_PKEY_NONE>) on error. diff --git a/crypto/openssl/doc/man3/EVP_aes.pod b/crypto/openssl/doc/man3/EVP_aes.pod index 6a893993c6a8..4192a9ec369f 100644 --- a/crypto/openssl/doc/man3/EVP_aes.pod +++ b/crypto/openssl/doc/man3/EVP_aes.pod @@ -14,6 +14,9 @@ EVP_aes_256_cfb1, EVP_aes_128_cfb8, EVP_aes_192_cfb8, EVP_aes_256_cfb8, +EVP_aes_128_cfb128, +EVP_aes_192_cfb128, +EVP_aes_256_cfb128, EVP_aes_128_ctr, EVP_aes_192_ctr, EVP_aes_256_ctr, @@ -75,6 +78,9 @@ EVP_aes_256_cfb1(), EVP_aes_128_cfb8(), EVP_aes_192_cfb8(), EVP_aes_256_cfb8(), +EVP_aes_128_cfb128(), +EVP_aes_192_cfb128(), +EVP_aes_256_cfb128(), EVP_aes_128_ctr(), EVP_aes_192_ctr(), EVP_aes_256_ctr(), @@ -170,7 +176,7 @@ L<EVP_CIPHER_meth_new(3)> =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_aria.pod b/crypto/openssl/doc/man3/EVP_aria.pod index 3b6ad3576ed1..fbb79187546c 100644 --- a/crypto/openssl/doc/man3/EVP_aria.pod +++ b/crypto/openssl/doc/man3/EVP_aria.pod @@ -14,6 +14,9 @@ EVP_aria_256_cfb1, EVP_aria_128_cfb8, EVP_aria_192_cfb8, EVP_aria_256_cfb8, +EVP_aria_128_cfb128, +EVP_aria_192_cfb128, +EVP_aria_256_cfb128, EVP_aria_128_ctr, EVP_aria_192_ctr, EVP_aria_256_ctr, @@ -60,6 +63,9 @@ EVP_aria_256_cfb1(), EVP_aria_128_cfb8(), EVP_aria_192_cfb8(), EVP_aria_256_cfb8(), +EVP_aria_128_cfb128(), +EVP_aria_192_cfb128(), +EVP_aria_256_cfb128(), EVP_aria_128_ctr(), EVP_aria_192_ctr(), EVP_aria_256_ctr(), @@ -100,7 +106,7 @@ L<EVP_CIPHER_meth_new(3)> =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_bf_cbc.pod b/crypto/openssl/doc/man3/EVP_bf_cbc.pod index 4a9d3a9f5e76..505d41b4943f 100644 --- a/crypto/openssl/doc/man3/EVP_bf_cbc.pod +++ b/crypto/openssl/doc/man3/EVP_bf_cbc.pod @@ -4,6 +4,7 @@ EVP_bf_cbc, EVP_bf_cfb, +EVP_bf_cfb64, EVP_bf_ecb, EVP_bf_ofb - EVP Blowfish cipher @@ -14,6 +15,7 @@ EVP_bf_ofb const EVP_CIPHER *EVP_bf_cbc(void) const EVP_CIPHER *EVP_bf_cfb(void) + const EVP_CIPHER *EVP_bf_cfb64(void) const EVP_CIPHER *EVP_bf_ecb(void) const EVP_CIPHER *EVP_bf_ofb(void) @@ -27,6 +29,7 @@ This is a variable key length cipher. =item EVP_bf_cbc(), EVP_bf_cfb(), +EVP_bf_cfb64(), EVP_bf_ecb(), EVP_bf_ofb() @@ -48,7 +51,7 @@ L<EVP_CIPHER_meth_new(3)> =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_camellia.pod b/crypto/openssl/doc/man3/EVP_camellia.pod index 75602cf64573..6ad59f84b110 100644 --- a/crypto/openssl/doc/man3/EVP_camellia.pod +++ b/crypto/openssl/doc/man3/EVP_camellia.pod @@ -14,6 +14,9 @@ EVP_camellia_256_cfb1, EVP_camellia_128_cfb8, EVP_camellia_192_cfb8, EVP_camellia_256_cfb8, +EVP_camellia_128_cfb128, +EVP_camellia_192_cfb128, +EVP_camellia_256_cfb128, EVP_camellia_128_ctr, EVP_camellia_192_ctr, EVP_camellia_256_ctr, @@ -54,6 +57,9 @@ EVP_camellia_256_cfb1(), EVP_camellia_128_cfb8(), EVP_camellia_192_cfb8(), EVP_camellia_256_cfb8(), +EVP_camellia_128_cfb128(), +EVP_camellia_192_cfb128(), +EVP_camellia_256_cfb128(), EVP_camellia_128_ctr(), EVP_camellia_192_ctr(), EVP_camellia_256_ctr(), @@ -83,7 +89,7 @@ L<EVP_CIPHER_meth_new(3)> =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_cast5_cbc.pod b/crypto/openssl/doc/man3/EVP_cast5_cbc.pod index 01c38414698b..0be07279259f 100644 --- a/crypto/openssl/doc/man3/EVP_cast5_cbc.pod +++ b/crypto/openssl/doc/man3/EVP_cast5_cbc.pod @@ -4,6 +4,7 @@ EVP_cast5_cbc, EVP_cast5_cfb, +EVP_cast5_cfb64, EVP_cast5_ecb, EVP_cast5_ofb - EVP CAST cipher @@ -14,6 +15,7 @@ EVP_cast5_ofb const EVP_CIPHER *EVP_cast5_cbc(void) const EVP_CIPHER *EVP_cast5_cfb(void) + const EVP_CIPHER *EVP_cast5_cfb64(void) const EVP_CIPHER *EVP_cast5_ecb(void) const EVP_CIPHER *EVP_cast5_ofb(void) @@ -28,6 +30,7 @@ This is a variable key length cipher. =item EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb(), +EVP_cast5_cfb64(), EVP_cast5_ofb() CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. @@ -48,7 +51,7 @@ L<EVP_CIPHER_meth_new(3)> =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_des.pod b/crypto/openssl/doc/man3/EVP_des.pod index 836c399c849e..a05149ff8586 100644 --- a/crypto/openssl/doc/man3/EVP_des.pod +++ b/crypto/openssl/doc/man3/EVP_des.pod @@ -6,19 +6,24 @@ EVP_des_cbc, EVP_des_cfb, EVP_des_cfb1, EVP_des_cfb8, +EVP_des_cfb64, EVP_des_ecb, +EVP_des_ofb, EVP_des_ede, +EVP_des_ede_cbc, EVP_des_ede_cfb, +EVP_des_ede_cfb64, +EVP_des_ede_ecb, EVP_des_ede_ofb, -EVP_des_ofb, EVP_des_ede3, EVP_des_ede3_cbc, EVP_des_ede3_cfb, EVP_des_ede3_cfb1, EVP_des_ede3_cfb8, +EVP_des_ede3_cfb64, +EVP_des_ede3_ecb, EVP_des_ede3_ofb, -EVP_des_ede3_wrap, -EVP_des_ede_cbc +EVP_des_ede3_wrap - EVP DES cipher =head1 SYNOPSIS @@ -43,27 +48,32 @@ EVP_des_ecb(), EVP_des_cfb(), EVP_des_cfb1(), EVP_des_cfb8(), +EVP_des_cfb64(), EVP_des_ofb() -DES in CBC, ECB, CFB with 128-bit shift, CFB with 1-bit shift, CFB with 8-bit -shift and OFB modes respectively. +DES in CBC, ECB, CFB with 64-bit shift, CFB with 1-bit shift, CFB with 8-bit +shift and OFB modes. =item EVP_des_ede(), EVP_des_ede_cbc(), -EVP_des_ede_ofb(), -EVP_des_ede_cfb() +EVP_des_ede_cfb(), +EVP_des_ede_cfb64(), +EVP_des_ede_ecb(), +EVP_des_ede_ofb() -Two key triple DES in ECB, CBC, CFB and OFB modes respectively. +Two key triple DES in ECB, CBC, CFB with 64-bit shift and OFB modes. =item EVP_des_ede3(), EVP_des_ede3_cbc(), EVP_des_ede3_cfb(), EVP_des_ede3_cfb1(), EVP_des_ede3_cfb8(), +EVP_des_ede3_cfb64(), +EVP_des_ede3_ecb(), EVP_des_ede3_ofb() -Three-key triple DES in ECB, CBC, CFB with 128-bit shift, CFB with 1-bit shift, -CFB with 8-bit shift and OFB modes respectively. +Three-key triple DES in ECB, CBC, CFB with 64-bit shift, CFB with 1-bit shift, +CFB with 8-bit shift and OFB modes. =item EVP_des_ede3_wrap() @@ -85,7 +95,7 @@ L<EVP_CIPHER_meth_new(3)> =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_idea_cbc.pod b/crypto/openssl/doc/man3/EVP_idea_cbc.pod index ace79885e9a3..14dcc903b525 100644 --- a/crypto/openssl/doc/man3/EVP_idea_cbc.pod +++ b/crypto/openssl/doc/man3/EVP_idea_cbc.pod @@ -4,6 +4,7 @@ EVP_idea_cbc, EVP_idea_cfb, +EVP_idea_cfb64, EVP_idea_ecb, EVP_idea_ofb - EVP IDEA cipher @@ -14,6 +15,7 @@ EVP_idea_ofb const EVP_CIPHER *EVP_idea_cbc(void) const EVP_CIPHER *EVP_idea_cfb(void) + const EVP_CIPHER *EVP_idea_cfb64(void) const EVP_CIPHER *EVP_idea_ecb(void) const EVP_CIPHER *EVP_idea_ofb(void) @@ -25,6 +27,7 @@ The IDEA encryption algorithm for EVP. =item EVP_idea_cbc(), EVP_idea_cfb(), +EVP_idea_cfb64(), EVP_idea_ecb(), EVP_idea_ofb() @@ -46,7 +49,7 @@ L<EVP_CIPHER_meth_new(3)> =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_md5.pod b/crypto/openssl/doc/man3/EVP_md5.pod index 8101143b54ec..725fcbf5e227 100644 --- a/crypto/openssl/doc/man3/EVP_md5.pod +++ b/crypto/openssl/doc/man3/EVP_md5.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_md5 +EVP_md5, +EVP_md5_sha1 - MD5 For EVP =head1 SYNOPSIS @@ -10,6 +11,7 @@ EVP_md5 #include <openssl/evp.h> const EVP_MD *EVP_md5(void); + const EVP_MD *EVP_md5_sha1(void); =head1 DESCRIPTION diff --git a/crypto/openssl/doc/man3/EVP_rc2_cbc.pod b/crypto/openssl/doc/man3/EVP_rc2_cbc.pod index 0958e930537e..79769b82635a 100644 --- a/crypto/openssl/doc/man3/EVP_rc2_cbc.pod +++ b/crypto/openssl/doc/man3/EVP_rc2_cbc.pod @@ -4,6 +4,7 @@ EVP_rc2_cbc, EVP_rc2_cfb, +EVP_rc2_cfb64, EVP_rc2_ecb, EVP_rc2_ofb, EVP_rc2_40_cbc, @@ -16,6 +17,7 @@ EVP_rc2_64_cbc const EVP_CIPHER *EVP_rc2_cbc(void) const EVP_CIPHER *EVP_rc2_cfb(void) + const EVP_CIPHER *EVP_rc2_cfb64(void) const EVP_CIPHER *EVP_rc2_ecb(void) const EVP_CIPHER *EVP_rc2_ofb(void) const EVP_CIPHER *EVP_rc2_40_cbc(void) @@ -29,6 +31,7 @@ The RC2 encryption algorithm for EVP. =item EVP_rc2_cbc(), EVP_rc2_cfb(), +EVP_rc2_cfb64(), EVP_rc2_ecb(), EVP_rc2_ofb() @@ -62,7 +65,7 @@ L<EVP_CIPHER_meth_new(3)> =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod b/crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod index 56175e99c44b..442a114ea9ce 100644 --- a/crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod +++ b/crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod @@ -4,6 +4,7 @@ EVP_rc5_32_12_16_cbc, EVP_rc5_32_12_16_cfb, +EVP_rc5_32_12_16_cfb64, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_ofb - EVP RC5 cipher @@ -14,6 +15,7 @@ EVP_rc5_32_12_16_ofb const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void) const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) + const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void) const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void) const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void) @@ -25,6 +27,7 @@ The RC5 encryption algorithm for EVP. =item EVP_rc5_32_12_16_cbc(), EVP_rc5_32_12_16_cfb(), +EVP_rc5_32_12_16_cfb64(), EVP_rc5_32_12_16_ecb(), EVP_rc5_32_12_16_ofb() @@ -53,7 +56,7 @@ L<EVP_CIPHER_meth_new(3)> =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_seed_cbc.pod b/crypto/openssl/doc/man3/EVP_seed_cbc.pod index e9f1f695a915..0d2329510d5e 100644 --- a/crypto/openssl/doc/man3/EVP_seed_cbc.pod +++ b/crypto/openssl/doc/man3/EVP_seed_cbc.pod @@ -4,6 +4,7 @@ EVP_seed_cbc, EVP_seed_cfb, +EVP_seed_cfb128, EVP_seed_ecb, EVP_seed_ofb - EVP SEED cipher @@ -14,6 +15,7 @@ EVP_seed_ofb const EVP_CIPHER *EVP_seed_cbc(void) const EVP_CIPHER *EVP_seed_cfb(void) + const EVP_CIPHER *EVP_seed_cfb128(void) const EVP_CIPHER *EVP_seed_ecb(void) const EVP_CIPHER *EVP_seed_ofb(void) @@ -27,6 +29,7 @@ All modes below use a key length of 128 bits and acts on blocks of 128-bits. =item EVP_seed_cbc(), EVP_seed_cfb(), +EVP_seed_cfb128(), EVP_seed_ecb(), EVP_seed_ofb() @@ -48,7 +51,7 @@ L<EVP_CIPHER_meth_new(3)> =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_sm4_cbc.pod b/crypto/openssl/doc/man3/EVP_sm4_cbc.pod index 4e0240919836..ecd51f09d41f 100644 --- a/crypto/openssl/doc/man3/EVP_sm4_cbc.pod +++ b/crypto/openssl/doc/man3/EVP_sm4_cbc.pod @@ -5,6 +5,7 @@ EVP_sm4_cbc, EVP_sm4_ecb, EVP_sm4_cfb, +EVP_sm4_cfb128, EVP_sm4_ofb, EVP_sm4_ctr - EVP SM4 cipher @@ -16,6 +17,7 @@ EVP_sm4_ctr const EVP_CIPHER *EVP_sm4_cbc(void); const EVP_CIPHER *EVP_sm4_ecb(void); const EVP_CIPHER *EVP_sm4_cfb(void); + const EVP_CIPHER *EVP_sm4_cfb128(void); const EVP_CIPHER *EVP_sm4_ofb(void); const EVP_CIPHER *EVP_sm4_ctr(void); @@ -30,6 +32,7 @@ All modes below use a key length of 128 bits and acts on blocks of 128 bits. =item EVP_sm4_cbc(), EVP_sm4_ecb(), EVP_sm4_cfb(), +EVP_sm4_cfb128(), EVP_sm4_ofb(), EVP_sm4_ctr() diff --git a/crypto/openssl/doc/man3/OPENSSL_VERSION_NUMBER.pod b/crypto/openssl/doc/man3/OPENSSL_VERSION_NUMBER.pod index 6eca1134b161..55a55c706a51 100644 --- a/crypto/openssl/doc/man3/OPENSSL_VERSION_NUMBER.pod +++ b/crypto/openssl/doc/man3/OPENSSL_VERSION_NUMBER.pod @@ -2,13 +2,14 @@ =head1 NAME -OPENSSL_VERSION_NUMBER, OpenSSL_version, +OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, OpenSSL_version, OpenSSL_version_num - get OpenSSL version number =head1 SYNOPSIS #include <openssl/opensslv.h> #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL + #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx" #include <openssl/crypto.h> @@ -45,6 +46,10 @@ Version 0.9.5a had an interim interpretation that is like the current one, except the patch level got the highest bit set, to keep continuity. The number was therefore 0x0090581f. +OPENSSL_VERSION_TEXT is the text variant of the version number and the +release date. For example, +"OpenSSL 1.0.1a 15 Oct 2015". + OpenSSL_version_num() returns the version number. OpenSSL_version() returns different strings depending on B<t>: diff --git a/crypto/openssl/doc/man3/RSA_meth_new.pod b/crypto/openssl/doc/man3/RSA_meth_new.pod index 69ba9dfc5ac3..f21095156c0f 100644 --- a/crypto/openssl/doc/man3/RSA_meth_new.pod +++ b/crypto/openssl/doc/man3/RSA_meth_new.pod @@ -64,10 +64,10 @@ RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen unsigned char *to, RSA *rsa, int padding)); /* Can be null */ - int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *I, + int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); int RSA_meth_set_mod_exp(RSA_METHOD *rsa, - int (*mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa, + int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx)); /* Can be null */ diff --git a/crypto/openssl/doc/man3/SSL_CTX_set0_CA_list.pod b/crypto/openssl/doc/man3/SSL_CTX_set0_CA_list.pod index 618bd73e0420..d7ed89775b2e 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set0_CA_list.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set0_CA_list.pod @@ -2,14 +2,32 @@ =head1 NAME -SSL_set0_CA_list, SSL_CTX_set0_CA_list, SSL_get0_CA_list, -SSL_CTX_get0_CA_list, SSL_add1_to_CA_list, SSL_CTX_add1_to_CA_list, -SSL_get0_peer_CA_list - get or set CA list +SSL_CTX_set_client_CA_list, +SSL_set_client_CA_list, +SSL_get_client_CA_list, +SSL_CTX_get_client_CA_list, +SSL_CTX_add_client_CA, +SSL_add_client_CA, +SSL_set0_CA_list, +SSL_CTX_set0_CA_list, +SSL_get0_CA_list, +SSL_CTX_get0_CA_list, +SSL_add1_to_CA_list, +SSL_CTX_add1_to_CA_list, +SSL_get0_peer_CA_list +- get or set CA list =head1 SYNOPSIS #include <openssl/ssl.h> + void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); + void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); + STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); + STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); + int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); + int SSL_add_client_CA(SSL *ssl, X509 *cacert); + void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); @@ -21,6 +39,70 @@ SSL_get0_peer_CA_list - get or set CA list =head1 DESCRIPTION +The functions described here set and manage the list of CA names that are sent +between two communicating peers. + +For TLS versions 1.2 and earlier the list of CA names is only sent from the +server to the client when requesting a client certificate. So any list of CA +names set is never sent from client to server and the list of CA names retrieved +by SSL_get0_peer_CA_list() is always B<NULL>. + +For TLS 1.3 the list of CA names is sent using the B<certificate_authorities> +extension and may be sent by a client (in the ClientHello message) or by +a server (when requesting a certificate). + +In most cases it is not necessary to set CA names on the client side. The list +of CA names that are acceptable to the client will be sent in plaintext to the +server. This has privacy implications and may also have performance implications +if the list is large. This optional capability was introduced as part of TLSv1.3 +and therefore setting CA names on the client side will have no impact if that +protocol version has been disabled. Most servers do not need this and so this +should be avoided unless required. + +The "client CA list" functions below only have an effect when called on the +server side. + +SSL_CTX_set_client_CA_list() sets the B<list> of CAs sent to the client when +requesting a client certificate for B<ctx>. Ownership of B<list> is transferred +to B<ctx> and it should not be freed by the caller. + +SSL_set_client_CA_list() sets the B<list> of CAs sent to the client when +requesting a client certificate for the chosen B<ssl>, overriding the +setting valid for B<ssl>'s SSL_CTX object. Ownership of B<list> is transferred +to B<s> and it should not be freed by the caller. + +SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for +B<ctx> using SSL_CTX_set_client_CA_list(). The returned list should not be freed +by the caller. + +SSL_get_client_CA_list() returns the list of client CAs explicitly +set for B<ssl> using SSL_set_client_CA_list() or B<ssl>'s SSL_CTX object with +SSL_CTX_set_client_CA_list(), when in server mode. In client mode, +SSL_get_client_CA_list returns the list of client CAs sent from the server, if +any. The returned list should not be freed by the caller. + +SSL_CTX_add_client_CA() adds the CA name extracted from B<cacert> to the +list of CAs sent to the client when requesting a client certificate for +B<ctx>. + +SSL_add_client_CA() adds the CA name extracted from B<cacert> to the +list of CAs sent to the client when requesting a client certificate for +the chosen B<ssl>, overriding the setting valid for B<ssl>'s SSL_CTX object. + +SSL_get0_peer_CA_list() retrieves the list of CA names (if any) the peer +has sent. This can be called on either the server or the client side. The +returned list should not be freed by the caller. + +The "generic CA list" functions below are very similar to the "client CA +list" functions except that they have an effect on both the server and client +sides. The lists of CA names managed are separate - so you cannot (for example) +set CA names using the "client CA list" functions and then get them using the +"generic CA list" functions. Where a mix of the two types of functions has been +used on the server side then the "client CA list" functions take precedence. +Typically, on the server side, the "client CA list " functions should be used in +preference. As noted above in most cases it is not necessary to set CA names on +the client side. + SSL_CTX_set0_CA_list() sets the list of CAs to be sent to the peer to B<name_list>. Ownership of B<name_list> is transferred to B<ctx> and it should not be freed by the caller. @@ -30,10 +112,11 @@ overriding any list set in the parent B<SSL_CTX> of B<s>. Ownership of B<name_list> is transferred to B<s> and it should not be freed by the caller. SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for -B<ctx>. +B<ctx>. The returned list should not be freed by the caller. -SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for -B<s> or if none are set the list from the parent B<SSL_CTX> is retrieved. +SSL_get0_CA_list() retrieves any previously set list of CAs set for +B<s> or if none are set the list from the parent B<SSL_CTX> is retrieved. The +returned list should not be freed by the caller. SSL_CTX_add1_to_CA_list() appends the CA subject name extracted from B<x> to the list of CAs sent to peer for B<ctx>. @@ -42,47 +125,60 @@ SSL_add1_to_CA_list() appends the CA subject name extracted from B<x> to the list of CAs sent to the peer for B<s>, overriding the setting in the parent B<SSL_CTX>. -SSL_get0_peer_CA_list() retrieves the list of CA names (if any) the peer -has sent. - =head1 NOTES -These functions are generalised versions of the client authentication -CA list functions such as L<SSL_CTX_set_client_CA_list(3)>. +When a TLS/SSL server requests a client certificate (see +B<SSL_CTX_set_verify(3)>), it sends a list of CAs, for which it will accept +certificates, to the client. -For TLS versions before 1.3 the list of CA names is only sent from the server -to client when requesting a client certificate. So any list of CA names set -is never sent from client to server and the list of CA names retrieved by -SSL_get0_peer_CA_list() is always B<NULL>. +This list must explicitly be set using SSL_CTX_set_client_CA_list() or +SSL_CTX_set0_CA_list() for B<ctx> and SSL_set_client_CA_list() or +SSL_set0_CA_list() for the specific B<ssl>. The list specified +overrides the previous setting. The CAs listed do not become trusted (B<list> +only contains the names, not the complete certificates); use +L<SSL_CTX_load_verify_locations(3)> to additionally load them for verification. -For TLS 1.3 the list of CA names is sent using the B<certificate_authorities> -extension and will be sent by a client (in the ClientHello message) or by -a server (when requesting a certificate). +If the list of acceptable CAs is compiled in a file, the +L<SSL_load_client_CA_file(3)> function can be used to help to import the +necessary data. + +SSL_CTX_add_client_CA(), SSL_CTX_add1_to_CA_list(), SSL_add_client_CA() and +SSL_add1_to_CA_list() can be used to add additional items the list of CAs. If no +list was specified before using SSL_CTX_set_client_CA_list(), +SSL_CTX_set0_CA_list(), SSL_set_client_CA_list() or SSL_set0_CA_list(), a +new CA list for B<ctx> or B<ssl> (as appropriate) is opened. =head1 RETURN VALUES -SSL_CTX_set0_CA_list() and SSL_set0_CA_list() do not return a value. +SSL_CTX_set_client_CA_list(), SSL_set_client_CA_list(), +SSL_CTX_set_client_CA_list(), SSL_set_client_CA_list(), SSL_CTX_set0_CA_list() +and SSL_set0_CA_list() do not return a value. -SSL_CTX_get0_CA_list() and SSL_get0_CA_list() return a stack of CA names -or B<NULL> is no CA names are set. +SSL_CTX_get_client_CA_list(), SSL_get_client_CA_list(), SSL_CTX_get0_CA_list() +and SSL_get0_CA_list() return a stack of CA names or B<NULL> is no CA names are +set. -SSL_CTX_add1_to_CA_list() and SSL_add1_to_CA_list() return 1 for success and 0 -for failure. +SSL_CTX_add_client_CA(),SSL_add_client_CA(), SSL_CTX_add1_to_CA_list() and +SSL_add1_to_CA_list() return 1 for success and 0 for failure. SSL_get0_peer_CA_list() returns a stack of CA names sent by the peer or B<NULL> or an empty stack if no list was sent. +=head1 EXAMPLES + +Scan all certificates in B<CAfile> and list them as acceptable CAs: + + SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); + =head1 SEE ALSO L<ssl(7)>, -L<SSL_CTX_set_client_CA_list(3)>, -L<SSL_get_client_CA_list(3)>, L<SSL_load_client_CA_file(3)>, L<SSL_CTX_load_verify_locations(3)> =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod b/crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod index a250f20c2206..7dca0e0161d9 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod @@ -32,6 +32,9 @@ SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve =head1 DESCRIPTION +For all of the functions below that set the supported groups there must be at +least one group in the list. + SSL_CTX_set1_groups() sets the supported groups for B<ctx> to B<glistlen> groups in the array B<glist>. The array consist of all NIDs of groups in preference order. For a TLS client the groups are used directly in the @@ -99,7 +102,7 @@ functions were first added to OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_client_CA_list.pod b/crypto/openssl/doc/man3/SSL_CTX_set_client_CA_list.pod deleted file mode 100644 index 76fd65e6fcaa..000000000000 --- a/crypto/openssl/doc/man3/SSL_CTX_set_client_CA_list.pod +++ /dev/null @@ -1,103 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA, -SSL_add_client_CA - set list of CAs sent to the client when requesting a -client certificate - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); - void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); - int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); - int SSL_add_client_CA(SSL *ssl, X509 *cacert); - -=head1 DESCRIPTION - -SSL_CTX_set_client_CA_list() sets the B<list> of CAs sent to the client when -requesting a client certificate for B<ctx>. - -SSL_set_client_CA_list() sets the B<list> of CAs sent to the client when -requesting a client certificate for the chosen B<ssl>, overriding the -setting valid for B<ssl>'s SSL_CTX object. - -SSL_CTX_add_client_CA() adds the CA name extracted from B<cacert> to the -list of CAs sent to the client when requesting a client certificate for -B<ctx>. - -SSL_add_client_CA() adds the CA name extracted from B<cacert> to the -list of CAs sent to the client when requesting a client certificate for -the chosen B<ssl>, overriding the setting valid for B<ssl>'s SSL_CTX object. - -=head1 NOTES - -When a TLS/SSL server requests a client certificate (see -B<SSL_CTX_set_verify(3)>), it sends a list of CAs, for which -it will accept certificates, to the client. - -This list must explicitly be set using SSL_CTX_set_client_CA_list() for -B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list -specified overrides the previous setting. The CAs listed do not become -trusted (B<list> only contains the names, not the complete certificates); use -L<SSL_CTX_load_verify_locations(3)> -to additionally load them for verification. - -If the list of acceptable CAs is compiled in a file, the -L<SSL_load_client_CA_file(3)> -function can be used to help importing the necessary data. - -SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional -items the list of client CAs. If no list was specified before using -SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client -CA list for B<ctx> or B<ssl> (as appropriate) is opened. - -These functions are only useful for TLS/SSL servers. - -=head1 RETURN VALUES - -SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return -diagnostic information. - -SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return -values: - -=over 4 - -=item Z<>0 - -A failure while manipulating the STACK_OF(X509_NAME) object occurred or -the X509_NAME could not be extracted from B<cacert>. Check the error stack -to find out the reason. - -=item Z<>1 - -The operation succeeded. - -=back - -=head1 EXAMPLES - -Scan all certificates in B<CAfile> and list them as acceptable CAs: - - SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); - -=head1 SEE ALSO - -L<ssl(7)>, -L<SSL_get_client_CA_list(3)>, -L<SSL_load_client_CA_file(3)>, -L<SSL_CTX_load_verify_locations(3)> - -=head1 COPYRIGHT - -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L<https://www.openssl.org/source/license.html>. - -=cut diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_quiet_shutdown.pod b/crypto/openssl/doc/man3/SSL_CTX_set_quiet_shutdown.pod index 99922eb5bf8d..8ed9315df5c4 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_quiet_shutdown.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_quiet_shutdown.pod @@ -33,7 +33,7 @@ SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ssl>. =head1 NOTES Normally when a SSL connection is finished, the parties must send out -"close notify" alert messages using L<SSL_shutdown(3)> +close_notify alert messages using L<SSL_shutdown(3)> for a clean shutdown. When setting the "quiet shutdown" flag to 1, L<SSL_shutdown(3)> @@ -41,7 +41,7 @@ will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. (L<SSL_shutdown(3)> then behaves like L<SSL_set_shutdown(3)> called with SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) -The session is thus considered to be shutdown, but no "close notify" alert +The session is thus considered to be shutdown, but no close_notify alert is sent to the peer. This behaviour violates the TLS standard. The default is normal shutdown behaviour as described by the TLS standard. @@ -62,7 +62,7 @@ L<SSL_clear(3)>, L<SSL_free(3)> =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_get_client_CA_list.pod b/crypto/openssl/doc/man3/SSL_get_client_CA_list.pod deleted file mode 100644 index 40c3561efcee..000000000000 --- a/crypto/openssl/doc/man3/SSL_get_client_CA_list.pod +++ /dev/null @@ -1,62 +0,0 @@ -=pod - -=head1 NAME - -SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); - STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); - -=head1 DESCRIPTION - -SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for -B<ctx> using L<SSL_CTX_set_client_CA_list(3)>. - -SSL_get_client_CA_list() returns the list of client CAs explicitly -set for B<ssl> using SSL_set_client_CA_list() or B<ssl>'s SSL_CTX object with -L<SSL_CTX_set_client_CA_list(3)>, when in -server mode. In client mode, SSL_get_client_CA_list returns the list of -client CAs sent from the server, if any. - -=head1 RETURN VALUES - -SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return -diagnostic information. - -SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return -values: - -=over 4 - -=item STACK_OF(X509_NAMES) - -List of CA names explicitly set (for B<ctx> or in server mode) or send -by the server (client mode). - -=item NULL - -No client CA list was explicitly set (for B<ctx> or in server mode) or -the server did not send a list of CAs (client mode). - -=back - -=head1 SEE ALSO - -L<ssl(7)>, -L<SSL_CTX_set_client_CA_list(3)>, -L<SSL_CTX_set_client_cert_cb(3)> - -=head1 COPYRIGHT - -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L<https://www.openssl.org/source/license.html>. - -=cut diff --git a/crypto/openssl/doc/man3/SSL_get_error.pod b/crypto/openssl/doc/man3/SSL_get_error.pod index 01446a24a1e1..b3ab50568731 100644 --- a/crypto/openssl/doc/man3/SSL_get_error.pod +++ b/crypto/openssl/doc/man3/SSL_get_error.pod @@ -39,7 +39,7 @@ if and only if B<ret E<gt> 0>. =item SSL_ERROR_ZERO_RETURN The TLS/SSL peer has closed the connection for writing by sending the -"close notify" alert. +close_notify alert. No more data can be read. Note that B<SSL_ERROR_ZERO_RETURN> does not necessarily indicate that the underlying transport has been closed. diff --git a/crypto/openssl/doc/man3/SSL_get_peer_signature_nid.pod b/crypto/openssl/doc/man3/SSL_get_peer_signature_nid.pod index ce6ab61f5e11..dbca8cffb920 100644 --- a/crypto/openssl/doc/man3/SSL_get_peer_signature_nid.pod +++ b/crypto/openssl/doc/man3/SSL_get_peer_signature_nid.pod @@ -2,8 +2,9 @@ =head1 NAME -SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid - get TLS -message signing types +SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, +SSL_get_signature_nid, SSL_get_signature_type_nid - get TLS message signing +types =head1 SYNOPSIS @@ -11,6 +12,8 @@ message signing types int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid); int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid); + int SSL_get_signature_nid(SSL *ssl, int *psig_nid); + int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid); =head1 DESCRIPTION @@ -24,12 +27,15 @@ where it is B<EVP_PKEY_RSA_PSS>. To differentiate between B<rsa_pss_rsae_*> and B<rsa_pss_pss_*> signatures, it's necessary to check the type of public key in the peer's certificate. +SSL_get_signature_nid() and SSL_get_signature_type_nid() return the equivalent +information for the local end of the connection. + =head1 RETURN VALUES These functions return 1 for success and 0 for failure. There are several possible reasons for failure: the cipher suite has no signature (e.g. it uses RSA key exchange or is anonymous), the TLS version is below 1.2 or -the functions were called before the peer signed a message. +the functions were called too early, e.g. before the peer signed a message. =head1 SEE ALSO diff --git a/crypto/openssl/doc/man3/SSL_get_peer_tmp_key.pod b/crypto/openssl/doc/man3/SSL_get_peer_tmp_key.pod new file mode 100644 index 000000000000..a722a813bff8 --- /dev/null +++ b/crypto/openssl/doc/man3/SSL_get_peer_tmp_key.pod @@ -0,0 +1,53 @@ +=pod + +=head1 NAME + +SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key - get information +about temporary keys used during a handshake + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key); + long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key); + long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key); + +=head1 DESCRIPTION + +SSL_get_peer_tmp_key() returns the temporary key provided by the peer and +used during key exchange. For example, if ECDHE is in use, then this represents +the peer's public ECDHE key. On success a pointer to the key is stored in +B<*key>. It is the caller's responsibility to free this key after use using +L<EVP_PKEY_free(3)>. + +SSL_get_server_tmp_key() is a backwards compatibility alias for +SSL_get_peer_tmp_key(). +Under that name it worked just on the client side of the connection, its +behaviour on the server end is release-dependent. + +SSL_get_tmp_key() returns the equivalent information for the local +end of the connection. + +=head1 RETURN VALUES + +All these functions return 1 on success and 0 otherwise. + +=head1 NOTES + +This function is implemented as a macro. + +=head1 SEE ALSO + +L<ssl(7)>, L<EVP_PKEY_free(3)> + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut diff --git a/crypto/openssl/doc/man3/SSL_get_server_tmp_key.pod b/crypto/openssl/doc/man3/SSL_get_server_tmp_key.pod deleted file mode 100644 index fda891b7a837..000000000000 --- a/crypto/openssl/doc/man3/SSL_get_server_tmp_key.pod +++ /dev/null @@ -1,43 +0,0 @@ -=pod - -=head1 NAME - -SSL_get_server_tmp_key - get information about the server's temporary key used -during a handshake - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key); - -=head1 DESCRIPTION - -SSL_get_server_tmp_key() returns the temporary key provided by the server and -used during key exchange. For example, if ECDHE is in use, then this represents -the server's public ECDHE key. On success a pointer to the key is stored in -B<*key>. It is the caller's responsibility to free this key after use using -L<EVP_PKEY_free(3)>. This function may only be called by the client. - -=head1 RETURN VALUES - -SSL_get_server_tmp_key() returns 1 on success or 0 otherwise. - -=head1 NOTES - -This function is implemented as a macro. - -=head1 SEE ALSO - -L<ssl(7)>, L<EVP_PKEY_free(3)> - -=head1 COPYRIGHT - -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L<https://www.openssl.org/source/license.html>. - -=cut diff --git a/crypto/openssl/doc/man3/SSL_set_bio.pod b/crypto/openssl/doc/man3/SSL_set_bio.pod index 01617521bf52..1fa0d3492600 100644 --- a/crypto/openssl/doc/man3/SSL_set_bio.pod +++ b/crypto/openssl/doc/man3/SSL_set_bio.pod @@ -90,7 +90,7 @@ use SSL_set0_rbio() and SSL_set0_wbio() instead. =head1 RETURN VALUES -SSL_set_bio(), SSL_set_rbio() and SSL_set_wbio() cannot fail. +SSL_set_bio(), SSL_set0_rbio() and SSL_set0_wbio() cannot fail. =head1 SEE ALSO @@ -104,7 +104,7 @@ SSL_set0_rbio() and SSL_set0_wbio() were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_set_shutdown.pod b/crypto/openssl/doc/man3/SSL_set_shutdown.pod index 04bcc47814e3..b1cf58920be4 100644 --- a/crypto/openssl/doc/man3/SSL_set_shutdown.pod +++ b/crypto/openssl/doc/man3/SSL_set_shutdown.pod @@ -30,12 +30,12 @@ No shutdown setting, yet. =item SSL_SENT_SHUTDOWN -A "close notify" shutdown alert was sent to the peer, the connection is being +A close_notify shutdown alert was sent to the peer, the connection is being considered closed and the session is closed and correct. =item SSL_RECEIVED_SHUTDOWN -A shutdown alert was received form the peer, either a normal "close notify" +A shutdown alert was received form the peer, either a normal close_notify or a fatal error. =back @@ -47,13 +47,13 @@ the ssl session. If the session is still open, when L<SSL_clear(3)> or L<SSL_free(3)> is called, it is considered bad and removed according to RFC2246. The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN -(according to the TLS RFC, it is acceptable to only send the "close notify" +(according to the TLS RFC, it is acceptable to only send the close_notify alert but to not wait for the peer's answer, when the underlying connection is closed). SSL_set_shutdown() can be used to set this state without sending a close alert to the peer (see L<SSL_shutdown(3)>). -If a "close notify" was received, SSL_RECEIVED_SHUTDOWN will be set, +If a close_notify was received, SSL_RECEIVED_SHUTDOWN will be set, for setting SSL_SENT_SHUTDOWN the application must however still call L<SSL_shutdown(3)> or SSL_set_shutdown() itself. @@ -71,7 +71,7 @@ L<SSL_clear(3)>, L<SSL_free(3)> =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_shutdown.pod b/crypto/openssl/doc/man3/SSL_shutdown.pod index 453853d672fc..0a3d6d370d8b 100644 --- a/crypto/openssl/doc/man3/SSL_shutdown.pod +++ b/crypto/openssl/doc/man3/SSL_shutdown.pod @@ -13,27 +13,36 @@ SSL_shutdown - shut down a TLS/SSL connection =head1 DESCRIPTION SSL_shutdown() shuts down an active TLS/SSL connection. It sends the -"close notify" shutdown alert to the peer. +close_notify shutdown alert to the peer. =head1 NOTES -SSL_shutdown() tries to send the "close notify" shutdown alert to the peer. +SSL_shutdown() tries to send the close_notify shutdown alert to the peer. Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and a currently open session is considered closed and good and will be kept in the session cache for further reuse. -The shutdown procedure consists of 2 steps: the sending of the "close notify" -shutdown alert and the reception of the peer's "close notify" shutdown -alert. According to the TLS standard, it is acceptable for an application -to only send its shutdown alert and then close the underlying connection -without waiting for the peer's response (this way resources can be saved, -as the process can already terminate or serve another connection). -When the underlying connection shall be used for more communications, the -complete shutdown procedure (bidirectional "close notify" alerts) must be -performed, so that the peers stay synchronized. +The shutdown procedure consists of two steps: sending of the close_notify +shutdown alert, and reception of the peer's close_notify shutdown alert. +The order of those two steps depends on the application. + +It is acceptable for an application to only send its shutdown alert and +then close the underlying connection without waiting for the peer's response. +This way resources can be saved, as the process can already terminate or +serve another connection. +This should only be done when it is known that the other side will not send more +data, otherwise there is a risk of a truncation attack. -SSL_shutdown() supports both uni- and bidirectional shutdown by its 2 step -behaviour. +When a client only writes and never reads from the connection, and the server +has sent a session ticket to establish a session, the client might not be able +to resume the session because it did not received and process the session ticket +from the server. +In case the application wants to be able to resume the session, it is recommended to +do a complete shutdown procedure (bidirectional close_notify alerts). + +When the underlying connection shall be used for more communications, the +complete shutdown procedure must be performed, so that the peers stay +synchronized. SSL_shutdown() only closes the write direction. It is not possible to call SSL_write() after calling SSL_shutdown(). @@ -41,45 +50,43 @@ The read direction is closed by the peer. =head2 First to close the connection -When the application is the first party to send the "close notify" +When the application is the first party to send the close_notify alert, SSL_shutdown() will only send the alert and then set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in the cache). -SSL_shutdown() will then return with 0. +If successful, SSL_shutdown() will return 0. + If a unidirectional shutdown is enough (the underlying connection shall be -closed anyway), this first call to SSL_shutdown() is sufficient. +closed anyway), this first successful call to SSL_shutdown() is sufficient. In order to complete the bidirectional shutdown handshake, the peer needs -to send back a "close notify" alert. +to send back a close_notify alert. The SSL_RECEIVED_SHUTDOWN flag will be set after receiving and processing it. -SSL_shutdown() will return 1 when it has been received. -The peer is still allowed to send data after receiving the "close notify" +The peer is still allowed to send data after receiving the close_notify event. -If the peer did send data it needs to be processed by calling SSL_read() -before calling SSL_shutdown() a second time. +When it is done sending data, it will send the close_notify alert. +SSL_read() should be called until all data is received. SSL_read() will indicate the end of the peer data by returning <= 0 and SSL_get_error() returning SSL_ERROR_ZERO_RETURN. -It is recommended to call SSL_read() between SSL_shutdown() calls. =head2 Peer closes the connection -If the peer already sent the "close notify" alert B<and> it was +If the peer already sent the close_notify alert B<and> it was already processed implicitly inside another function (L<SSL_read(3)>), the SSL_RECEIVED_SHUTDOWN flag is set. SSL_read() will return <= 0 in that case, and SSL_get_error() will return SSL_ERROR_ZERO_RETURN. -SSL_shutdown() will send the "close notify" alert, set the SSL_SENT_SHUTDOWN -flag and will immediately return with 1. +SSL_shutdown() will send the close_notify alert, set the SSL_SENT_SHUTDOWN +flag. +If successful, SSL_shutdown() will return 1. + Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the SSL_get_shutdown() (see also L<SSL_set_shutdown(3)> call. =head1 NOTES -It is recommended to do a bidirectional shutdown by checking the return value -of SSL_shutdown() and call it again until it returns 1 or a fatal error. - The behaviour of SSL_shutdown() additionally depends on the underlying BIO. If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the handshake step has been finished or an error occurred. @@ -95,8 +102,13 @@ nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. +After SSL_shutdown() returned 0, it is possible to call SSL_shutdown() again +to wait for the peer's close_notify alert. +SSL_shutdown() will return 1 in that case. +However, it is recommended to wait for it using SSL_read() instead. + SSL_shutdown() can be modified to only set the connection to "shutdown" -state but not actually send the "close notify" alert messages, +state but not actually send the close_notify alert messages, see L<SSL_CTX_set_quiet_shutdown(3)>. When "quiet shutdown" is enabled, SSL_shutdown() will always succeed and return 1. @@ -109,16 +121,16 @@ The following return values can occur: =item Z<>0 -The shutdown is not yet finished: the "close notify" was send but the peer +The shutdown is not yet finished: the close_notify was sent but the peer did not send it back yet. -Call SSL_shutdown() again to do a bidirectional shutdown. +Call SSL_read() to do a bidirectional shutdown. The output of L<SSL_get_error(3)> may be misleading, as an erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. =item Z<>1 -The shutdown was successfully completed. The "close notify" alert was sent -and the peer's "close notify" alert was received. +The shutdown was successfully completed. The close_notify alert was sent +and the peer's close_notify alert was received. =item E<lt>0 diff --git a/crypto/openssl/doc/man7/RAND_DRBG.pod b/crypto/openssl/doc/man7/RAND_DRBG.pod index b89c30d43edd..ba457f050483 100644 --- a/crypto/openssl/doc/man7/RAND_DRBG.pod +++ b/crypto/openssl/doc/man7/RAND_DRBG.pod @@ -189,7 +189,7 @@ In addition to automatic reseeding, the caller can request an immediate reseeding of the DRBG with fresh entropy by setting the I<prediction resistance> parameter to 1 when calling L<RAND_DRBG_generate(3)>. -The dcoument [NIST SP 800-90C] describes prediction resistance requests +The document [NIST SP 800-90C] describes prediction resistance requests in detail and imposes strict conditions on the entropy sources that are approved for providing prediction resistance. Since the default DRBG implementation does not have access to such an approved diff --git a/crypto/openssl/e_os.h b/crypto/openssl/e_os.h index 5769029b7281..534059382b0a 100644 --- a/crypto/openssl/e_os.h +++ b/crypto/openssl/e_os.h @@ -245,7 +245,7 @@ extern FILE *_imp___iob; Finally, we add the VMS C facility code 0x35a000, because there are some programs, such as Perl, that will reinterpret the code back to something - POSIXly. 'man perlvms' explains it further. + POSIX. 'man perlvms' explains it further. NOTE: the perlvms manual wants to turn all codes 2 to 255 into success codes (status type = 1). I couldn't disagree more. Fortunately, the @@ -317,8 +317,15 @@ struct servent *getservbyname(const char *name, const char *proto); # endif /* end vxworks */ -#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -# define CRYPTO_memcmp memcmp -#endif +# ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +# define CRYPTO_memcmp memcmp +# endif +/* unistd.h defines _POSIX_VERSION */ +# if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \ + && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \ + || defined(__sun) || defined(__hpux) || defined(__sgi) \ + || defined(__osf__) ) +# define OPENSSL_SECURE_MEMORY /* secure memory is implemented */ +# endif #endif diff --git a/crypto/openssl/include/internal/cryptlib.h b/crypto/openssl/include/internal/cryptlib.h index a608735187f8..329ef62014f6 100644 --- a/crypto/openssl/include/internal/cryptlib.h +++ b/crypto/openssl/include/internal/cryptlib.h @@ -81,6 +81,8 @@ void OPENSSL_showfatal(const char *fmta, ...); void crypto_cleanup_all_ex_data_int(void); int openssl_init_fork_handlers(void); +char *ossl_safe_getenv(const char *name); + extern CRYPTO_RWLOCK *memdbg_lock; int openssl_strerror_r(int errnum, char *buf, size_t buflen); # if !defined(OPENSSL_NO_STDIO) diff --git a/crypto/openssl/include/internal/tsan_assist.h b/crypto/openssl/include/internal/tsan_assist.h index 2c7638344a00..f30ffe398ac7 100644 --- a/crypto/openssl/include/internal/tsan_assist.h +++ b/crypto/openssl/include/internal/tsan_assist.h @@ -57,6 +57,7 @@ # define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed) # define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed) # define tsan_counter(ptr) atomic_fetch_add_explicit((ptr), 1, memory_order_relaxed) +# define tsan_decr(ptr) atomic_fetch_add_explicit((ptr), -1, memory_order_relaxed) # define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire) # define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release) # endif @@ -69,6 +70,7 @@ # define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED) # define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED) # define tsan_counter(ptr) __atomic_fetch_add((ptr), 1, __ATOMIC_RELAXED) +# define tsan_decr(ptr) __atomic_fetch_add((ptr), -1, __ATOMIC_RELAXED) # define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE) # define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE) # endif @@ -113,8 +115,11 @@ # pragma intrinsic(_InterlockedExchangeAdd64) # define tsan_counter(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), 1) \ : _InterlockedExchangeAdd((ptr), 1)) +# define tsan_decr(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), -1) \ + : _InterlockedExchangeAdd((ptr), -1)) # else # define tsan_counter(ptr) _InterlockedExchangeAdd((ptr), 1) +# define tsan_decr(ptr) _InterlockedExchangeAdd((ptr), -1) # endif # if !defined(_ISO_VOLATILE) # define tsan_ld_acq(ptr) (*(ptr)) @@ -129,6 +134,7 @@ # define tsan_load(ptr) (*(ptr)) # define tsan_store(ptr, val) (*(ptr) = (val)) # define tsan_counter(ptr) ((*(ptr))++) +# define tsan_decr(ptr) ((*(ptr))--) /* * Lack of tsan_ld_acq and tsan_ld_rel means that compiler support is not * sophisticated enough to support them. Code that relies on them should be diff --git a/crypto/openssl/include/openssl/cryptoerr.h b/crypto/openssl/include/openssl/cryptoerr.h index e127ff602c4b..10723d0454b3 100644 --- a/crypto/openssl/include/openssl/cryptoerr.h +++ b/crypto/openssl/include/openssl/cryptoerr.h @@ -14,6 +14,9 @@ # ifdef __cplusplus extern "C" # endif + +# include <openssl/symhacks.h> + int ERR_load_CRYPTO_strings(void); /* diff --git a/crypto/openssl/include/openssl/ec.h b/crypto/openssl/include/openssl/ec.h index 4d70da70a614..347cfb6d097b 100644 --- a/crypto/openssl/include/openssl/ec.h +++ b/crypto/openssl/include/openssl/ec.h @@ -1107,6 +1107,11 @@ const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); EC_KEY *EC_KEY_new_method(ENGINE *engine); +/** The old name for ecdh_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, const unsigned char *sinfo, size_t sinfolen, @@ -1457,7 +1462,13 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, # define EVP_PKEY_CTRL_GET1_ID_LEN (EVP_PKEY_ALG_CTRL + 13) /* KDF types */ # define EVP_PKEY_ECDH_KDF_NONE 1 -# define EVP_PKEY_ECDH_KDF_X9_62 2 +# define EVP_PKEY_ECDH_KDF_X9_63 2 +/** The old name for EVP_PKEY_ECDH_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63 # ifdef __cplusplus diff --git a/crypto/openssl/include/openssl/ocsp.h b/crypto/openssl/include/openssl/ocsp.h index 937b32271b21..0a17166b5bf6 100644 --- a/crypto/openssl/include/openssl/ocsp.h +++ b/crypto/openssl/include/openssl/ocsp.h @@ -93,7 +93,6 @@ typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; # define V_OCSP_RESPID_KEY 1 DEFINE_STACK_OF(OCSP_RESPID) -DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; @@ -162,8 +161,6 @@ int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval, const ASN1_ITEM *it); BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx); -int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, - ASN1_VALUE *val); int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path); int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, diff --git a/crypto/openssl/include/openssl/opensslv.h b/crypto/openssl/include/openssl/opensslv.h index 363359d9ef46..e8790316eabd 100644 --- a/crypto/openssl/include/openssl/opensslv.h +++ b/crypto/openssl/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1010100fL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1-freebsd 11 Sep 2018" +# define OPENSSL_VERSION_NUMBER 0x1010101fL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1a-freebsd 20 Nov 2018" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/crypto/openssl/include/openssl/rand_drbg.h b/crypto/openssl/include/openssl/rand_drbg.h index 282356e16176..45b731b73c26 100644 --- a/crypto/openssl/include/openssl/rand_drbg.h +++ b/crypto/openssl/include/openssl/rand_drbg.h @@ -12,23 +12,31 @@ # include <time.h> # include <openssl/ossl_typ.h> +# include <openssl/obj_mac.h> +/* + * RAND_DRBG flags + * + * Note: if new flags are added, the constant `rand_drbg_used_flags` + * in drbg_lib.c needs to be updated accordingly. + */ /* In CTR mode, disable derivation function ctr_df */ # define RAND_DRBG_FLAG_CTR_NO_DF 0x1 -/* A logical OR of all used flag bits (currently there is only one) */ -# define RAND_DRBG_USED_FLAGS ( \ - RAND_DRBG_FLAG_CTR_NO_DF \ - ) + +# if OPENSSL_API_COMPAT < 0x10200000L +/* This #define was replaced by an internal constant and should not be used. */ +# define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF) +# endif /* * Default security strength (in the sense of [NIST SP 800-90Ar1]) * * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that - * of the cipher by collecting less entropy. The current DRBG implemantion does - * not take RAND_DRBG_STRENGTH into account and sets the strength of the DRBG - * to that of the cipher. + * of the cipher by collecting less entropy. The current DRBG implementation + * does not take RAND_DRBG_STRENGTH into account and sets the strength of the + * DRBG to that of the cipher. * * RAND_DRBG_STRENGTH is currently only used for the legacy RAND * implementation. @@ -37,7 +45,9 @@ * NID_aes_256_ctr */ # define RAND_DRBG_STRENGTH 256 +/* Default drbg type */ # define RAND_DRBG_TYPE NID_aes_256_ctr +/* Default drbg flags */ # define RAND_DRBG_FLAGS 0 diff --git a/crypto/openssl/include/openssl/randerr.h b/crypto/openssl/include/openssl/randerr.h index 128f4dea751c..599a2a18d41f 100644 --- a/crypto/openssl/include/openssl/randerr.h +++ b/crypto/openssl/include/openssl/randerr.h @@ -40,6 +40,7 @@ int ERR_load_RAND_strings(void); # define RAND_F_RAND_POOL_ADD 103 # define RAND_F_RAND_POOL_ADD_BEGIN 113 # define RAND_F_RAND_POOL_ADD_END 114 +# define RAND_F_RAND_POOL_ATTACH 124 # define RAND_F_RAND_POOL_BYTES_NEEDED 115 # define RAND_F_RAND_POOL_NEW 116 # define RAND_F_RAND_WRITE_FILE 112 diff --git a/crypto/openssl/include/openssl/rsa.h b/crypto/openssl/include/openssl/rsa.h index a611b6a0be92..cdce1264eb5c 100644 --- a/crypto/openssl/include/openssl/rsa.h +++ b/crypto/openssl/include/openssl/rsa.h @@ -160,7 +160,7 @@ extern "C" { # define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \ - EVP_PKEY_OP_TYPE_KEYGEN, EVP_PKEY_CTRL_MD, \ + EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \ 0, (void *)(md)) # define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) @@ -456,9 +456,9 @@ int RSA_meth_set_priv_dec(RSA_METHOD *rsa, unsigned char *to, RSA *rsa, int padding)); int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) - (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); + (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); int RSA_meth_set_mod_exp(RSA_METHOD *rsa, - int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, + int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx)); int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, diff --git a/crypto/openssl/include/openssl/ssl.h b/crypto/openssl/include/openssl/ssl.h index 0a18a43544cb..d6b1b4e6a670 100644 --- a/crypto/openssl/include/openssl/ssl.h +++ b/crypto/openssl/include/openssl/ssl.h @@ -1271,7 +1271,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_SET_VERIFY_CERT_STORE 106 # define SSL_CTRL_SET_CHAIN_CERT_STORE 107 # define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 -# define SSL_CTRL_GET_SERVER_TMP_KEY 109 +# define SSL_CTRL_GET_PEER_TMP_KEY 109 # define SSL_CTRL_GET_RAW_CIPHERLIST 110 # define SSL_CTRL_GET_EC_POINT_FORMATS 111 # define SSL_CTRL_GET_CHAIN_CERTS 115 @@ -1290,6 +1290,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 # define SSL_CTRL_GET_MIN_PROTO_VERSION 130 # define SSL_CTRL_GET_MAX_PROTO_VERSION 131 +# define SSL_CTRL_GET_SIGNATURE_NID 132 +# define SSL_CTRL_GET_TMP_KEY 133 # define SSL_CERT_SET_FIRST 1 # define SSL_CERT_SET_NEXT 2 # define SSL_CERT_SET_SERVER 3 @@ -1410,10 +1412,14 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) (char *)(clist)) # define SSL_set1_client_certificate_types(s, clist, clistlen) \ SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist)) +# define SSL_get_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn) # define SSL_get_peer_signature_nid(s, pn) \ SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) -# define SSL_get_server_tmp_key(s, pk) \ - SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) +# define SSL_get_peer_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk) +# define SSL_get_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk) # define SSL_get0_raw_cipherlist(s, plst) \ SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) # define SSL_get0_ec_point_formats(s, plst) \ @@ -1435,6 +1441,12 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_get_max_proto_version(s) \ SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +/* Backwards compatibility, original 1.1.0 names */ +# define SSL_CTRL_GET_SERVER_TMP_KEY \ + SSL_CTRL_GET_PEER_TMP_KEY +# define SSL_get_server_tmp_key(s, pk) \ + SSL_get_peer_tmp_key(s, pk) + /* * The following symbol names are old and obsolete. They are kept * for compatibility reasons only and should not be used anymore. diff --git a/crypto/openssl/include/openssl/symhacks.h b/crypto/openssl/include/openssl/symhacks.h index caf1f1a75d02..156ea6e4ee95 100644 --- a/crypto/openssl/include/openssl/symhacks.h +++ b/crypto/openssl/include/openssl/symhacks.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,21 +28,6 @@ # undef i2d_ECPKPARAMETERS # define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS -/* - * These functions do not seem to exist! However, I'm paranoid... Original - * command in x509v3.h: These functions are being redefined in another - * directory, and clash when the linker is case-insensitive, so let's hide - * them a little, by giving them an extra 'o' at the beginning of the name... - */ -# undef X509v3_cleanup_extensions -# define X509v3_cleanup_extensions oX509v3_cleanup_extensions -# undef X509v3_add_extension -# define X509v3_add_extension oX509v3_add_extension -# undef X509v3_add_netscape_extensions -# define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions -# undef X509v3_add_standard_extensions -# define X509v3_add_standard_extensions oX509v3_add_standard_extensions - /* This one clashes with CMS_data_create */ # undef cms_Data_create # define cms_Data_create priv_cms_Data_create diff --git a/crypto/openssl/include/openssl/tls1.h b/crypto/openssl/include/openssl/tls1.h index 2e46cf80d342..e13b5dd4bc65 100644 --- a/crypto/openssl/include/openssl/tls1.h +++ b/crypto/openssl/include/openssl/tls1.h @@ -241,6 +241,7 @@ __owur int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t contextlen); int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid); +int SSL_get_signature_type_nid(const SSL *s, int *pnid); int SSL_get_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignandhash, diff --git a/crypto/openssl/ssl/d1_lib.c b/crypto/openssl/ssl/d1_lib.c index f80851251fe2..fcda32754735 100644 --- a/crypto/openssl/ssl/d1_lib.c +++ b/crypto/openssl/ssl/d1_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -445,15 +445,14 @@ static void get_current_time(struct timeval *t) #ifndef OPENSSL_NO_SOCK int DTLSv1_listen(SSL *s, BIO_ADDR *client) { - int next, n, ret = 0, clearpkt = 0; + int next, n, ret = 0; unsigned char cookie[DTLS1_COOKIE_LENGTH]; unsigned char seq[SEQ_NUM_SIZE]; const unsigned char *data; - unsigned char *buf; - size_t fragoff, fraglen, msglen; + unsigned char *buf, *wbuf; + size_t fragoff, fraglen, msglen, reclen, align = 0; unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen; BIO *rbio, *wbio; - BUF_MEM *bufm; BIO_ADDR *tmpclient = NULL; PACKET pkt, msgpkt, msgpayload, session, cookiepkt; @@ -477,13 +476,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) } /* - * We only peek at incoming ClientHello's until we're sure we are going to - * to respond with a HelloVerifyRequest. If its a ClientHello with a valid - * cookie then we leave it in the BIO for accept to handle. - */ - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL); - - /* * Note: This check deliberately excludes DTLS1_BAD_VER because that version * requires the MAC to be calculated *including* the first ClientHello * (without the cookie). Since DTLSv1_listen is stateless that cannot be @@ -495,35 +487,32 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) return -1; } - if (s->init_buf == NULL) { - if ((bufm = BUF_MEM_new()) == NULL) { - SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE); - return -1; - } - - if (!BUF_MEM_grow(bufm, SSL3_RT_MAX_PLAIN_LENGTH)) { - BUF_MEM_free(bufm); - SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE); - return -1; - } - s->init_buf = bufm; + if (!ssl3_setup_buffers(s)) { + /* SSLerr already called */ + return -1; } - buf = (unsigned char *)s->init_buf->data; + buf = RECORD_LAYER_get_rbuf(&s->rlayer)->buf; + wbuf = RECORD_LAYER_get_wbuf(&s->rlayer)[0].buf; +#if defined(SSL3_ALIGN_PAYLOAD) +# if SSL3_ALIGN_PAYLOAD != 0 + /* + * Using SSL3_RT_HEADER_LENGTH here instead of DTLS1_RT_HEADER_LENGTH for + * consistency with ssl3_read_n. In practice it should make no difference + * for sensible values of SSL3_ALIGN_PAYLOAD because the difference between + * SSL3_RT_HEADER_LENGTH and DTLS1_RT_HEADER_LENGTH is exactly 8 + */ + align = (size_t)buf + SSL3_RT_HEADER_LENGTH; + align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD); +# endif +#endif + buf += align; do { /* Get a packet */ clear_sys_error(); - /* - * Technically a ClientHello could be SSL3_RT_MAX_PLAIN_LENGTH - * + DTLS1_RT_HEADER_LENGTH bytes long. Normally init_buf does not store - * the record header as well, but we do here. We've set up init_buf to - * be the standard size for simplicity. In practice we shouldn't ever - * receive a ClientHello as long as this. If we do it will get dropped - * in the record length check below. - */ - n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH); - + n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH + + DTLS1_RT_HEADER_LENGTH); if (n <= 0) { if (BIO_should_retry(rbio)) { /* Non-blocking IO */ @@ -532,9 +521,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) return -1; } - /* If we hit any problems we need to clear this packet from the BIO */ - clearpkt = 1; - if (!PACKET_buf_init(&pkt, buf, n)) { SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR); return -1; @@ -587,6 +573,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH); goto end; } + reclen = PACKET_remaining(&msgpkt); /* * We allow data remaining at the end of the packet because there could * be a second record (but we ignore it) @@ -706,14 +693,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) * to resend, we just drop it. */ - /* - * Dump the read packet, we don't need it any more. Ignore return - * value - */ - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL); - BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH); - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL); - /* Generate the cookie */ if (s->ctx->app_gen_cookie_cb == NULL || s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 || @@ -732,7 +711,11 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) : s->version; /* Construct the record and message headers */ - if (!WPACKET_init(&wpkt, s->init_buf) + if (!WPACKET_init_static_len(&wpkt, + wbuf, + ssl_get_max_send_fragment(s) + + DTLS1_RT_HEADER_LENGTH, + 0) || !WPACKET_put_bytes_u8(&wpkt, SSL3_RT_HANDSHAKE) || !WPACKET_put_bytes_u16(&wpkt, version) /* @@ -790,8 +773,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) * plus one byte for the message content type. The source is the * last 3 bytes of the message header */ - memcpy(&buf[DTLS1_RT_HEADER_LENGTH + 1], - &buf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3], + memcpy(&wbuf[DTLS1_RT_HEADER_LENGTH + 1], + &wbuf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3], 3); if (s->msg_callback) @@ -815,7 +798,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) tmpclient = NULL; /* TODO(size_t): convert this call */ - if (BIO_write(wbio, buf, wreclen) < (int)wreclen) { + if (BIO_write(wbio, wbuf, wreclen) < (int)wreclen) { if (BIO_should_retry(wbio)) { /* * Non-blocking IO...but we're stateless, so we're just @@ -865,15 +848,13 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) if (BIO_dgram_get_peer(rbio, client) <= 0) BIO_ADDR_clear(client); + /* Buffer the record in the processed_rcds queue */ + if (!dtls_buffer_listen_record(s, reclen, seq, align)) + return -1; + ret = 1; - clearpkt = 0; end: BIO_ADDR_free(tmpclient); - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL); - if (clearpkt) { - /* Dump this packet. Ignore return value */ - BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH); - } return ret; } #endif diff --git a/crypto/openssl/ssl/record/rec_layer_d1.c b/crypto/openssl/ssl/record/rec_layer_d1.c index 43e1f9895319..1f9b31969d82 100644 --- a/crypto/openssl/ssl/record/rec_layer_d1.c +++ b/crypto/openssl/ssl/record/rec_layer_d1.c @@ -185,14 +185,11 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) return -1; } - /* insert should not fail, since duplicates are dropped */ if (pqueue_insert(queue->q, item) == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_BUFFER_RECORD, - ERR_R_INTERNAL_ERROR); + /* Must be a duplicate so ignore it */ OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); - return -1; } return 1; diff --git a/crypto/openssl/ssl/record/record.h b/crypto/openssl/ssl/record/record.h index 32db8212aa14..af56206e07c9 100644 --- a/crypto/openssl/ssl/record/record.h +++ b/crypto/openssl/ssl/record/record.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -188,6 +188,8 @@ typedef struct record_layer_st { ((rl)->d->processed_rcds) #define DTLS_RECORD_LAYER_get_unprocessed_rcds(rl) \ ((rl)->d->unprocessed_rcds) +#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf) +#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf) void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s); void RECORD_LAYER_clear(RECORD_LAYER *rl); @@ -230,3 +232,5 @@ __owur int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len, int do_dtls1_write(SSL *s, int type, const unsigned char *buf, size_t len, int create_empty_fragment, size_t *written); void dtls1_reset_seq_numbers(SSL *s, int rw); +int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq, + size_t off); diff --git a/crypto/openssl/ssl/record/record_locl.h b/crypto/openssl/ssl/record/record_locl.h index 07fd7ab640ba..5e8dd7f70442 100644 --- a/crypto/openssl/ssl/record/record_locl.h +++ b/crypto/openssl/ssl/record/record_locl.h @@ -18,8 +18,6 @@ /* Functions/macros provided by the RECORD_LAYER component */ -#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf) -#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf) #define RECORD_LAYER_get_rrec(rl) ((rl)->rrec) #define RECORD_LAYER_set_packet(rl, p) ((rl)->packet = (p)) #define RECORD_LAYER_reset_packet_length(rl) ((rl)->packet_length = 0) diff --git a/crypto/openssl/ssl/record/ssl3_record.c b/crypto/openssl/ssl/record/ssl3_record.c index a616bf040932..e59ac5a67676 100644 --- a/crypto/openssl/ssl/record/ssl3_record.c +++ b/crypto/openssl/ssl/record/ssl3_record.c @@ -2030,3 +2030,28 @@ int dtls1_get_record(SSL *s) return 1; } + +int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq, size_t off) +{ + SSL3_RECORD *rr; + + rr = RECORD_LAYER_get_rrec(&s->rlayer); + memset(rr, 0, sizeof(SSL3_RECORD)); + + rr->length = len; + rr->type = SSL3_RT_HANDSHAKE; + memcpy(rr->seq_num, seq, sizeof(rr->seq_num)); + rr->off = off; + + s->rlayer.packet = RECORD_LAYER_get_rbuf(&s->rlayer)->buf; + s->rlayer.packet_length = DTLS1_RT_HEADER_LENGTH + len; + rr->data = s->rlayer.packet + DTLS1_RT_HEADER_LENGTH; + + if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds), + SSL3_RECORD_get_seq_num(s->rlayer.rrec)) <= 0) { + /* SSLfatal() already called */ + return 0; + } + + return 1; +} diff --git a/crypto/openssl/ssl/s3_cbc.c b/crypto/openssl/ssl/s3_cbc.c index 7d9c3776973d..8377d7fe13dc 100644 --- a/crypto/openssl/ssl/s3_cbc.c +++ b/crypto/openssl/ssl/s3_cbc.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -256,12 +256,13 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, * of hash termination (0x80 + 64-bit length) don't fit in the final * block, we say that the final two blocks can vary based on the padding. * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not - * required to be minimal. Therefore we say that the final six blocks can + * required to be minimal. Therefore we say that the final |variance_blocks| + * blocks can * vary based on the padding. Later in the function, if the message is * short and there obviously cannot be this many blocks then * variance_blocks can be reduced. */ - variance_blocks = is_sslv3 ? 2 : 6; + variance_blocks = is_sslv3 ? 2 : ( ((255 + 1 + md_size + md_block_size - 1) / md_block_size) + 1); /* * From now on we're dealing with the MAC, which conceptually has 13 * bytes of `header' before the start of the data (TLS) or 71/75 bytes diff --git a/crypto/openssl/ssl/s3_enc.c b/crypto/openssl/ssl/s3_enc.c index 5f403817b4d5..fca84ef99acf 100644 --- a/crypto/openssl/ssl/s3_enc.c +++ b/crypto/openssl/ssl/s3_enc.c @@ -442,15 +442,16 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR); - return 0; + ret = 0; + goto err; } ret = EVP_MD_CTX_size(ctx); if (ret < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR); - EVP_MD_CTX_reset(ctx); - return 0; + ret = 0; + goto err; } if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0) @@ -463,6 +464,7 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, ret = 0; } + err: EVP_MD_CTX_free(ctx); return ret; diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c index 7713f767b2d3..866ca4dfa9b0 100644 --- a/crypto/openssl/ssl/s3_lib.c +++ b/crypto/openssl/ssl/s3_lib.c @@ -3681,9 +3681,15 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) *(int *)parg = s->s3->tmp.peer_sigalg->hash; return 1; - case SSL_CTRL_GET_SERVER_TMP_KEY: + case SSL_CTRL_GET_SIGNATURE_NID: + if (s->s3->tmp.sigalg == NULL) + return 0; + *(int *)parg = s->s3->tmp.sigalg->hash; + return 1; + + case SSL_CTRL_GET_PEER_TMP_KEY: #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) - if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) { + if (s->session == NULL || s->s3->peer_tmp == NULL) { return 0; } else { EVP_PKEY_up_ref(s->s3->peer_tmp); @@ -3693,6 +3699,20 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) #else return 0; #endif + + case SSL_CTRL_GET_TMP_KEY: +#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) + if (s->session == NULL || s->s3->tmp.pkey == NULL) { + return 0; + } else { + EVP_PKEY_up_ref(s->s3->tmp.pkey); + *(EVP_PKEY **)parg = s->s3->tmp.pkey; + return 1; + } +#else + return 0; +#endif + #ifndef OPENSSL_NO_EC case SSL_CTRL_GET_EC_POINT_FORMATS: { diff --git a/crypto/openssl/ssl/ssl_cert.c b/crypto/openssl/ssl/ssl_cert.c index 52a4a7eaadd2..33145078963d 100644 --- a/crypto/openssl/ssl/ssl_cert.c +++ b/crypto/openssl/ssl/ssl_cert.c @@ -501,17 +501,17 @@ const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s) void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) { - SSL_CTX_set0_CA_list(ctx, name_list); + set0_CA_list(&ctx->client_ca_names, name_list); } STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) { - return ctx->ca_names; + return ctx->client_ca_names; } void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) { - SSL_set0_CA_list(s, name_list); + set0_CA_list(&s->client_ca_names, name_list); } const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s) @@ -523,7 +523,8 @@ STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) { if (!s->server) return s->s3 != NULL ? s->s3->tmp.peer_ca_names : NULL; - return s->ca_names != NULL ? s->ca_names : s->ctx->ca_names; + return s->client_ca_names != NULL ? s->client_ca_names + : s->ctx->client_ca_names; } static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x) @@ -561,12 +562,12 @@ int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x) */ int SSL_add_client_CA(SSL *ssl, X509 *x) { - return add_ca_name(&ssl->ca_names, x); + return add_ca_name(&ssl->client_ca_names, x); } int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) { - return add_ca_name(&ctx->ca_names, x); + return add_ca_name(&ctx->client_ca_names, x); } static int xname_cmp(const X509_NAME *a, const X509_NAME *b) @@ -951,8 +952,8 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, if (level >= 2 && c->algorithm_enc == SSL_RC4) return 0; /* Level 3: forward secure ciphersuites only */ - if (level >= 3 && (c->min_tls != TLS1_3_VERSION || - !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))) + if (level >= 3 && c->min_tls != TLS1_3_VERSION && + !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))) return 0; break; } diff --git a/crypto/openssl/ssl/ssl_ciph.c b/crypto/openssl/ssl/ssl_ciph.c index b60cc79a2f53..14066d0ea451 100644 --- a/crypto/openssl/ssl/ssl_ciph.c +++ b/crypto/openssl/ssl/ssl_ciph.c @@ -1301,7 +1301,7 @@ static int ciphersuite_cb(const char *elem, int len, void *arg) return 1; } -int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str) +static __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str) { STACK_OF(SSL_CIPHER) *newciphers = sk_SSL_CIPHER_new_null(); diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c index d75158e30c4f..61a0ea2cc974 100644 --- a/crypto/openssl/ssl/ssl_lib.c +++ b/crypto/openssl/ssl/ssl_lib.c @@ -654,6 +654,10 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) ctx->method = meth; + if (!SSL_CTX_set_ciphersuites(ctx, TLS_DEFAULT_CIPHERSUITES)) { + SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); + return 0; + } sk = ssl_create_cipher_list(ctx->method, ctx->tls13_ciphersuites, &(ctx->cipher_list), @@ -1192,6 +1196,7 @@ void SSL_free(SSL *s) EVP_MD_CTX_free(s->pha_dgst); sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free); sk_X509_pop_free(s->verified_chain, X509_free); @@ -2951,6 +2956,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) goto err; + if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL) + goto err; + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data)) goto err; @@ -3108,6 +3116,7 @@ void SSL_CTX_free(SSL_CTX *a) sk_SSL_CIPHER_free(a->tls13_ciphersuites); ssl_cert_free(a->cert); sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free); sk_X509_pop_free(a->extra_certs, X509_free); a->comp_methods = NULL; #ifndef OPENSSL_NO_SRTP @@ -3653,10 +3662,38 @@ const char *SSL_get_version(const SSL *s) return ssl_protocol_to_string(s->version); } -SSL *SSL_dup(SSL *s) +static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src) { STACK_OF(X509_NAME) *sk; X509_NAME *xn; + int i; + + if (src == NULL) { + *dst = NULL; + return 1; + } + + if ((sk = sk_X509_NAME_new_null()) == NULL) + return 0; + for (i = 0; i < sk_X509_NAME_num(src); i++) { + xn = X509_NAME_dup(sk_X509_NAME_value(src, i)); + if (xn == NULL) { + sk_X509_NAME_pop_free(sk, X509_NAME_free); + return 0; + } + if (sk_X509_NAME_insert(sk, xn, i) == 0) { + X509_NAME_free(xn); + sk_X509_NAME_pop_free(sk, X509_NAME_free); + return 0; + } + } + *dst = sk; + + return 1; +} + +SSL *SSL_dup(SSL *s) +{ SSL *ret; int i; @@ -3761,18 +3798,10 @@ SSL *SSL_dup(SSL *s) goto err; /* Dup the client_CA list */ - if (s->ca_names != NULL) { - if ((sk = sk_X509_NAME_dup(s->ca_names)) == NULL) - goto err; - ret->ca_names = sk; - for (i = 0; i < sk_X509_NAME_num(sk); i++) { - xn = sk_X509_NAME_value(sk, i); - if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) { - X509_NAME_free(xn); - goto err; - } - } - } + if (!dup_ca_names(&ret->ca_names, s->ca_names) + || !dup_ca_names(&ret->client_ca_names, s->client_ca_names)) + goto err; + return ret; err: @@ -5102,7 +5131,8 @@ static int nss_keylog_int(const char *prefix, size_t i; size_t prefix_len; - if (ssl->ctx->keylog_callback == NULL) return 1; + if (ssl->ctx->keylog_callback == NULL) + return 1; /* * Our output buffer will contain the following strings, rendered with @@ -5113,7 +5143,7 @@ static int nss_keylog_int(const char *prefix, * hexadecimal, so we need a buffer that is twice their lengths. */ prefix_len = strlen(prefix); - out_len = prefix_len + (2*parameter_1_len) + (2*parameter_2_len) + 3; + out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3; if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) { SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT, ERR_R_MALLOC_FAILURE); @@ -5137,7 +5167,7 @@ static int nss_keylog_int(const char *prefix, *cursor = '\0'; ssl->ctx->keylog_callback(ssl, (const char *)out); - OPENSSL_free(out); + OPENSSL_clear_free(out, out_len); return 1; } diff --git a/crypto/openssl/ssl/ssl_locl.h b/crypto/openssl/ssl/ssl_locl.h index e8819e7a2838..70e5a1740f9c 100644 --- a/crypto/openssl/ssl/ssl_locl.h +++ b/crypto/openssl/ssl/ssl_locl.h @@ -471,7 +471,11 @@ struct ssl_method_st { long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); }; -# define TLS13_MAX_RESUMPTION_PSK_LENGTH 64 +/* + * Matches the length of PSK_MAX_PSK_LEN. We keep it the same value for + * consistency, even in the event of OPENSSL_NO_PSK being defined. + */ +# define TLS13_MAX_RESUMPTION_PSK_LENGTH 256 /*- * Lets make this into an ASN.1 type structure as follows @@ -850,9 +854,11 @@ struct ssl_ctx_st { /* * What we put in certificate_authorities extension for TLS 1.3 * (ClientHello and CertificateRequest) or just client cert requests for - * earlier versions. + * earlier versions. If client_ca_names is populated then it is only used + * for client cert requests, and in preference to ca_names. */ STACK_OF(X509_NAME) *ca_names; + STACK_OF(X509_NAME) *client_ca_names; /* * Default values to use in SSL structures follow (these are copied by @@ -1229,8 +1235,14 @@ struct ssl_st { long verify_result; /* extra application data */ CRYPTO_EX_DATA ex_data; - /* for server side, keep the list of CA_dn we can use */ + /* + * What we put in certificate_authorities extension for TLS 1.3 + * (ClientHello and CertificateRequest) or just client cert requests for + * earlier versions. If client_ca_names is populated then it is only used + * for client cert requests, and in preference to ca_names. + */ STACK_OF(X509_NAME) *ca_names; + STACK_OF(X509_NAME) *client_ca_names; CRYPTO_REF_COUNT references; /* protocol behaviour */ uint32_t options; @@ -2251,7 +2263,6 @@ __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, const SSL_CIPHER *const *bp); -__owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str); __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) **cipher_list, @@ -2561,6 +2572,9 @@ __owur int tls1_process_sigalgs(SSL *s); __owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey); __owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd); __owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs); +# ifndef OPENSSL_NO_EC +__owur int tls_check_sigalg_curve(const SSL *s, int curve); +# endif __owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey); __owur int ssl_set_client_disabled(SSL *s); __owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde); diff --git a/crypto/openssl/ssl/statem/extensions.c b/crypto/openssl/ssl/statem/extensions.c index 8422161dc103..63e61c6184ac 100644 --- a/crypto/openssl/ssl/statem/extensions.c +++ b/crypto/openssl/ssl/statem/extensions.c @@ -962,7 +962,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent) */ if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx) { tsan_counter(&s->ctx->stats.sess_accept); - tsan_counter(&s->session_ctx->stats.sess_accept); + tsan_decr(&s->session_ctx->stats.sess_accept); } /* @@ -1198,7 +1198,7 @@ static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx) { - const STACK_OF(X509_NAME) *ca_sk = SSL_get0_CA_list(s); + const STACK_OF(X509_NAME) *ca_sk = get_ca_names(s); if (ca_sk == NULL || sk_X509_NAME_num(ca_sk) == 0) return EXT_RETURN_NOT_SENT; @@ -1211,7 +1211,7 @@ static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt, return EXT_RETURN_FAIL; } - if (!construct_ca_names(s, pkt)) { + if (!construct_ca_names(s, ca_sk, pkt)) { /* SSLfatal() already called */ return EXT_RETURN_FAIL; } @@ -1530,10 +1530,12 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, */ if (s->hello_retry_request == SSL_HRR_PENDING) { size_t hdatalen; + long hdatalen_l; void *hdata; - hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); - if (hdatalen <= 0) { + hdatalen = hdatalen_l = + BIO_get_mem_data(s->s3->handshake_buffer, &hdata); + if (hdatalen_l <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, SSL_R_BAD_HANDSHAKE_LENGTH); goto err; diff --git a/crypto/openssl/ssl/statem/extensions_clnt.c b/crypto/openssl/ssl/statem/extensions_clnt.c index 4b5e6fe2b87f..ab4dbf67131e 100644 --- a/crypto/openssl/ssl/statem/extensions_clnt.c +++ b/crypto/openssl/ssl/statem/extensions_clnt.c @@ -115,7 +115,7 @@ EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, #ifndef OPENSSL_NO_EC static int use_ecc(SSL *s) { - int i, end; + int i, end, ret = 0; unsigned long alg_k, alg_a; STACK_OF(SSL_CIPHER) *cipher_stack = NULL; @@ -123,7 +123,7 @@ static int use_ecc(SSL *s) if (s->version == SSL3_VERSION) return 0; - cipher_stack = SSL_get_ciphers(s); + cipher_stack = SSL_get1_supported_ciphers(s); end = sk_SSL_CIPHER_num(cipher_stack); for (i = 0; i < end; i++) { const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i); @@ -132,11 +132,14 @@ static int use_ecc(SSL *s) alg_a = c->algorithm_auth; if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) || (alg_a & SSL_aECDSA) - || c->min_tls >= TLS1_3_VERSION) - return 1; + || c->min_tls >= TLS1_3_VERSION) { + ret = 1; + break; + } } - return 0; + sk_SSL_CIPHER_free(cipher_stack); + return ret; } EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, diff --git a/crypto/openssl/ssl/statem/statem.c b/crypto/openssl/ssl/statem/statem.c index d75f9ea03608..f76c0e48034b 100644 --- a/crypto/openssl/ssl/statem/statem.c +++ b/crypto/openssl/ssl/statem/statem.c @@ -118,11 +118,12 @@ void ossl_statem_set_renegotiate(SSL *s) void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file, int line) { + ERR_put_error(ERR_LIB_SSL, func, reason, file, line); /* We shouldn't call SSLfatal() twice. Once is enough */ - assert(s->statem.state != MSG_FLOW_ERROR); + if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR) + return; s->statem.in_init = 1; s->statem.state = MSG_FLOW_ERROR; - ERR_put_error(ERR_LIB_SSL, func, reason, file, line); if (al != SSL_AD_NO_ALERT && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID) ssl3_send_alert(s, SSL3_AL_FATAL, al); diff --git a/crypto/openssl/ssl/statem/statem_clnt.c b/crypto/openssl/ssl/statem/statem_clnt.c index 8c658da8990d..0a11b88183e3 100644 --- a/crypto/openssl/ssl/statem/statem_clnt.c +++ b/crypto/openssl/ssl/statem/statem_clnt.c @@ -1095,6 +1095,7 @@ WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst) ERR_R_INTERNAL_ERROR); return WORK_ERROR; + case TLS_ST_CR_CERT_VRFY: case TLS_ST_CR_CERT_REQ: return tls_prepare_client_certificate(s, wst); } @@ -2563,6 +2564,17 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) /* we should setup a certificate to return.... */ s->s3->tmp.cert_req = 1; + /* + * In TLSv1.3 we don't prepare the client certificate yet. We wait until + * after the CertificateVerify message has been received. This is because + * in TLSv1.3 the CertificateRequest arrives before the Certificate message + * but in TLSv1.2 it is the other way around. We want to make sure that + * SSL_get_peer_certificate() returns something sensible in + * client_cert_cb. + */ + if (SSL_IS_TLS13(s) && s->post_handshake_auth != SSL_PHA_REQUESTED) + return MSG_PROCESS_CONTINUE_READING; + return MSG_PROCESS_CONTINUE_PROCESSING; } diff --git a/crypto/openssl/ssl/statem/statem_lib.c b/crypto/openssl/ssl/statem/statem_lib.c index 508bb88767a7..4324896f500a 100644 --- a/crypto/openssl/ssl/statem/statem_lib.c +++ b/crypto/openssl/ssl/statem/statem_lib.c @@ -203,9 +203,10 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, *hdatalen = TLS13_TBS_PREAMBLE_SIZE + hashlen; } else { size_t retlen; + long retlen_l; - retlen = BIO_get_mem_data(s->s3->handshake_buffer, hdata); - if (retlen <= 0) { + retlen = retlen_l = BIO_get_mem_data(s->s3->handshake_buffer, hdata); + if (retlen_l <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_GET_CERT_VERIFY_TBS_DATA, ERR_R_INTERNAL_ERROR); return 0; @@ -494,7 +495,18 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) } } - ret = MSG_PROCESS_CONTINUE_READING; + /* + * In TLSv1.3 on the client side we make sure we prepare the client + * certificate after the CertVerify instead of when we get the + * CertificateRequest. This is because in TLSv1.3 the CertificateRequest + * comes *before* the Certificate message. In TLSv1.2 it comes after. We + * want to make sure that SSL_get_peer_certificate() will return the actual + * server certificate from the client_cert_cb callback. + */ + if (!s->server && SSL_IS_TLS13(s) && s->s3->tmp.cert_req == 1) + ret = MSG_PROCESS_CONTINUE_PROCESSING; + else + ret = MSG_PROCESS_CONTINUE_READING; err: BIO_free(s->s3->handshake_buffer); s->s3->handshake_buffer = NULL; @@ -1495,6 +1507,10 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method) static int is_tls13_capable(const SSL *s) { int i; +#ifndef OPENSSL_NO_EC + int curve; + EC_KEY *eckey; +#endif #ifndef OPENSSL_NO_PSK if (s->psk_server_callback != NULL) @@ -1515,8 +1531,25 @@ static int is_tls13_capable(const SSL *s) default: break; } - if (ssl_has_cert(s, i)) + if (!ssl_has_cert(s, i)) + continue; +#ifndef OPENSSL_NO_EC + if (i != SSL_PKEY_ECC) + return 1; + /* + * Prior to TLSv1.3 sig algs allowed any curve to be used. TLSv1.3 is + * more restrictive so check that our sig algs are consistent with this + * EC cert. See section 4.2.3 of RFC8446. + */ + eckey = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey); + if (eckey == NULL) + continue; + curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey)); + if (tls_check_sigalg_curve(s, curve)) return 1; +#else + return 1; +#endif } return 0; @@ -2261,10 +2294,24 @@ int parse_ca_names(SSL *s, PACKET *pkt) return 0; } -int construct_ca_names(SSL *s, WPACKET *pkt) +const STACK_OF(X509_NAME) *get_ca_names(SSL *s) { - const STACK_OF(X509_NAME) *ca_sk = SSL_get0_CA_list(s); + const STACK_OF(X509_NAME) *ca_sk = NULL;; + + if (s->server) { + ca_sk = SSL_get_client_CA_list(s); + if (ca_sk != NULL && sk_X509_NAME_num(ca_sk) == 0) + ca_sk = NULL; + } + + if (ca_sk == NULL) + ca_sk = SSL_get0_CA_list(s); + return ca_sk; +} + +int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt) +{ /* Start sub-packet for client CA list */ if (!WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_CA_NAMES, diff --git a/crypto/openssl/ssl/statem/statem_locl.h b/crypto/openssl/ssl/statem/statem_locl.h index 25e56e4e8ddf..6b8cf37faa01 100644 --- a/crypto/openssl/ssl/statem/statem_locl.h +++ b/crypto/openssl/ssl/statem/statem_locl.h @@ -61,7 +61,8 @@ int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, size_t hashlen, const unsigned char *hrr, size_t hrrlen); int parse_ca_names(SSL *s, PACKET *pkt); -int construct_ca_names(SSL *s, WPACKET *pkt); +const STACK_OF(X509_NAME) *get_ca_names(SSL *s); +int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt); size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs, const void *param, size_t paramlen); diff --git a/crypto/openssl/ssl/statem/statem_srvr.c b/crypto/openssl/ssl/statem/statem_srvr.c index 346b1e398916..e7c11c4bea4d 100644 --- a/crypto/openssl/ssl/statem/statem_srvr.c +++ b/crypto/openssl/ssl/statem/statem_srvr.c @@ -1519,8 +1519,10 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) * So check cookie length... */ if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { - if (clienthello->dtls_cookie_len == 0) + if (clienthello->dtls_cookie_len == 0) { + OPENSSL_free(clienthello); return MSG_PROCESS_FINISHED_READING; + } } } @@ -2056,10 +2058,6 @@ static int tls_early_post_process_client_hello(SSL *s) #else s->session->compress_meth = (comp == NULL) ? 0 : comp->id; #endif - if (!tls1_set_server_sigalgs(s)) { - /* SSLfatal() already called */ - goto err; - } } sk_SSL_CIPHER_free(ciphers); @@ -2227,19 +2225,25 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) if (wst == WORK_MORE_B) { if (!s->hit || SSL_IS_TLS13(s)) { /* Let cert callback update server certificates if required */ - if (!s->hit && s->cert->cert_cb != NULL) { - int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg); - if (rv == 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, - SSL_R_CERT_CB_ERROR); - goto err; + if (!s->hit) { + if (s->cert->cert_cb != NULL) { + int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg); + if (rv == 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, + SSL_R_CERT_CB_ERROR); + goto err; + } + if (rv < 0) { + s->rwstate = SSL_X509_LOOKUP; + return WORK_MORE_B; + } + s->rwstate = SSL_NOTHING; } - if (rv < 0) { - s->rwstate = SSL_X509_LOOKUP; - return WORK_MORE_B; + if (!tls1_set_server_sigalgs(s)) { + /* SSLfatal already called */ + goto err; } - s->rwstate = SSL_NOTHING; } /* In TLSv1.3 we selected the ciphersuite before resumption */ @@ -2876,7 +2880,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) } } - if (!construct_ca_names(s, pkt)) { + if (!construct_ca_names(s, get_ca_names(s), pkt)) { /* SSLfatal() already called */ return 0; } @@ -3222,6 +3226,12 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt) SSL_R_LENGTH_MISMATCH); goto err; } + if (skey == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE, + SSL_R_MISSING_TMP_ECDH_KEY); + goto err; + } + ckey = EVP_PKEY_new(); if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE, diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c index 156497988a62..fc41ed90e710 100644 --- a/crypto/openssl/ssl/t1_lib.c +++ b/crypto/openssl/ssl/t1_lib.c @@ -343,6 +343,10 @@ int tls1_set_groups(uint16_t **pext, size_t *pextlen, */ unsigned long dup_list = 0; + if (ngroups == 0) { + SSLerr(SSL_F_TLS1_SET_GROUPS, SSL_R_BAD_LENGTH); + return 0; + } if ((glist = OPENSSL_malloc(ngroups * sizeof(*glist))) == NULL) { SSLerr(SSL_F_TLS1_SET_GROUPS, ERR_R_MALLOC_FAILURE); return 0; @@ -945,6 +949,39 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs) } } +#ifndef OPENSSL_NO_EC +/* + * Called by servers only. Checks that we have a sig alg that supports the + * specified EC curve. + */ +int tls_check_sigalg_curve(const SSL *s, int curve) +{ + const uint16_t *sigs; + size_t siglen, i; + + if (s->cert->conf_sigalgs) { + sigs = s->cert->conf_sigalgs; + siglen = s->cert->conf_sigalgslen; + } else { + sigs = tls12_sigalgs; + siglen = OSSL_NELEM(tls12_sigalgs); + } + + for (i = 0; i < siglen; i++) { + const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(sigs[i]); + + if (lu == NULL) + continue; + if (lu->sig == EVP_PKEY_EC + && lu->curve != NID_undef + && curve == lu->curve) + return 1; + } + + return 0; +} +#endif + /* * Check signature algorithm is consistent with sent supported signature * algorithms and if so set relevant digest and signature scheme in @@ -1087,6 +1124,14 @@ int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid) return 1; } +int SSL_get_signature_type_nid(const SSL *s, int *pnid) +{ + if (s->s3->tmp.sigalg == NULL) + return 0; + *pnid = s->s3->tmp.sigalg->sig; + return 1; +} + /* * Set a mask of disabled algorithms: an algorithm is disabled if it isn't * supported, doesn't appear in supported signature algorithms, isn't supported diff --git a/crypto/openssl/ssl/tls13_enc.c b/crypto/openssl/ssl/tls13_enc.c index f7ab0fa47040..b6825d20c2dc 100644 --- a/crypto/openssl/ssl/tls13_enc.c +++ b/crypto/openssl/ssl/tls13_enc.c @@ -13,7 +13,14 @@ #include <openssl/evp.h> #include <openssl/kdf.h> -#define TLS13_MAX_LABEL_LEN 246 +/* + * RFC 8446, 7.1 Key Schedule, says: + * Note: With common hash functions, any label longer than 12 characters + * requires an additional iteration of the hash function to compute. + * The labels in this specification have all been chosen to fit within + * this limit. + */ +#define TLS13_MAX_LABEL_LEN 12 /* Always filled with zeros */ static const unsigned char default_zeros[EVP_MAX_MD_SIZE]; @@ -29,14 +36,15 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, const unsigned char *data, size_t datalen, unsigned char *out, size_t outlen) { - const unsigned char label_prefix[] = "tls13 "; + static const unsigned char label_prefix[] = "tls13 "; EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); int ret; size_t hkdflabellen; size_t hashlen; /* - * 2 bytes for length of whole HkdfLabel + 1 byte for length of combined - * prefix and label + bytes for the label itself + bytes for the hash + * 2 bytes for length of derived secret + 1 byte for length of combined + * prefix and label + bytes for the label itself + 1 byte length of hash + * + bytes for the hash itself */ unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) + + sizeof(label_prefix) + TLS13_MAX_LABEL_LEN diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile index b44a51b7ebf7..63fe342c199c 100644 --- a/secure/lib/libcrypto/Makefile +++ b/secure/lib/libcrypto/Makefile @@ -16,9 +16,9 @@ NO_LINT= .endif .include "Makefile.inc" -SRCS= cpt_err.c cryptlib.c ctype.c cversion.c ex_data.c init.c mem.c -SRCS+= mem_dbg.c mem_sec.c o_dir.c o_fips.c o_fopen.c o_init.c o_str.c -SRCS+= o_time.c threads_pthread.c uid.c +SRCS= cpt_err.c cryptlib.c ctype.c cversion.c ex_data.c getenv.c init.c +SRCS+= mem.c mem_dbg.c mem_sec.c o_dir.c o_fips.c o_fopen.c o_init.c +SRCS+= o_str.c o_time.c threads_pthread.c uid.c .if defined(ASM_aarch64) SRCS+= arm64cpuid.S armcap.c ACFLAGS.arm64cpuid.S= -march=armv8-a+crypto diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc index 75b67763e1dd..ef8c131ff32c 100644 --- a/secure/lib/libcrypto/Makefile.inc +++ b/secure/lib/libcrypto/Makefile.inc @@ -3,8 +3,8 @@ .include <bsd.own.mk> # OpenSSL version used for manual page generation -OPENSSL_VER= 1.1.1 -OPENSSL_DATE= 2018-09-11 +OPENSSL_VER= 1.1.1a +OPENSSL_DATE= 2018-11-20 LCRYPTO_SRC= ${SRCTOP}/crypto/openssl LCRYPTO_DOC= ${LCRYPTO_SRC}/doc diff --git a/secure/lib/libcrypto/Makefile.man b/secure/lib/libcrypto/Makefile.man index 7b734aec0781..61d6d071d96e 100644 --- a/secure/lib/libcrypto/Makefile.man +++ b/secure/lib/libcrypto/Makefile.man @@ -308,7 +308,6 @@ MAN+= SSL_CTX_set_cert_cb.3 MAN+= SSL_CTX_set_cert_store.3 MAN+= SSL_CTX_set_cert_verify_callback.3 MAN+= SSL_CTX_set_cipher_list.3 -MAN+= SSL_CTX_set_client_CA_list.3 MAN+= SSL_CTX_set_client_cert_cb.3 MAN+= SSL_CTX_set_client_hello_cb.3 MAN+= SSL_CTX_set_ct_validation_callback.3 @@ -372,7 +371,6 @@ MAN+= SSL_get0_peer_scts.3 MAN+= SSL_get_SSL_CTX.3 MAN+= SSL_get_all_async_fds.3 MAN+= SSL_get_ciphers.3 -MAN+= SSL_get_client_CA_list.3 MAN+= SSL_get_client_random.3 MAN+= SSL_get_current_cipher.3 MAN+= SSL_get_default_timeout.3 @@ -382,9 +380,9 @@ MAN+= SSL_get_fd.3 MAN+= SSL_get_peer_cert_chain.3 MAN+= SSL_get_peer_certificate.3 MAN+= SSL_get_peer_signature_nid.3 +MAN+= SSL_get_peer_tmp_key.3 MAN+= SSL_get_psk_identity.3 MAN+= SSL_get_rbio.3 -MAN+= SSL_get_server_tmp_key.3 MAN+= SSL_get_session.3 MAN+= SSL_get_shared_sigalgs.3 MAN+= SSL_get_verify_result.3 @@ -1511,20 +1509,55 @@ MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_set_pub_key.3 MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_siginf.3 MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_get0_asn1.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_ctrl_str.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_ctrl_uint64.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_dh_kdf_oid.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_dh_kdf_ukm.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_rsa_oaep_label.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get1_id.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get1_id_len.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_dh_kdf_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_dh_kdf_outlen.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_dh_kdf_type.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_cofactor_mode.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_kdf_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_kdf_outlen.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_kdf_type.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_mgf1_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_oaep_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_padding.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_pss_saltlen.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_signature_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_dh_kdf_oid.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_dh_kdf_ukm.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_ecdh_kdf_ukm.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_rsa_oaep_label.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set1_id.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_kdf_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_kdf_outlen.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_kdf_type.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_nid.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_pad.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_generator.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_prime_len.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_subprime_len.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_type.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_rfc5114.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dhx_rfc5114.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dsa_paramgen_bits.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ec_param_enc.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_cofactor_mode.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_kdf_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_kdf_outlen.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_kdf_type.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_mac_key.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_keygen_bits.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_keygen_primes.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_keygen_pubexp.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_mgf1_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_oaep_md.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_padding.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_pss_saltlen.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_signature_md.3 @@ -1623,13 +1656,17 @@ MLINKS+= EVP_PKEY_print_private.3 EVP_PKEY_print_public.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_DH.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_DSA.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_EC_KEY.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_POLY1305.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_RSA.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_SIPHASH.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_base_id.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_DH.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_DSA.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_EC_KEY.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_RSA.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_hmac.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_poly1305.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_siphash.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_DH.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_DSA.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_EC_KEY.3 @@ -1660,6 +1697,7 @@ MLINKS+= EVP_aes.3 EVP_aes_128_cbc_hmac_sha256.3 MLINKS+= EVP_aes.3 EVP_aes_128_ccm.3 MLINKS+= EVP_aes.3 EVP_aes_128_cfb.3 MLINKS+= EVP_aes.3 EVP_aes_128_cfb1.3 +MLINKS+= EVP_aes.3 EVP_aes_128_cfb128.3 MLINKS+= EVP_aes.3 EVP_aes_128_cfb8.3 MLINKS+= EVP_aes.3 EVP_aes_128_ctr.3 MLINKS+= EVP_aes.3 EVP_aes_128_ecb.3 @@ -1673,6 +1711,7 @@ MLINKS+= EVP_aes.3 EVP_aes_192_cbc.3 MLINKS+= EVP_aes.3 EVP_aes_192_ccm.3 MLINKS+= EVP_aes.3 EVP_aes_192_cfb.3 MLINKS+= EVP_aes.3 EVP_aes_192_cfb1.3 +MLINKS+= EVP_aes.3 EVP_aes_192_cfb128.3 MLINKS+= EVP_aes.3 EVP_aes_192_cfb8.3 MLINKS+= EVP_aes.3 EVP_aes_192_ctr.3 MLINKS+= EVP_aes.3 EVP_aes_192_ecb.3 @@ -1687,6 +1726,7 @@ MLINKS+= EVP_aes.3 EVP_aes_256_cbc_hmac_sha256.3 MLINKS+= EVP_aes.3 EVP_aes_256_ccm.3 MLINKS+= EVP_aes.3 EVP_aes_256_cfb.3 MLINKS+= EVP_aes.3 EVP_aes_256_cfb1.3 +MLINKS+= EVP_aes.3 EVP_aes_256_cfb128.3 MLINKS+= EVP_aes.3 EVP_aes_256_cfb8.3 MLINKS+= EVP_aes.3 EVP_aes_256_ctr.3 MLINKS+= EVP_aes.3 EVP_aes_256_ecb.3 @@ -1700,6 +1740,7 @@ MLINKS+= EVP_aria.3 EVP_aria_128_cbc.3 MLINKS+= EVP_aria.3 EVP_aria_128_ccm.3 MLINKS+= EVP_aria.3 EVP_aria_128_cfb.3 MLINKS+= EVP_aria.3 EVP_aria_128_cfb1.3 +MLINKS+= EVP_aria.3 EVP_aria_128_cfb128.3 MLINKS+= EVP_aria.3 EVP_aria_128_cfb8.3 MLINKS+= EVP_aria.3 EVP_aria_128_ctr.3 MLINKS+= EVP_aria.3 EVP_aria_128_ecb.3 @@ -1709,6 +1750,7 @@ MLINKS+= EVP_aria.3 EVP_aria_192_cbc.3 MLINKS+= EVP_aria.3 EVP_aria_192_ccm.3 MLINKS+= EVP_aria.3 EVP_aria_192_cfb.3 MLINKS+= EVP_aria.3 EVP_aria_192_cfb1.3 +MLINKS+= EVP_aria.3 EVP_aria_192_cfb128.3 MLINKS+= EVP_aria.3 EVP_aria_192_cfb8.3 MLINKS+= EVP_aria.3 EVP_aria_192_ctr.3 MLINKS+= EVP_aria.3 EVP_aria_192_ecb.3 @@ -1718,18 +1760,21 @@ MLINKS+= EVP_aria.3 EVP_aria_256_cbc.3 MLINKS+= EVP_aria.3 EVP_aria_256_ccm.3 MLINKS+= EVP_aria.3 EVP_aria_256_cfb.3 MLINKS+= EVP_aria.3 EVP_aria_256_cfb1.3 +MLINKS+= EVP_aria.3 EVP_aria_256_cfb128.3 MLINKS+= EVP_aria.3 EVP_aria_256_cfb8.3 MLINKS+= EVP_aria.3 EVP_aria_256_ctr.3 MLINKS+= EVP_aria.3 EVP_aria_256_ecb.3 MLINKS+= EVP_aria.3 EVP_aria_256_gcm.3 MLINKS+= EVP_aria.3 EVP_aria_256_ofb.3 MLINKS+= EVP_bf_cbc.3 EVP_bf_cfb.3 +MLINKS+= EVP_bf_cbc.3 EVP_bf_cfb64.3 MLINKS+= EVP_bf_cbc.3 EVP_bf_ecb.3 MLINKS+= EVP_bf_cbc.3 EVP_bf_ofb.3 MLINKS+= EVP_blake2b512.3 EVP_blake2s256.3 MLINKS+= EVP_camellia.3 EVP_camellia_128_cbc.3 MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb.3 MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb1.3 +MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb128.3 MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb8.3 MLINKS+= EVP_camellia.3 EVP_camellia_128_ctr.3 MLINKS+= EVP_camellia.3 EVP_camellia_128_ecb.3 @@ -1737,6 +1782,7 @@ MLINKS+= EVP_camellia.3 EVP_camellia_128_ofb.3 MLINKS+= EVP_camellia.3 EVP_camellia_192_cbc.3 MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb.3 MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb1.3 +MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb128.3 MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb8.3 MLINKS+= EVP_camellia.3 EVP_camellia_192_ctr.3 MLINKS+= EVP_camellia.3 EVP_camellia_192_ecb.3 @@ -1744,17 +1790,20 @@ MLINKS+= EVP_camellia.3 EVP_camellia_192_ofb.3 MLINKS+= EVP_camellia.3 EVP_camellia_256_cbc.3 MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb.3 MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb1.3 +MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb128.3 MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb8.3 MLINKS+= EVP_camellia.3 EVP_camellia_256_ctr.3 MLINKS+= EVP_camellia.3 EVP_camellia_256_ecb.3 MLINKS+= EVP_camellia.3 EVP_camellia_256_ofb.3 MLINKS+= EVP_cast5_cbc.3 EVP_cast5_cfb.3 +MLINKS+= EVP_cast5_cbc.3 EVP_cast5_cfb64.3 MLINKS+= EVP_cast5_cbc.3 EVP_cast5_ecb.3 MLINKS+= EVP_cast5_cbc.3 EVP_cast5_ofb.3 MLINKS+= EVP_chacha20.3 EVP_chacha20_poly1305.3 MLINKS+= EVP_des.3 EVP_des_cbc.3 MLINKS+= EVP_des.3 EVP_des_cfb.3 MLINKS+= EVP_des.3 EVP_des_cfb1.3 +MLINKS+= EVP_des.3 EVP_des_cfb64.3 MLINKS+= EVP_des.3 EVP_des_cfb8.3 MLINKS+= EVP_des.3 EVP_des_ecb.3 MLINKS+= EVP_des.3 EVP_des_ede.3 @@ -1762,27 +1811,36 @@ MLINKS+= EVP_des.3 EVP_des_ede3.3 MLINKS+= EVP_des.3 EVP_des_ede3_cbc.3 MLINKS+= EVP_des.3 EVP_des_ede3_cfb.3 MLINKS+= EVP_des.3 EVP_des_ede3_cfb1.3 +MLINKS+= EVP_des.3 EVP_des_ede3_cfb64.3 MLINKS+= EVP_des.3 EVP_des_ede3_cfb8.3 +MLINKS+= EVP_des.3 EVP_des_ede3_ecb.3 MLINKS+= EVP_des.3 EVP_des_ede3_ofb.3 MLINKS+= EVP_des.3 EVP_des_ede3_wrap.3 MLINKS+= EVP_des.3 EVP_des_ede_cbc.3 MLINKS+= EVP_des.3 EVP_des_ede_cfb.3 +MLINKS+= EVP_des.3 EVP_des_ede_cfb64.3 +MLINKS+= EVP_des.3 EVP_des_ede_ecb.3 MLINKS+= EVP_des.3 EVP_des_ede_ofb.3 MLINKS+= EVP_des.3 EVP_des_ofb.3 MLINKS+= EVP_idea_cbc.3 EVP_idea_cfb.3 +MLINKS+= EVP_idea_cbc.3 EVP_idea_cfb64.3 MLINKS+= EVP_idea_cbc.3 EVP_idea_ecb.3 MLINKS+= EVP_idea_cbc.3 EVP_idea_ofb.3 +MLINKS+= EVP_md5.3 EVP_md5_sha1.3 MLINKS+= EVP_rc2_cbc.3 EVP_rc2_40_cbc.3 MLINKS+= EVP_rc2_cbc.3 EVP_rc2_64_cbc.3 MLINKS+= EVP_rc2_cbc.3 EVP_rc2_cfb.3 +MLINKS+= EVP_rc2_cbc.3 EVP_rc2_cfb64.3 MLINKS+= EVP_rc2_cbc.3 EVP_rc2_ecb.3 MLINKS+= EVP_rc2_cbc.3 EVP_rc2_ofb.3 MLINKS+= EVP_rc4.3 EVP_rc4_40.3 MLINKS+= EVP_rc4.3 EVP_rc4_hmac_md5.3 MLINKS+= EVP_rc5_32_12_16_cbc.3 EVP_rc5_32_12_16_cfb.3 +MLINKS+= EVP_rc5_32_12_16_cbc.3 EVP_rc5_32_12_16_cfb64.3 MLINKS+= EVP_rc5_32_12_16_cbc.3 EVP_rc5_32_12_16_ecb.3 MLINKS+= EVP_rc5_32_12_16_cbc.3 EVP_rc5_32_12_16_ofb.3 MLINKS+= EVP_seed_cbc.3 EVP_seed_cfb.3 +MLINKS+= EVP_seed_cbc.3 EVP_seed_cfb128.3 MLINKS+= EVP_seed_cbc.3 EVP_seed_ecb.3 MLINKS+= EVP_seed_cbc.3 EVP_seed_ofb.3 MLINKS+= EVP_sha224.3 EVP_sha256.3 @@ -1796,6 +1854,7 @@ MLINKS+= EVP_sha3_224.3 EVP_sha3_512.3 MLINKS+= EVP_sha3_224.3 EVP_shake128.3 MLINKS+= EVP_sha3_224.3 EVP_shake256.3 MLINKS+= EVP_sm4_cbc.3 EVP_sm4_cfb.3 +MLINKS+= EVP_sm4_cbc.3 EVP_sm4_cfb128.3 MLINKS+= EVP_sm4_cbc.3 EVP_sm4_ctr.3 MLINKS+= EVP_sm4_cbc.3 EVP_sm4_ecb.3 MLINKS+= EVP_sm4_cbc.3 EVP_sm4_ofb.3 @@ -1901,6 +1960,7 @@ MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_node_stats_bio.3 MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_node_usage_stats.3 MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_node_usage_stats_bio.3 MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_stats_bio.3 +MLINKS+= OPENSSL_VERSION_NUMBER.3 OPENSSL_VERSION_TEXT.3 MLINKS+= OPENSSL_VERSION_NUMBER.3 OpenSSL_version.3 MLINKS+= OPENSSL_VERSION_NUMBER.3 OpenSSL_version_num.3 MLINKS+= OPENSSL_config.3 OPENSSL_no_config.3 @@ -2417,11 +2477,17 @@ MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_remove_cb.3 MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_set_new_cb.3 MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_set_remove_cb.3 MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_add1_to_CA_list.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_add_client_CA.3 MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_get0_CA_list.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_get_client_CA_list.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_set_client_CA_list.3 MLINKS+= SSL_CTX_set0_CA_list.3 SSL_add1_to_CA_list.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_add_client_CA.3 MLINKS+= SSL_CTX_set0_CA_list.3 SSL_get0_CA_list.3 MLINKS+= SSL_CTX_set0_CA_list.3 SSL_get0_peer_CA_list.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_get_client_CA_list.3 MLINKS+= SSL_CTX_set0_CA_list.3 SSL_set0_CA_list.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_set_client_CA_list.3 MLINKS+= SSL_CTX_set1_curves.3 SSL_CTX_set1_curves_list.3 MLINKS+= SSL_CTX_set1_curves.3 SSL_CTX_set1_groups.3 MLINKS+= SSL_CTX_set1_curves.3 SSL_CTX_set1_groups_list.3 @@ -2460,9 +2526,6 @@ MLINKS+= SSL_CTX_set_cert_store.3 SSL_CTX_set1_cert_store.3 MLINKS+= SSL_CTX_set_cipher_list.3 SSL_CTX_set_ciphersuites.3 MLINKS+= SSL_CTX_set_cipher_list.3 SSL_set_cipher_list.3 MLINKS+= SSL_CTX_set_cipher_list.3 SSL_set_ciphersuites.3 -MLINKS+= SSL_CTX_set_client_CA_list.3 SSL_CTX_add_client_CA.3 -MLINKS+= SSL_CTX_set_client_CA_list.3 SSL_add_client_CA.3 -MLINKS+= SSL_CTX_set_client_CA_list.3 SSL_set_client_CA_list.3 MLINKS+= SSL_CTX_set_client_cert_cb.3 SSL_CTX_get_client_cert_cb.3 MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_cb_fn.3 MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_ciphers.3 @@ -2677,7 +2740,6 @@ MLINKS+= SSL_get_ciphers.3 SSL_get1_supported_ciphers.3 MLINKS+= SSL_get_ciphers.3 SSL_get_cipher_list.3 MLINKS+= SSL_get_ciphers.3 SSL_get_client_ciphers.3 MLINKS+= SSL_get_ciphers.3 SSL_get_shared_ciphers.3 -MLINKS+= SSL_get_client_CA_list.3 SSL_CTX_get_client_CA_list.3 MLINKS+= SSL_get_client_random.3 SSL_SESSION_get_master_key.3 MLINKS+= SSL_get_client_random.3 SSL_SESSION_set1_master_key.3 MLINKS+= SSL_get_client_random.3 SSL_get_server_random.3 @@ -2690,6 +2752,10 @@ MLINKS+= SSL_get_fd.3 SSL_get_rfd.3 MLINKS+= SSL_get_fd.3 SSL_get_wfd.3 MLINKS+= SSL_get_peer_cert_chain.3 SSL_get0_verified_chain.3 MLINKS+= SSL_get_peer_signature_nid.3 SSL_get_peer_signature_type_nid.3 +MLINKS+= SSL_get_peer_signature_nid.3 SSL_get_signature_nid.3 +MLINKS+= SSL_get_peer_signature_nid.3 SSL_get_signature_type_nid.3 +MLINKS+= SSL_get_peer_tmp_key.3 SSL_get_server_tmp_key.3 +MLINKS+= SSL_get_peer_tmp_key.3 SSL_get_tmp_key.3 MLINKS+= SSL_get_psk_identity.3 SSL_get_psk_identity_hint.3 MLINKS+= SSL_get_rbio.3 SSL_get_wbio.3 MLINKS+= SSL_get_session.3 SSL_get0_session.3 diff --git a/secure/lib/libcrypto/man/ADMISSIONS.3 b/secure/lib/libcrypto/man/ADMISSIONS.3 index aaeb6031febe..dd9b4240f99e 100644 --- a/secure/lib/libcrypto/man/ADMISSIONS.3 +++ b/secure/lib/libcrypto/man/ADMISSIONS.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ADMISSIONS 3" -.TH ADMISSIONS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ADMISSIONS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 b/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 index 9a3f910feb82..2d382df14f87 100644 --- a/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 +++ b/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_INTEGER_GET_INT64 3" -.TH ASN1_INTEGER_GET_INT64 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ASN1_INTEGER_GET_INT64 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 b/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 index 96cc5d413490..cdf3d6727894 100644 --- a/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 +++ b/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_ITEM_LOOKUP 3" -.TH ASN1_ITEM_LOOKUP 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ASN1_ITEM_LOOKUP 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 index ec50615f6955..6b7017deb6b2 100644 --- a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 +++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_OBJECT_NEW 3" -.TH ASN1_OBJECT_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ASN1_OBJECT_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 b/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 index 519a6efd39fd..ab97f42b67b3 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_TABLE_ADD 3" -.TH ASN1_STRING_TABLE_ADD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ASN1_STRING_TABLE_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3 index f33855999fcc..6d35b461eb48 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_length.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_LENGTH 3" -.TH ASN1_STRING_LENGTH 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ASN1_STRING_LENGTH 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3 index af959985f97c..ce33ba401a8e 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_new.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_NEW 3" -.TH ASN1_STRING_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ASN1_STRING_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 index 6684262df88b..47ac8ec74a6c 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_PRINT_EX 3" -.TH ASN1_STRING_PRINT_EX 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ASN1_STRING_PRINT_EX 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_TIME_set.3 b/secure/lib/libcrypto/man/ASN1_TIME_set.3 index bc75640881fd..1a1f2d2633cb 100644 --- a/secure/lib/libcrypto/man/ASN1_TIME_set.3 +++ b/secure/lib/libcrypto/man/ASN1_TIME_set.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_TIME_SET 3" -.TH ASN1_TIME_SET 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ASN1_TIME_SET 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_TYPE_get.3 b/secure/lib/libcrypto/man/ASN1_TYPE_get.3 index 20f8be910001..8fdf9ee50422 100644 --- a/secure/lib/libcrypto/man/ASN1_TYPE_get.3 +++ b/secure/lib/libcrypto/man/ASN1_TYPE_get.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_TYPE_GET 3" -.TH ASN1_TYPE_GET 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ASN1_TYPE_GET 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 index 192463e9dbcc..f4f64a5405f0 100644 --- a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 +++ b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_GENERATE_NCONF 3" -.TH ASN1_GENERATE_NCONF 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ASN1_GENERATE_NCONF 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 b/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 index 3c4d63ec93d7..b24f5c7e9d91 100644 --- a/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 +++ b/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ASYNC_WAIT_CTX_NEW 3" -.TH ASYNC_WAIT_CTX_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ASYNC_WAIT_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASYNC_start_job.3 b/secure/lib/libcrypto/man/ASYNC_start_job.3 index e788935f7746..2d3a7ebe3a5f 100644 --- a/secure/lib/libcrypto/man/ASYNC_start_job.3 +++ b/secure/lib/libcrypto/man/ASYNC_start_job.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ASYNC_START_JOB 3" -.TH ASYNC_START_JOB 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ASYNC_START_JOB 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BF_encrypt.3 b/secure/lib/libcrypto/man/BF_encrypt.3 index ac2d3421a013..59228ee4e851 100644 --- a/secure/lib/libcrypto/man/BF_encrypt.3 +++ b/secure/lib/libcrypto/man/BF_encrypt.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BF_ENCRYPT 3" -.TH BF_ENCRYPT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BF_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_ADDR.3 b/secure/lib/libcrypto/man/BIO_ADDR.3 index 3e647d7283bf..cc36a3cc8506 100644 --- a/secure/lib/libcrypto/man/BIO_ADDR.3 +++ b/secure/lib/libcrypto/man/BIO_ADDR.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_ADDR 3" -.TH BIO_ADDR 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_ADDR 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_ADDRINFO.3 b/secure/lib/libcrypto/man/BIO_ADDRINFO.3 index 86b1ddc224c6..c53494d1afeb 100644 --- a/secure/lib/libcrypto/man/BIO_ADDRINFO.3 +++ b/secure/lib/libcrypto/man/BIO_ADDRINFO.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_ADDRINFO 3" -.TH BIO_ADDRINFO 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_ADDRINFO 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_connect.3 b/secure/lib/libcrypto/man/BIO_connect.3 index 07ce276e19f6..6c7d42714b52 100644 --- a/secure/lib/libcrypto/man/BIO_connect.3 +++ b/secure/lib/libcrypto/man/BIO_connect.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_CONNECT 3" -.TH BIO_CONNECT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_CONNECT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3 index 6ecb3024c4d4..ae20965da287 100644 --- a/secure/lib/libcrypto/man/BIO_ctrl.3 +++ b/secure/lib/libcrypto/man/BIO_ctrl.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_CTRL 3" -.TH BIO_CTRL 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_CTRL 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3 index 450f1e15b2a7..d8c7dd82beb4 100644 --- a/secure/lib/libcrypto/man/BIO_f_base64.3 +++ b/secure/lib/libcrypto/man/BIO_f_base64.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_F_BASE64 3" -.TH BIO_F_BASE64 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_F_BASE64 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3 index ecb04e40adf0..fd6d4dbe1e8e 100644 --- a/secure/lib/libcrypto/man/BIO_f_buffer.3 +++ b/secure/lib/libcrypto/man/BIO_f_buffer.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_F_BUFFER 3" -.TH BIO_F_BUFFER 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_F_BUFFER 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3 index 858b3280f2fd..b823f52d71fa 100644 --- a/secure/lib/libcrypto/man/BIO_f_cipher.3 +++ b/secure/lib/libcrypto/man/BIO_f_cipher.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_F_CIPHER 3" -.TH BIO_F_CIPHER 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_F_CIPHER 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3 index 73f5fccb51e4..44da6c6d9fa7 100644 --- a/secure/lib/libcrypto/man/BIO_f_md.3 +++ b/secure/lib/libcrypto/man/BIO_f_md.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_F_MD 3" -.TH BIO_F_MD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_F_MD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3 index 912c7bcb57cd..acdcc779a188 100644 --- a/secure/lib/libcrypto/man/BIO_f_null.3 +++ b/secure/lib/libcrypto/man/BIO_f_null.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_F_NULL 3" -.TH BIO_F_NULL 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_F_NULL 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3 index 0713da633b63..161b72258c69 100644 --- a/secure/lib/libcrypto/man/BIO_f_ssl.3 +++ b/secure/lib/libcrypto/man/BIO_f_ssl.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_F_SSL 3" -.TH BIO_F_SSL 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_F_SSL 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3 index 20e5092079e9..fa8a342ca89e 100644 --- a/secure/lib/libcrypto/man/BIO_find_type.3 +++ b/secure/lib/libcrypto/man/BIO_find_type.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_FIND_TYPE 3" -.TH BIO_FIND_TYPE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_FIND_TYPE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_get_data.3 b/secure/lib/libcrypto/man/BIO_get_data.3 index 406720865988..7c4c2e020142 100644 --- a/secure/lib/libcrypto/man/BIO_get_data.3 +++ b/secure/lib/libcrypto/man/BIO_get_data.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_GET_DATA 3" -.TH BIO_GET_DATA 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_GET_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_get_ex_new_index.3 b/secure/lib/libcrypto/man/BIO_get_ex_new_index.3 index 382a809a05f7..3f7bcb048289 100644 --- a/secure/lib/libcrypto/man/BIO_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/BIO_get_ex_new_index.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_GET_EX_NEW_INDEX 3" -.TH BIO_GET_EX_NEW_INDEX 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_GET_EX_NEW_INDEX 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_meth_new.3 b/secure/lib/libcrypto/man/BIO_meth_new.3 index 04f5328dfe20..8143095162f8 100644 --- a/secure/lib/libcrypto/man/BIO_meth_new.3 +++ b/secure/lib/libcrypto/man/BIO_meth_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_METH_NEW 3" -.TH BIO_METH_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3 index 349814e78bc1..9ce06a5f167e 100644 --- a/secure/lib/libcrypto/man/BIO_new.3 +++ b/secure/lib/libcrypto/man/BIO_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_NEW 3" -.TH BIO_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_new_CMS.3 b/secure/lib/libcrypto/man/BIO_new_CMS.3 index 9dd871a24ea4..ca5447bb3e8d 100644 --- a/secure/lib/libcrypto/man/BIO_new_CMS.3 +++ b/secure/lib/libcrypto/man/BIO_new_CMS.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_NEW_CMS 3" -.TH BIO_NEW_CMS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_NEW_CMS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_parse_hostserv.3 b/secure/lib/libcrypto/man/BIO_parse_hostserv.3 index a90e96f3bbe0..098bdd163034 100644 --- a/secure/lib/libcrypto/man/BIO_parse_hostserv.3 +++ b/secure/lib/libcrypto/man/BIO_parse_hostserv.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_PARSE_HOSTSERV 3" -.TH BIO_PARSE_HOSTSERV 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_PARSE_HOSTSERV 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_printf.3 b/secure/lib/libcrypto/man/BIO_printf.3 index 07a41d73ad75..9a583b97db13 100644 --- a/secure/lib/libcrypto/man/BIO_printf.3 +++ b/secure/lib/libcrypto/man/BIO_printf.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_PRINTF 3" -.TH BIO_PRINTF 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_PRINTF 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3 index fa927ad7ad54..59ad305882e1 100644 --- a/secure/lib/libcrypto/man/BIO_push.3 +++ b/secure/lib/libcrypto/man/BIO_push.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_PUSH 3" -.TH BIO_PUSH 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_PUSH 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3 index 0f08129151f2..a18f78da4392 100644 --- a/secure/lib/libcrypto/man/BIO_read.3 +++ b/secure/lib/libcrypto/man/BIO_read.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_READ 3" -.TH BIO_READ 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_READ 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3 index 0821758edc4f..f916bea479e6 100644 --- a/secure/lib/libcrypto/man/BIO_s_accept.3 +++ b/secure/lib/libcrypto/man/BIO_s_accept.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_ACCEPT 3" -.TH BIO_S_ACCEPT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_S_ACCEPT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3 index e9a186b7693f..61175dbc874d 100644 --- a/secure/lib/libcrypto/man/BIO_s_bio.3 +++ b/secure/lib/libcrypto/man/BIO_s_bio.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_BIO 3" -.TH BIO_S_BIO 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_S_BIO 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3 index 39a6f1842f68..b46212f08174 100644 --- a/secure/lib/libcrypto/man/BIO_s_connect.3 +++ b/secure/lib/libcrypto/man/BIO_s_connect.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_CONNECT 3" -.TH BIO_S_CONNECT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_S_CONNECT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3 index 1bffafc6ffc1..3a7f9689de77 100644 --- a/secure/lib/libcrypto/man/BIO_s_fd.3 +++ b/secure/lib/libcrypto/man/BIO_s_fd.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_FD 3" -.TH BIO_S_FD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_S_FD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3 index 8aca1b90e520..a9cdb3570df4 100644 --- a/secure/lib/libcrypto/man/BIO_s_file.3 +++ b/secure/lib/libcrypto/man/BIO_s_file.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_FILE 3" -.TH BIO_S_FILE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_S_FILE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3 index 21bdd95faecd..43c18c6f4450 100644 --- a/secure/lib/libcrypto/man/BIO_s_mem.3 +++ b/secure/lib/libcrypto/man/BIO_s_mem.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_MEM 3" -.TH BIO_S_MEM 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_S_MEM 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3 index a8ca782dbe22..87ecfc2c1cdf 100644 --- a/secure/lib/libcrypto/man/BIO_s_null.3 +++ b/secure/lib/libcrypto/man/BIO_s_null.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_NULL 3" -.TH BIO_S_NULL 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_S_NULL 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3 index 368ee4941f5e..689201382d1b 100644 --- a/secure/lib/libcrypto/man/BIO_s_socket.3 +++ b/secure/lib/libcrypto/man/BIO_s_socket.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_S_SOCKET 3" -.TH BIO_S_SOCKET 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_S_SOCKET 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3 index 965e80ba7902..347f585e943d 100644 --- a/secure/lib/libcrypto/man/BIO_set_callback.3 +++ b/secure/lib/libcrypto/man/BIO_set_callback.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_SET_CALLBACK 3" -.TH BIO_SET_CALLBACK 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_SET_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3 index e107c5c4605c..c58a4844ba11 100644 --- a/secure/lib/libcrypto/man/BIO_should_retry.3 +++ b/secure/lib/libcrypto/man/BIO_should_retry.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BIO_SHOULD_RETRY 3" -.TH BIO_SHOULD_RETRY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BIO_SHOULD_RETRY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/BN_BLINDING_new.3 index 6bdbf13691b7..ac9569420e6a 100644 --- a/secure/lib/libcrypto/man/BN_BLINDING_new.3 +++ b/secure/lib/libcrypto/man/BN_BLINDING_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_BLINDING_NEW 3" -.TH BN_BLINDING_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_BLINDING_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3 index c4827f416e8d..03e526090125 100644 --- a/secure/lib/libcrypto/man/BN_CTX_new.3 +++ b/secure/lib/libcrypto/man/BN_CTX_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_NEW 3" -.TH BN_CTX_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3 index 89397f4d2b34..292aa1d1b0e2 100644 --- a/secure/lib/libcrypto/man/BN_CTX_start.3 +++ b/secure/lib/libcrypto/man/BN_CTX_start.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_START 3" -.TH BN_CTX_START 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_CTX_START 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3 index b92fd09daec3..a8ada7644435 100644 --- a/secure/lib/libcrypto/man/BN_add.3 +++ b/secure/lib/libcrypto/man/BN_add.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_ADD 3" -.TH BN_ADD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3 index 18e1677cffe3..efdba7606f8b 100644 --- a/secure/lib/libcrypto/man/BN_add_word.3 +++ b/secure/lib/libcrypto/man/BN_add_word.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_ADD_WORD 3" -.TH BN_ADD_WORD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_ADD_WORD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3 index 36c461a90526..da4d59360c79 100644 --- a/secure/lib/libcrypto/man/BN_bn2bin.3 +++ b/secure/lib/libcrypto/man/BN_bn2bin.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_BN2BIN 3" -.TH BN_BN2BIN 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_BN2BIN 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3 index d47db6d83780..5fe1492d11f5 100644 --- a/secure/lib/libcrypto/man/BN_cmp.3 +++ b/secure/lib/libcrypto/man/BN_cmp.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_CMP 3" -.TH BN_CMP 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_CMP 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3 index 353be4ecd49a..58b4d6963059 100644 --- a/secure/lib/libcrypto/man/BN_copy.3 +++ b/secure/lib/libcrypto/man/BN_copy.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_COPY 3" -.TH BN_COPY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_COPY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3 index bc73c105e8dc..ddca791ee047 100644 --- a/secure/lib/libcrypto/man/BN_generate_prime.3 +++ b/secure/lib/libcrypto/man/BN_generate_prime.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_GENERATE_PRIME 3" -.TH BN_GENERATE_PRIME 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_GENERATE_PRIME 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3 index 3d04fb8b72a5..5e54711e3b32 100644 --- a/secure/lib/libcrypto/man/BN_mod_inverse.3 +++ b/secure/lib/libcrypto/man/BN_mod_inverse.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_MOD_INVERSE 3" -.TH BN_MOD_INVERSE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_MOD_INVERSE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 index c6bd62cf6af0..fe0ad15327b8 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_MOD_MUL_MONTGOMERY 3" -.TH BN_MOD_MUL_MONTGOMERY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_MOD_MUL_MONTGOMERY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 index 8d177927867b..6e1392c8255a 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_MOD_MUL_RECIPROCAL 3" -.TH BN_MOD_MUL_RECIPROCAL 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_MOD_MUL_RECIPROCAL 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3 index 289666c85f51..62a640928f18 100644 --- a/secure/lib/libcrypto/man/BN_new.3 +++ b/secure/lib/libcrypto/man/BN_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_NEW 3" -.TH BN_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3 index 426cb8d00625..6ef112c3be09 100644 --- a/secure/lib/libcrypto/man/BN_num_bytes.3 +++ b/secure/lib/libcrypto/man/BN_num_bytes.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_NUM_BYTES 3" -.TH BN_NUM_BYTES 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_NUM_BYTES 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3 index d6b01e9d2c47..ceb927e95401 100644 --- a/secure/lib/libcrypto/man/BN_rand.3 +++ b/secure/lib/libcrypto/man/BN_rand.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_RAND 3" -.TH BN_RAND 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_RAND 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_security_bits.3 b/secure/lib/libcrypto/man/BN_security_bits.3 index 4b7ee981531a..4bf266b1bebe 100644 --- a/secure/lib/libcrypto/man/BN_security_bits.3 +++ b/secure/lib/libcrypto/man/BN_security_bits.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_SECURITY_BITS 3" -.TH BN_SECURITY_BITS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_SECURITY_BITS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3 index b7b7274bd4ee..915cfa20f442 100644 --- a/secure/lib/libcrypto/man/BN_set_bit.3 +++ b/secure/lib/libcrypto/man/BN_set_bit.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_SET_BIT 3" -.TH BN_SET_BIT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_SET_BIT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3 index ad59f046804f..04fed56410b5 100644 --- a/secure/lib/libcrypto/man/BN_swap.3 +++ b/secure/lib/libcrypto/man/BN_swap.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_SWAP 3" -.TH BN_SWAP 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_SWAP 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3 index 7d966edeb068..0a07d8b50e85 100644 --- a/secure/lib/libcrypto/man/BN_zero.3 +++ b/secure/lib/libcrypto/man/BN_zero.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BN_ZERO 3" -.TH BN_ZERO 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BN_ZERO 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BUF_MEM_new.3 b/secure/lib/libcrypto/man/BUF_MEM_new.3 index 385da3c98fcb..b9016c9e3586 100644 --- a/secure/lib/libcrypto/man/BUF_MEM_new.3 +++ b/secure/lib/libcrypto/man/BUF_MEM_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "BUF_MEM_NEW 3" -.TH BUF_MEM_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH BUF_MEM_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_add0_cert.3 b/secure/lib/libcrypto/man/CMS_add0_cert.3 index 6bfa10e30f8a..18210d30aad8 100644 --- a/secure/lib/libcrypto/man/CMS_add0_cert.3 +++ b/secure/lib/libcrypto/man/CMS_add0_cert.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CMS_ADD0_CERT 3" -.TH CMS_ADD0_CERT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CMS_ADD0_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 index 6e759c494ed3..3007120e83df 100644 --- a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 +++ b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CMS_ADD1_RECIPIENT_CERT 3" -.TH CMS_ADD1_RECIPIENT_CERT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CMS_ADD1_RECIPIENT_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_add1_signer.3 b/secure/lib/libcrypto/man/CMS_add1_signer.3 index 51727a5f2421..513f8233ba35 100644 --- a/secure/lib/libcrypto/man/CMS_add1_signer.3 +++ b/secure/lib/libcrypto/man/CMS_add1_signer.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CMS_ADD1_SIGNER 3" -.TH CMS_ADD1_SIGNER 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CMS_ADD1_SIGNER 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_compress.3 b/secure/lib/libcrypto/man/CMS_compress.3 index 5c1f38b3209f..86a03c0e4d37 100644 --- a/secure/lib/libcrypto/man/CMS_compress.3 +++ b/secure/lib/libcrypto/man/CMS_compress.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CMS_COMPRESS 3" -.TH CMS_COMPRESS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CMS_COMPRESS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_decrypt.3 b/secure/lib/libcrypto/man/CMS_decrypt.3 index 313e83718586..97f0c97948ac 100644 --- a/secure/lib/libcrypto/man/CMS_decrypt.3 +++ b/secure/lib/libcrypto/man/CMS_decrypt.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CMS_DECRYPT 3" -.TH CMS_DECRYPT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CMS_DECRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_encrypt.3 b/secure/lib/libcrypto/man/CMS_encrypt.3 index 4f5d22722930..65c1547f62ab 100644 --- a/secure/lib/libcrypto/man/CMS_encrypt.3 +++ b/secure/lib/libcrypto/man/CMS_encrypt.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CMS_ENCRYPT 3" -.TH CMS_ENCRYPT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CMS_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_final.3 b/secure/lib/libcrypto/man/CMS_final.3 index dcb86d2d92be..28e3db23eb41 100644 --- a/secure/lib/libcrypto/man/CMS_final.3 +++ b/secure/lib/libcrypto/man/CMS_final.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CMS_FINAL 3" -.TH CMS_FINAL 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CMS_FINAL 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 index 0feae24c893d..24cfdf9796ac 100644 --- a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 +++ b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CMS_GET0_RECIPIENTINFOS 3" -.TH CMS_GET0_RECIPIENTINFOS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CMS_GET0_RECIPIENTINFOS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 index 5fecf14927d8..db2a6123dcfb 100644 --- a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 +++ b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CMS_GET0_SIGNERINFOS 3" -.TH CMS_GET0_SIGNERINFOS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CMS_GET0_SIGNERINFOS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get0_type.3 b/secure/lib/libcrypto/man/CMS_get0_type.3 index 528913a3c47e..9adeddc37807 100644 --- a/secure/lib/libcrypto/man/CMS_get0_type.3 +++ b/secure/lib/libcrypto/man/CMS_get0_type.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CMS_GET0_TYPE 3" -.TH CMS_GET0_TYPE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CMS_GET0_TYPE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 index 629cc28b3118..9e8c9788771a 100644 --- a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 +++ b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CMS_GET1_RECEIPTREQUEST 3" -.TH CMS_GET1_RECEIPTREQUEST 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CMS_GET1_RECEIPTREQUEST 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_sign.3 b/secure/lib/libcrypto/man/CMS_sign.3 index cbe3beca41f0..d86d1f0e8e82 100644 --- a/secure/lib/libcrypto/man/CMS_sign.3 +++ b/secure/lib/libcrypto/man/CMS_sign.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CMS_SIGN 3" -.TH CMS_SIGN 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CMS_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_sign_receipt.3 b/secure/lib/libcrypto/man/CMS_sign_receipt.3 index 787017df9298..41f3b77648f4 100644 --- a/secure/lib/libcrypto/man/CMS_sign_receipt.3 +++ b/secure/lib/libcrypto/man/CMS_sign_receipt.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CMS_SIGN_RECEIPT 3" -.TH CMS_SIGN_RECEIPT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CMS_SIGN_RECEIPT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_uncompress.3 b/secure/lib/libcrypto/man/CMS_uncompress.3 index 8aba27c6a0d9..fac85d450c5d 100644 --- a/secure/lib/libcrypto/man/CMS_uncompress.3 +++ b/secure/lib/libcrypto/man/CMS_uncompress.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CMS_UNCOMPRESS 3" -.TH CMS_UNCOMPRESS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CMS_UNCOMPRESS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_verify.3 b/secure/lib/libcrypto/man/CMS_verify.3 index 3a1113d4a579..46604b02a442 100644 --- a/secure/lib/libcrypto/man/CMS_verify.3 +++ b/secure/lib/libcrypto/man/CMS_verify.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CMS_VERIFY 3" -.TH CMS_VERIFY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CMS_VERIFY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_verify_receipt.3 b/secure/lib/libcrypto/man/CMS_verify_receipt.3 index 505655e0bf8e..cdb1d7a18a80 100644 --- a/secure/lib/libcrypto/man/CMS_verify_receipt.3 +++ b/secure/lib/libcrypto/man/CMS_verify_receipt.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CMS_VERIFY_RECEIPT 3" -.TH CMS_VERIFY_RECEIPT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CMS_VERIFY_RECEIPT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CONF_modules_free.3 b/secure/lib/libcrypto/man/CONF_modules_free.3 index 1e1de651ccd2..89b34363e82a 100644 --- a/secure/lib/libcrypto/man/CONF_modules_free.3 +++ b/secure/lib/libcrypto/man/CONF_modules_free.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CONF_MODULES_FREE 3" -.TH CONF_MODULES_FREE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CONF_MODULES_FREE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/CONF_modules_load_file.3 index 8d027239349c..70f49cebb66b 100644 --- a/secure/lib/libcrypto/man/CONF_modules_load_file.3 +++ b/secure/lib/libcrypto/man/CONF_modules_load_file.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CONF_MODULES_LOAD_FILE 3" -.TH CONF_MODULES_LOAD_FILE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CONF_MODULES_LOAD_FILE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 b/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 index 9d3700ed3ce0..e3bd897ddb18 100644 --- a/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 +++ b/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CRYPTO_THREAD_RUN_ONCE 3" -.TH CRYPTO_THREAD_RUN_ONCE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CRYPTO_THREAD_RUN_ONCE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 b/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 index 104edc5b044a..dc2f41c13aad 100644 --- a/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CRYPTO_GET_EX_NEW_INDEX 3" -.TH CRYPTO_GET_EX_NEW_INDEX 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CRYPTO_GET_EX_NEW_INDEX 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 b/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 index d1bc970fbe93..9bb35424c9e7 100644 --- a/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 +++ b/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CTLOG_STORE_GET0_LOG_BY_ID 3" -.TH CTLOG_STORE_GET0_LOG_BY_ID 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CTLOG_STORE_GET0_LOG_BY_ID 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CTLOG_STORE_new.3 b/secure/lib/libcrypto/man/CTLOG_STORE_new.3 index 2ad7914d1c59..e314e5eca93f 100644 --- a/secure/lib/libcrypto/man/CTLOG_STORE_new.3 +++ b/secure/lib/libcrypto/man/CTLOG_STORE_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CTLOG_STORE_NEW 3" -.TH CTLOG_STORE_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CTLOG_STORE_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CTLOG_new.3 b/secure/lib/libcrypto/man/CTLOG_new.3 index 23f715a3b54d..ca38aa135623 100644 --- a/secure/lib/libcrypto/man/CTLOG_new.3 +++ b/secure/lib/libcrypto/man/CTLOG_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CTLOG_NEW 3" -.TH CTLOG_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CTLOG_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 b/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 index 0ecc1f823975..4a677fd929d7 100644 --- a/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 +++ b/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CT_POLICY_EVAL_CTX_NEW 3" -.TH CT_POLICY_EVAL_CTX_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH CT_POLICY_EVAL_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DEFINE_STACK_OF.3 b/secure/lib/libcrypto/man/DEFINE_STACK_OF.3 index d0106afd8f26..98abe054a027 100644 --- a/secure/lib/libcrypto/man/DEFINE_STACK_OF.3 +++ b/secure/lib/libcrypto/man/DEFINE_STACK_OF.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DEFINE_STACK_OF 3" -.TH DEFINE_STACK_OF 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DEFINE_STACK_OF 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DES_random_key.3 b/secure/lib/libcrypto/man/DES_random_key.3 index c50c95bbd8b6..ad4173cdade0 100644 --- a/secure/lib/libcrypto/man/DES_random_key.3 +++ b/secure/lib/libcrypto/man/DES_random_key.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DES_RANDOM_KEY 3" -.TH DES_RANDOM_KEY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DES_RANDOM_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -224,7 +224,7 @@ algorithm. .PP There are two phases to the use of \s-1DES\s0 encryption. The first is the generation of a \fIDES_key_schedule\fR from a key, the second is the -actual encryption. A \s-1DES\s0 key is of type \fIDES_cblock\fR. This type is +actual encryption. A \s-1DES\s0 key is of type \fIDES_cblock\fR. This type consists of 8 bytes with odd parity. The least significant bit in each byte is the parity bit. The key schedule is an expanded form of the key; it is used to speed the encryption process. @@ -295,42 +295,42 @@ of 24 bytes. This is much better than \s-1CBC DES.\s0 .PP \&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is -an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL.\s0 +\&\f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL.\s0 .PP The \fIDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR. This form of Triple-DES is used by the \s-1RSAREF\s0 library. .PP -\&\fIDES_pcbc_encrypt()\fR encrypt/decrypts using the propagating cipher block +\&\fIDES_pcbc_encrypt()\fR encrypts/decrypts using the propagating cipher block chaining mode used by Kerberos v4. Its parameters are the same as \&\fIDES_ncbc_encrypt()\fR. .PP -\&\fIDES_cfb_encrypt()\fR encrypt/decrypts using cipher feedback mode. This -method takes an array of characters as input and outputs and array of +\&\fIDES_cfb_encrypt()\fR encrypts/decrypts using cipher feedback mode. This +method takes an array of characters as input and outputs an array of characters. It does not require any padding to 8 character groups. Note: the \fIivec\fR variable is changed and the new changed value needs to be passed to the next call to this function. Since this function runs a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only -suggested for use when sending small numbers of characters. +suggested for use when sending a small number of characters. .PP \&\fIDES_cfb64_encrypt()\fR -implements \s-1CFB\s0 mode of \s-1DES\s0 with 64bit feedback. Why is this +implements \s-1CFB\s0 mode of \s-1DES\s0 with 64\-bit feedback. Why is this useful you ask? Because this routine will allow you to encrypt an -arbitrary number of bytes, no 8 byte padding. Each call to this +arbitrary number of bytes, without 8 byte padding. Each call to this routine will encrypt the input bytes to output and then update ivec and num. num contains 'how far' we are though ivec. If this does -not make much sense, read more about cfb mode of \s-1DES :\-\s0). +not make much sense, read more about \s-1CFB\s0 mode of \s-1DES.\s0 .PP \&\fIDES_ede3_cfb64_encrypt()\fR and \fIDES_ede2_cfb64_encrypt()\fR is the same as \&\fIDES_cfb64_encrypt()\fR except that Triple-DES is used. .PP \&\fIDES_ofb_encrypt()\fR encrypts using output feedback mode. This method -takes an array of characters as input and outputs and array of +takes an array of characters as input and outputs an array of characters. It does not require any padding to 8 character groups. Note: the \fIivec\fR variable is changed and the new changed value needs to be passed to the next call to this function. Since this function runs -a complete \s-1DES ECB\s0 encryption per numbits, this function is only -suggested for use when sending small numbers of characters. +a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only +suggested for use when sending a small number of characters. .PP \&\fIDES_ofb64_encrypt()\fR is the same as \fIDES_cfb64_encrypt()\fR using Output Feed Back mode. @@ -357,10 +357,10 @@ The following are DES-based transformations: .PP \&\fIDES_fcrypt()\fR is a fast version of the Unix \fIcrypt\fR\|(3) function. This version takes only a small amount of space relative to other fast -\&\fIcrypt()\fR implementations. This is different to the normal crypt in +\&\fIcrypt()\fR implementations. This is different to the normal \fIcrypt()\fR in that the third parameter is the buffer that the return value is written into. It needs to be at least 14 bytes long. This function -is thread safe, unlike the normal crypt. +is thread safe, unlike the normal \fIcrypt()\fR. .PP \&\fIDES_crypt()\fR is a faster replacement for the normal system \fIcrypt()\fR. This function calls \fIDES_fcrypt()\fR with a static array passed as the diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3 index 562ce6045f53..51c098116311 100644 --- a/secure/lib/libcrypto/man/DH_generate_key.3 +++ b/secure/lib/libcrypto/man/DH_generate_key.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DH_GENERATE_KEY 3" -.TH DH_GENERATE_KEY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DH_GENERATE_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3 index e260c1915754..acdadf8987d0 100644 --- a/secure/lib/libcrypto/man/DH_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DH_generate_parameters.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DH_GENERATE_PARAMETERS 3" -.TH DH_GENERATE_PARAMETERS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DH_GENERATE_PARAMETERS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_get0_pqg.3 b/secure/lib/libcrypto/man/DH_get0_pqg.3 index ea0bb61b1a0c..4d900d008a47 100644 --- a/secure/lib/libcrypto/man/DH_get0_pqg.3 +++ b/secure/lib/libcrypto/man/DH_get0_pqg.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DH_GET0_PQG 3" -.TH DH_GET0_PQG 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DH_GET0_PQG 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_get_1024_160.3 b/secure/lib/libcrypto/man/DH_get_1024_160.3 index 645af1f6be2e..593aadeedeca 100644 --- a/secure/lib/libcrypto/man/DH_get_1024_160.3 +++ b/secure/lib/libcrypto/man/DH_get_1024_160.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DH_GET_1024_160 3" -.TH DH_GET_1024_160 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DH_GET_1024_160 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_meth_new.3 b/secure/lib/libcrypto/man/DH_meth_new.3 index 6e878da60030..0903e7408a8b 100644 --- a/secure/lib/libcrypto/man/DH_meth_new.3 +++ b/secure/lib/libcrypto/man/DH_meth_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DH_METH_NEW 3" -.TH DH_METH_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DH_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3 index 4ca5899affa1..292eb9b710a7 100644 --- a/secure/lib/libcrypto/man/DH_new.3 +++ b/secure/lib/libcrypto/man/DH_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DH_NEW 3" -.TH DH_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_new_by_nid.3 b/secure/lib/libcrypto/man/DH_new_by_nid.3 index a545178ead83..d49e9f9b1546 100644 --- a/secure/lib/libcrypto/man/DH_new_by_nid.3 +++ b/secure/lib/libcrypto/man/DH_new_by_nid.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DH_NEW_BY_NID 3" -.TH DH_NEW_BY_NID 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DH_NEW_BY_NID 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3 index 5ec83fad3bf3..cd0f6560ecbc 100644 --- a/secure/lib/libcrypto/man/DH_set_method.3 +++ b/secure/lib/libcrypto/man/DH_set_method.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DH_SET_METHOD 3" -.TH DH_SET_METHOD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DH_SET_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3 index d06b79948868..6a63cb458085 100644 --- a/secure/lib/libcrypto/man/DH_size.3 +++ b/secure/lib/libcrypto/man/DH_size.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DH_SIZE 3" -.TH DH_SIZE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DH_SIZE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3 index dd3388fb69c8..6b91e3c4b12d 100644 --- a/secure/lib/libcrypto/man/DSA_SIG_new.3 +++ b/secure/lib/libcrypto/man/DSA_SIG_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SIG_NEW 3" -.TH DSA_SIG_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DSA_SIG_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3 index edd789070dc9..7a27cda24f4b 100644 --- a/secure/lib/libcrypto/man/DSA_do_sign.3 +++ b/secure/lib/libcrypto/man/DSA_do_sign.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_DO_SIGN 3" -.TH DSA_DO_SIGN 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DSA_DO_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3 index 81fc0ead1f3d..cfbd7edb0726 100644 --- a/secure/lib/libcrypto/man/DSA_dup_DH.3 +++ b/secure/lib/libcrypto/man/DSA_dup_DH.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_DUP_DH 3" -.TH DSA_DUP_DH 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DSA_DUP_DH 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3 index 9374da3c9d08..9cf96992cc61 100644 --- a/secure/lib/libcrypto/man/DSA_generate_key.3 +++ b/secure/lib/libcrypto/man/DSA_generate_key.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_GENERATE_KEY 3" -.TH DSA_GENERATE_KEY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DSA_GENERATE_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3 index 856365229e71..4b30a73215d7 100644 --- a/secure/lib/libcrypto/man/DSA_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_GENERATE_PARAMETERS 3" -.TH DSA_GENERATE_PARAMETERS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DSA_GENERATE_PARAMETERS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_get0_pqg.3 b/secure/lib/libcrypto/man/DSA_get0_pqg.3 index f47b09da1769..0cd356b05b4c 100644 --- a/secure/lib/libcrypto/man/DSA_get0_pqg.3 +++ b/secure/lib/libcrypto/man/DSA_get0_pqg.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_GET0_PQG 3" -.TH DSA_GET0_PQG 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DSA_GET0_PQG 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_meth_new.3 b/secure/lib/libcrypto/man/DSA_meth_new.3 index b07278844dca..5167565a2fb7 100644 --- a/secure/lib/libcrypto/man/DSA_meth_new.3 +++ b/secure/lib/libcrypto/man/DSA_meth_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_METH_NEW 3" -.TH DSA_METH_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DSA_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3 index 7990c39ce56a..2f046affd999 100644 --- a/secure/lib/libcrypto/man/DSA_new.3 +++ b/secure/lib/libcrypto/man/DSA_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_NEW 3" -.TH DSA_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DSA_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3 index f6cbc9a02be8..54e5fa3b2fcd 100644 --- a/secure/lib/libcrypto/man/DSA_set_method.3 +++ b/secure/lib/libcrypto/man/DSA_set_method.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SET_METHOD 3" -.TH DSA_SET_METHOD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DSA_SET_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3 index 120a1a325fe7..f5f896c59c24 100644 --- a/secure/lib/libcrypto/man/DSA_sign.3 +++ b/secure/lib/libcrypto/man/DSA_sign.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SIGN 3" -.TH DSA_SIGN 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DSA_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3 index de014387bb05..e2cb1d00ba0e 100644 --- a/secure/lib/libcrypto/man/DSA_size.3 +++ b/secure/lib/libcrypto/man/DSA_size.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SIZE 3" -.TH DSA_SIZE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DSA_SIZE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DTLS_get_data_mtu.3 b/secure/lib/libcrypto/man/DTLS_get_data_mtu.3 index dc70d4f7b943..56c3754ee13c 100644 --- a/secure/lib/libcrypto/man/DTLS_get_data_mtu.3 +++ b/secure/lib/libcrypto/man/DTLS_get_data_mtu.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DTLS_GET_DATA_MTU 3" -.TH DTLS_GET_DATA_MTU 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DTLS_GET_DATA_MTU 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DTLS_set_timer_cb.3 b/secure/lib/libcrypto/man/DTLS_set_timer_cb.3 index 95652604dbcf..8b955732e86d 100644 --- a/secure/lib/libcrypto/man/DTLS_set_timer_cb.3 +++ b/secure/lib/libcrypto/man/DTLS_set_timer_cb.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DTLS_SET_TIMER_CB 3" -.TH DTLS_SET_TIMER_CB 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DTLS_SET_TIMER_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DTLSv1_listen.3 b/secure/lib/libcrypto/man/DTLSv1_listen.3 index 28e594647325..27245e982fff 100644 --- a/secure/lib/libcrypto/man/DTLSv1_listen.3 +++ b/secure/lib/libcrypto/man/DTLSv1_listen.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DTLSV1_LISTEN 3" -.TH DTLSV1_LISTEN 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH DTLSV1_LISTEN 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ECDSA_SIG_new.3 b/secure/lib/libcrypto/man/ECDSA_SIG_new.3 index 9ea98f64626e..f4e44d09f6e8 100644 --- a/secure/lib/libcrypto/man/ECDSA_SIG_new.3 +++ b/secure/lib/libcrypto/man/ECDSA_SIG_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ECDSA_SIG_NEW 3" -.TH ECDSA_SIG_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ECDSA_SIG_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ECPKParameters_print.3 b/secure/lib/libcrypto/man/ECPKParameters_print.3 index 8d117a063ed9..9c376ca8a0bb 100644 --- a/secure/lib/libcrypto/man/ECPKParameters_print.3 +++ b/secure/lib/libcrypto/man/ECPKParameters_print.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ECPKPARAMETERS_PRINT 3" -.TH ECPKPARAMETERS_PRINT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ECPKPARAMETERS_PRINT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EC_GFp_simple_method.3 b/secure/lib/libcrypto/man/EC_GFp_simple_method.3 index 026e99773418..26f231246ac3 100644 --- a/secure/lib/libcrypto/man/EC_GFp_simple_method.3 +++ b/secure/lib/libcrypto/man/EC_GFp_simple_method.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EC_GFP_SIMPLE_METHOD 3" -.TH EC_GFP_SIMPLE_METHOD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EC_GFP_SIMPLE_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EC_GROUP_copy.3 b/secure/lib/libcrypto/man/EC_GROUP_copy.3 index 1db7af0c54e2..b3f95d40b1c7 100644 --- a/secure/lib/libcrypto/man/EC_GROUP_copy.3 +++ b/secure/lib/libcrypto/man/EC_GROUP_copy.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EC_GROUP_COPY 3" -.TH EC_GROUP_COPY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EC_GROUP_COPY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EC_GROUP_new.3 b/secure/lib/libcrypto/man/EC_GROUP_new.3 index 2194aecb3105..45053dff2c9d 100644 --- a/secure/lib/libcrypto/man/EC_GROUP_new.3 +++ b/secure/lib/libcrypto/man/EC_GROUP_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EC_GROUP_NEW 3" -.TH EC_GROUP_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EC_GROUP_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 b/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 index 3ad6fca1932b..31e93dd058e4 100644 --- a/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 +++ b/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EC_KEY_GET_ENC_FLAGS 3" -.TH EC_KEY_GET_ENC_FLAGS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EC_KEY_GET_ENC_FLAGS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EC_KEY_new.3 b/secure/lib/libcrypto/man/EC_KEY_new.3 index f29cb4da5b4f..aa156b2ac6e2 100644 --- a/secure/lib/libcrypto/man/EC_KEY_new.3 +++ b/secure/lib/libcrypto/man/EC_KEY_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EC_KEY_NEW 3" -.TH EC_KEY_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EC_KEY_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EC_POINT_add.3 b/secure/lib/libcrypto/man/EC_POINT_add.3 index 4f2217de44f3..251e76d8309c 100644 --- a/secure/lib/libcrypto/man/EC_POINT_add.3 +++ b/secure/lib/libcrypto/man/EC_POINT_add.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EC_POINT_ADD 3" -.TH EC_POINT_ADD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EC_POINT_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EC_POINT_new.3 b/secure/lib/libcrypto/man/EC_POINT_new.3 index 8fbf2daf71e5..6f28ac9bef7a 100644 --- a/secure/lib/libcrypto/man/EC_POINT_new.3 +++ b/secure/lib/libcrypto/man/EC_POINT_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EC_POINT_NEW 3" -.TH EC_POINT_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EC_POINT_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ENGINE_add.3 b/secure/lib/libcrypto/man/ENGINE_add.3 index 961dde3845ff..c4bc47d90c99 100644 --- a/secure/lib/libcrypto/man/ENGINE_add.3 +++ b/secure/lib/libcrypto/man/ENGINE_add.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ENGINE_ADD 3" -.TH ENGINE_ADD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ENGINE_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3 index bb8a0230f506..46248538cff5 100644 --- a/secure/lib/libcrypto/man/ERR_GET_LIB.3 +++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_GET_LIB 3" -.TH ERR_GET_LIB 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ERR_GET_LIB 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3 index 76403d7e43f4..a3b82dbe9b4b 100644 --- a/secure/lib/libcrypto/man/ERR_clear_error.3 +++ b/secure/lib/libcrypto/man/ERR_clear_error.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_CLEAR_ERROR 3" -.TH ERR_CLEAR_ERROR 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ERR_CLEAR_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3 index b4eb84dd69dd..10c6e61d5284 100644 --- a/secure/lib/libcrypto/man/ERR_error_string.3 +++ b/secure/lib/libcrypto/man/ERR_error_string.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_ERROR_STRING 3" -.TH ERR_ERROR_STRING 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ERR_ERROR_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3 index fa2cdf983b60..83b8fd9c381c 100644 --- a/secure/lib/libcrypto/man/ERR_get_error.3 +++ b/secure/lib/libcrypto/man/ERR_get_error.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_GET_ERROR 3" -.TH ERR_GET_ERROR 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ERR_GET_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 index b10e29f5f556..c3ead8f6345d 100644 --- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_LOAD_CRYPTO_STRINGS 3" -.TH ERR_LOAD_CRYPTO_STRINGS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ERR_LOAD_CRYPTO_STRINGS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3 index 48621256e895..9fbf91857c9c 100644 --- a/secure/lib/libcrypto/man/ERR_load_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_strings.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_LOAD_STRINGS 3" -.TH ERR_LOAD_STRINGS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ERR_LOAD_STRINGS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3 index 228d0ee736b1..a8b8bc4cb7ad 100644 --- a/secure/lib/libcrypto/man/ERR_print_errors.3 +++ b/secure/lib/libcrypto/man/ERR_print_errors.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_PRINT_ERRORS 3" -.TH ERR_PRINT_ERRORS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ERR_PRINT_ERRORS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3 index b2acd60dfdc8..4e5c5aac2c9b 100644 --- a/secure/lib/libcrypto/man/ERR_put_error.3 +++ b/secure/lib/libcrypto/man/ERR_put_error.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_PUT_ERROR 3" -.TH ERR_PUT_ERROR 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ERR_PUT_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3 index 0a24d8f61af1..ee335a31dcf0 100644 --- a/secure/lib/libcrypto/man/ERR_remove_state.3 +++ b/secure/lib/libcrypto/man/ERR_remove_state.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_REMOVE_STATE 3" -.TH ERR_REMOVE_STATE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ERR_REMOVE_STATE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_set_mark.3 b/secure/lib/libcrypto/man/ERR_set_mark.3 index 15afc061abae..f9ff981ae7f4 100644 --- a/secure/lib/libcrypto/man/ERR_set_mark.3 +++ b/secure/lib/libcrypto/man/ERR_set_mark.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERR_SET_MARK 3" -.TH ERR_SET_MARK 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH ERR_SET_MARK 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3 index 0966cdd096dd..8fd3b341dc9d 100644 --- a/secure/lib/libcrypto/man/EVP_BytesToKey.3 +++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_BYTESTOKEY 3" -.TH EVP_BYTESTOKEY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_BYTESTOKEY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 b/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 index edabe4f6cb8b..9088cb489104 100644 --- a/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 +++ b/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_CIPHER_CTX_GET_CIPHER_DATA 3" -.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 b/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 index 7b4244b0a7fc..6f31f3f3174a 100644 --- a/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 +++ b/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_CIPHER_METH_NEW 3" -.TH EVP_CIPHER_METH_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_CIPHER_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3 index b8b392b953d9..5f59cda8f416 100644 --- a/secure/lib/libcrypto/man/EVP_DigestInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestInit.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DIGESTINIT 3" -.TH EVP_DIGESTINIT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_DIGESTINIT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -363,18 +363,19 @@ or control. This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the digest name passed on the command line. .PP -.Vb 2 +.Vb 3 \& #include <stdio.h> +\& #include <string.h> \& #include <openssl/evp.h> \& -\& main(int argc, char *argv[]) +\& int main(int argc, char *argv[]) \& { \& EVP_MD_CTX *mdctx; \& const EVP_MD *md; \& char mess1[] = "Test Message\en"; \& char mess2[] = "Hello World\en"; \& unsigned char md_value[EVP_MAX_MD_SIZE]; -\& int md_len, i; +\& unsigned int md_len, i; \& \& if (argv[1] == NULL) { \& printf("Usage: mdtest digestname\en"); diff --git a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 b/secure/lib/libcrypto/man/EVP_DigestSignInit.3 index b7eb419593b5..d33bc7ea47cf 100644 --- a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestSignInit.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DIGESTSIGNINIT 3" -.TH EVP_DIGESTSIGNINIT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_DIGESTSIGNINIT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 index 720de6b09fe5..9b4fc7217faa 100644 --- a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DIGESTVERIFYINIT 3" -.TH EVP_DIGESTVERIFYINIT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_DIGESTVERIFYINIT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_EncodeInit.3 b/secure/lib/libcrypto/man/EVP_EncodeInit.3 index 291f2d2137cc..0cc531b9eb7c 100644 --- a/secure/lib/libcrypto/man/EVP_EncodeInit.3 +++ b/secure/lib/libcrypto/man/EVP_EncodeInit.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_ENCODEINIT 3" -.TH EVP_ENCODEINIT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_ENCODEINIT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3 index 34335291b1b0..ace2df58d457 100644 --- a/secure/lib/libcrypto/man/EVP_EncryptInit.3 +++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_ENCRYPTINIT 3" -.TH EVP_ENCRYPTINIT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_ENCRYPTINIT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_MD_meth_new.3 b/secure/lib/libcrypto/man/EVP_MD_meth_new.3 index dbc88b68a83d..3fb1079a55af 100644 --- a/secure/lib/libcrypto/man/EVP_MD_meth_new.3 +++ b/secure/lib/libcrypto/man/EVP_MD_meth_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_MD_METH_NEW 3" -.TH EVP_MD_METH_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_MD_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3 index 782f48de42a5..dbea8cf6caa5 100644 --- a/secure/lib/libcrypto/man/EVP_OpenInit.3 +++ b/secure/lib/libcrypto/man/EVP_OpenInit.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_OPENINIT 3" -.TH EVP_OPENINIT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_OPENINIT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 b/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 index c239dcd2812a..0e302ea4ffe8 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_ASN1_METHOD 3" -.TH EVP_PKEY_ASN1_METHOD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_ASN1_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 index 908aed63fefc..209076cc7f22 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 @@ -129,13 +129,13 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_CTRL 3" -.TH EVP_PKEY_CTX_CTRL 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_CTX_CTRL 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_get_signature_md, EVP_PKEY_CTX_set_mac_key, EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_keygen_bits, EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_dsa_paramgen_bits, EVP_PKEY_CTX_set_dh_paramgen_prime_len, EVP_PKEY_CTX_set_dh_paramgen_generator, EVP_PKEY_CTX_set_dh_pad, EVP_PKEY_CTX_set_dh_nid, EVP_PKEY_CTX_set_ec_paramgen_curve_nid, EVP_PKEY_CTX_set_ec_param_enc, EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len \&\- algorithm specific control operations +EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, EVP_PKEY_CTX_md, EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_get_signature_md, EVP_PKEY_CTX_set_mac_key, EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_CTX_get_rsa_padding, EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_get_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_keygen_bits, EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_rsa_keygen_primes, EVP_PKEY_CTX_set_rsa_mgf1_md, EVP_PKEY_CTX_get_rsa_mgf1_md, EVP_PKEY_CTX_set_rsa_oaep_md, EVP_PKEY_CTX_get_rsa_oaep_md, EVP_PKEY_CTX_set0_rsa_oaep_label, EVP_PKEY_CTX_get0_rsa_oaep_label, EVP_PKEY_CTX_set_dsa_paramgen_bits, EVP_PKEY_CTX_set_dh_paramgen_prime_len, EVP_PKEY_CTX_set_dh_paramgen_subprime_len, EVP_PKEY_CTX_set_dh_paramgen_generator, EVP_PKEY_CTX_set_dh_paramgen_type, EVP_PKEY_CTX_set_dh_rfc5114, EVP_PKEY_CTX_set_dhx_rfc5114, EVP_PKEY_CTX_set_dh_pad, EVP_PKEY_CTX_set_dh_nid, EVP_PKEY_CTX_set_dh_kdf_type, EVP_PKEY_CTX_get_dh_kdf_type, EVP_PKEY_CTX_set0_dh_kdf_oid, EVP_PKEY_CTX_get0_dh_kdf_oid, EVP_PKEY_CTX_set_dh_kdf_md, EVP_PKEY_CTX_get_dh_kdf_md, EVP_PKEY_CTX_set_dh_kdf_outlen, EVP_PKEY_CTX_get_dh_kdf_outlen, EVP_PKEY_CTX_set0_dh_kdf_ukm, EVP_PKEY_CTX_get0_dh_kdf_ukm, EVP_PKEY_CTX_set_ec_paramgen_curve_nid, EVP_PKEY_CTX_set_ec_param_enc, EVP_PKEY_CTX_set_ecdh_cofactor_mode, EVP_PKEY_CTX_get_ecdh_cofactor_mode, EVP_PKEY_CTX_set_ecdh_kdf_type, EVP_PKEY_CTX_get_ecdh_kdf_type, EVP_PKEY_CTX_set_ecdh_kdf_md, EVP_PKEY_CTX_get_ecdh_kdf_md, EVP_PKEY_CTX_set_ecdh_kdf_outlen, EVP_PKEY_CTX_get_ecdh_kdf_outlen, EVP_PKEY_CTX_set0_ecdh_kdf_ukm, EVP_PKEY_CTX_get0_ecdh_kdf_ukm, EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len \&\- algorithm specific control operations .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -143,9 +143,13 @@ EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_set_signature_md, EVP_PKE \& \& int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, \& int cmd, int p1, void *p2); +\& int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, +\& int cmd, uint64_t value); \& int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, \& const char *value); \& +\& int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); +\& \& int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); \& int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd); \& @@ -154,22 +158,58 @@ EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_set_signature_md, EVP_PKE \& #include <openssl/rsa.h> \& \& int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad); +\& int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad); \& int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *len); \& int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits); \& int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); +\& int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes); +\& int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len); +\& int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); \& \& #include <openssl/dsa.h> +\& \& int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); \& \& #include <openssl/dh.h> +\& \& int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int len); \& int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen); +\& int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int type); \& int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad); \& int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid); +\& int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); +\& int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); +\& int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); +\& int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid); +\& int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid); +\& int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); +\& int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); +\& int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); \& \& #include <openssl/ec.h> +\& \& int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); \& int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc); +\& int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode); +\& int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); +\& int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); +\& int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); +\& int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); \& \& int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len); \& int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id); @@ -189,6 +229,9 @@ and \fBp2\fR is \s-1MAC\s0 key. This is used by Poly1305, SipHash, \s-1HMAC\s0 a Applications will not normally call \fIEVP_PKEY_CTX_ctrl()\fR directly but will instead call one of the algorithm specific macros below. .PP +The function \fIEVP_PKEY_CTX_ctrl_uint64()\fR is a wrapper that directly passes a +uint64 value as \fBp2\fR to \fIEVP_PKEY_CTX_ctrl()\fR. +.PP The function \fIEVP_PKEY_CTX_ctrl_str()\fR allows an application to send an algorithm specific control operation to a context \fBctx\fR in string form. This is intended to be used for options specified on the command line or in text @@ -196,6 +239,9 @@ files. The commands supported are documented in the openssl utility command line pages for the option \fB\-pkeyopt\fR which is supported by the \&\fBpkeyutl\fR, \fBgenpkey\fR and \fBreq\fR commands. .PP +The function \fIEVP_PKEY_CTX_md()\fR sends a message digest control operation +to the context \fBctx\fR. The message digest is specified by its name \fBmd\fR. +.PP All the remaining \*(L"functions\*(R" are implemented as macros. .PP The \fIEVP_PKEY_CTX_set_signature_md()\fR macro sets the message digest type used @@ -214,13 +260,14 @@ provided by that macro. Normally applications would call .PP The \fIEVP_PKEY_CTX_set_mac_key()\fR macro can be used with any of the algorithms supported by the \fIEVP_PKEY_new_raw_private_key\fR\|(3) function. -.PP -The macro \fIEVP_PKEY_CTX_set_rsa_padding()\fR sets the \s-1RSA\s0 padding mode for \fBctx\fR. -The \fBpad\fR parameter can take the value \s-1RSA_PKCS1_PADDING\s0 for PKCS#1 padding, -\&\s-1RSA_SSLV23_PADDING\s0 for SSLv23 padding, \s-1RSA_NO_PADDING\s0 for no padding, -\&\s-1RSA_PKCS1_OAEP_PADDING\s0 for \s-1OAEP\s0 padding (encrypt and decrypt only), -\&\s-1RSA_X931_PADDING\s0 for X9.31 padding (signature operations only) and -\&\s-1RSA_PKCS1_PSS_PADDING\s0 (sign and verify only). +.SS "\s-1RSA\s0 parameters" +.IX Subsection "RSA parameters" +The \fIEVP_PKEY_CTX_set_rsa_padding()\fR macro sets the \s-1RSA\s0 padding mode for \fBctx\fR. +The \fBpad\fR parameter can take the value \fB\s-1RSA_PKCS1_PADDING\s0\fR for PKCS#1 +padding, \fB\s-1RSA_SSLV23_PADDING\s0\fR for SSLv23 padding, \fB\s-1RSA_NO_PADDING\s0\fR for +no padding, \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR for \s-1OAEP\s0 padding (encrypt and +decrypt only), \fB\s-1RSA_X931_PADDING\s0\fR for X9.31 padding (signature operations +only) and \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR (sign and verify only). .PP Two \s-1RSA\s0 padding modes behave differently if \fIEVP_PKEY_CTX_set_signature_md()\fR is used. If this macro is called for PKCS#1 padding the plaintext buffer is @@ -232,56 +279,209 @@ padding for \s-1RSA\s0 the algorithm identifier byte is added or checked and rem if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte. .PP +The \fIEVP_PKEY_CTX_get_rsa_padding()\fR macro gets the \s-1RSA\s0 padding mode for \fBctx\fR. +.PP The \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA PSS\s0 salt length to -\&\fBlen\fR as its name implies it is only supported for \s-1PSS\s0 padding. Three special -values are supported: \s-1RSA_PSS_SALTLEN_DIGEST\s0 sets the salt length to the -digest length, \s-1RSA_PSS_SALTLEN_MAX\s0 sets the salt length to the maximum -permissible value. When verifying \s-1RSA_PSS_SALTLEN_AUTO\s0 causes the salt length +\&\fBlen\fR. As its name implies it is only supported for \s-1PSS\s0 padding. Three special +values are supported: \fB\s-1RSA_PSS_SALTLEN_DIGEST\s0\fR sets the salt length to the +digest length, \fB\s-1RSA_PSS_SALTLEN_MAX\s0\fR sets the salt length to the maximum +permissible value. When verifying \fB\s-1RSA_PSS_SALTLEN_AUTO\s0\fR causes the salt length to be automatically determined based on the \fB\s-1PSS\s0\fR block structure. If this macro is not called maximum salt length is used when signing and auto detection when verifying is used by default. .PP +The \fIEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR macro gets the \s-1RSA PSS\s0 salt length +for \fBctx\fR. The padding mode must have been set to \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP The \fIEVP_PKEY_CTX_set_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for \&\s-1RSA\s0 key generation to \fBbits\fR. If not specified 1024 bits is used. .PP The \fIEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value -for \s-1RSA\s0 key generation to \fBpubexp\fR currently it should be an odd integer. The +for \s-1RSA\s0 key generation to \fBpubexp\fR. Currently it should be an odd integer. The \&\fBpubexp\fR pointer is used internally by this function so it should not be -modified or free after the call. If this macro is not called then 65537 is used. +modified or freed after the call. If not specified 65537 is used. .PP -The macro \fIEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR sets the number of bits used -for \s-1DSA\s0 parameter generation to \fBbits\fR. If not specified 1024 is used. +The \fIEVP_PKEY_CTX_set_rsa_keygen_primes()\fR macro sets the number of primes for +\&\s-1RSA\s0 key generation to \fBprimes\fR. If not specified 2 is used. +.PP +The \fIEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macro sets the \s-1MGF1\s0 digest for \s-1RSA\s0 padding +schemes to \fBmd\fR. If not explicitly set the signing digest is used. The +padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR +or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +The \fIEVP_PKEY_CTX_get_rsa_mgf1_md()\fR macro gets the \s-1MGF1\s0 digest for \fBctx\fR. +If not explicitly set the signing digest is used. The padding mode must have +been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +The \fIEVP_PKEY_CTX_set_rsa_oaep_md()\fR macro sets the message digest type used +in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to +\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. +.PP +The \fIEVP_PKEY_CTX_get_rsa_oaep_md()\fR macro gets the message digest type used +in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to +\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. .PP -The macro \fIEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR sets the length of the \s-1DH\s0 +The \fIEVP_PKEY_CTX_set0_rsa_oaep_label()\fR macro sets the \s-1RSA OAEP\s0 label to +\&\fBlabel\fR and its length to \fBlen\fR. If \fBlabel\fR is \s-1NULL\s0 or \fBlen\fR is 0, +the label is cleared. The library takes ownership of the label so the +caller should not free the original memory pointed to by \fBlabel\fR. +The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. +.PP +The \fIEVP_PKEY_CTX_get0_rsa_oaep_label()\fR macro gets the \s-1RSA OAEP\s0 label to +\&\fBlabel\fR. The return value is the label length. The padding mode +must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. The resulting pointer is owned +by the library and should not be freed by the caller. +.SS "\s-1DSA\s0 parameters" +.IX Subsection "DSA parameters" +The \fIEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR macro sets the number of bits used +for \s-1DSA\s0 parameter generation to \fBbits\fR. If not specified 1024 is used. +.SS "\s-1DH\s0 parameters" +.IX Subsection "DH parameters" +The \fIEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR macro sets the length of the \s-1DH\s0 prime parameter \fBp\fR for \s-1DH\s0 parameter generation. If this macro is not called -then 1024 is used. +then 1024 is used. Only accepts lengths greater than or equal to 256. +.PP +The \fIEVP_PKEY_CTX_set_dh_paramgen_subprime_len()\fR macro sets the length of the \s-1DH\s0 +optional subprime parameter \fBq\fR for \s-1DH\s0 parameter generation. The default is +256 if the prime is at least 2048 bits long or 160 otherwise. The \s-1DH\s0 +paramgen type must have been set to x9.42. .PP The \fIEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fBgen\fR for \s-1DH\s0 parameter generation. If not specified 2 is used. .PP +The \fIEVP_PKEY_CTX_set_dh_paramgen_type()\fR macro sets the key type for \s-1DH\s0 +parameter generation. Use 0 for PKCS#3 \s-1DH\s0 and 1 for X9.42 \s-1DH.\s0 +The default is 0. +.PP The \fIEVP_PKEY_CTX_set_dh_pad()\fR macro sets the \s-1DH\s0 padding mode. If \fBpad\fR is 1 the shared secret is padded with zeroes up to the size of the \s-1DH\s0 prime \fBp\fR. If \fBpad\fR is zero (the default) then no padding is performed. .PP \&\fIEVP_PKEY_CTX_set_dh_nid()\fR sets the \s-1DH\s0 parameters to values corresponding to -\&\fBnid\fR. The \fBnid\fR parameter must be \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, -\&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR or \fBNID_ffdhe8192\fR. This macro can be -called during parameter or key generation. +\&\fBnid\fR as defined in \s-1RFC7919.\s0 The \fBnid\fR parameter must be \fBNID_ffdhe2048\fR, +\&\fBNID_ffdhe3072\fR, \fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR, \fBNID_ffdhe8192\fR +or \fBNID_undef\fR to clear the stored value. This macro can be called during +parameter or key generation. +The nid parameter and the rfc5114 parameter are mutually exclusive. .PP +The \fIEVP_PKEY_CTX_set_dh_rfc5114()\fR and \fIEVP_PKEY_CTX_set_dhx_rfc5114()\fR macros are +synonymous. They set the \s-1DH\s0 parameters to the values defined in \s-1RFC5114.\s0 The +\&\fBrfc5114\fR parameter must be 1, 2 or 3 corresponding to \s-1RFC5114\s0 sections +2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called +during parameter generation. The \fBctx\fR must have a key type of +\&\fB\s-1EVP_PKEY_DHX\s0\fR. +The rfc5114 parameter and the nid parameter are mutually exclusive. +.SS "\s-1DH\s0 key derivation function parameters" +.IX Subsection "DH key derivation function parameters" +Note that all of the following functions require that the \fBctx\fR parameter has +a private key type of \fB\s-1EVP_PKEY_DHX\s0\fR. When using key derivation, the output of +\&\fIEVP_PKEY_derive()\fR is the output of the \s-1KDF\s0 instead of the \s-1DH\s0 shared secret. +The \s-1KDF\s0 output is typically used as a Key Encryption Key (\s-1KEK\s0) that in turn +encrypts a Content Encryption Key (\s-1CEK\s0). +.PP +The \fIEVP_PKEY_CTX_set_dh_kdf_type()\fR macro sets the key derivation function type +to \fBkdf\fR for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR +and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR which uses the key derivation specified in \s-1RFC2631\s0 +(based on the keying algorithm described in X9.42). When using key derivation, +the \fBkdf_oid\fR, \fBkdf_md\fR and \fBkdf_outlen\fR parameters must also be specified. +.PP +The \fIEVP_PKEY_CTX_get_dh_kdf_type()\fR macro gets the key derivation function type +for \fBctx\fR used for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR +and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR. +.PP +The \fIEVP_PKEY_CTX_set0_dh_kdf_oid()\fR macro sets the key derivation function +object identifier to \fBoid\fR for \s-1DH\s0 key derivation. This \s-1OID\s0 should identify +the algorithm to be used with the Content Encryption Key. +The library takes ownership of the object identifier so the caller should not +free the original memory pointed to by \fBoid\fR. +.PP +The \fIEVP_PKEY_CTX_get0_dh_kdf_oid()\fR macro gets the key derivation function oid +for \fBctx\fR used for \s-1DH\s0 key derivation. The resulting pointer is owned by the +library and should not be freed by the caller. +.PP +The \fIEVP_PKEY_CTX_set_dh_kdf_md()\fR macro sets the key derivation function +message digest to \fBmd\fR for \s-1DH\s0 key derivation. Note that \s-1RFC2631\s0 specifies +that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. +.PP +The \fIEVP_PKEY_CTX_get_dh_kdf_md()\fR macro gets the key derivation function +message digest for \fBctx\fR used for \s-1DH\s0 key derivation. +.PP +The \fIEVP_PKEY_CTX_set_dh_kdf_outlen()\fR macro sets the key derivation function +output length to \fBlen\fR for \s-1DH\s0 key derivation. +.PP +The \fIEVP_PKEY_CTX_get_dh_kdf_outlen()\fR macro gets the key derivation function +output length for \fBctx\fR used for \s-1DH\s0 key derivation. +.PP +The \fIEVP_PKEY_CTX_set0_dh_kdf_ukm()\fR macro sets the user key material to +\&\fBukm\fR and its length to \fBlen\fR for \s-1DH\s0 key derivation. This parameter is optional +and corresponds to the partyAInfo field in \s-1RFC2631\s0 terms. The specification +requires that it is 512 bits long but this is not enforced by OpenSSL. +The library takes ownership of the user key material so the caller should not +free the original memory pointed to by \fBukm\fR. +.PP +The \fIEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller. +.SS "\s-1EC\s0 parameters" +.IX Subsection "EC parameters" The \fIEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter generation to \fBnid\fR. For \s-1EC\s0 parameter generation this macro must be called or an error occurs because there is no default curve. This function can also be called to set the curve explicitly when generating an \s-1EC\s0 key. .PP -The \fIEVP_PKEY_CTX_set_ec_param_enc()\fR sets the \s-1EC\s0 parameter encoding to +The \fIEVP_PKEY_CTX_set_ec_param_enc()\fR macro sets the \s-1EC\s0 parameter encoding to \&\fBparam_enc\fR when generating \s-1EC\s0 parameters or an \s-1EC\s0 key. The encoding can be \&\fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR for explicit parameters (the default in versions of OpenSSL before 1.1.0) or \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR to use named curve form. For maximum compatibility the named curve form should be used. Note: the \&\fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR value was only added to OpenSSL 1.1.0; previous versions should use 0 instead. +.SS "\s-1ECDH\s0 parameters" +.IX Subsection "ECDH parameters" +The \fIEVP_PKEY_CTX_set_ecdh_cofactor_mode()\fR macro sets the cofactor mode to +\&\fBcofactor_mode\fR for \s-1ECDH\s0 key derivation. Possible values are 1 to enable +cofactor key derivation, 0 to disable it and \-1 to clear the stored cofactor +mode and fallback to the private key cofactor mode. +.PP +The \fIEVP_PKEY_CTX_get_ecdh_cofactor_mode()\fR macro returns the cofactor mode for +\&\fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are 1 when cofactor key +derivation is enabled and 0 otherwise. +.SS "\s-1ECDH\s0 key derivation function parameters" +.IX Subsection "ECDH key derivation function parameters" +The \fIEVP_PKEY_CTX_set_ecdh_kdf_type()\fR macro sets the key derivation function type +to \fBkdf\fR for \s-1ECDH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR +and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR which uses the key derivation specified in X9.63. +When using key derivation, the \fBkdf_md\fR and \fBkdf_outlen\fR parameters must +also be specified. +.PP +The \fIEVP_PKEY_CTX_get_ecdh_kdf_type()\fR macro returns the key derivation function +type for \fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are +\&\fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR. +.PP +The \fIEVP_PKEY_CTX_set_ecdh_kdf_md()\fR macro sets the key derivation function +message digest to \fBmd\fR for \s-1ECDH\s0 key derivation. Note that X9.63 specifies +that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. +.PP +The \fIEVP_PKEY_CTX_get_ecdh_kdf_md()\fR macro gets the key derivation function +message digest for \fBctx\fR used for \s-1ECDH\s0 key derivation. +.PP +The \fIEVP_PKEY_CTX_set_ecdh_kdf_outlen()\fR macro sets the key derivation function +output length to \fBlen\fR for \s-1ECDH\s0 key derivation. +.PP +The \fIEVP_PKEY_CTX_get_ecdh_kdf_outlen()\fR macro gets the key derivation function +output length for \fBctx\fR used for \s-1ECDH\s0 key derivation. +.PP +The \fIEVP_PKEY_CTX_set0_ecdh_kdf_ukm()\fR macro sets the user key material to \fBukm\fR +for \s-1ECDH\s0 key derivation. This parameter is optional and corresponds to the +shared info in X9.63 terms. The library takes ownership of the user key material +so the caller should not free the original memory pointed to by \fBukm\fR. .PP +The \fIEVP_PKEY_CTX_get0_ecdh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller. +.SS "Other parameters" +.IX Subsection "Other parameters" The \fIEVP_PKEY_CTX_set1_id()\fR, \fIEVP_PKEY_CTX_get1_id()\fR and \fIEVP_PKEY_CTX_get1_id_len()\fR macros are used to manipulate the special identifier field for specific signature algorithms such as \s-1SM2.\s0 The \fIEVP_PKEY_CTX_set1_id()\fR sets an \s-1ID\s0 pointed by \fBid\fR with @@ -305,7 +505,7 @@ indicates the operation is not supported by the public key algorithm. \&\fIEVP_PKEY_sign\fR\|(3), \&\fIEVP_PKEY_verify\fR\|(3), \&\fIEVP_PKEY_verify_recover\fR\|(3), -\&\fIEVP_PKEY_derive\fR\|(3) +\&\fIEVP_PKEY_derive\fR\|(3), \&\fIEVP_PKEY_keygen\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 index a9f5ab713e02..4cb06710825b 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_NEW 3" -.TH EVP_PKEY_CTX_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 index 64afd6f84e19..87cf931a203f 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET1_PBE_PASS 3" -.TH EVP_PKEY_CTX_SET1_PBE_PASS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_CTX_SET1_PBE_PASS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 index db926c1d28a7..7eec64fa9678 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_HKDF_MD 3" -.TH EVP_PKEY_CTX_SET_HKDF_MD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_CTX_SET_HKDF_MD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -191,12 +191,12 @@ pseudorandom key K returned from a previous extract operation. The digest, key and info values must be set before a key is derived or an error occurs. .PP -\&\fIEVP_PKEY_set_hkdf_md()\fR sets the message digest associated with the \s-1HKDF.\s0 +\&\fIEVP_PKEY_CTX_set_hkdf_md()\fR sets the message digest associated with the \s-1HKDF.\s0 .PP \&\fIEVP_PKEY_CTX_set1_hkdf_salt()\fR sets the salt to \fBsaltlen\fR bytes of the buffer \fBsalt\fR. Any existing value is replaced. .PP -\&\fIEVP_PKEY_CTX_set_hkdf_key()\fR sets the key to \fBkeylen\fR bytes of the buffer +\&\fIEVP_PKEY_CTX_set1_hkdf_key()\fR sets the key to \fBkeylen\fR bytes of the buffer \&\fBkey\fR. Any existing value is replaced. .PP \&\fIEVP_PKEY_CTX_add1_hkdf_info()\fR sets the info value to \fBinfolen\fR bytes of the diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 index 8c58dcd5ba0f..33d70752a1f3 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3" -.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,7 +161,7 @@ The \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro is used to set the salt lengt If the key has usage restrictions then an error is returned if an attempt is made to set the salt length below the minimum value. It is otherwise similar to the \fB\s-1RSA\s0\fR operation except detection of the salt length (using -\&\s-1RSA_PSS_SALTLEN_AUTO\s0 is not supported for verification if the key has +\&\s-1RSA_PSS_SALTLEN_AUTO\s0) is not supported for verification if the key has usage restrictions. .PP The \fIEVP_PKEY_CTX_set_signature_md()\fR and \fIEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macros @@ -171,7 +171,7 @@ digest to anything other than the restricted value. Otherwise these are similar to the \fB\s-1RSA\s0\fR versions. .SS "Key Generation" .IX Subsection "Key Generation" -As with \s-1RSA\s0 key generation the \fIEVP_PKEY_CTX_set_rsa_rsa_keygen_bits()\fR +As with \s-1RSA\s0 key generation the \fIEVP_PKEY_CTX_set_rsa_keygen_bits()\fR and \fIEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macros are supported for RSA-PSS: they have exactly the same meaning as for the \s-1RSA\s0 algorithm. .PP diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 index c51b7c6a431a..a34d354ab383 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_SCRYPT_N 3" -.TH EVP_PKEY_CTX_SET_SCRYPT_N 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_CTX_SET_SCRYPT_N 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 index 3115d636d28c..1b08c5286262 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_TLS1_PRF_MD 3" -.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 b/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 index b1f6c8b27128..93e27d9732d8 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_ASN1_GET_COUNT 3" -.TH EVP_PKEY_ASN1_GET_COUNT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_ASN1_GET_COUNT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 index ca8ff8dadeeb..44c4fc1ffa07 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CMP 3" -.TH EVP_PKEY_CMP 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_CMP 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 index 5a0b2d563da7..03a1e5c36dea 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_DECRYPT 3" -.TH EVP_PKEY_DECRYPT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_DECRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 b/secure/lib/libcrypto/man/EVP_PKEY_derive.3 index 105031f266d3..58c0eb082c88 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_derive.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_DERIVE 3" -.TH EVP_PKEY_DERIVE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_DERIVE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 index 7e30e8705912..08bdd09dfee5 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_ENCRYPT 3" -.TH EVP_PKEY_ENCRYPT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 index dab05522fc7d..0b55bb1d25a5 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_GET_DEFAULT_DIGEST_NID 3" -.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 index 514e36383f5a..9eaf4acac95e 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_KEYGEN 3" -.TH EVP_PKEY_KEYGEN 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_KEYGEN 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 b/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 index 3b8b36fcbd26..0c378ff5d29d 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_METH_GET_COUNT 3" -.TH EVP_PKEY_METH_GET_COUNT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_METH_GET_COUNT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 index 17c7e82c8ca9..4e9fe173b13f 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_METH_NEW 3" -.TH EVP_PKEY_METH_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3 index 3c7a5b22262e..15c9d567aa48 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_NEW 3" -.TH EVP_PKEY_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 index f12e7a725de9..a0c80534dbb4 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_PRINT_PRIVATE 3" -.TH EVP_PKEY_PRINT_PRIVATE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_PRINT_PRIVATE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 index dd99916bfdcf..411d592a5364 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 @@ -129,13 +129,13 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_SET1_RSA 3" -.TH EVP_PKEY_SET1_RSA 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_SET1_RSA 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, EVP_PKEY_get0_hmac, EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine \- EVP_PKEY assignment functions +EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine \- EVP_PKEY assignment functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -152,6 +152,8 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EV \& EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); \& \& const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); +\& const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); +\& const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); \& RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); \& DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); \& DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey); @@ -161,6 +163,8 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EV \& int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key); \& int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key); \& int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); +\& int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); +\& int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); \& \& int EVP_PKEY_id(const EVP_PKEY *pkey); \& int EVP_PKEY_base_id(const EVP_PKEY *pkey); @@ -178,14 +182,15 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EV \&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or \&\fB\s-1NULL\s0\fR if the key is not of the correct type. .PP -\&\fIEVP_PKEY_get0_hmac()\fR, \fIEVP_PKEY_get0_RSA()\fR, \fIEVP_PKEY_get0_DSA()\fR, -\&\fIEVP_PKEY_get0_DH()\fR and \fIEVP_PKEY_get0_EC_KEY()\fR also return the -referenced key in \fBpkey\fR or \fB\s-1NULL\s0\fR if the key is not of the -correct type but the reference count of the returned key is -\&\fBnot\fR incremented and so must not be freed up after use. +\&\fIEVP_PKEY_get0_hmac()\fR, \fIEVP_PKEY_get0_poly1305()\fR, \fIEVP_PKEY_get0_siphash()\fR, +\&\fIEVP_PKEY_get0_RSA()\fR, \fIEVP_PKEY_get0_DSA()\fR, \fIEVP_PKEY_get0_DH()\fR +and \fIEVP_PKEY_get0_EC_KEY()\fR also return the referenced key in \fBpkey\fR or \fB\s-1NULL\s0\fR +if the key is not of the correct type but the reference count of the +returned key is \fBnot\fR incremented and so must not be freed up after use. .PP -\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR -and \fIEVP_PKEY_assign_EC_KEY()\fR also set the referenced key to \fBkey\fR +\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR, +\&\fIEVP_PKEY_assign_EC_KEY()\fR, \fIEVP_PKEY_assign_POLY1305()\fR and +\&\fIEVP_PKEY_assign_SIPHASH()\fR also set the referenced key to \fBkey\fR however these use the supplied \fBkey\fR internally and so \fBkey\fR will be freed when the parent \fBpkey\fR is freed. .PP @@ -216,8 +221,9 @@ In accordance with the OpenSSL naming convention the key obtained from or assigned to the \fBpkey\fR using the \fB1\fR functions must be freed as well as \fBpkey\fR. .PP -\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR -and \fIEVP_PKEY_assign_EC_KEY()\fR are implemented as macros. +\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR, +\&\fIEVP_PKEY_assign_EC_KEY()\fR, \fIEVP_PKEY_assign_POLY1305()\fR +and \fIEVP_PKEY_assign_SIPHASH()\fR are implemented as macros. .PP Most applications wishing to know a key type will simply call \&\fIEVP_PKEY_base_id()\fR and will not care about the actual type: @@ -246,8 +252,9 @@ algorithms with EVP_PKEY_set_alias_type: \&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR -and \fIEVP_PKEY_assign_EC_KEY()\fR return 1 for success and 0 for failure. +\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR, +\&\fIEVP_PKEY_assign_EC_KEY()\fR, \fIEVP_PKEY_assign_POLY1305()\fR +and \fIEVP_PKEY_assign_SIPHASH()\fR return 1 for success and 0 for failure. .PP \&\fIEVP_PKEY_base_id()\fR, \fIEVP_PKEY_id()\fR and \fIEVP_PKEY_type()\fR return a key type or \fBNID_undef\fR (equivalently \fB\s-1EVP_PKEY_NONE\s0\fR) on error. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 b/secure/lib/libcrypto/man/EVP_PKEY_sign.3 index 8987c991bf02..bdc74d104dd8 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_sign.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_SIGN 3" -.TH EVP_PKEY_SIGN 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify.3 index fe54b9e74672..88a2284e8b3f 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_verify.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_VERIFY 3" -.TH EVP_PKEY_VERIFY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_VERIFY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 index 68810fd51fbf..cd53ae332637 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_VERIFY_RECOVER 3" -.TH EVP_PKEY_VERIFY_RECOVER 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_PKEY_VERIFY_RECOVER 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3 index 506530ee4a67..a836dbc9b648 100644 --- a/secure/lib/libcrypto/man/EVP_SealInit.3 +++ b/secure/lib/libcrypto/man/EVP_SealInit.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SEALINIT 3" -.TH EVP_SEALINIT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_SEALINIT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3 index 9bc01c072a55..1d7dff0770a2 100644 --- a/secure/lib/libcrypto/man/EVP_SignInit.3 +++ b/secure/lib/libcrypto/man/EVP_SignInit.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SIGNINIT 3" -.TH EVP_SIGNINIT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_SIGNINIT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3 index 5069af1ce809..4b45b0cf21e2 100644 --- a/secure/lib/libcrypto/man/EVP_VerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_VERIFYINIT 3" -.TH EVP_VERIFYINIT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_VERIFYINIT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_aes.3 b/secure/lib/libcrypto/man/EVP_aes.3 index c33fa870a788..c8edbb5b0ead 100644 --- a/secure/lib/libcrypto/man/EVP_aes.3 +++ b/secure/lib/libcrypto/man/EVP_aes.3 @@ -129,13 +129,13 @@ .\" ======================================================================== .\" .IX Title "EVP_AES 3" -.TH EVP_AES 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_AES 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_aes_128_cbc, EVP_aes_192_cbc, EVP_aes_256_cbc, EVP_aes_128_cfb, EVP_aes_192_cfb, EVP_aes_256_cfb, EVP_aes_128_cfb1, EVP_aes_192_cfb1, EVP_aes_256_cfb1, EVP_aes_128_cfb8, EVP_aes_192_cfb8, EVP_aes_256_cfb8, EVP_aes_128_ctr, EVP_aes_192_ctr, EVP_aes_256_ctr, EVP_aes_128_ecb, EVP_aes_192_ecb, EVP_aes_256_ecb, EVP_aes_128_ofb, EVP_aes_192_ofb, EVP_aes_256_ofb, EVP_aes_128_cbc_hmac_sha1, EVP_aes_256_cbc_hmac_sha1, EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256, EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm, EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ocb, EVP_aes_192_ocb, EVP_aes_256_ocb, EVP_aes_128_wrap, EVP_aes_192_wrap, EVP_aes_256_wrap, EVP_aes_128_wrap_pad, EVP_aes_192_wrap_pad, EVP_aes_256_wrap_pad, EVP_aes_128_xts, EVP_aes_256_xts \&\- EVP AES cipher +EVP_aes_128_cbc, EVP_aes_192_cbc, EVP_aes_256_cbc, EVP_aes_128_cfb, EVP_aes_192_cfb, EVP_aes_256_cfb, EVP_aes_128_cfb1, EVP_aes_192_cfb1, EVP_aes_256_cfb1, EVP_aes_128_cfb8, EVP_aes_192_cfb8, EVP_aes_256_cfb8, EVP_aes_128_cfb128, EVP_aes_192_cfb128, EVP_aes_256_cfb128, EVP_aes_128_ctr, EVP_aes_192_ctr, EVP_aes_256_ctr, EVP_aes_128_ecb, EVP_aes_192_ecb, EVP_aes_256_ecb, EVP_aes_128_ofb, EVP_aes_192_ofb, EVP_aes_256_ofb, EVP_aes_128_cbc_hmac_sha1, EVP_aes_256_cbc_hmac_sha1, EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256, EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm, EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ocb, EVP_aes_192_ocb, EVP_aes_256_ocb, EVP_aes_128_wrap, EVP_aes_192_wrap, EVP_aes_256_wrap, EVP_aes_128_wrap_pad, EVP_aes_192_wrap_pad, EVP_aes_256_wrap_pad, EVP_aes_128_xts, EVP_aes_256_xts \&\- EVP AES cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -149,8 +149,8 @@ functions, such as \fIEVP_aes_128_cbc\fR. .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1AES\s0 encryption algorithm for \s-1EVP.\s0 -.IP "\fIEVP_aes_128_cbc()\fR, \fIEVP_aes_192_cbc()\fR, \fIEVP_aes_256_cbc()\fR, \fIEVP_aes_128_cfb()\fR, \fIEVP_aes_192_cfb()\fR, \fIEVP_aes_256_cfb()\fR, \fIEVP_aes_128_cfb1()\fR, \fIEVP_aes_192_cfb1()\fR, \fIEVP_aes_256_cfb1()\fR, \fIEVP_aes_128_cfb8()\fR, \fIEVP_aes_192_cfb8()\fR, \fIEVP_aes_256_cfb8()\fR, \fIEVP_aes_128_ctr()\fR, \fIEVP_aes_192_ctr()\fR, \fIEVP_aes_256_ctr()\fR, \fIEVP_aes_128_ecb()\fR, \fIEVP_aes_192_ecb()\fR, \fIEVP_aes_256_ecb()\fR, \fIEVP_aes_128_ofb()\fR, \fIEVP_aes_192_ofb()\fR, \fIEVP_aes_256_ofb()\fR" 4 -.IX Item "EVP_aes_128_cbc(), EVP_aes_192_cbc(), EVP_aes_256_cbc(), EVP_aes_128_cfb(), EVP_aes_192_cfb(), EVP_aes_256_cfb(), EVP_aes_128_cfb1(), EVP_aes_192_cfb1(), EVP_aes_256_cfb1(), EVP_aes_128_cfb8(), EVP_aes_192_cfb8(), EVP_aes_256_cfb8(), EVP_aes_128_ctr(), EVP_aes_192_ctr(), EVP_aes_256_ctr(), EVP_aes_128_ecb(), EVP_aes_192_ecb(), EVP_aes_256_ecb(), EVP_aes_128_ofb(), EVP_aes_192_ofb(), EVP_aes_256_ofb()" +.IP "\fIEVP_aes_128_cbc()\fR, \fIEVP_aes_192_cbc()\fR, \fIEVP_aes_256_cbc()\fR, \fIEVP_aes_128_cfb()\fR, \fIEVP_aes_192_cfb()\fR, \fIEVP_aes_256_cfb()\fR, \fIEVP_aes_128_cfb1()\fR, \fIEVP_aes_192_cfb1()\fR, \fIEVP_aes_256_cfb1()\fR, \fIEVP_aes_128_cfb8()\fR, \fIEVP_aes_192_cfb8()\fR, \fIEVP_aes_256_cfb8()\fR, \fIEVP_aes_128_cfb128()\fR, \fIEVP_aes_192_cfb128()\fR, \fIEVP_aes_256_cfb128()\fR, \fIEVP_aes_128_ctr()\fR, \fIEVP_aes_192_ctr()\fR, \fIEVP_aes_256_ctr()\fR, \fIEVP_aes_128_ecb()\fR, \fIEVP_aes_192_ecb()\fR, \fIEVP_aes_256_ecb()\fR, \fIEVP_aes_128_ofb()\fR, \fIEVP_aes_192_ofb()\fR, \fIEVP_aes_256_ofb()\fR" 4 +.IX Item "EVP_aes_128_cbc(), EVP_aes_192_cbc(), EVP_aes_256_cbc(), EVP_aes_128_cfb(), EVP_aes_192_cfb(), EVP_aes_256_cfb(), EVP_aes_128_cfb1(), EVP_aes_192_cfb1(), EVP_aes_256_cfb1(), EVP_aes_128_cfb8(), EVP_aes_192_cfb8(), EVP_aes_256_cfb8(), EVP_aes_128_cfb128(), EVP_aes_192_cfb128(), EVP_aes_256_cfb128(), EVP_aes_128_ctr(), EVP_aes_192_ctr(), EVP_aes_256_ctr(), EVP_aes_128_ecb(), EVP_aes_192_ecb(), EVP_aes_256_ecb(), EVP_aes_128_ofb(), EVP_aes_192_ofb(), EVP_aes_256_ofb()" \&\s-1AES\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with 128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB,\s0 and \s-1OFB.\s0 .IP "\fIEVP_aes_128_cbc_hmac_sha1()\fR, \fIEVP_aes_256_cbc_hmac_sha1()\fR" 4 @@ -204,7 +204,7 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fIEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/EVP_aria.3 b/secure/lib/libcrypto/man/EVP_aria.3 index 515e937eed18..e94c02d3c5c0 100644 --- a/secure/lib/libcrypto/man/EVP_aria.3 +++ b/secure/lib/libcrypto/man/EVP_aria.3 @@ -129,13 +129,13 @@ .\" ======================================================================== .\" .IX Title "EVP_ARIA 3" -.TH EVP_ARIA 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_ARIA 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_aria_128_cbc, EVP_aria_192_cbc, EVP_aria_256_cbc, EVP_aria_128_cfb, EVP_aria_192_cfb, EVP_aria_256_cfb, EVP_aria_128_cfb1, EVP_aria_192_cfb1, EVP_aria_256_cfb1, EVP_aria_128_cfb8, EVP_aria_192_cfb8, EVP_aria_256_cfb8, EVP_aria_128_ctr, EVP_aria_192_ctr, EVP_aria_256_ctr, EVP_aria_128_ecb, EVP_aria_192_ecb, EVP_aria_256_ecb, EVP_aria_128_ofb, EVP_aria_192_ofb, EVP_aria_256_ofb, EVP_aria_128_ccm, EVP_aria_192_ccm, EVP_aria_256_ccm, EVP_aria_128_gcm, EVP_aria_192_gcm, EVP_aria_256_gcm, \&\- EVP AES cipher +EVP_aria_128_cbc, EVP_aria_192_cbc, EVP_aria_256_cbc, EVP_aria_128_cfb, EVP_aria_192_cfb, EVP_aria_256_cfb, EVP_aria_128_cfb1, EVP_aria_192_cfb1, EVP_aria_256_cfb1, EVP_aria_128_cfb8, EVP_aria_192_cfb8, EVP_aria_256_cfb8, EVP_aria_128_cfb128, EVP_aria_192_cfb128, EVP_aria_256_cfb128, EVP_aria_128_ctr, EVP_aria_192_ctr, EVP_aria_256_ctr, EVP_aria_128_ecb, EVP_aria_192_ecb, EVP_aria_256_ecb, EVP_aria_128_ofb, EVP_aria_192_ofb, EVP_aria_256_ofb, EVP_aria_128_ccm, EVP_aria_192_ccm, EVP_aria_256_ccm, EVP_aria_128_gcm, EVP_aria_192_gcm, EVP_aria_256_gcm, \&\- EVP AES cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -149,8 +149,8 @@ functions, such as \fIEVP_aria_128_cbc\fR. .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1ARIA\s0 encryption algorithm for \s-1EVP.\s0 -.IP "\fIEVP_aria_128_cbc()\fR, \fIEVP_aria_192_cbc()\fR, \fIEVP_aria_256_cbc()\fR, \fIEVP_aria_128_cfb()\fR, \fIEVP_aria_192_cfb()\fR, \fIEVP_aria_256_cfb()\fR, \fIEVP_aria_128_cfb1()\fR, \fIEVP_aria_192_cfb1()\fR, \fIEVP_aria_256_cfb1()\fR, \fIEVP_aria_128_cfb8()\fR, \fIEVP_aria_192_cfb8()\fR, \fIEVP_aria_256_cfb8()\fR, \fIEVP_aria_128_ctr()\fR, \fIEVP_aria_192_ctr()\fR, \fIEVP_aria_256_ctr()\fR, \fIEVP_aria_128_ecb()\fR, \fIEVP_aria_192_ecb()\fR, \fIEVP_aria_256_ecb()\fR, \fIEVP_aria_128_ofb()\fR, \fIEVP_aria_192_ofb()\fR, \fIEVP_aria_256_ofb()\fR" 4 -.IX Item "EVP_aria_128_cbc(), EVP_aria_192_cbc(), EVP_aria_256_cbc(), EVP_aria_128_cfb(), EVP_aria_192_cfb(), EVP_aria_256_cfb(), EVP_aria_128_cfb1(), EVP_aria_192_cfb1(), EVP_aria_256_cfb1(), EVP_aria_128_cfb8(), EVP_aria_192_cfb8(), EVP_aria_256_cfb8(), EVP_aria_128_ctr(), EVP_aria_192_ctr(), EVP_aria_256_ctr(), EVP_aria_128_ecb(), EVP_aria_192_ecb(), EVP_aria_256_ecb(), EVP_aria_128_ofb(), EVP_aria_192_ofb(), EVP_aria_256_ofb()" +.IP "\fIEVP_aria_128_cbc()\fR, \fIEVP_aria_192_cbc()\fR, \fIEVP_aria_256_cbc()\fR, \fIEVP_aria_128_cfb()\fR, \fIEVP_aria_192_cfb()\fR, \fIEVP_aria_256_cfb()\fR, \fIEVP_aria_128_cfb1()\fR, \fIEVP_aria_192_cfb1()\fR, \fIEVP_aria_256_cfb1()\fR, \fIEVP_aria_128_cfb8()\fR, \fIEVP_aria_192_cfb8()\fR, \fIEVP_aria_256_cfb8()\fR, \fIEVP_aria_128_cfb128()\fR, \fIEVP_aria_192_cfb128()\fR, \fIEVP_aria_256_cfb128()\fR, \fIEVP_aria_128_ctr()\fR, \fIEVP_aria_192_ctr()\fR, \fIEVP_aria_256_ctr()\fR, \fIEVP_aria_128_ecb()\fR, \fIEVP_aria_192_ecb()\fR, \fIEVP_aria_256_ecb()\fR, \fIEVP_aria_128_ofb()\fR, \fIEVP_aria_192_ofb()\fR, \fIEVP_aria_256_ofb()\fR" 4 +.IX Item "EVP_aria_128_cbc(), EVP_aria_192_cbc(), EVP_aria_256_cbc(), EVP_aria_128_cfb(), EVP_aria_192_cfb(), EVP_aria_256_cfb(), EVP_aria_128_cfb1(), EVP_aria_192_cfb1(), EVP_aria_256_cfb1(), EVP_aria_128_cfb8(), EVP_aria_192_cfb8(), EVP_aria_256_cfb8(), EVP_aria_128_cfb128(), EVP_aria_192_cfb128(), EVP_aria_256_cfb128(), EVP_aria_128_ctr(), EVP_aria_192_ctr(), EVP_aria_256_ctr(), EVP_aria_128_ecb(), EVP_aria_192_ecb(), EVP_aria_256_ecb(), EVP_aria_128_ofb(), EVP_aria_192_ofb(), EVP_aria_256_ofb()" \&\s-1ARIA\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with 128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0 .IP "\fIEVP_aria_128_ccm()\fR, \fIEVP_aria_192_ccm()\fR, \fIEVP_aria_256_ccm()\fR, \fIEVP_aria_128_gcm()\fR, \fIEVP_aria_192_gcm()\fR, \fIEVP_aria_256_gcm()\fR," 4 @@ -170,7 +170,7 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fIEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/EVP_bf_cbc.3 b/secure/lib/libcrypto/man/EVP_bf_cbc.3 index 035c677922da..bdd02a6d04c9 100644 --- a/secure/lib/libcrypto/man/EVP_bf_cbc.3 +++ b/secure/lib/libcrypto/man/EVP_bf_cbc.3 @@ -129,13 +129,13 @@ .\" ======================================================================== .\" .IX Title "EVP_BF_CBC 3" -.TH EVP_BF_CBC 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_BF_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_bf_cbc, EVP_bf_cfb, EVP_bf_ecb, EVP_bf_ofb \&\- EVP Blowfish cipher +EVP_bf_cbc, EVP_bf_cfb, EVP_bf_cfb64, EVP_bf_ecb, EVP_bf_ofb \&\- EVP Blowfish cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -143,6 +143,7 @@ EVP_bf_cbc, EVP_bf_cfb, EVP_bf_ecb, EVP_bf_ofb \&\- EVP Blowfish cipher \& \& const EVP_CIPHER *EVP_bf_cbc(void) \& const EVP_CIPHER *EVP_bf_cfb(void) +\& const EVP_CIPHER *EVP_bf_cfb64(void) \& const EVP_CIPHER *EVP_bf_ecb(void) \& const EVP_CIPHER *EVP_bf_ofb(void) .Ve @@ -151,8 +152,8 @@ EVP_bf_cbc, EVP_bf_cfb, EVP_bf_ecb, EVP_bf_ofb \&\- EVP Blowfish cipher The Blowfish encryption algorithm for \s-1EVP.\s0 .PP This is a variable key length cipher. -.IP "\fIEVP_bf_cbc()\fR, \fIEVP_bf_cfb()\fR, \fIEVP_bf_ecb()\fR, \fIEVP_bf_ofb()\fR" 4 -.IX Item "EVP_bf_cbc(), EVP_bf_cfb(), EVP_bf_ecb(), EVP_bf_ofb()" +.IP "\fIEVP_bf_cbc()\fR, \fIEVP_bf_cfb()\fR, \fIEVP_bf_cfb64()\fR, \fIEVP_bf_ecb()\fR, \fIEVP_bf_ofb()\fR" 4 +.IX Item "EVP_bf_cbc(), EVP_bf_cfb(), EVP_bf_cfb64(), EVP_bf_ecb(), EVP_bf_ofb()" Blowfish encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -166,7 +167,7 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fIEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/EVP_blake2b512.3 b/secure/lib/libcrypto/man/EVP_blake2b512.3 index b689ff5f04ae..ebe656dc5fc4 100644 --- a/secure/lib/libcrypto/man/EVP_blake2b512.3 +++ b/secure/lib/libcrypto/man/EVP_blake2b512.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_BLAKE2B512 3" -.TH EVP_BLAKE2B512 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_BLAKE2B512 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_camellia.3 b/secure/lib/libcrypto/man/EVP_camellia.3 index f228152a27df..42c383f8060e 100644 --- a/secure/lib/libcrypto/man/EVP_camellia.3 +++ b/secure/lib/libcrypto/man/EVP_camellia.3 @@ -129,13 +129,13 @@ .\" ======================================================================== .\" .IX Title "EVP_CAMELLIA 3" -.TH EVP_CAMELLIA 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_CAMELLIA 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_camellia_128_cbc, EVP_camellia_192_cbc, EVP_camellia_256_cbc, EVP_camellia_128_cfb, EVP_camellia_192_cfb, EVP_camellia_256_cfb, EVP_camellia_128_cfb1, EVP_camellia_192_cfb1, EVP_camellia_256_cfb1, EVP_camellia_128_cfb8, EVP_camellia_192_cfb8, EVP_camellia_256_cfb8, EVP_camellia_128_ctr, EVP_camellia_192_ctr, EVP_camellia_256_ctr, EVP_camellia_128_ecb, EVP_camellia_192_ecb, EVP_camellia_256_ecb, EVP_camellia_128_ofb, EVP_camellia_192_ofb, EVP_camellia_256_ofb \&\- EVP Camellia cipher +EVP_camellia_128_cbc, EVP_camellia_192_cbc, EVP_camellia_256_cbc, EVP_camellia_128_cfb, EVP_camellia_192_cfb, EVP_camellia_256_cfb, EVP_camellia_128_cfb1, EVP_camellia_192_cfb1, EVP_camellia_256_cfb1, EVP_camellia_128_cfb8, EVP_camellia_192_cfb8, EVP_camellia_256_cfb8, EVP_camellia_128_cfb128, EVP_camellia_192_cfb128, EVP_camellia_256_cfb128, EVP_camellia_128_ctr, EVP_camellia_192_ctr, EVP_camellia_256_ctr, EVP_camellia_128_ecb, EVP_camellia_192_ecb, EVP_camellia_256_ecb, EVP_camellia_128_ofb, EVP_camellia_192_ofb, EVP_camellia_256_ofb \&\- EVP Camellia cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -149,8 +149,8 @@ functions, such as \fIEVP_camellia_128_cbc\fR. .SH "DESCRIPTION" .IX Header "DESCRIPTION" The Camellia encryption algorithm for \s-1EVP.\s0 -.IP "\fIEVP_camellia_128_cbc()\fR, \fIEVP_camellia_192_cbc()\fR, \fIEVP_camellia_256_cbc()\fR, \fIEVP_camellia_128_cfb()\fR, \fIEVP_camellia_192_cfb()\fR, \fIEVP_camellia_256_cfb()\fR, \fIEVP_camellia_128_cfb1()\fR, \fIEVP_camellia_192_cfb1()\fR, \fIEVP_camellia_256_cfb1()\fR, \fIEVP_camellia_128_cfb8()\fR, \fIEVP_camellia_192_cfb8()\fR, \fIEVP_camellia_256_cfb8()\fR, \fIEVP_camellia_128_ctr()\fR, \fIEVP_camellia_192_ctr()\fR, \fIEVP_camellia_256_ctr()\fR, \fIEVP_camellia_128_ecb()\fR, \fIEVP_camellia_192_ecb()\fR, \fIEVP_camellia_256_ecb()\fR, \fIEVP_camellia_128_ofb()\fR, \fIEVP_camellia_192_ofb()\fR, \fIEVP_camellia_256_ofb()\fR" 4 -.IX Item "EVP_camellia_128_cbc(), EVP_camellia_192_cbc(), EVP_camellia_256_cbc(), EVP_camellia_128_cfb(), EVP_camellia_192_cfb(), EVP_camellia_256_cfb(), EVP_camellia_128_cfb1(), EVP_camellia_192_cfb1(), EVP_camellia_256_cfb1(), EVP_camellia_128_cfb8(), EVP_camellia_192_cfb8(), EVP_camellia_256_cfb8(), EVP_camellia_128_ctr(), EVP_camellia_192_ctr(), EVP_camellia_256_ctr(), EVP_camellia_128_ecb(), EVP_camellia_192_ecb(), EVP_camellia_256_ecb(), EVP_camellia_128_ofb(), EVP_camellia_192_ofb(), EVP_camellia_256_ofb()" +.IP "\fIEVP_camellia_128_cbc()\fR, \fIEVP_camellia_192_cbc()\fR, \fIEVP_camellia_256_cbc()\fR, \fIEVP_camellia_128_cfb()\fR, \fIEVP_camellia_192_cfb()\fR, \fIEVP_camellia_256_cfb()\fR, \fIEVP_camellia_128_cfb1()\fR, \fIEVP_camellia_192_cfb1()\fR, \fIEVP_camellia_256_cfb1()\fR, \fIEVP_camellia_128_cfb8()\fR, \fIEVP_camellia_192_cfb8()\fR, \fIEVP_camellia_256_cfb8()\fR, \fIEVP_camellia_128_cfb128()\fR, \fIEVP_camellia_192_cfb128()\fR, \fIEVP_camellia_256_cfb128()\fR, \fIEVP_camellia_128_ctr()\fR, \fIEVP_camellia_192_ctr()\fR, \fIEVP_camellia_256_ctr()\fR, \fIEVP_camellia_128_ecb()\fR, \fIEVP_camellia_192_ecb()\fR, \fIEVP_camellia_256_ecb()\fR, \fIEVP_camellia_128_ofb()\fR, \fIEVP_camellia_192_ofb()\fR, \fIEVP_camellia_256_ofb()\fR" 4 +.IX Item "EVP_camellia_128_cbc(), EVP_camellia_192_cbc(), EVP_camellia_256_cbc(), EVP_camellia_128_cfb(), EVP_camellia_192_cfb(), EVP_camellia_256_cfb(), EVP_camellia_128_cfb1(), EVP_camellia_192_cfb1(), EVP_camellia_256_cfb1(), EVP_camellia_128_cfb8(), EVP_camellia_192_cfb8(), EVP_camellia_256_cfb8(), EVP_camellia_128_cfb128(), EVP_camellia_192_cfb128(), EVP_camellia_256_cfb128(), EVP_camellia_128_ctr(), EVP_camellia_192_ctr(), EVP_camellia_256_ctr(), EVP_camellia_128_ecb(), EVP_camellia_192_ecb(), EVP_camellia_256_ecb(), EVP_camellia_128_ofb(), EVP_camellia_192_ofb(), EVP_camellia_256_ofb()" Camellia for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with 128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0 .SH "RETURN VALUES" @@ -165,7 +165,7 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fIEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/EVP_cast5_cbc.3 b/secure/lib/libcrypto/man/EVP_cast5_cbc.3 index e7f98d94cf06..e4f45eb9411d 100644 --- a/secure/lib/libcrypto/man/EVP_cast5_cbc.3 +++ b/secure/lib/libcrypto/man/EVP_cast5_cbc.3 @@ -129,13 +129,13 @@ .\" ======================================================================== .\" .IX Title "EVP_CAST5_CBC 3" -.TH EVP_CAST5_CBC 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_CAST5_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_cast5_cbc, EVP_cast5_cfb, EVP_cast5_ecb, EVP_cast5_ofb \&\- EVP CAST cipher +EVP_cast5_cbc, EVP_cast5_cfb, EVP_cast5_cfb64, EVP_cast5_ecb, EVP_cast5_ofb \&\- EVP CAST cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -143,6 +143,7 @@ EVP_cast5_cbc, EVP_cast5_cfb, EVP_cast5_ecb, EVP_cast5_ofb \&\- EVP CAST cipher \& \& const EVP_CIPHER *EVP_cast5_cbc(void) \& const EVP_CIPHER *EVP_cast5_cfb(void) +\& const EVP_CIPHER *EVP_cast5_cfb64(void) \& const EVP_CIPHER *EVP_cast5_ecb(void) \& const EVP_CIPHER *EVP_cast5_ofb(void) .Ve @@ -151,8 +152,8 @@ EVP_cast5_cbc, EVP_cast5_cfb, EVP_cast5_ecb, EVP_cast5_ofb \&\- EVP CAST cipher The \s-1CAST\s0 encryption algorithm for \s-1EVP.\s0 .PP This is a variable key length cipher. -.IP "\fIEVP_cast5_cbc()\fR, \fIEVP_cast5_ecb()\fR, \fIEVP_cast5_cfb()\fR, \fIEVP_cast5_ofb()\fR" 4 -.IX Item "EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb(), EVP_cast5_ofb()" +.IP "\fIEVP_cast5_cbc()\fR, \fIEVP_cast5_ecb()\fR, \fIEVP_cast5_cfb()\fR, \fIEVP_cast5_cfb64()\fR, \fIEVP_cast5_ofb()\fR" 4 +.IX Item "EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb(), EVP_cast5_cfb64(), EVP_cast5_ofb()" \&\s-1CAST\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -166,7 +167,7 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fIEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/EVP_chacha20.3 b/secure/lib/libcrypto/man/EVP_chacha20.3 index bce6118a27c1..0aecec394cca 100644 --- a/secure/lib/libcrypto/man/EVP_chacha20.3 +++ b/secure/lib/libcrypto/man/EVP_chacha20.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_CHACHA20 3" -.TH EVP_CHACHA20 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_CHACHA20 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_des.3 b/secure/lib/libcrypto/man/EVP_des.3 index ba5e8793a7cd..54319776111e 100644 --- a/secure/lib/libcrypto/man/EVP_des.3 +++ b/secure/lib/libcrypto/man/EVP_des.3 @@ -129,13 +129,13 @@ .\" ======================================================================== .\" .IX Title "EVP_DES 3" -.TH EVP_DES 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_DES 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_des_cbc, EVP_des_cfb, EVP_des_cfb1, EVP_des_cfb8, EVP_des_ecb, EVP_des_ede, EVP_des_ede_cfb, EVP_des_ede_ofb, EVP_des_ofb, EVP_des_ede3, EVP_des_ede3_cbc, EVP_des_ede3_cfb, EVP_des_ede3_cfb1, EVP_des_ede3_cfb8, EVP_des_ede3_ofb, EVP_des_ede3_wrap, EVP_des_ede_cbc \&\- EVP DES cipher +EVP_des_cbc, EVP_des_cfb, EVP_des_cfb1, EVP_des_cfb8, EVP_des_cfb64, EVP_des_ecb, EVP_des_ofb, EVP_des_ede, EVP_des_ede_cbc, EVP_des_ede_cfb, EVP_des_ede_cfb64, EVP_des_ede_ecb, EVP_des_ede_ofb, EVP_des_ede3, EVP_des_ede3_cbc, EVP_des_ede3_cfb, EVP_des_ede3_cfb1, EVP_des_ede3_cfb8, EVP_des_ede3_cfb64, EVP_des_ede3_ecb, EVP_des_ede3_ofb, EVP_des_ede3_wrap \&\- EVP DES cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -149,17 +149,17 @@ functions, such as \fIEVP_des_cbc\fR. .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1DES\s0 encryption algorithm for \s-1EVP.\s0 -.IP "\fIEVP_des_cbc()\fR, \fIEVP_des_ecb()\fR, \fIEVP_des_cfb()\fR, \fIEVP_des_cfb1()\fR, \fIEVP_des_cfb8()\fR, \fIEVP_des_ofb()\fR" 4 -.IX Item "EVP_des_cbc(), EVP_des_ecb(), EVP_des_cfb(), EVP_des_cfb1(), EVP_des_cfb8(), EVP_des_ofb()" -\&\s-1DES\s0 in \s-1CBC, ECB, CFB\s0 with 128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit -shift and \s-1OFB\s0 modes respectively. -.IP "\fIEVP_des_ede()\fR, \fIEVP_des_ede_cbc()\fR, \fIEVP_des_ede_ofb()\fR, \fIEVP_des_ede_cfb()\fR" 4 -.IX Item "EVP_des_ede(), EVP_des_ede_cbc(), EVP_des_ede_ofb(), EVP_des_ede_cfb()" -Two key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 and \s-1OFB\s0 modes respectively. -.IP "\fIEVP_des_ede3()\fR, \fIEVP_des_ede3_cbc()\fR, \fIEVP_des_ede3_cfb()\fR, \fIEVP_des_ede3_cfb1()\fR, \fIEVP_des_ede3_cfb8()\fR, \fIEVP_des_ede3_ofb()\fR" 4 -.IX Item "EVP_des_ede3(), EVP_des_ede3_cbc(), EVP_des_ede3_cfb(), EVP_des_ede3_cfb1(), EVP_des_ede3_cfb8(), EVP_des_ede3_ofb()" -Three-key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 128\-bit shift, \s-1CFB\s0 with 1\-bit shift, -\&\s-1CFB\s0 with 8\-bit shift and \s-1OFB\s0 modes respectively. +.IP "\fIEVP_des_cbc()\fR, \fIEVP_des_ecb()\fR, \fIEVP_des_cfb()\fR, \fIEVP_des_cfb1()\fR, \fIEVP_des_cfb8()\fR, \fIEVP_des_cfb64()\fR, \fIEVP_des_ofb()\fR" 4 +.IX Item "EVP_des_cbc(), EVP_des_ecb(), EVP_des_cfb(), EVP_des_cfb1(), EVP_des_cfb8(), EVP_des_cfb64(), EVP_des_ofb()" +\&\s-1DES\s0 in \s-1CBC, ECB, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit +shift and \s-1OFB\s0 modes. +.IP "\fIEVP_des_ede()\fR, \fIEVP_des_ede_cbc()\fR, \fIEVP_des_ede_cfb()\fR, \fIEVP_des_ede_cfb64()\fR, \fIEVP_des_ede_ecb()\fR, \fIEVP_des_ede_ofb()\fR" 4 +.IX Item "EVP_des_ede(), EVP_des_ede_cbc(), EVP_des_ede_cfb(), EVP_des_ede_cfb64(), EVP_des_ede_ecb(), EVP_des_ede_ofb()" +Two key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift and \s-1OFB\s0 modes. +.IP "\fIEVP_des_ede3()\fR, \fIEVP_des_ede3_cbc()\fR, \fIEVP_des_ede3_cfb()\fR, \fIEVP_des_ede3_cfb1()\fR, \fIEVP_des_ede3_cfb8()\fR, \fIEVP_des_ede3_cfb64()\fR, \fIEVP_des_ede3_ecb()\fR, \fIEVP_des_ede3_ofb()\fR" 4 +.IX Item "EVP_des_ede3(), EVP_des_ede3_cbc(), EVP_des_ede3_cfb(), EVP_des_ede3_cfb1(), EVP_des_ede3_cfb8(), EVP_des_ede3_cfb64(), EVP_des_ede3_ecb(), EVP_des_ede3_ofb()" +Three-key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, +\&\s-1CFB\s0 with 8\-bit shift and \s-1OFB\s0 modes. .IP "\fIEVP_des_ede3_wrap()\fR" 4 .IX Item "EVP_des_ede3_wrap()" Triple-DES key wrap according to \s-1RFC 3217\s0 Section 3. @@ -175,7 +175,7 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fIEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/EVP_desx_cbc.3 b/secure/lib/libcrypto/man/EVP_desx_cbc.3 index 7f3a3f57197b..27705c77bb0e 100644 --- a/secure/lib/libcrypto/man/EVP_desx_cbc.3 +++ b/secure/lib/libcrypto/man/EVP_desx_cbc.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DESX_CBC 3" -.TH EVP_DESX_CBC 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_DESX_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_idea_cbc.3 b/secure/lib/libcrypto/man/EVP_idea_cbc.3 index c5d21f18f07f..89baa25db8b7 100644 --- a/secure/lib/libcrypto/man/EVP_idea_cbc.3 +++ b/secure/lib/libcrypto/man/EVP_idea_cbc.3 @@ -129,13 +129,13 @@ .\" ======================================================================== .\" .IX Title "EVP_IDEA_CBC 3" -.TH EVP_IDEA_CBC 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_IDEA_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_idea_cbc, EVP_idea_cfb, EVP_idea_ecb, EVP_idea_ofb \&\- EVP IDEA cipher +EVP_idea_cbc, EVP_idea_cfb, EVP_idea_cfb64, EVP_idea_ecb, EVP_idea_ofb \&\- EVP IDEA cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -143,14 +143,15 @@ EVP_idea_cbc, EVP_idea_cfb, EVP_idea_ecb, EVP_idea_ofb \&\- EVP IDEA cipher \& \& const EVP_CIPHER *EVP_idea_cbc(void) \& const EVP_CIPHER *EVP_idea_cfb(void) +\& const EVP_CIPHER *EVP_idea_cfb64(void) \& const EVP_CIPHER *EVP_idea_ecb(void) \& const EVP_CIPHER *EVP_idea_ofb(void) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1IDEA\s0 encryption algorithm for \s-1EVP.\s0 -.IP "\fIEVP_idea_cbc()\fR, \fIEVP_idea_cfb()\fR, \fIEVP_idea_ecb()\fR, \fIEVP_idea_ofb()\fR" 4 -.IX Item "EVP_idea_cbc(), EVP_idea_cfb(), EVP_idea_ecb(), EVP_idea_ofb()" +.IP "\fIEVP_idea_cbc()\fR, \fIEVP_idea_cfb()\fR, \fIEVP_idea_cfb64()\fR, \fIEVP_idea_ecb()\fR, \fIEVP_idea_ofb()\fR" 4 +.IX Item "EVP_idea_cbc(), EVP_idea_cfb(), EVP_idea_cfb64(), EVP_idea_ecb(), EVP_idea_ofb()" The \s-1IDEA\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -164,7 +165,7 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fIEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/EVP_md2.3 b/secure/lib/libcrypto/man/EVP_md2.3 index 410b7f6cc945..320a29ab19b5 100644 --- a/secure/lib/libcrypto/man/EVP_md2.3 +++ b/secure/lib/libcrypto/man/EVP_md2.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_MD2 3" -.TH EVP_MD2 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_MD2 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_md4.3 b/secure/lib/libcrypto/man/EVP_md4.3 index f878923eba59..b6d3bc78de7c 100644 --- a/secure/lib/libcrypto/man/EVP_md4.3 +++ b/secure/lib/libcrypto/man/EVP_md4.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_MD4 3" -.TH EVP_MD4 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_MD4 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_md5.3 b/secure/lib/libcrypto/man/EVP_md5.3 index 44cb188eea05..0286bf4f67aa 100644 --- a/secure/lib/libcrypto/man/EVP_md5.3 +++ b/secure/lib/libcrypto/man/EVP_md5.3 @@ -129,19 +129,20 @@ .\" ======================================================================== .\" .IX Title "EVP_MD5 3" -.TH EVP_MD5 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_MD5 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_md5 \&\- MD5 For EVP +EVP_md5, EVP_md5_sha1 \&\- MD5 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& \& const EVP_MD *EVP_md5(void); +\& const EVP_MD *EVP_md5_sha1(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/EVP_mdc2.3 b/secure/lib/libcrypto/man/EVP_mdc2.3 index 01b22948af5a..b4b30330b827 100644 --- a/secure/lib/libcrypto/man/EVP_mdc2.3 +++ b/secure/lib/libcrypto/man/EVP_mdc2.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_MDC2 3" -.TH EVP_MDC2 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_MDC2 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_rc2_cbc.3 b/secure/lib/libcrypto/man/EVP_rc2_cbc.3 index 9170d5209041..53bb1c88f100 100644 --- a/secure/lib/libcrypto/man/EVP_rc2_cbc.3 +++ b/secure/lib/libcrypto/man/EVP_rc2_cbc.3 @@ -129,13 +129,13 @@ .\" ======================================================================== .\" .IX Title "EVP_RC2_CBC 3" -.TH EVP_RC2_CBC 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_RC2_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_rc2_cbc, EVP_rc2_cfb, EVP_rc2_ecb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc \&\- EVP RC2 cipher +EVP_rc2_cbc, EVP_rc2_cfb, EVP_rc2_cfb64, EVP_rc2_ecb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc \&\- EVP RC2 cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -143,6 +143,7 @@ EVP_rc2_cbc, EVP_rc2_cfb, EVP_rc2_ecb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_c \& \& const EVP_CIPHER *EVP_rc2_cbc(void) \& const EVP_CIPHER *EVP_rc2_cfb(void) +\& const EVP_CIPHER *EVP_rc2_cfb64(void) \& const EVP_CIPHER *EVP_rc2_ecb(void) \& const EVP_CIPHER *EVP_rc2_ofb(void) \& const EVP_CIPHER *EVP_rc2_40_cbc(void) @@ -151,8 +152,8 @@ EVP_rc2_cbc, EVP_rc2_cfb, EVP_rc2_ecb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_c .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1RC2\s0 encryption algorithm for \s-1EVP.\s0 -.IP "\fIEVP_rc2_cbc()\fR, \fIEVP_rc2_cfb()\fR, \fIEVP_rc2_ecb()\fR, \fIEVP_rc2_ofb()\fR" 4 -.IX Item "EVP_rc2_cbc(), EVP_rc2_cfb(), EVP_rc2_ecb(), EVP_rc2_ofb()" +.IP "\fIEVP_rc2_cbc()\fR, \fIEVP_rc2_cfb()\fR, \fIEVP_rc2_cfb64()\fR, \fIEVP_rc2_ecb()\fR, \fIEVP_rc2_ofb()\fR" 4 +.IX Item "EVP_rc2_cbc(), EVP_rc2_cfb(), EVP_rc2_cfb64(), EVP_rc2_ecb(), EVP_rc2_ofb()" \&\s-1RC2\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length cipher with an additional parameter called \*(L"effective key bits\*(R" or \*(L"effective key length\*(R". By default both are set to 128 bits. @@ -176,7 +177,7 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fIEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/EVP_rc4.3 b/secure/lib/libcrypto/man/EVP_rc4.3 index 733982c50b4f..3d5e6abfef0f 100644 --- a/secure/lib/libcrypto/man/EVP_rc4.3 +++ b/secure/lib/libcrypto/man/EVP_rc4.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_RC4 3" -.TH EVP_RC4 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_RC4 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3 b/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3 index 47b103be323a..cff026382058 100644 --- a/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3 +++ b/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3 @@ -129,13 +129,13 @@ .\" ======================================================================== .\" .IX Title "EVP_RC5_32_12_16_CBC 3" -.TH EVP_RC5_32_12_16_CBC 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_RC5_32_12_16_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_rc5_32_12_16_cbc, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_ofb \&\- EVP RC5 cipher +EVP_rc5_32_12_16_cbc, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_cfb64, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_ofb \&\- EVP RC5 cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -143,14 +143,15 @@ EVP_rc5_32_12_16_cbc, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_ \& \& const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void) \& const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void) \& const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void) \& const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1RC5\s0 encryption algorithm for \s-1EVP.\s0 -.IP "\fIEVP_rc5_32_12_16_cbc()\fR, \fIEVP_rc5_32_12_16_cfb()\fR, \fIEVP_rc5_32_12_16_ecb()\fR, \fIEVP_rc5_32_12_16_ofb()\fR" 4 -.IX Item "EVP_rc5_32_12_16_cbc(), EVP_rc5_32_12_16_cfb(), EVP_rc5_32_12_16_ecb(), EVP_rc5_32_12_16_ofb()" +.IP "\fIEVP_rc5_32_12_16_cbc()\fR, \fIEVP_rc5_32_12_16_cfb()\fR, \fIEVP_rc5_32_12_16_cfb64()\fR, \fIEVP_rc5_32_12_16_ecb()\fR, \fIEVP_rc5_32_12_16_ofb()\fR" 4 +.IX Item "EVP_rc5_32_12_16_cbc(), EVP_rc5_32_12_16_cfb(), EVP_rc5_32_12_16_cfb64(), EVP_rc5_32_12_16_ecb(), EVP_rc5_32_12_16_ofb()" \&\s-1RC5\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length cipher with an additional \*(L"number of rounds\*(R" parameter. By default the key length is set to 128 bits and 12 rounds. @@ -170,7 +171,7 @@ This is a limitation of the current \s-1RC5\s0 code rather than the \s-1EVP\s0 i \&\fIEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/EVP_ripemd160.3 b/secure/lib/libcrypto/man/EVP_ripemd160.3 index ad936f5a4eb6..62a7288df44b 100644 --- a/secure/lib/libcrypto/man/EVP_ripemd160.3 +++ b/secure/lib/libcrypto/man/EVP_ripemd160.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_RIPEMD160 3" -.TH EVP_RIPEMD160 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_RIPEMD160 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_seed_cbc.3 b/secure/lib/libcrypto/man/EVP_seed_cbc.3 index 9ecf5e424811..17c3178bf7a0 100644 --- a/secure/lib/libcrypto/man/EVP_seed_cbc.3 +++ b/secure/lib/libcrypto/man/EVP_seed_cbc.3 @@ -129,13 +129,13 @@ .\" ======================================================================== .\" .IX Title "EVP_SEED_CBC 3" -.TH EVP_SEED_CBC 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_SEED_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_seed_cbc, EVP_seed_cfb, EVP_seed_ecb, EVP_seed_ofb \&\- EVP SEED cipher +EVP_seed_cbc, EVP_seed_cfb, EVP_seed_cfb128, EVP_seed_ecb, EVP_seed_ofb \&\- EVP SEED cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -143,6 +143,7 @@ EVP_seed_cbc, EVP_seed_cfb, EVP_seed_ecb, EVP_seed_ofb \&\- EVP SEED cipher \& \& const EVP_CIPHER *EVP_seed_cbc(void) \& const EVP_CIPHER *EVP_seed_cfb(void) +\& const EVP_CIPHER *EVP_seed_cfb128(void) \& const EVP_CIPHER *EVP_seed_ecb(void) \& const EVP_CIPHER *EVP_seed_ofb(void) .Ve @@ -151,8 +152,8 @@ EVP_seed_cbc, EVP_seed_cfb, EVP_seed_ecb, EVP_seed_ofb \&\- EVP SEED cipher The \s-1SEED\s0 encryption algorithm for \s-1EVP.\s0 .PP All modes below use a key length of 128 bits and acts on blocks of 128\-bits. -.IP "\fIEVP_seed_cbc()\fR, \fIEVP_seed_cfb()\fR, \fIEVP_seed_ecb()\fR, \fIEVP_seed_ofb()\fR" 4 -.IX Item "EVP_seed_cbc(), EVP_seed_cfb(), EVP_seed_ecb(), EVP_seed_ofb()" +.IP "\fIEVP_seed_cbc()\fR, \fIEVP_seed_cfb()\fR, \fIEVP_seed_cfb128()\fR, \fIEVP_seed_ecb()\fR, \fIEVP_seed_ofb()\fR" 4 +.IX Item "EVP_seed_cbc(), EVP_seed_cfb(), EVP_seed_cfb128(), EVP_seed_ecb(), EVP_seed_ofb()" The \s-1SEED\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -166,7 +167,7 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fIEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/EVP_sha1.3 b/secure/lib/libcrypto/man/EVP_sha1.3 index 8b5dbd5544cb..5f5ad182be67 100644 --- a/secure/lib/libcrypto/man/EVP_sha1.3 +++ b/secure/lib/libcrypto/man/EVP_sha1.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SHA1 3" -.TH EVP_SHA1 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_SHA1 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_sha224.3 b/secure/lib/libcrypto/man/EVP_sha224.3 index bc0cd633a711..be2d5054189b 100644 --- a/secure/lib/libcrypto/man/EVP_sha224.3 +++ b/secure/lib/libcrypto/man/EVP_sha224.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SHA224 3" -.TH EVP_SHA224 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_SHA224 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_sha3_224.3 b/secure/lib/libcrypto/man/EVP_sha3_224.3 index f06aeb33ec86..faaaed878a55 100644 --- a/secure/lib/libcrypto/man/EVP_sha3_224.3 +++ b/secure/lib/libcrypto/man/EVP_sha3_224.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SHA3_224 3" -.TH EVP_SHA3_224 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_SHA3_224 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_sm3.3 b/secure/lib/libcrypto/man/EVP_sm3.3 index de51a7ee3cea..b847a97d5321 100644 --- a/secure/lib/libcrypto/man/EVP_sm3.3 +++ b/secure/lib/libcrypto/man/EVP_sm3.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SM3 3" -.TH EVP_SM3 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_SM3 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_sm4_cbc.3 b/secure/lib/libcrypto/man/EVP_sm4_cbc.3 index c229751c2567..da3e22b91cd2 100644 --- a/secure/lib/libcrypto/man/EVP_sm4_cbc.3 +++ b/secure/lib/libcrypto/man/EVP_sm4_cbc.3 @@ -129,13 +129,13 @@ .\" ======================================================================== .\" .IX Title "EVP_SM4_CBC 3" -.TH EVP_SM4_CBC 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_SM4_CBC 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_sm4_cbc, EVP_sm4_ecb, EVP_sm4_cfb, EVP_sm4_ofb, EVP_sm4_ctr \&\- EVP SM4 cipher +EVP_sm4_cbc, EVP_sm4_ecb, EVP_sm4_cfb, EVP_sm4_cfb128, EVP_sm4_ofb, EVP_sm4_ctr \&\- EVP SM4 cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -144,6 +144,7 @@ EVP_sm4_cbc, EVP_sm4_ecb, EVP_sm4_cfb, EVP_sm4_ofb, EVP_sm4_ctr \&\- EVP SM4 cip \& const EVP_CIPHER *EVP_sm4_cbc(void); \& const EVP_CIPHER *EVP_sm4_ecb(void); \& const EVP_CIPHER *EVP_sm4_cfb(void); +\& const EVP_CIPHER *EVP_sm4_cfb128(void); \& const EVP_CIPHER *EVP_sm4_ofb(void); \& const EVP_CIPHER *EVP_sm4_ctr(void); .Ve @@ -152,8 +153,8 @@ EVP_sm4_cbc, EVP_sm4_ecb, EVP_sm4_cfb, EVP_sm4_ofb, EVP_sm4_ctr \&\- EVP SM4 cip The \s-1SM4\s0 blockcipher (\s-1GB/T 32907\-2016\s0) for \s-1EVP.\s0 .PP All modes below use a key length of 128 bits and acts on blocks of 128 bits. -.IP "\fIEVP_sm4_cbc()\fR, \fIEVP_sm4_ecb()\fR, \fIEVP_sm4_cfb()\fR, \fIEVP_sm4_ofb()\fR, \fIEVP_sm4_ctr()\fR" 4 -.IX Item "EVP_sm4_cbc(), EVP_sm4_ecb(), EVP_sm4_cfb(), EVP_sm4_ofb(), EVP_sm4_ctr()" +.IP "\fIEVP_sm4_cbc()\fR, \fIEVP_sm4_ecb()\fR, \fIEVP_sm4_cfb()\fR, \fIEVP_sm4_cfb128()\fR, \fIEVP_sm4_ofb()\fR, \fIEVP_sm4_ctr()\fR" 4 +.IX Item "EVP_sm4_cbc(), EVP_sm4_ecb(), EVP_sm4_cfb(), EVP_sm4_cfb128(), EVP_sm4_ofb(), EVP_sm4_ctr()" The \s-1SM4\s0 blockcipher with a 128\-bit key in \s-1CBC, ECB, CFB, OFB\s0 and \s-1CTR\s0 modes respectively. .SH "RETURN VALUES" diff --git a/secure/lib/libcrypto/man/EVP_whirlpool.3 b/secure/lib/libcrypto/man/EVP_whirlpool.3 index a2252f7ae2ae..e917626b2d67 100644 --- a/secure/lib/libcrypto/man/EVP_whirlpool.3 +++ b/secure/lib/libcrypto/man/EVP_whirlpool.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EVP_WHIRLPOOL 3" -.TH EVP_WHIRLPOOL 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH EVP_WHIRLPOOL 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/HMAC.3 b/secure/lib/libcrypto/man/HMAC.3 index 9adae29614f4..39577fc8ee77 100644 --- a/secure/lib/libcrypto/man/HMAC.3 +++ b/secure/lib/libcrypto/man/HMAC.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "HMAC 3" -.TH HMAC 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH HMAC 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/MD5.3 b/secure/lib/libcrypto/man/MD5.3 index 7631af9ffc5f..1d5411b3621e 100644 --- a/secure/lib/libcrypto/man/MD5.3 +++ b/secure/lib/libcrypto/man/MD5.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "MD5 3" -.TH MD5 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH MD5 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/MDC2_Init.3 b/secure/lib/libcrypto/man/MDC2_Init.3 index 119712899d7e..25aadc30f378 100644 --- a/secure/lib/libcrypto/man/MDC2_Init.3 +++ b/secure/lib/libcrypto/man/MDC2_Init.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "MDC2_INIT 3" -.TH MDC2_INIT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH MDC2_INIT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3 index a54cae475539..ebf38334c646 100644 --- a/secure/lib/libcrypto/man/OBJ_nid2obj.3 +++ b/secure/lib/libcrypto/man/OBJ_nid2obj.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OBJ_NID2OBJ 3" -.TH OBJ_NID2OBJ 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OBJ_NID2OBJ 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OCSP_REQUEST_new.3 b/secure/lib/libcrypto/man/OCSP_REQUEST_new.3 index 620533683fb9..da08771450f5 100644 --- a/secure/lib/libcrypto/man/OCSP_REQUEST_new.3 +++ b/secure/lib/libcrypto/man/OCSP_REQUEST_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_REQUEST_NEW 3" -.TH OCSP_REQUEST_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OCSP_REQUEST_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OCSP_cert_to_id.3 b/secure/lib/libcrypto/man/OCSP_cert_to_id.3 index 4e4ac66e164f..941b1a538a82 100644 --- a/secure/lib/libcrypto/man/OCSP_cert_to_id.3 +++ b/secure/lib/libcrypto/man/OCSP_cert_to_id.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_CERT_TO_ID 3" -.TH OCSP_CERT_TO_ID 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OCSP_CERT_TO_ID 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3 b/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3 index 9ff3a02a3a0d..b04578abd115 100644 --- a/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3 +++ b/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_REQUEST_ADD1_NONCE 3" -.TH OCSP_REQUEST_ADD1_NONCE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OCSP_REQUEST_ADD1_NONCE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OCSP_resp_find_status.3 b/secure/lib/libcrypto/man/OCSP_resp_find_status.3 index 19a51f9edad2..8cfea7b49cbb 100644 --- a/secure/lib/libcrypto/man/OCSP_resp_find_status.3 +++ b/secure/lib/libcrypto/man/OCSP_resp_find_status.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_RESP_FIND_STATUS 3" -.TH OCSP_RESP_FIND_STATUS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OCSP_RESP_FIND_STATUS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OCSP_response_status.3 b/secure/lib/libcrypto/man/OCSP_response_status.3 index 04eea9e08cc3..3d009243efde 100644 --- a/secure/lib/libcrypto/man/OCSP_response_status.3 +++ b/secure/lib/libcrypto/man/OCSP_response_status.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_RESPONSE_STATUS 3" -.TH OCSP_RESPONSE_STATUS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OCSP_RESPONSE_STATUS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OCSP_sendreq_new.3 b/secure/lib/libcrypto/man/OCSP_sendreq_new.3 index 6c0f4a29a598..f9ced2b33318 100644 --- a/secure/lib/libcrypto/man/OCSP_sendreq_new.3 +++ b/secure/lib/libcrypto/man/OCSP_sendreq_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_SENDREQ_NEW 3" -.TH OCSP_SENDREQ_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OCSP_SENDREQ_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/OPENSSL_Applink.3 index 290f073e3d65..ce0cc47b669e 100644 --- a/secure/lib/libcrypto/man/OPENSSL_Applink.3 +++ b/secure/lib/libcrypto/man/OPENSSL_Applink.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_APPLINK 3" -.TH OPENSSL_APPLINK 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OPENSSL_APPLINK 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3 b/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3 index 6a7afab98199..22196785dc6e 100644 --- a/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3 +++ b/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_LH_COMPFUNC 3" -.TH OPENSSL_LH_COMPFUNC 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OPENSSL_LH_COMPFUNC 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_LH_stats.3 b/secure/lib/libcrypto/man/OPENSSL_LH_stats.3 index 046ed77c40e2..ed702af8995b 100644 --- a/secure/lib/libcrypto/man/OPENSSL_LH_stats.3 +++ b/secure/lib/libcrypto/man/OPENSSL_LH_stats.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_LH_STATS 3" -.TH OPENSSL_LH_STATS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OPENSSL_LH_STATS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 index 15dd9bb41305..dac17925003a 100644 --- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 +++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 @@ -129,18 +129,19 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_VERSION_NUMBER 3" -.TH OPENSSL_VERSION_NUMBER 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OPENSSL_VERSION_NUMBER 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OPENSSL_VERSION_NUMBER, OpenSSL_version, OpenSSL_version_num \- get OpenSSL version number +OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, OpenSSL_version, OpenSSL_version_num \- get OpenSSL version number .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 2 +.Vb 3 \& #include <openssl/opensslv.h> \& #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL +\& #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx" \& \& #include <openssl/crypto.h> \& @@ -185,6 +186,10 @@ Version 0.9.5a had an interim interpretation that is like the current one, except the patch level got the highest bit set, to keep continuity. The number was therefore 0x0090581f. .PP +\&\s-1OPENSSL_VERSION_TEXT\s0 is the text variant of the version number and the +release date. For example, +\&\*(L"OpenSSL 1.0.1a 15 Oct 2015\*(R". +.PP \&\fIOpenSSL_version_num()\fR returns the version number. .PP \&\fIOpenSSL_version()\fR returns different strings depending on \fBt\fR: diff --git a/secure/lib/libcrypto/man/OPENSSL_config.3 b/secure/lib/libcrypto/man/OPENSSL_config.3 index 1e204d2513ee..b8ddbb75bd05 100644 --- a/secure/lib/libcrypto/man/OPENSSL_config.3 +++ b/secure/lib/libcrypto/man/OPENSSL_config.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_CONFIG 3" -.TH OPENSSL_CONFIG 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OPENSSL_CONFIG 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3 b/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3 index 0394250a3492..43570681170b 100644 --- a/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3 +++ b/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_FORK_PREPARE 3" -.TH OPENSSL_FORK_PREPARE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OPENSSL_FORK_PREPARE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 index c39c75306be0..70a719d9e8e4 100644 --- a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 +++ b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_IA32CAP 3" -.TH OPENSSL_IA32CAP 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OPENSSL_IA32CAP 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_init_crypto.3 b/secure/lib/libcrypto/man/OPENSSL_init_crypto.3 index 867ecbfb99ee..a9ab73523a75 100644 --- a/secure/lib/libcrypto/man/OPENSSL_init_crypto.3 +++ b/secure/lib/libcrypto/man/OPENSSL_init_crypto.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_INIT_CRYPTO 3" -.TH OPENSSL_INIT_CRYPTO 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OPENSSL_INIT_CRYPTO 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_init_ssl.3 b/secure/lib/libcrypto/man/OPENSSL_init_ssl.3 index 1773c4e32a8a..63e8ce8d0284 100644 --- a/secure/lib/libcrypto/man/OPENSSL_init_ssl.3 +++ b/secure/lib/libcrypto/man/OPENSSL_init_ssl.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_INIT_SSL 3" -.TH OPENSSL_INIT_SSL 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OPENSSL_INIT_SSL 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 b/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 index adf2c1f98009..d52c46d84496 100644 --- a/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 +++ b/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_INSTRUMENT_BUS 3" -.TH OPENSSL_INSTRUMENT_BUS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OPENSSL_INSTRUMENT_BUS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 index d2ee30558351..90bb0d59443b 100644 --- a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 +++ b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_LOAD_BUILTIN_MODULES 3" -.TH OPENSSL_LOAD_BUILTIN_MODULES 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OPENSSL_LOAD_BUILTIN_MODULES 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_malloc.3 b/secure/lib/libcrypto/man/OPENSSL_malloc.3 index 2b4eb737a8f4..9cbc74b03973 100644 --- a/secure/lib/libcrypto/man/OPENSSL_malloc.3 +++ b/secure/lib/libcrypto/man/OPENSSL_malloc.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_MALLOC 3" -.TH OPENSSL_MALLOC 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OPENSSL_MALLOC 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3 b/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3 index 4c4abc2dbf8d..90dbb3eaa0ef 100644 --- a/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3 +++ b/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_SECURE_MALLOC 3" -.TH OPENSSL_SECURE_MALLOC 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OPENSSL_SECURE_MALLOC 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OSSL_STORE_INFO.3 b/secure/lib/libcrypto/man/OSSL_STORE_INFO.3 index d8122b541876..c27173cc8445 100644 --- a/secure/lib/libcrypto/man/OSSL_STORE_INFO.3 +++ b/secure/lib/libcrypto/man/OSSL_STORE_INFO.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OSSL_STORE_INFO 3" -.TH OSSL_STORE_INFO 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OSSL_STORE_INFO 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3 b/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3 index e9138440ed17..364a26e7fd0f 100644 --- a/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3 +++ b/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OSSL_STORE_LOADER 3" -.TH OSSL_STORE_LOADER 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OSSL_STORE_LOADER 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3 b/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3 index bd1a074f9b95..de76cb4da4ca 100644 --- a/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3 +++ b/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OSSL_STORE_SEARCH 3" -.TH OSSL_STORE_SEARCH 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OSSL_STORE_SEARCH 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OSSL_STORE_expect.3 b/secure/lib/libcrypto/man/OSSL_STORE_expect.3 index ca66429a5a05..862eec1a2d0c 100644 --- a/secure/lib/libcrypto/man/OSSL_STORE_expect.3 +++ b/secure/lib/libcrypto/man/OSSL_STORE_expect.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OSSL_STORE_EXPECT 3" -.TH OSSL_STORE_EXPECT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OSSL_STORE_EXPECT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OSSL_STORE_open.3 b/secure/lib/libcrypto/man/OSSL_STORE_open.3 index fba9b487bb23..c4ff3d98033d 100644 --- a/secure/lib/libcrypto/man/OSSL_STORE_open.3 +++ b/secure/lib/libcrypto/man/OSSL_STORE_open.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OSSL_STORE_OPEN 3" -.TH OSSL_STORE_OPEN 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OSSL_STORE_OPEN 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 index 0f25b2c3aa2c..f6a995dd0d28 100644 --- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 +++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_ADD_ALL_ALGORITHMS 3" -.TH OPENSSL_ADD_ALL_ALGORITHMS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH OPENSSL_ADD_ALL_ALGORITHMS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PEM_bytes_read_bio.3 b/secure/lib/libcrypto/man/PEM_bytes_read_bio.3 index 1932fc96895d..4fe265e43628 100644 --- a/secure/lib/libcrypto/man/PEM_bytes_read_bio.3 +++ b/secure/lib/libcrypto/man/PEM_bytes_read_bio.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PEM_BYTES_READ_BIO 3" -.TH PEM_BYTES_READ_BIO 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH PEM_BYTES_READ_BIO 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PEM_read.3 b/secure/lib/libcrypto/man/PEM_read.3 index 06629ae79f11..3b2e4ca7999d 100644 --- a/secure/lib/libcrypto/man/PEM_read.3 +++ b/secure/lib/libcrypto/man/PEM_read.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PEM_READ 3" -.TH PEM_READ 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH PEM_READ 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PEM_read_CMS.3 b/secure/lib/libcrypto/man/PEM_read_CMS.3 index 19ddf0abf721..0b7025462710 100644 --- a/secure/lib/libcrypto/man/PEM_read_CMS.3 +++ b/secure/lib/libcrypto/man/PEM_read_CMS.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PEM_READ_CMS 3" -.TH PEM_READ_CMS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH PEM_READ_CMS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 b/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 index d92e16102802..64fe76216b07 100644 --- a/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 +++ b/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PEM_READ_BIO_PRIVATEKEY 3" -.TH PEM_READ_BIO_PRIVATEKEY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH PEM_READ_BIO_PRIVATEKEY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PEM_read_bio_ex.3 b/secure/lib/libcrypto/man/PEM_read_bio_ex.3 index c78039d1e7b8..6f46e1ce8739 100644 --- a/secure/lib/libcrypto/man/PEM_read_bio_ex.3 +++ b/secure/lib/libcrypto/man/PEM_read_bio_ex.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PEM_READ_BIO_EX 3" -.TH PEM_READ_BIO_EX 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH PEM_READ_BIO_EX 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 index 505c82856e0d..775c06d9e809 100644 --- a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 +++ b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PEM_WRITE_BIO_CMS_STREAM 3" -.TH PEM_WRITE_BIO_CMS_STREAM 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH PEM_WRITE_BIO_CMS_STREAM 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 index 0a82dbce5e7b..96f4da397d53 100644 --- a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 +++ b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PEM_WRITE_BIO_PKCS7_STREAM 3" -.TH PEM_WRITE_BIO_PKCS7_STREAM 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH PEM_WRITE_BIO_PKCS7_STREAM 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS12_create.3 b/secure/lib/libcrypto/man/PKCS12_create.3 index 7e7f2e93af3c..d5208f248e16 100644 --- a/secure/lib/libcrypto/man/PKCS12_create.3 +++ b/secure/lib/libcrypto/man/PKCS12_create.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_CREATE 3" -.TH PKCS12_CREATE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH PKCS12_CREATE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS12_newpass.3 b/secure/lib/libcrypto/man/PKCS12_newpass.3 index a071f4e529dd..23df18be57ef 100644 --- a/secure/lib/libcrypto/man/PKCS12_newpass.3 +++ b/secure/lib/libcrypto/man/PKCS12_newpass.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_NEWPASS 3" -.TH PKCS12_NEWPASS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH PKCS12_NEWPASS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS12_parse.3 b/secure/lib/libcrypto/man/PKCS12_parse.3 index 4c25a06bcc6b..7af5dcad7b88 100644 --- a/secure/lib/libcrypto/man/PKCS12_parse.3 +++ b/secure/lib/libcrypto/man/PKCS12_parse.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_PARSE 3" -.TH PKCS12_PARSE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH PKCS12_PARSE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 b/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 index 470059523945..af7c4bfad045 100644 --- a/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 +++ b/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS5_PBKDF2_HMAC 3" -.TH PKCS5_PBKDF2_HMAC 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH PKCS5_PBKDF2_HMAC 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3 index f19550300964..a9b155bedb6f 100644 --- a/secure/lib/libcrypto/man/PKCS7_decrypt.3 +++ b/secure/lib/libcrypto/man/PKCS7_decrypt.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_DECRYPT 3" -.TH PKCS7_DECRYPT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH PKCS7_DECRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3 index 4c9d21a377cc..f5c17ca0f8fd 100644 --- a/secure/lib/libcrypto/man/PKCS7_encrypt.3 +++ b/secure/lib/libcrypto/man/PKCS7_encrypt.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_ENCRYPT 3" -.TH PKCS7_ENCRYPT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH PKCS7_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3 index 7f5ec452c7b4..afda2274adf1 100644 --- a/secure/lib/libcrypto/man/PKCS7_sign.3 +++ b/secure/lib/libcrypto/man/PKCS7_sign.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_SIGN 3" -.TH PKCS7_SIGN 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH PKCS7_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 index cf409349f5eb..0d40e8d2ecd7 100644 --- a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 +++ b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_SIGN_ADD_SIGNER 3" -.TH PKCS7_SIGN_ADD_SIGNER 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH PKCS7_SIGN_ADD_SIGNER 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3 index 232a5ce4ec52..868d79ae0f44 100644 --- a/secure/lib/libcrypto/man/PKCS7_verify.3 +++ b/secure/lib/libcrypto/man/PKCS7_verify.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_VERIFY 3" -.TH PKCS7_VERIFY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH PKCS7_VERIFY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_DRBG_generate.3 b/secure/lib/libcrypto/man/RAND_DRBG_generate.3 index dabf2b31a960..a1101afbc192 100644 --- a/secure/lib/libcrypto/man/RAND_DRBG_generate.3 +++ b/secure/lib/libcrypto/man/RAND_DRBG_generate.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG_GENERATE 3" -.TH RAND_DRBG_GENERATE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RAND_DRBG_GENERATE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3 b/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3 index c7bf5705f836..6fcaaa0f5cc2 100644 --- a/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3 +++ b/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG_GET0_MASTER 3" -.TH RAND_DRBG_GET0_MASTER 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RAND_DRBG_GET0_MASTER 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_DRBG_new.3 b/secure/lib/libcrypto/man/RAND_DRBG_new.3 index 6ec4442a0055..93ca440b6e30 100644 --- a/secure/lib/libcrypto/man/RAND_DRBG_new.3 +++ b/secure/lib/libcrypto/man/RAND_DRBG_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG_NEW 3" -.TH RAND_DRBG_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RAND_DRBG_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_DRBG_reseed.3 b/secure/lib/libcrypto/man/RAND_DRBG_reseed.3 index 9051034cb74e..1c8f749a53ff 100644 --- a/secure/lib/libcrypto/man/RAND_DRBG_reseed.3 +++ b/secure/lib/libcrypto/man/RAND_DRBG_reseed.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG_RESEED 3" -.TH RAND_DRBG_RESEED 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RAND_DRBG_RESEED 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3 b/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3 index 72ea7fe627d8..b5d719474c21 100644 --- a/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3 +++ b/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG_SET_CALLBACKS 3" -.TH RAND_DRBG_SET_CALLBACKS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RAND_DRBG_SET_CALLBACKS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3 b/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3 index 8c8ffe3c8835..9d84913116cf 100644 --- a/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3 +++ b/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND_DRBG_SET_EX_DATA 3" -.TH RAND_DRBG_SET_EX_DATA 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RAND_DRBG_SET_EX_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3 index 4e83e27e56c2..f4cf81708951 100644 --- a/secure/lib/libcrypto/man/RAND_add.3 +++ b/secure/lib/libcrypto/man/RAND_add.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND_ADD 3" -.TH RAND_ADD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RAND_ADD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3 index 31d105e41d25..fb76e6e4197c 100644 --- a/secure/lib/libcrypto/man/RAND_bytes.3 +++ b/secure/lib/libcrypto/man/RAND_bytes.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND_BYTES 3" -.TH RAND_BYTES 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RAND_BYTES 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3 index 4eb523011e9d..23fa80491309 100644 --- a/secure/lib/libcrypto/man/RAND_cleanup.3 +++ b/secure/lib/libcrypto/man/RAND_cleanup.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND_CLEANUP 3" -.TH RAND_CLEANUP 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RAND_CLEANUP 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3 index 15971f5edd22..45a93c7e4fba 100644 --- a/secure/lib/libcrypto/man/RAND_egd.3 +++ b/secure/lib/libcrypto/man/RAND_egd.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND_EGD 3" -.TH RAND_EGD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RAND_EGD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3 index aa464b4a3b12..a641b5139bac 100644 --- a/secure/lib/libcrypto/man/RAND_load_file.3 +++ b/secure/lib/libcrypto/man/RAND_load_file.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND_LOAD_FILE 3" -.TH RAND_LOAD_FILE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RAND_LOAD_FILE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3 index 6f9519751fb8..f6356d8cdd0b 100644 --- a/secure/lib/libcrypto/man/RAND_set_rand_method.3 +++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND_SET_RAND_METHOD 3" -.TH RAND_SET_RAND_METHOD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RAND_SET_RAND_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RC4_set_key.3 b/secure/lib/libcrypto/man/RC4_set_key.3 index fd2ffe802b9d..52dd5304c746 100644 --- a/secure/lib/libcrypto/man/RC4_set_key.3 +++ b/secure/lib/libcrypto/man/RC4_set_key.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RC4_SET_KEY 3" -.TH RC4_SET_KEY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RC4_SET_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RIPEMD160_Init.3 b/secure/lib/libcrypto/man/RIPEMD160_Init.3 index 6bc90df40ef0..1ef72f6feebe 100644 --- a/secure/lib/libcrypto/man/RIPEMD160_Init.3 +++ b/secure/lib/libcrypto/man/RIPEMD160_Init.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RIPEMD160_INIT 3" -.TH RIPEMD160_INIT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RIPEMD160_INIT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3 index 585d04b217ca..7fe189e9ecfb 100644 --- a/secure/lib/libcrypto/man/RSA_blinding_on.3 +++ b/secure/lib/libcrypto/man/RSA_blinding_on.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_BLINDING_ON 3" -.TH RSA_BLINDING_ON 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RSA_BLINDING_ON 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3 index fa672b34c02d..ab5d5996727a 100644 --- a/secure/lib/libcrypto/man/RSA_check_key.3 +++ b/secure/lib/libcrypto/man/RSA_check_key.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_CHECK_KEY 3" -.TH RSA_CHECK_KEY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RSA_CHECK_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3 index 318f71f0f621..be0645f9501d 100644 --- a/secure/lib/libcrypto/man/RSA_generate_key.3 +++ b/secure/lib/libcrypto/man/RSA_generate_key.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_GENERATE_KEY 3" -.TH RSA_GENERATE_KEY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RSA_GENERATE_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_get0_key.3 b/secure/lib/libcrypto/man/RSA_get0_key.3 index 606759847089..0bef85e6acb9 100644 --- a/secure/lib/libcrypto/man/RSA_get0_key.3 +++ b/secure/lib/libcrypto/man/RSA_get0_key.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_GET0_KEY 3" -.TH RSA_GET0_KEY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RSA_GET0_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_meth_new.3 b/secure/lib/libcrypto/man/RSA_meth_new.3 index b5e3cf95bd8d..3445b19e4911 100644 --- a/secure/lib/libcrypto/man/RSA_meth_new.3 +++ b/secure/lib/libcrypto/man/RSA_meth_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_METH_NEW 3" -.TH RSA_METH_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RSA_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -185,10 +185,10 @@ RSA_meth_get0_app_data, RSA_meth_set0_app_data, RSA_meth_new, RSA_meth_free, RSA \& unsigned char *to, RSA *rsa, int padding)); \& \& /* Can be null */ -\& int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *I, +\& int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i, \& RSA *rsa, BN_CTX *ctx); \& int RSA_meth_set_mod_exp(RSA_METHOD *rsa, -\& int (*mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa, +\& int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa, \& BN_CTX *ctx)); \& \& /* Can be null */ diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3 index 7acaf4648323..16e72fe5d19e 100644 --- a/secure/lib/libcrypto/man/RSA_new.3 +++ b/secure/lib/libcrypto/man/RSA_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_NEW 3" -.TH RSA_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RSA_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 index b1367e10a0fd..70f2a885ca2c 100644 --- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 +++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_PADDING_ADD_PKCS1_TYPE_1 3" -.TH RSA_PADDING_ADD_PKCS1_TYPE_1 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RSA_PADDING_ADD_PKCS1_TYPE_1 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3 index 2c3eeb18729a..585b9d9d8507 100644 --- a/secure/lib/libcrypto/man/RSA_print.3 +++ b/secure/lib/libcrypto/man/RSA_print.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_PRINT 3" -.TH RSA_PRINT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RSA_PRINT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3 index 76cbc67fefad..1b5871725503 100644 --- a/secure/lib/libcrypto/man/RSA_private_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_PRIVATE_ENCRYPT 3" -.TH RSA_PRIVATE_ENCRYPT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RSA_PRIVATE_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3 index 7cc0df4a73f9..157cc7c3e7f5 100644 --- a/secure/lib/libcrypto/man/RSA_public_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_PUBLIC_ENCRYPT 3" -.TH RSA_PUBLIC_ENCRYPT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RSA_PUBLIC_ENCRYPT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3 index 296566a07d0d..ef1605b5d5d0 100644 --- a/secure/lib/libcrypto/man/RSA_set_method.3 +++ b/secure/lib/libcrypto/man/RSA_set_method.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_SET_METHOD 3" -.TH RSA_SET_METHOD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RSA_SET_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3 index be0e26fbbd0f..763e92bd919c 100644 --- a/secure/lib/libcrypto/man/RSA_sign.3 +++ b/secure/lib/libcrypto/man/RSA_sign.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_SIGN 3" -.TH RSA_SIGN 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RSA_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 index 214f1666b1ea..c691ada572fb 100644 --- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 +++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_SIGN_ASN1_OCTET_STRING 3" -.TH RSA_SIGN_ASN1_OCTET_STRING 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RSA_SIGN_ASN1_OCTET_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3 index 3cd8cce07433..5167e4cd7240 100644 --- a/secure/lib/libcrypto/man/RSA_size.3 +++ b/secure/lib/libcrypto/man/RSA_size.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA_SIZE 3" -.TH RSA_SIZE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH RSA_SIZE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SCT_new.3 b/secure/lib/libcrypto/man/SCT_new.3 index 0f6978ec860f..e5cf84c6cb47 100644 --- a/secure/lib/libcrypto/man/SCT_new.3 +++ b/secure/lib/libcrypto/man/SCT_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SCT_NEW 3" -.TH SCT_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SCT_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SCT_print.3 b/secure/lib/libcrypto/man/SCT_print.3 index f8b44dfe440b..9dbd759b9d6d 100644 --- a/secure/lib/libcrypto/man/SCT_print.3 +++ b/secure/lib/libcrypto/man/SCT_print.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SCT_PRINT 3" -.TH SCT_PRINT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SCT_PRINT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SCT_validate.3 b/secure/lib/libcrypto/man/SCT_validate.3 index ef0676f1c543..41496d14010a 100644 --- a/secure/lib/libcrypto/man/SCT_validate.3 +++ b/secure/lib/libcrypto/man/SCT_validate.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SCT_VALIDATE 3" -.TH SCT_VALIDATE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SCT_VALIDATE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SHA256_Init.3 b/secure/lib/libcrypto/man/SHA256_Init.3 index 4e6ab489dcc4..bf295354d499 100644 --- a/secure/lib/libcrypto/man/SHA256_Init.3 +++ b/secure/lib/libcrypto/man/SHA256_Init.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SHA256_INIT 3" -.TH SHA256_INIT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SHA256_INIT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_read_CMS.3 b/secure/lib/libcrypto/man/SMIME_read_CMS.3 index 560d5b2d1aeb..83184937f4c1 100644 --- a/secure/lib/libcrypto/man/SMIME_read_CMS.3 +++ b/secure/lib/libcrypto/man/SMIME_read_CMS.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_READ_CMS 3" -.TH SMIME_READ_CMS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SMIME_READ_CMS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 index 3df09a1d1326..013289bb6f81 100644 --- a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_READ_PKCS7 3" -.TH SMIME_READ_PKCS7 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SMIME_READ_PKCS7 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_write_CMS.3 b/secure/lib/libcrypto/man/SMIME_write_CMS.3 index 062bbf08405b..49e124a9d0d1 100644 --- a/secure/lib/libcrypto/man/SMIME_write_CMS.3 +++ b/secure/lib/libcrypto/man/SMIME_write_CMS.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_WRITE_CMS 3" -.TH SMIME_WRITE_CMS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SMIME_WRITE_CMS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 index 71d3fecdd42c..7a843bc61223 100644 --- a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_WRITE_PKCS7 3" -.TH SMIME_WRITE_PKCS7 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SMIME_WRITE_PKCS7 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 b/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 index e9dd4e26e91b..90a95a070d35 100644 --- a/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 +++ b/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CIPHER_GET_NAME 3" -.TH SSL_CIPHER_GET_NAME 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CIPHER_GET_NAME 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 b/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 index 0b887ecf51de..ae8786b32a89 100644 --- a/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 +++ b/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_COMP_ADD_COMPRESSION_METHOD 3" -.TH SSL_COMP_ADD_COMPRESSION_METHOD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_COMP_ADD_COMPRESSION_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3 b/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3 index 2b4699141b5d..dc50129f473c 100644 --- a/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3 +++ b/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_NEW 3" -.TH SSL_CONF_CTX_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CONF_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3 b/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3 index 11e63ea14e7a..fff09f5370e0 100644 --- a/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3 +++ b/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_SET1_PREFIX 3" -.TH SSL_CONF_CTX_SET1_PREFIX 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CONF_CTX_SET1_PREFIX 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3 b/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3 index 2cdf6f4c54a5..7046c34de88d 100644 --- a/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3 +++ b/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_SET_FLAGS 3" -.TH SSL_CONF_CTX_SET_FLAGS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CONF_CTX_SET_FLAGS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3 b/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3 index 6aa4cc6c4de2..872517d5cebe 100644 --- a/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3 +++ b/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_SET_SSL_CTX 3" -.TH SSL_CONF_CTX_SET_SSL_CTX 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CONF_CTX_SET_SSL_CTX 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CONF_cmd.3 b/secure/lib/libcrypto/man/SSL_CONF_cmd.3 index 13cfaf4df528..d745d7df00a2 100644 --- a/secure/lib/libcrypto/man/SSL_CONF_cmd.3 +++ b/secure/lib/libcrypto/man/SSL_CONF_cmd.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CMD 3" -.TH SSL_CONF_CMD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CONF_CMD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3 b/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3 index 2f7e743c6bc2..c7e9c0686136 100644 --- a/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3 +++ b/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONF_CMD_ARGV 3" -.TH SSL_CONF_CMD_ARGV 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CONF_CMD_ARGV 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 b/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 index 7fbcfcd53b59..32db6fde693c 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ADD1_CHAIN_CERT 3" -.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 index 55f3385ed928..f3034c420fa8 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ADD_EXTRA_CHAIN_CERT 3" -.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_add_session.3 b/secure/lib/libcrypto/man/SSL_CTX_add_session.3 index dc84e47bec6d..ad454f0a5a5c 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_add_session.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_add_session.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ADD_SESSION 3" -.TH SSL_CTX_ADD_SESSION 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_ADD_SESSION 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_config.3 b/secure/lib/libcrypto/man/SSL_CTX_config.3 index a91b29fa7895..b6752c882c61 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_config.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_config.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_CONFIG 3" -.TH SSL_CTX_CONFIG 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_CONFIG 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 b/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 index 7828110afdd5..9b6b27b93705 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_CTRL 3" -.TH SSL_CTX_CTRL 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_CTRL 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3 b/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3 index 6d202193c53b..c9b83008cc63 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_DANE_ENABLE 3" -.TH SSL_CTX_DANE_ENABLE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_DANE_ENABLE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 b/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 index 801f3a5c1052..8d4509a7be52 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_FLUSH_SESSIONS 3" -.TH SSL_CTX_FLUSH_SESSIONS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_FLUSH_SESSIONS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_free.3 b/secure/lib/libcrypto/man/SSL_CTX_free.3 index 6ee95bb2f406..702b9af168f6 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_free.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_free.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_FREE 3" -.TH SSL_CTX_FREE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_FREE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_get0_param.3 b/secure/lib/libcrypto/man/SSL_CTX_get0_param.3 index 4c432b051d2c..94f0d5d1747e 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_get0_param.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_get0_param.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_GET0_PARAM 3" -.TH SSL_CTX_GET0_PARAM 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_GET0_PARAM 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 index 58712af30ebe..c0cdcfcaafde 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_GET_VERIFY_MODE 3" -.TH SSL_CTX_GET_VERIFY_MODE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_GET_VERIFY_MODE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3 b/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3 index 4919f7c677b2..4fee378010d7 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3" -.TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 index 84ce4a7a06c2..83fd67e9fa90 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_LOAD_VERIFY_LOCATIONS 3" -.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_new.3 b/secure/lib/libcrypto/man/SSL_CTX_new.3 index 1c19dfefeda1..ae7108110c86 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_new.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_NEW 3" -.TH SSL_CTX_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 index fa42c623dfcf..24f80480844f 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SESS_NUMBER 3" -.TH SSL_CTX_SESS_NUMBER 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SESS_NUMBER 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 index 73c3082d128e..1e21c15ffa3a 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SESS_SET_CACHE_SIZE 3" -.TH SSL_CTX_SESS_SET_CACHE_SIZE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SESS_SET_CACHE_SIZE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 index d316e9dbd1b0..87db05672f8e 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SESS_SET_GET_CB 3" -.TH SSL_CTX_SESS_SET_GET_CB 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SESS_SET_GET_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_sessions.3 b/secure/lib/libcrypto/man/SSL_CTX_sessions.3 index 3b2fe65f2786..58cc0874978f 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_sessions.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_sessions.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SESSIONS 3" -.TH SSL_CTX_SESSIONS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SESSIONS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 index f27981bca0c3..b472fd76f94e 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 @@ -129,18 +129,25 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET0_CA_LIST 3" -.TH SSL_CTX_SET0_CA_LIST 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET0_CA_LIST 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_set0_CA_list, SSL_CTX_set0_CA_list, SSL_get0_CA_list, SSL_CTX_get0_CA_list, SSL_add1_to_CA_list, SSL_CTX_add1_to_CA_list, SSL_get0_peer_CA_list \- get or set CA list +SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_get_client_CA_list, SSL_CTX_get_client_CA_list, SSL_CTX_add_client_CA, SSL_add_client_CA, SSL_set0_CA_list, SSL_CTX_set0_CA_list, SSL_get0_CA_list, SSL_CTX_get0_CA_list, SSL_add1_to_CA_list, SSL_CTX_add1_to_CA_list, SSL_get0_peer_CA_list \&\- get or set CA list .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& +\& void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); +\& void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); +\& STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +\& STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); +\& int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); +\& int SSL_add_client_CA(SSL *ssl, X509 *cacert); +\& \& void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); \& void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); \& const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); @@ -152,6 +159,70 @@ SSL_set0_CA_list, SSL_CTX_set0_CA_list, SSL_get0_CA_list, SSL_CTX_get0_CA_list, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +The functions described here set and manage the list of \s-1CA\s0 names that are sent +between two communicating peers. +.PP +For \s-1TLS\s0 versions 1.2 and earlier the list of \s-1CA\s0 names is only sent from the +server to the client when requesting a client certificate. So any list of \s-1CA\s0 +names set is never sent from client to server and the list of \s-1CA\s0 names retrieved +by \fISSL_get0_peer_CA_list()\fR is always \fB\s-1NULL\s0\fR. +.PP +For \s-1TLS 1.3\s0 the list of \s-1CA\s0 names is sent using the \fBcertificate_authorities\fR +extension and may be sent by a client (in the ClientHello message) or by +a server (when requesting a certificate). +.PP +In most cases it is not necessary to set \s-1CA\s0 names on the client side. The list +of \s-1CA\s0 names that are acceptable to the client will be sent in plaintext to the +server. This has privacy implications and may also have performance implications +if the list is large. This optional capability was introduced as part of TLSv1.3 +and therefore setting \s-1CA\s0 names on the client side will have no impact if that +protocol version has been disabled. Most servers do not need this and so this +should be avoided unless required. +.PP +The \*(L"client \s-1CA\s0 list\*(R" functions below only have an effect when called on the +server side. +.PP +\&\fISSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +requesting a client certificate for \fBctx\fR. Ownership of \fBlist\fR is transferred +to \fBctx\fR and it should not be freed by the caller. +.PP +\&\fISSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +requesting a client certificate for the chosen \fBssl\fR, overriding the +setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. Ownership of \fBlist\fR is transferred +to \fBs\fR and it should not be freed by the caller. +.PP +\&\fISSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for +\&\fBctx\fR using \fISSL_CTX_set_client_CA_list()\fR. The returned list should not be freed +by the caller. +.PP +\&\fISSL_get_client_CA_list()\fR returns the list of client CAs explicitly +set for \fBssl\fR using \fISSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with +\&\fISSL_CTX_set_client_CA_list()\fR, when in server mode. In client mode, +SSL_get_client_CA_list returns the list of client CAs sent from the server, if +any. The returned list should not be freed by the caller. +.PP +\&\fISSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +list of CAs sent to the client when requesting a client certificate for +\&\fBctx\fR. +.PP +\&\fISSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +list of CAs sent to the client when requesting a client certificate for +the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. +.PP +\&\fISSL_get0_peer_CA_list()\fR retrieves the list of \s-1CA\s0 names (if any) the peer +has sent. This can be called on either the server or the client side. The +returned list should not be freed by the caller. +.PP +The \*(L"generic \s-1CA\s0 list\*(R" functions below are very similar to the \*(L"client \s-1CA\s0 +list\*(R" functions except that they have an effect on both the server and client +sides. The lists of \s-1CA\s0 names managed are separate \- so you cannot (for example) +set \s-1CA\s0 names using the \*(L"client \s-1CA\s0 list\*(R" functions and then get them using the +\&\*(L"generic \s-1CA\s0 list\*(R" functions. Where a mix of the two types of functions has been +used on the server side then the \*(L"client \s-1CA\s0 list\*(R" functions take precedence. +Typically, on the server side, the \*(L"client \s-1CA\s0 list \*(R" functions should be used in +preference. As noted above in most cases it is not necessary to set \s-1CA\s0 names on +the client side. +.PP \&\fISSL_CTX_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \&\fBname_list\fR. Ownership of \fBname_list\fR is transferred to \fBctx\fR and it should not be freed by the caller. @@ -161,10 +232,11 @@ overriding any list set in the parent \fB\s-1SSL_CTX\s0\fR of \fBs\fR. Ownership \&\fBname_list\fR is transferred to \fBs\fR and it should not be freed by the caller. .PP \&\fISSL_CTX_get0_CA_list()\fR retrieves any previously set list of CAs set for -\&\fBctx\fR. +\&\fBctx\fR. The returned list should not be freed by the caller. .PP -\&\fISSL_CTX_get0_CA_list()\fR retrieves any previously set list of CAs set for -\&\fBs\fR or if none are set the list from the parent \fB\s-1SSL_CTX\s0\fR is retrieved. +\&\fISSL_get0_CA_list()\fR retrieves any previously set list of CAs set for +\&\fBs\fR or if none are set the list from the parent \fB\s-1SSL_CTX\s0\fR is retrieved. The +returned list should not be freed by the caller. .PP \&\fISSL_CTX_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the list of CAs sent to peer for \fBctx\fR. @@ -172,44 +244,58 @@ list of CAs sent to peer for \fBctx\fR. \&\fISSL_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the list of CAs sent to the peer for \fBs\fR, overriding the setting in the parent \&\fB\s-1SSL_CTX\s0\fR. -.PP -\&\fISSL_get0_peer_CA_list()\fR retrieves the list of \s-1CA\s0 names (if any) the peer -has sent. .SH "NOTES" .IX Header "NOTES" -These functions are generalised versions of the client authentication -\&\s-1CA\s0 list functions such as \fISSL_CTX_set_client_CA_list\fR\|(3). +When a \s-1TLS/SSL\s0 server requests a client certificate (see +\&\fB\f(BISSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept +certificates, to the client. .PP -For \s-1TLS\s0 versions before 1.3 the list of \s-1CA\s0 names is only sent from the server -to client when requesting a client certificate. So any list of \s-1CA\s0 names set -is never sent from client to server and the list of \s-1CA\s0 names retrieved by -\&\fISSL_get0_peer_CA_list()\fR is always \fB\s-1NULL\s0\fR. +This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR or +\&\fISSL_CTX_set0_CA_list()\fR for \fBctx\fR and \fISSL_set_client_CA_list()\fR or +\&\fISSL_set0_CA_list()\fR for the specific \fBssl\fR. The list specified +overrides the previous setting. The CAs listed do not become trusted (\fBlist\fR +only contains the names, not the complete certificates); use +\&\fISSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification. .PP -For \s-1TLS 1.3\s0 the list of \s-1CA\s0 names is sent using the \fBcertificate_authorities\fR -extension and will be sent by a client (in the ClientHello message) or by -a server (when requesting a certificate). +If the list of acceptable CAs is compiled in a file, the +\&\fISSL_load_client_CA_file\fR\|(3) function can be used to help to import the +necessary data. +.PP +\&\fISSL_CTX_add_client_CA()\fR, \fISSL_CTX_add1_to_CA_list()\fR, \fISSL_add_client_CA()\fR and +\&\fISSL_add1_to_CA_list()\fR can be used to add additional items the list of CAs. If no +list was specified before using \fISSL_CTX_set_client_CA_list()\fR, +\&\fISSL_CTX_set0_CA_list()\fR, \fISSL_set_client_CA_list()\fR or \fISSL_set0_CA_list()\fR, a +new \s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set0_CA_list()\fR and \fISSL_set0_CA_list()\fR do not return a value. +\&\fISSL_CTX_set_client_CA_list()\fR, \fISSL_set_client_CA_list()\fR, +\&\fISSL_CTX_set_client_CA_list()\fR, \fISSL_set_client_CA_list()\fR, \fISSL_CTX_set0_CA_list()\fR +and \fISSL_set0_CA_list()\fR do not return a value. .PP -\&\fISSL_CTX_get0_CA_list()\fR and \fISSL_get0_CA_list()\fR return a stack of \s-1CA\s0 names -or \fB\s-1NULL\s0\fR is no \s-1CA\s0 names are set. +\&\fISSL_CTX_get_client_CA_list()\fR, \fISSL_get_client_CA_list()\fR, \fISSL_CTX_get0_CA_list()\fR +and \fISSL_get0_CA_list()\fR return a stack of \s-1CA\s0 names or \fB\s-1NULL\s0\fR is no \s-1CA\s0 names are +set. .PP -\&\fISSL_CTX_add1_to_CA_list()\fR and \fISSL_add1_to_CA_list()\fR return 1 for success and 0 -for failure. +\&\fISSL_CTX_add_client_CA()\fR,\fISSL_add_client_CA()\fR, \fISSL_CTX_add1_to_CA_list()\fR and +\&\fISSL_add1_to_CA_list()\fR return 1 for success and 0 for failure. .PP \&\fISSL_get0_peer_CA_list()\fR returns a stack of \s-1CA\s0 names sent by the peer or \&\fB\s-1NULL\s0\fR or an empty stack if no list was sent. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: +.PP +.Vb 1 +\& SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); +.Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIssl\fR\|(7), -\&\fISSL_CTX_set_client_CA_list\fR\|(3), -\&\fISSL_get_client_CA_list\fR\|(3), \&\fISSL_load_client_CA_file\fR\|(3), \&\fISSL_CTX_load_verify_locations\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3 b/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3 index ae67ceea65a4..4ecaa4c28253 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET1_CURVES 3" -.TH SSL_CTX_SET1_CURVES 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET1_CURVES 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,6 +161,9 @@ SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, SSL_set1_groups_ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +For all of the functions below that set the supported groups there must be at +least one group in the list. +.PP \&\fISSL_CTX_set1_groups()\fR sets the supported groups for \fBctx\fR to \fBglistlen\fR groups in the array \fBglist\fR. The array consist of all NIDs of groups in preference order. For a \s-1TLS\s0 client the groups are used directly in the @@ -223,7 +226,7 @@ The curve functions were first added to OpenSSL 1.0.2. The equivalent group functions were first added to OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3 b/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3 index 0d4aff0ad72c..a9df67fd5a63 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET1_SIGALGS 3" -.TH SSL_CTX_SET1_SIGALGS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET1_SIGALGS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3 b/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3 index d73f901026e0..69b7abdabd9a 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET1_VERIFY_CERT_STORE 3" -.TH SSL_CTX_SET1_VERIFY_CERT_STORE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET1_VERIFY_CERT_STORE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3 index 592d338f552b..31adb6da99be 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_ALPN_SELECT_CB 3" -.TH SSL_CTX_SET_ALPN_SELECT_CB 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_ALPN_SELECT_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3 index aa6e6f9c7096..a820746e07e1 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CERT_CB 3" -.TH SSL_CTX_SET_CERT_CB 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_CERT_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 index 33a77e09dc5c..b4cd6315ebe2 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CERT_STORE 3" -.TH SSL_CTX_SET_CERT_STORE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_CERT_STORE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 index 8f4bf77068ea..7ce851d7c817 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CERT_VERIFY_CALLBACK 3" -.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 index 71b455494d1f..0ca9184fd1f5 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CIPHER_LIST 3" -.TH SSL_CTX_SET_CIPHER_LIST 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_CIPHER_LIST 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3 deleted file mode 100644 index f9cf7a9b1350..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3 +++ /dev/null @@ -1,222 +0,0 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -.\} -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_CLIENT_CA_LIST 3" -.TH SSL_CTX_SET_CLIENT_CA_LIST 3 "2018-09-11" "1.1.1" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA, SSL_add_client_CA \- set list of CAs sent to the client when requesting a client certificate -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -\& -\& void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); -\& void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); -\& int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); -\& int SSL_add_client_CA(SSL *ssl, X509 *cacert); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when -requesting a client certificate for \fBctx\fR. -.PP -\&\fISSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when -requesting a client certificate for the chosen \fBssl\fR, overriding the -setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. -.PP -\&\fISSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the -list of CAs sent to the client when requesting a client certificate for -\&\fBctx\fR. -.PP -\&\fISSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the -list of CAs sent to the client when requesting a client certificate for -the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. -.SH "NOTES" -.IX Header "NOTES" -When a \s-1TLS/SSL\s0 server requests a client certificate (see -\&\fB\f(BISSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which -it will accept certificates, to the client. -.PP -This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR for -\&\fBctx\fR and \fISSL_set_client_CA_list()\fR for the specific \fBssl\fR. The list -specified overrides the previous setting. The CAs listed do not become -trusted (\fBlist\fR only contains the names, not the complete certificates); use -\&\fISSL_CTX_load_verify_locations\fR\|(3) -to additionally load them for verification. -.PP -If the list of acceptable CAs is compiled in a file, the -\&\fISSL_load_client_CA_file\fR\|(3) -function can be used to help importing the necessary data. -.PP -\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR can be used to add additional -items the list of client CAs. If no list was specified before using -\&\fISSL_CTX_set_client_CA_list()\fR or \fISSL_set_client_CA_list()\fR, a new client -\&\s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened. -.PP -These functions are only useful for \s-1TLS/SSL\s0 servers. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_CTX_set_client_CA_list()\fR and \fISSL_set_client_CA_list()\fR do not return -diagnostic information. -.PP -\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR have the following return -values: -.IP "0" 4 -A failure while manipulating the \s-1STACK_OF\s0(X509_NAME) object occurred or -the X509_NAME could not be extracted from \fBcacert\fR. Check the error stack -to find out the reason. -.IP "1" 4 -.IX Item "1" -The operation succeeded. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: -.PP -.Vb 1 -\& SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_get_client_CA_list\fR\|(3), -\&\fISSL_load_client_CA_file\fR\|(3), -\&\fISSL_CTX_load_verify_locations\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 index 05aa821ad9c7..e17a64c5e6f0 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CLIENT_CERT_CB 3" -.TH SSL_CTX_SET_CLIENT_CERT_CB 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_CLIENT_CERT_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3 index 0dc09c98502d..7afa7f2c18c2 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CLIENT_HELLO_CB 3" -.TH SSL_CTX_SET_CLIENT_HELLO_CB 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_CLIENT_HELLO_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3 index 16c7ea97037d..84d916e9a767 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CT_VALIDATION_CALLBACK 3" -.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3 index a201c00dead4..668dfba07c10 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CTLOG_LIST_FILE 3" -.TH SSL_CTX_SET_CTLOG_LIST_FILE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_CTLOG_LIST_FILE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 index 3dfda71dbc79..d305fc269239 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_DEFAULT_PASSWD_CB 3" -.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3 index 171181250f36..bf336888eaf6 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_EX_DATA 3" -.TH SSL_CTX_SET_EX_DATA 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_EX_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3 index dd275fbe0833..2d015ae12385 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_GENERATE_SESSION_ID 3" -.TH SSL_CTX_SET_GENERATE_SESSION_ID 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_GENERATE_SESSION_ID 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 index 1e288996ee6c..459d4603df73 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_INFO_CALLBACK 3" -.TH SSL_CTX_SET_INFO_CALLBACK 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_INFO_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3 index 7ce90e02b640..5240fc42b9fd 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_KEYLOG_CALLBACK 3" -.TH SSL_CTX_SET_KEYLOG_CALLBACK 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_KEYLOG_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 index 54e66e65095d..725d719172a8 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MAX_CERT_LIST 3" -.TH SSL_CTX_SET_MAX_CERT_LIST 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_MAX_CERT_LIST 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3 b/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3 index 88187d718e06..1685d2307251 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MIN_PROTO_VERSION 3" -.TH SSL_CTX_SET_MIN_PROTO_VERSION 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_MIN_PROTO_VERSION 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 index 13b8c7c4fde6..72263e57e0a6 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MODE 3" -.TH SSL_CTX_SET_MODE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_MODE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3 index 4195640db177..30f526327b50 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MSG_CALLBACK 3" -.TH SSL_CTX_SET_MSG_CALLBACK 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_MSG_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3 b/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3 index f907dd05cf0b..27ae20e52499 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_NUM_TICKETS 3" -.TH SSL_CTX_SET_NUM_TICKETS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_NUM_TICKETS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_options.3 b/secure/lib/libcrypto/man/SSL_CTX_set_options.3 index 223d2c498df3..6ec99200e9c3 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_options.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_options.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_OPTIONS 3" -.TH SSL_CTX_SET_OPTIONS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_OPTIONS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3 index 5a8e887f71ef..94d8b538b645 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_PSK_CLIENT_CALLBACK 3" -.TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 index c7d22107d57e..ab6fa6a8b5b2 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_QUIET_SHUTDOWN 3" -.TH SSL_CTX_SET_QUIET_SHUTDOWN 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_QUIET_SHUTDOWN 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,7 +165,7 @@ It is not changed when \fISSL_clear\fR\|(3) is called. .SH "NOTES" .IX Header "NOTES" Normally when a \s-1SSL\s0 connection is finished, the parties must send out -\&\*(L"close notify\*(R" alert messages using \fISSL_shutdown\fR\|(3) +close_notify alert messages using \fISSL_shutdown\fR\|(3) for a clean shutdown. .PP When setting the \*(L"quiet shutdown\*(R" flag to 1, \fISSL_shutdown\fR\|(3) @@ -173,7 +173,7 @@ will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. (\fISSL_shutdown\fR\|(3) then behaves like \&\fISSL_set_shutdown\fR\|(3) called with SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) -The session is thus considered to be shutdown, but no \*(L"close notify\*(R" alert +The session is thus considered to be shutdown, but no close_notify alert is sent to the peer. This behaviour violates the \s-1TLS\s0 standard. .PP The default is normal shutdown behaviour as described by the \s-1TLS\s0 standard. @@ -191,7 +191,7 @@ setting. \&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 b/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 index df38d918a4ae..53c5a3eca1fa 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_READ_AHEAD 3" -.TH SSL_CTX_SET_READ_AHEAD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_READ_AHEAD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3 index ccc1aaa50886..3fb7c5f34321 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_RECORD_PADDING_CALLBACK 3" -.TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3 b/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3 index bf79e4c86599..4064897fbf8c 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SECURITY_LEVEL 3" -.TH SSL_CTX_SET_SECURITY_LEVEL 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_SECURITY_LEVEL 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 index 311fd74333e4..258f0e8d6446 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SESSION_CACHE_MODE 3" -.TH SSL_CTX_SET_SESSION_CACHE_MODE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_SESSION_CACHE_MODE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 index dedebbae75ba..e2baae0bec7c 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SESSION_ID_CONTEXT 3" -.TH SSL_CTX_SET_SESSION_ID_CONTEXT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_SESSION_ID_CONTEXT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3 index e5382409fc53..b31566c3208f 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SESSION_TICKET_CB 3" -.TH SSL_CTX_SET_SESSION_TICKET_CB 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_SESSION_TICKET_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3 b/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3 index 3324a73842d3..37184bfc026d 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3" -.TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 index 61722d0af7e5..0395f566801e 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SSL_VERSION 3" -.TH SSL_CTX_SET_SSL_VERSION 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_SSL_VERSION 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3 index 66c969aceb79..b6c96ba3e964 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3" -.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 b/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 index 2d2bd9a8b440..263dfb5aa860 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TIMEOUT 3" -.TH SSL_CTX_SET_TIMEOUT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_TIMEOUT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3 index d77411f6c1a1..72818fd0f1d1 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3" -.TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 index 4582ebc7b3b3..112071245e8b 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_STATUS_CB 3" -.TH SSL_CTX_SET_TLSEXT_STATUS_CB 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_TLSEXT_STATUS_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3 index f582aa99d9d9..be751a3b0d9b 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3" -.TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3 index 477970131cef..c4b996593968 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_USE_SRTP 3" -.TH SSL_CTX_SET_TLSEXT_USE_SRTP 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_TLSEXT_USE_SRTP 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 index 61364e138f62..aeead48d763c 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TMP_DH_CALLBACK 3" -.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 b/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 index 5418893c0cb9..487592294d9a 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_VERIFY 3" -.TH SSL_CTX_SET_VERIFY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_SET_VERIFY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 b/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 index 1d30bbd85497..862eca97053e 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_USE_CERTIFICATE 3" -.TH SSL_CTX_USE_CERTIFICATE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_USE_CERTIFICATE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 index c5361be508f5..1b9cf02b8ca4 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_USE_PSK_IDENTITY_HINT 3" -.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3 b/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3 index 4233bc0714da..bcc2cb52b312 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_USE_SERVERINFO 3" -.TH SSL_CTX_USE_SERVERINFO 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CTX_USE_SERVERINFO 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_SESSION_free.3 b/secure/lib/libcrypto/man/SSL_SESSION_free.3 index d6d4998a85cf..31597ad8ac19 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_free.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_free.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_FREE 3" -.TH SSL_SESSION_FREE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SESSION_FREE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3 b/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3 index 6883279e6863..9d797c91cd91 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_CIPHER 3" -.TH SSL_SESSION_GET0_CIPHER 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SESSION_GET0_CIPHER 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3 b/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3 index 194e0c514435..a0bbae80a3ff 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_HOSTNAME 3" -.TH SSL_SESSION_GET0_HOSTNAME 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SESSION_GET0_HOSTNAME 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3 b/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3 index 8cad143c0b9b..debcc119b3c5 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_ID_CONTEXT 3" -.TH SSL_SESSION_GET0_ID_CONTEXT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SESSION_GET0_ID_CONTEXT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3 b/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3 index 1454d4f56369..c65ad11e6c48 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_PEER 3" -.TH SSL_SESSION_GET0_PEER 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SESSION_GET0_PEER 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3 index 61c990bda140..b64c4ca3d6b9 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_COMPRESS_ID 3" -.TH SSL_SESSION_GET_COMPRESS_ID 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SESSION_GET_COMPRESS_ID 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3 index 9734f458a938..1096d9a4d220 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_EX_DATA 3" -.TH SSL_SESSION_GET_EX_DATA 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SESSION_GET_EX_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3 index bc22d91fe162..91f24a1cd651 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_PROTOCOL_VERSION 3" -.TH SSL_SESSION_GET_PROTOCOL_VERSION 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SESSION_GET_PROTOCOL_VERSION 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 index e2d8a5936c82..945efdf26ae9 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_TIME 3" -.TH SSL_SESSION_GET_TIME 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SESSION_GET_TIME 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3 b/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3 index 20c319f67352..43c4eb014ab2 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_HAS_TICKET 3" -.TH SSL_SESSION_HAS_TICKET 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SESSION_HAS_TICKET 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3 b/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3 index 36492389f9c5..73b1b705cd33 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_IS_RESUMABLE 3" -.TH SSL_SESSION_IS_RESUMABLE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SESSION_IS_RESUMABLE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_SESSION_print.3 b/secure/lib/libcrypto/man/SSL_SESSION_print.3 index d6b200a9ad28..86b328b5db2f 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_print.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_print.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_PRINT 3" -.TH SSL_SESSION_PRINT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SESSION_PRINT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3 b/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3 index 637cfab6bea5..48ea91dd9b3f 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3 +++ b/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_SET1_ID 3" -.TH SSL_SESSION_SET1_ID 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SESSION_SET1_ID 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_accept.3 b/secure/lib/libcrypto/man/SSL_accept.3 index d1ad26d70337..eba67d00b4cd 100644 --- a/secure/lib/libcrypto/man/SSL_accept.3 +++ b/secure/lib/libcrypto/man/SSL_accept.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_ACCEPT 3" -.TH SSL_ACCEPT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_ACCEPT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_alert_type_string.3 b/secure/lib/libcrypto/man/SSL_alert_type_string.3 index eed150a989d8..044ebedbe7fb 100644 --- a/secure/lib/libcrypto/man/SSL_alert_type_string.3 +++ b/secure/lib/libcrypto/man/SSL_alert_type_string.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_ALERT_TYPE_STRING 3" -.TH SSL_ALERT_TYPE_STRING 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_ALERT_TYPE_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_alloc_buffers.3 b/secure/lib/libcrypto/man/SSL_alloc_buffers.3 index 7b451ef2984a..ba739434c2f8 100644 --- a/secure/lib/libcrypto/man/SSL_alloc_buffers.3 +++ b/secure/lib/libcrypto/man/SSL_alloc_buffers.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_ALLOC_BUFFERS 3" -.TH SSL_ALLOC_BUFFERS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_ALLOC_BUFFERS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_check_chain.3 b/secure/lib/libcrypto/man/SSL_check_chain.3 index 61f3576b3286..7af0e5fe2275 100644 --- a/secure/lib/libcrypto/man/SSL_check_chain.3 +++ b/secure/lib/libcrypto/man/SSL_check_chain.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CHECK_CHAIN 3" -.TH SSL_CHECK_CHAIN 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CHECK_CHAIN 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_clear.3 b/secure/lib/libcrypto/man/SSL_clear.3 index 1aaef2090e65..20490576a99b 100644 --- a/secure/lib/libcrypto/man/SSL_clear.3 +++ b/secure/lib/libcrypto/man/SSL_clear.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CLEAR 3" -.TH SSL_CLEAR 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CLEAR 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_connect.3 b/secure/lib/libcrypto/man/SSL_connect.3 index 76fb22584731..e195b15c2333 100644 --- a/secure/lib/libcrypto/man/SSL_connect.3 +++ b/secure/lib/libcrypto/man/SSL_connect.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CONNECT 3" -.TH SSL_CONNECT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_CONNECT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_do_handshake.3 b/secure/lib/libcrypto/man/SSL_do_handshake.3 index 61ce16e5a39d..7a33c1b866ee 100644 --- a/secure/lib/libcrypto/man/SSL_do_handshake.3 +++ b/secure/lib/libcrypto/man/SSL_do_handshake.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_DO_HANDSHAKE 3" -.TH SSL_DO_HANDSHAKE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_DO_HANDSHAKE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_export_keying_material.3 b/secure/lib/libcrypto/man/SSL_export_keying_material.3 index 621e5d39d500..c6735b133b47 100644 --- a/secure/lib/libcrypto/man/SSL_export_keying_material.3 +++ b/secure/lib/libcrypto/man/SSL_export_keying_material.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_EXPORT_KEYING_MATERIAL 3" -.TH SSL_EXPORT_KEYING_MATERIAL 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_EXPORT_KEYING_MATERIAL 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_extension_supported.3 b/secure/lib/libcrypto/man/SSL_extension_supported.3 index 6e6778d9162c..d9c24bee5880 100644 --- a/secure/lib/libcrypto/man/SSL_extension_supported.3 +++ b/secure/lib/libcrypto/man/SSL_extension_supported.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_EXTENSION_SUPPORTED 3" -.TH SSL_EXTENSION_SUPPORTED 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_EXTENSION_SUPPORTED 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_free.3 b/secure/lib/libcrypto/man/SSL_free.3 index cbeca9eb5a1a..8daddfba3af2 100644 --- a/secure/lib/libcrypto/man/SSL_free.3 +++ b/secure/lib/libcrypto/man/SSL_free.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_FREE 3" -.TH SSL_FREE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_FREE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_get0_peer_scts.3 b/secure/lib/libcrypto/man/SSL_get0_peer_scts.3 index 552c75e62a7e..7b41dfc59295 100644 --- a/secure/lib/libcrypto/man/SSL_get0_peer_scts.3 +++ b/secure/lib/libcrypto/man/SSL_get0_peer_scts.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET0_PEER_SCTS 3" -.TH SSL_GET0_PEER_SCTS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET0_PEER_SCTS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 b/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 index 5d119d615847..9f1c2caff40e 100644 --- a/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 +++ b/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_SSL_CTX 3" -.TH SSL_GET_SSL_CTX 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET_SSL_CTX 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_get_all_async_fds.3 b/secure/lib/libcrypto/man/SSL_get_all_async_fds.3 index 0b54625762f2..97851f7d9d3d 100644 --- a/secure/lib/libcrypto/man/SSL_get_all_async_fds.3 +++ b/secure/lib/libcrypto/man/SSL_get_all_async_fds.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_ALL_ASYNC_FDS 3" -.TH SSL_GET_ALL_ASYNC_FDS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET_ALL_ASYNC_FDS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_get_ciphers.3 b/secure/lib/libcrypto/man/SSL_get_ciphers.3 index 0b1a3b86a847..6d2d782ad078 100644 --- a/secure/lib/libcrypto/man/SSL_get_ciphers.3 +++ b/secure/lib/libcrypto/man/SSL_get_ciphers.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_CIPHERS 3" -.TH SSL_GET_CIPHERS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET_CIPHERS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_get_client_CA_list.3 b/secure/lib/libcrypto/man/SSL_get_client_CA_list.3 deleted file mode 100644 index 52f1ab7573a6..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_client_CA_list.3 +++ /dev/null @@ -1,184 +0,0 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -.\} -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_CLIENT_CA_LIST 3" -.TH SSL_GET_CLIENT_CA_LIST 3 "2018-09-11" "1.1.1" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/ssl.h> -\& -\& STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); -\& STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fISSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for -\&\fBctx\fR using \fISSL_CTX_set_client_CA_list\fR\|(3). -.PP -\&\fISSL_get_client_CA_list()\fR returns the list of client CAs explicitly -set for \fBssl\fR using \fISSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with -\&\fISSL_CTX_set_client_CA_list\fR\|(3), when in -server mode. In client mode, SSL_get_client_CA_list returns the list of -client CAs sent from the server, if any. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fISSL_CTX_set_client_CA_list()\fR and \fISSL_set_client_CA_list()\fR do not return -diagnostic information. -.PP -\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR have the following return -values: -.IP "\s-1STACK_OF\s0(X509_NAMES)" 4 -.IX Item "STACK_OF(X509_NAMES)" -List of \s-1CA\s0 names explicitly set (for \fBctx\fR or in server mode) or send -by the server (client mode). -.IP "\s-1NULL\s0" 4 -.IX Item "NULL" -No client \s-1CA\s0 list was explicitly set (for \fBctx\fR or in server mode) or -the server did not send a list of CAs (client mode). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_CTX_set_client_CA_list\fR\|(3), -\&\fISSL_CTX_set_client_cert_cb\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/SSL_get_client_random.3 b/secure/lib/libcrypto/man/SSL_get_client_random.3 index 18b4d40d9d6a..df66be4a6925 100644 --- a/secure/lib/libcrypto/man/SSL_get_client_random.3 +++ b/secure/lib/libcrypto/man/SSL_get_client_random.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_CLIENT_RANDOM 3" -.TH SSL_GET_CLIENT_RANDOM 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET_CLIENT_RANDOM 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_get_current_cipher.3 b/secure/lib/libcrypto/man/SSL_get_current_cipher.3 index 7351ca66f8a1..0ff62b8e0306 100644 --- a/secure/lib/libcrypto/man/SSL_get_current_cipher.3 +++ b/secure/lib/libcrypto/man/SSL_get_current_cipher.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_CURRENT_CIPHER 3" -.TH SSL_GET_CURRENT_CIPHER 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET_CURRENT_CIPHER 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_get_default_timeout.3 b/secure/lib/libcrypto/man/SSL_get_default_timeout.3 index 063759f00a94..490139ab856b 100644 --- a/secure/lib/libcrypto/man/SSL_get_default_timeout.3 +++ b/secure/lib/libcrypto/man/SSL_get_default_timeout.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_DEFAULT_TIMEOUT 3" -.TH SSL_GET_DEFAULT_TIMEOUT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET_DEFAULT_TIMEOUT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_get_error.3 b/secure/lib/libcrypto/man/SSL_get_error.3 index 07b149f766d5..5a2d20158004 100644 --- a/secure/lib/libcrypto/man/SSL_get_error.3 +++ b/secure/lib/libcrypto/man/SSL_get_error.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_ERROR 3" -.TH SSL_GET_ERROR 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,7 +167,7 @@ if and only if \fBret > 0\fR. .IP "\s-1SSL_ERROR_ZERO_RETURN\s0" 4 .IX Item "SSL_ERROR_ZERO_RETURN" The \s-1TLS/SSL\s0 peer has closed the connection for writing by sending the -\&\*(L"close notify\*(R" alert. +close_notify alert. No more data can be read. Note that \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR does not necessarily indicate that the underlying transport has been closed. diff --git a/secure/lib/libcrypto/man/SSL_get_extms_support.3 b/secure/lib/libcrypto/man/SSL_get_extms_support.3 index 270bdd67c9e6..c0e53e25db3b 100644 --- a/secure/lib/libcrypto/man/SSL_get_extms_support.3 +++ b/secure/lib/libcrypto/man/SSL_get_extms_support.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_EXTMS_SUPPORT 3" -.TH SSL_GET_EXTMS_SUPPORT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET_EXTMS_SUPPORT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_get_fd.3 b/secure/lib/libcrypto/man/SSL_get_fd.3 index f1b2864d97ea..16e4c219006b 100644 --- a/secure/lib/libcrypto/man/SSL_get_fd.3 +++ b/secure/lib/libcrypto/man/SSL_get_fd.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_FD 3" -.TH SSL_GET_FD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET_FD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 b/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 index e0063a6252a9..eeab7f35c673 100644 --- a/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 +++ b/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_CERT_CHAIN 3" -.TH SSL_GET_PEER_CERT_CHAIN 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET_PEER_CERT_CHAIN 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 b/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 index bfd55e6df930..4a2576d4ef7d 100644 --- a/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 +++ b/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_CERTIFICATE 3" -.TH SSL_GET_PEER_CERTIFICATE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET_PEER_CERTIFICATE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3 b/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3 index c7a75c2d65cd..647da8388b2f 100644 --- a/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3 +++ b/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3 @@ -129,13 +129,13 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_SIGNATURE_NID 3" -.TH SSL_GET_PEER_SIGNATURE_NID 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET_PEER_SIGNATURE_NID 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid \- get TLS message signing types +SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, SSL_get_signature_nid, SSL_get_signature_type_nid \- get TLS message signing types .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -143,6 +143,8 @@ SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid \- get TLS message s \& \& int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid); \& int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid); +\& int SSL_get_signature_nid(SSL *ssl, int *psig_nid); +\& int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -155,12 +157,15 @@ is the \s-1NID\s0 of the public key type used for signing except for \s-1PSS\s0 where it is \fB\s-1EVP_PKEY_RSA_PSS\s0\fR. To differentiate between \&\fBrsa_pss_rsae_*\fR and \fBrsa_pss_pss_*\fR signatures, it's necessary to check the type of public key in the peer's certificate. +.PP +\&\fISSL_get_signature_nid()\fR and \fISSL_get_signature_type_nid()\fR return the equivalent +information for the local end of the connection. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return 1 for success and 0 for failure. There are several possible reasons for failure: the cipher suite has no signature (e.g. it uses \s-1RSA\s0 key exchange or is anonymous), the \s-1TLS\s0 version is below 1.2 or -the functions were called before the peer signed a message. +the functions were called too early, e.g. before the peer signed a message. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIssl\fR\|(7), \fISSL_get_peer_certificate\fR\|(3), diff --git a/secure/lib/libcrypto/man/SSL_get_server_tmp_key.3 b/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3 index 691c2ab678fd..0c05d2c7cb93 100644 --- a/secure/lib/libcrypto/man/SSL_get_server_tmp_key.3 +++ b/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3 @@ -128,31 +128,41 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_SERVER_TMP_KEY 3" -.TH SSL_GET_SERVER_TMP_KEY 3 "2018-09-11" "1.1.1" "OpenSSL" +.IX Title "SSL_GET_PEER_TMP_KEY 3" +.TH SSL_GET_PEER_TMP_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_get_server_tmp_key \- get information about the server's temporary key used during a handshake +SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key \- get information about temporary keys used during a handshake .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& +\& long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key); \& long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key); +\& long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_server_tmp_key()\fR returns the temporary key provided by the server and +\&\fISSL_get_peer_tmp_key()\fR returns the temporary key provided by the peer and used during key exchange. For example, if \s-1ECDHE\s0 is in use, then this represents -the server's public \s-1ECDHE\s0 key. On success a pointer to the key is stored in +the peer's public \s-1ECDHE\s0 key. On success a pointer to the key is stored in \&\fB*key\fR. It is the caller's responsibility to free this key after use using -\&\fIEVP_PKEY_free\fR\|(3). This function may only be called by the client. +\&\fIEVP_PKEY_free\fR\|(3). +.PP +\&\fISSL_get_server_tmp_key()\fR is a backwards compatibility alias for +\&\fISSL_get_peer_tmp_key()\fR. +Under that name it worked just on the client side of the connection, its +behaviour on the server end is release-dependent. +.PP +\&\fISSL_get_tmp_key()\fR returns the equivalent information for the local +end of the connection. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_get_server_tmp_key()\fR returns 1 on success or 0 otherwise. +All these functions return 1 on success and 0 otherwise. .SH "NOTES" .IX Header "NOTES" This function is implemented as a macro. @@ -161,7 +171,7 @@ This function is implemented as a macro. \&\fIssl\fR\|(7), \fIEVP_PKEY_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/SSL_get_psk_identity.3 b/secure/lib/libcrypto/man/SSL_get_psk_identity.3 index 490a6bc98a8e..ac0d3e383901 100644 --- a/secure/lib/libcrypto/man/SSL_get_psk_identity.3 +++ b/secure/lib/libcrypto/man/SSL_get_psk_identity.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_PSK_IDENTITY 3" -.TH SSL_GET_PSK_IDENTITY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET_PSK_IDENTITY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_get_rbio.3 b/secure/lib/libcrypto/man/SSL_get_rbio.3 index baa19ab6adbe..e30d0173321d 100644 --- a/secure/lib/libcrypto/man/SSL_get_rbio.3 +++ b/secure/lib/libcrypto/man/SSL_get_rbio.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_RBIO 3" -.TH SSL_GET_RBIO 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET_RBIO 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_get_session.3 b/secure/lib/libcrypto/man/SSL_get_session.3 index b02b4c5c4fc6..a78792cf21ae 100644 --- a/secure/lib/libcrypto/man/SSL_get_session.3 +++ b/secure/lib/libcrypto/man/SSL_get_session.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_SESSION 3" -.TH SSL_GET_SESSION 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET_SESSION 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3 b/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3 index 2cd31de2fa8d..a44b8c89a8a6 100644 --- a/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3 +++ b/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_SHARED_SIGALGS 3" -.TH SSL_GET_SHARED_SIGALGS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET_SHARED_SIGALGS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_get_verify_result.3 b/secure/lib/libcrypto/man/SSL_get_verify_result.3 index 720517831714..076f71eb8523 100644 --- a/secure/lib/libcrypto/man/SSL_get_verify_result.3 +++ b/secure/lib/libcrypto/man/SSL_get_verify_result.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_VERIFY_RESULT 3" -.TH SSL_GET_VERIFY_RESULT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET_VERIFY_RESULT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_get_version.3 b/secure/lib/libcrypto/man/SSL_get_version.3 index 415bd277852d..ca4a26ae7c6f 100644 --- a/secure/lib/libcrypto/man/SSL_get_version.3 +++ b/secure/lib/libcrypto/man/SSL_get_version.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_GET_VERSION 3" -.TH SSL_GET_VERSION 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_GET_VERSION 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_in_init.3 b/secure/lib/libcrypto/man/SSL_in_init.3 index 32e5b194378a..2dc410d38a87 100644 --- a/secure/lib/libcrypto/man/SSL_in_init.3 +++ b/secure/lib/libcrypto/man/SSL_in_init.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_IN_INIT 3" -.TH SSL_IN_INIT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_IN_INIT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_key_update.3 b/secure/lib/libcrypto/man/SSL_key_update.3 index d1a367f248fa..415beb9b38b0 100644 --- a/secure/lib/libcrypto/man/SSL_key_update.3 +++ b/secure/lib/libcrypto/man/SSL_key_update.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_KEY_UPDATE 3" -.TH SSL_KEY_UPDATE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_KEY_UPDATE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_library_init.3 b/secure/lib/libcrypto/man/SSL_library_init.3 index ebd515ae8483..2d64ec1ddccb 100644 --- a/secure/lib/libcrypto/man/SSL_library_init.3 +++ b/secure/lib/libcrypto/man/SSL_library_init.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_LIBRARY_INIT 3" -.TH SSL_LIBRARY_INIT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_LIBRARY_INIT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 b/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 index f275bce51be0..22dd86b01868 100644 --- a/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 +++ b/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_LOAD_CLIENT_CA_FILE 3" -.TH SSL_LOAD_CLIENT_CA_FILE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_LOAD_CLIENT_CA_FILE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_new.3 b/secure/lib/libcrypto/man/SSL_new.3 index 2ce4a4ca89b9..c326a43deea9 100644 --- a/secure/lib/libcrypto/man/SSL_new.3 +++ b/secure/lib/libcrypto/man/SSL_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_NEW 3" -.TH SSL_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_pending.3 b/secure/lib/libcrypto/man/SSL_pending.3 index ec5f32fc46c2..619057c01b05 100644 --- a/secure/lib/libcrypto/man/SSL_pending.3 +++ b/secure/lib/libcrypto/man/SSL_pending.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_PENDING 3" -.TH SSL_PENDING 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_PENDING 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_read.3 b/secure/lib/libcrypto/man/SSL_read.3 index 32519b574dae..6d024c6fab9f 100644 --- a/secure/lib/libcrypto/man/SSL_read.3 +++ b/secure/lib/libcrypto/man/SSL_read.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_READ 3" -.TH SSL_READ 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_READ 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_read_early_data.3 b/secure/lib/libcrypto/man/SSL_read_early_data.3 index e97e46ef0abf..042583e3dc23 100644 --- a/secure/lib/libcrypto/man/SSL_read_early_data.3 +++ b/secure/lib/libcrypto/man/SSL_read_early_data.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_READ_EARLY_DATA 3" -.TH SSL_READ_EARLY_DATA 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_READ_EARLY_DATA 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_rstate_string.3 b/secure/lib/libcrypto/man/SSL_rstate_string.3 index aea9c6fc2a8d..11c4f8543d04 100644 --- a/secure/lib/libcrypto/man/SSL_rstate_string.3 +++ b/secure/lib/libcrypto/man/SSL_rstate_string.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_RSTATE_STRING 3" -.TH SSL_RSTATE_STRING 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_RSTATE_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_session_reused.3 b/secure/lib/libcrypto/man/SSL_session_reused.3 index 03db6f6a4b09..a7e58b3e2a34 100644 --- a/secure/lib/libcrypto/man/SSL_session_reused.3 +++ b/secure/lib/libcrypto/man/SSL_session_reused.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_REUSED 3" -.TH SSL_SESSION_REUSED 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SESSION_REUSED 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_set1_host.3 b/secure/lib/libcrypto/man/SSL_set1_host.3 index 164345ae46e8..6889f0e918e2 100644 --- a/secure/lib/libcrypto/man/SSL_set1_host.3 +++ b/secure/lib/libcrypto/man/SSL_set1_host.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET1_HOST 3" -.TH SSL_SET1_HOST 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SET1_HOST 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_set_bio.3 b/secure/lib/libcrypto/man/SSL_set_bio.3 index 1fdcb5909602..3804259974a2 100644 --- a/secure/lib/libcrypto/man/SSL_set_bio.3 +++ b/secure/lib/libcrypto/man/SSL_set_bio.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET_BIO 3" -.TH SSL_SET_BIO 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SET_BIO 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -204,7 +204,7 @@ Because of this complexity, this function should be avoided; use \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_set_bio()\fR, \fISSL_set_rbio()\fR and \fISSL_set_wbio()\fR cannot fail. +\&\fISSL_set_bio()\fR, \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR cannot fail. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fISSL_get_rbio\fR\|(3), @@ -215,7 +215,7 @@ use \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR instead. \&\fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/SSL_set_connect_state.3 b/secure/lib/libcrypto/man/SSL_set_connect_state.3 index 8553289d929d..fcf2e6222505 100644 --- a/secure/lib/libcrypto/man/SSL_set_connect_state.3 +++ b/secure/lib/libcrypto/man/SSL_set_connect_state.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET_CONNECT_STATE 3" -.TH SSL_SET_CONNECT_STATE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SET_CONNECT_STATE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_set_fd.3 b/secure/lib/libcrypto/man/SSL_set_fd.3 index 5f560b18f83b..00729d4d7c60 100644 --- a/secure/lib/libcrypto/man/SSL_set_fd.3 +++ b/secure/lib/libcrypto/man/SSL_set_fd.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET_FD 3" -.TH SSL_SET_FD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SET_FD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_set_session.3 b/secure/lib/libcrypto/man/SSL_set_session.3 index a8e531fba47c..efb1e3880f43 100644 --- a/secure/lib/libcrypto/man/SSL_set_session.3 +++ b/secure/lib/libcrypto/man/SSL_set_session.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET_SESSION 3" -.TH SSL_SET_SESSION 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SET_SESSION 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_set_shutdown.3 b/secure/lib/libcrypto/man/SSL_set_shutdown.3 index de9cd3e9001e..c255dd93b81b 100644 --- a/secure/lib/libcrypto/man/SSL_set_shutdown.3 +++ b/secure/lib/libcrypto/man/SSL_set_shutdown.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET_SHUTDOWN 3" -.TH SSL_SET_SHUTDOWN 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SET_SHUTDOWN 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,11 +157,11 @@ The shutdown state of an ssl connection is a bitmask of: No shutdown setting, yet. .IP "\s-1SSL_SENT_SHUTDOWN\s0" 4 .IX Item "SSL_SENT_SHUTDOWN" -A \*(L"close notify\*(R" shutdown alert was sent to the peer, the connection is being +A close_notify shutdown alert was sent to the peer, the connection is being considered closed and the session is closed and correct. .IP "\s-1SSL_RECEIVED_SHUTDOWN\s0" 4 .IX Item "SSL_RECEIVED_SHUTDOWN" -A shutdown alert was received form the peer, either a normal \*(L"close notify\*(R" +A shutdown alert was received form the peer, either a normal close_notify or a fatal error. .PP \&\s-1SSL_SENT_SHUTDOWN\s0 and \s-1SSL_RECEIVED_SHUTDOWN\s0 can be set at the same time. @@ -171,13 +171,13 @@ the ssl session. If the session is still open, when \&\fISSL_clear\fR\|(3) or \fISSL_free\fR\|(3) is called, it is considered bad and removed according to \s-1RFC2246.\s0 The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0 -(according to the \s-1TLS RFC,\s0 it is acceptable to only send the \*(L"close notify\*(R" +(according to the \s-1TLS RFC,\s0 it is acceptable to only send the close_notify alert but to not wait for the peer's answer, when the underlying connection is closed). \&\fISSL_set_shutdown()\fR can be used to set this state without sending a close alert to the peer (see \fISSL_shutdown\fR\|(3)). .PP -If a \*(L"close notify\*(R" was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set, +If a close_notify was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set, for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call \&\fISSL_shutdown\fR\|(3) or \fISSL_set_shutdown()\fR itself. .SH "RETURN VALUES" @@ -192,7 +192,7 @@ for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call \&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/SSL_set_verify_result.3 b/secure/lib/libcrypto/man/SSL_set_verify_result.3 index f410b2282665..2538fa8f6000 100644 --- a/secure/lib/libcrypto/man/SSL_set_verify_result.3 +++ b/secure/lib/libcrypto/man/SSL_set_verify_result.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SET_VERIFY_RESULT 3" -.TH SSL_SET_VERIFY_RESULT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SET_VERIFY_RESULT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_shutdown.3 b/secure/lib/libcrypto/man/SSL_shutdown.3 index eea343e7370c..47c7477c7cbc 100644 --- a/secure/lib/libcrypto/man/SSL_shutdown.3 +++ b/secure/lib/libcrypto/man/SSL_shutdown.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SHUTDOWN 3" -.TH SSL_SHUTDOWN 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_SHUTDOWN 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,69 +146,76 @@ SSL_shutdown \- shut down a TLS/SSL connection .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fISSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the -\&\*(L"close notify\*(R" shutdown alert to the peer. +close_notify shutdown alert to the peer. .SH "NOTES" .IX Header "NOTES" -\&\fISSL_shutdown()\fR tries to send the \*(L"close notify\*(R" shutdown alert to the peer. +\&\fISSL_shutdown()\fR tries to send the close_notify shutdown alert to the peer. Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and a currently open session is considered closed and good and will be kept in the session cache for further reuse. .PP -The shutdown procedure consists of 2 steps: the sending of the \*(L"close notify\*(R" -shutdown alert and the reception of the peer's \*(L"close notify\*(R" shutdown -alert. According to the \s-1TLS\s0 standard, it is acceptable for an application -to only send its shutdown alert and then close the underlying connection -without waiting for the peer's response (this way resources can be saved, -as the process can already terminate or serve another connection). -When the underlying connection shall be used for more communications, the -complete shutdown procedure (bidirectional \*(L"close notify\*(R" alerts) must be -performed, so that the peers stay synchronized. +The shutdown procedure consists of two steps: sending of the close_notify +shutdown alert, and reception of the peer's close_notify shutdown alert. +The order of those two steps depends on the application. +.PP +It is acceptable for an application to only send its shutdown alert and +then close the underlying connection without waiting for the peer's response. +This way resources can be saved, as the process can already terminate or +serve another connection. +This should only be done when it is known that the other side will not send more +data, otherwise there is a risk of a truncation attack. .PP -\&\fISSL_shutdown()\fR supports both uni\- and bidirectional shutdown by its 2 step -behaviour. +When a client only writes and never reads from the connection, and the server +has sent a session ticket to establish a session, the client might not be able +to resume the session because it did not received and process the session ticket +from the server. +In case the application wants to be able to resume the session, it is recommended to +do a complete shutdown procedure (bidirectional close_notify alerts). +.PP +When the underlying connection shall be used for more communications, the +complete shutdown procedure must be performed, so that the peers stay +synchronized. .PP \&\fISSL_shutdown()\fR only closes the write direction. It is not possible to call \fISSL_write()\fR after calling \fISSL_shutdown()\fR. The read direction is closed by the peer. .SS "First to close the connection" .IX Subsection "First to close the connection" -When the application is the first party to send the \*(L"close notify\*(R" +When the application is the first party to send the close_notify alert, \fISSL_shutdown()\fR will only send the alert and then set the \&\s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in the cache). -\&\fISSL_shutdown()\fR will then return with 0. +If successful, \fISSL_shutdown()\fR will return 0. +.PP If a unidirectional shutdown is enough (the underlying connection shall be -closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. +closed anyway), this first successful call to \fISSL_shutdown()\fR is sufficient. .PP In order to complete the bidirectional shutdown handshake, the peer needs -to send back a \*(L"close notify\*(R" alert. +to send back a close_notify alert. The \s-1SSL_RECEIVED_SHUTDOWN\s0 flag will be set after receiving and processing it. -\&\fISSL_shutdown()\fR will return 1 when it has been received. .PP -The peer is still allowed to send data after receiving the \*(L"close notify\*(R" +The peer is still allowed to send data after receiving the close_notify event. -If the peer did send data it needs to be processed by calling \fISSL_read()\fR -before calling \fISSL_shutdown()\fR a second time. +When it is done sending data, it will send the close_notify alert. +\&\fISSL_read()\fR should be called until all data is received. \&\fISSL_read()\fR will indicate the end of the peer data by returning <= 0 and \fISSL_get_error()\fR returning \s-1SSL_ERROR_ZERO_RETURN.\s0 -It is recommended to call \fISSL_read()\fR between \fISSL_shutdown()\fR calls. .SS "Peer closes the connection" .IX Subsection "Peer closes the connection" -If the peer already sent the \*(L"close notify\*(R" alert \fBand\fR it was +If the peer already sent the close_notify alert \fBand\fR it was already processed implicitly inside another function (\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \&\fISSL_read()\fR will return <= 0 in that case, and \fISSL_get_error()\fR will return \&\s-1SSL_ERROR_ZERO_RETURN.\s0 -\&\fISSL_shutdown()\fR will send the \*(L"close notify\*(R" alert, set the \s-1SSL_SENT_SHUTDOWN\s0 -flag and will immediately return with 1. +\&\fISSL_shutdown()\fR will send the close_notify alert, set the \s-1SSL_SENT_SHUTDOWN\s0 +flag. +If successful, \fISSL_shutdown()\fR will return 1. +.PP Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \&\fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call. .SH "NOTES" .IX Header "NOTES" -It is recommended to do a bidirectional shutdown by checking the return value -of \fISSL_shutdown()\fR and call it again until it returns 1 or a fatal error. -.PP The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO.\s0 If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_shutdown()\fR will only return once the handshake step has been finished or an error occurred. @@ -224,8 +231,13 @@ nothing is to be done, but \fIselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .PP +After \fISSL_shutdown()\fR returned 0, it is possible to call \fISSL_shutdown()\fR again +to wait for the peer's close_notify alert. +\&\fISSL_shutdown()\fR will return 1 in that case. +However, it is recommended to wait for it using \fISSL_read()\fR instead. +.PP \&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" -state but not actually send the \*(L"close notify\*(R" alert messages, +state but not actually send the close_notify alert messages, see \fISSL_CTX_set_quiet_shutdown\fR\|(3). When \*(L"quiet shutdown\*(R" is enabled, \fISSL_shutdown()\fR will always succeed and return 1. @@ -233,15 +245,15 @@ and return 1. .IX Header "RETURN VALUES" The following return values can occur: .IP "0" 4 -The shutdown is not yet finished: the \*(L"close notify\*(R" was send but the peer +The shutdown is not yet finished: the close_notify was sent but the peer did not send it back yet. -Call \fISSL_shutdown()\fR again to do a bidirectional shutdown. +Call \fISSL_read()\fR to do a bidirectional shutdown. The output of \fISSL_get_error\fR\|(3) may be misleading, as an erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred. .IP "1" 4 .IX Item "1" -The shutdown was successfully completed. The \*(L"close notify\*(R" alert was sent -and the peer's \*(L"close notify\*(R" alert was received. +The shutdown was successfully completed. The close_notify alert was sent +and the peer's close_notify alert was received. .IP "<0" 4 .IX Item "<0" The shutdown was not successful. diff --git a/secure/lib/libcrypto/man/SSL_state_string.3 b/secure/lib/libcrypto/man/SSL_state_string.3 index 443e0ab29a8b..4381287e781b 100644 --- a/secure/lib/libcrypto/man/SSL_state_string.3 +++ b/secure/lib/libcrypto/man/SSL_state_string.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_STATE_STRING 3" -.TH SSL_STATE_STRING 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_STATE_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_want.3 b/secure/lib/libcrypto/man/SSL_want.3 index 138ffcc82939..5a2e2ad29eaa 100644 --- a/secure/lib/libcrypto/man/SSL_want.3 +++ b/secure/lib/libcrypto/man/SSL_want.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_WANT 3" -.TH SSL_WANT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_WANT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SSL_write.3 b/secure/lib/libcrypto/man/SSL_write.3 index 8a1edb850137..95123e41c5ac 100644 --- a/secure/lib/libcrypto/man/SSL_write.3 +++ b/secure/lib/libcrypto/man/SSL_write.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SSL_WRITE 3" -.TH SSL_WRITE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH SSL_WRITE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/UI_STRING.3 b/secure/lib/libcrypto/man/UI_STRING.3 index 07bb3a5dd1a2..cd82ae8c7099 100644 --- a/secure/lib/libcrypto/man/UI_STRING.3 +++ b/secure/lib/libcrypto/man/UI_STRING.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "UI_STRING 3" -.TH UI_STRING 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH UI_STRING 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/UI_UTIL_read_pw.3 b/secure/lib/libcrypto/man/UI_UTIL_read_pw.3 index cbcb9c48bd6b..cb29dea294c8 100644 --- a/secure/lib/libcrypto/man/UI_UTIL_read_pw.3 +++ b/secure/lib/libcrypto/man/UI_UTIL_read_pw.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "UI_UTIL_READ_PW 3" -.TH UI_UTIL_READ_PW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH UI_UTIL_READ_PW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/UI_create_method.3 b/secure/lib/libcrypto/man/UI_create_method.3 index a5055ce5be0e..00214960f1c9 100644 --- a/secure/lib/libcrypto/man/UI_create_method.3 +++ b/secure/lib/libcrypto/man/UI_create_method.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "UI_CREATE_METHOD 3" -.TH UI_CREATE_METHOD 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH UI_CREATE_METHOD 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/UI_new.3 b/secure/lib/libcrypto/man/UI_new.3 index d46b65e58a86..e78220d10932 100644 --- a/secure/lib/libcrypto/man/UI_new.3 +++ b/secure/lib/libcrypto/man/UI_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "UI_NEW 3" -.TH UI_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH UI_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509V3_get_d2i.3 b/secure/lib/libcrypto/man/X509V3_get_d2i.3 index 542542b9bb2e..8df3bb68d584 100644 --- a/secure/lib/libcrypto/man/X509V3_get_d2i.3 +++ b/secure/lib/libcrypto/man/X509V3_get_d2i.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509V3_GET_D2I 3" -.TH X509V3_GET_D2I 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509V3_GET_D2I 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_ALGOR_dup.3 b/secure/lib/libcrypto/man/X509_ALGOR_dup.3 index 70a3dce599b5..fdfb0d4004d4 100644 --- a/secure/lib/libcrypto/man/X509_ALGOR_dup.3 +++ b/secure/lib/libcrypto/man/X509_ALGOR_dup.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_ALGOR_DUP 3" -.TH X509_ALGOR_DUP 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_ALGOR_DUP 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3 b/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3 index 42068c46adb7..98fee4b9d785 100644 --- a/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3 +++ b/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_CRL_GET0_BY_SERIAL 3" -.TH X509_CRL_GET0_BY_SERIAL 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_CRL_GET0_BY_SERIAL 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3 b/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3 index e497abc0e8c4..5bcdbbfbf396 100644 --- a/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3 +++ b/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_EXTENSION_SET_OBJECT 3" -.TH X509_EXTENSION_SET_OBJECT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_EXTENSION_SET_OBJECT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 b/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 index e1013802f1ed..da5c068bd033 100644 --- a/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 +++ b/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_LOOKUP_HASH_DIR 3" -.TH X509_LOOKUP_HASH_DIR 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_LOOKUP_HASH_DIR 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3 b/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3 index 5ed16761a333..d77b70f06c08 100644 --- a/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3 +++ b/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_LOOKUP_METH_NEW 3" -.TH X509_LOOKUP_METH_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_LOOKUP_METH_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 index 6457de353011..5256605e6dfb 100644 --- a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 +++ b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_ENTRY_GET_OBJECT 3" -.TH X509_NAME_ENTRY_GET_OBJECT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_NAME_ENTRY_GET_OBJECT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 index 6ea996bb5464..9490048c4edf 100644 --- a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 +++ b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_ADD_ENTRY_BY_TXT 3" -.TH X509_NAME_ADD_ENTRY_BY_TXT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_NAME_ADD_ENTRY_BY_TXT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_get0_der.3 b/secure/lib/libcrypto/man/X509_NAME_get0_der.3 index e1a30b8e89f9..286feb1b3bb1 100644 --- a/secure/lib/libcrypto/man/X509_NAME_get0_der.3 +++ b/secure/lib/libcrypto/man/X509_NAME_get0_der.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_GET0_DER 3" -.TH X509_NAME_GET0_DER 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_NAME_GET0_DER 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 index 7a9e5a0e9830..5d68312a47e9 100644 --- a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 +++ b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_GET_INDEX_BY_NID 3" -.TH X509_NAME_GET_INDEX_BY_NID 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_NAME_GET_INDEX_BY_NID 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 index 583894b37e75..c8843387f9a6 100644 --- a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 +++ b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_PRINT_EX 3" -.TH X509_NAME_PRINT_EX 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_NAME_PRINT_EX 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_PUBKEY_new.3 b/secure/lib/libcrypto/man/X509_PUBKEY_new.3 index d502609ba53a..bb6ce8ffda80 100644 --- a/secure/lib/libcrypto/man/X509_PUBKEY_new.3 +++ b/secure/lib/libcrypto/man/X509_PUBKEY_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_PUBKEY_NEW 3" -.TH X509_PUBKEY_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_PUBKEY_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_SIG_get0.3 b/secure/lib/libcrypto/man/X509_SIG_get0.3 index ec35e5f27ece..55653d6adca4 100644 --- a/secure/lib/libcrypto/man/X509_SIG_get0.3 +++ b/secure/lib/libcrypto/man/X509_SIG_get0.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_SIG_GET0 3" -.TH X509_SIG_GET0 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_SIG_GET0 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 index cfa3d0d6a714..92a269a4431a 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_GET_ERROR 3" -.TH X509_STORE_CTX_GET_ERROR 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_STORE_CTX_GET_ERROR 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 index cf61a7d4787c..bd3af993d9d7 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_NEW 3" -.TH X509_STORE_CTX_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_STORE_CTX_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 index ad66efab3d10..c0c55442e705 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_SET_VERIFY_CB 3" -.TH X509_STORE_CTX_SET_VERIFY_CB 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_STORE_CTX_SET_VERIFY_CB 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_add_cert.3 b/secure/lib/libcrypto/man/X509_STORE_add_cert.3 index 334ca133a962..5cd2b930e997 100644 --- a/secure/lib/libcrypto/man/X509_STORE_add_cert.3 +++ b/secure/lib/libcrypto/man/X509_STORE_add_cert.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_ADD_CERT 3" -.TH X509_STORE_ADD_CERT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_STORE_ADD_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_get0_param.3 b/secure/lib/libcrypto/man/X509_STORE_get0_param.3 index 2fa0c003dc9b..5a148e0b9e61 100644 --- a/secure/lib/libcrypto/man/X509_STORE_get0_param.3 +++ b/secure/lib/libcrypto/man/X509_STORE_get0_param.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_GET0_PARAM 3" -.TH X509_STORE_GET0_PARAM 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_STORE_GET0_PARAM 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_new.3 b/secure/lib/libcrypto/man/X509_STORE_new.3 index 8a64f912701d..e993112cb71f 100644 --- a/secure/lib/libcrypto/man/X509_STORE_new.3 +++ b/secure/lib/libcrypto/man/X509_STORE_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_NEW 3" -.TH X509_STORE_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_STORE_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 index 3a92af5cf370..53a2cbb5ffdf 100644 --- a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 +++ b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_SET_VERIFY_CB_FUNC 3" -.TH X509_STORE_SET_VERIFY_CB_FUNC 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_STORE_SET_VERIFY_CB_FUNC 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 index bb6de74daef9..acc934e9c520 100644 --- a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 +++ b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_VERIFY_PARAM_SET_FLAGS 3" -.TH X509_VERIFY_PARAM_SET_FLAGS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_VERIFY_PARAM_SET_FLAGS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_check_ca.3 b/secure/lib/libcrypto/man/X509_check_ca.3 index db5796e6f56b..a948dd11c3a4 100644 --- a/secure/lib/libcrypto/man/X509_check_ca.3 +++ b/secure/lib/libcrypto/man/X509_check_ca.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_CHECK_CA 3" -.TH X509_CHECK_CA 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_CHECK_CA 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_check_host.3 b/secure/lib/libcrypto/man/X509_check_host.3 index 9f985d0ec6a4..ffa53b5d2894 100644 --- a/secure/lib/libcrypto/man/X509_check_host.3 +++ b/secure/lib/libcrypto/man/X509_check_host.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_CHECK_HOST 3" -.TH X509_CHECK_HOST 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_CHECK_HOST 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_check_issued.3 b/secure/lib/libcrypto/man/X509_check_issued.3 index 5ea2f52cd009..ac806364796e 100644 --- a/secure/lib/libcrypto/man/X509_check_issued.3 +++ b/secure/lib/libcrypto/man/X509_check_issued.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_CHECK_ISSUED 3" -.TH X509_CHECK_ISSUED 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_CHECK_ISSUED 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_check_private_key.3 b/secure/lib/libcrypto/man/X509_check_private_key.3 index 2963dd49cbcc..ec825d44c822 100644 --- a/secure/lib/libcrypto/man/X509_check_private_key.3 +++ b/secure/lib/libcrypto/man/X509_check_private_key.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_CHECK_PRIVATE_KEY 3" -.TH X509_CHECK_PRIVATE_KEY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_CHECK_PRIVATE_KEY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_cmp_time.3 b/secure/lib/libcrypto/man/X509_cmp_time.3 index f5f2d5173408..135fc1219742 100644 --- a/secure/lib/libcrypto/man/X509_cmp_time.3 +++ b/secure/lib/libcrypto/man/X509_cmp_time.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_CMP_TIME 3" -.TH X509_CMP_TIME 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_CMP_TIME 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_digest.3 b/secure/lib/libcrypto/man/X509_digest.3 index 9a5e8d512e27..800c99fa0c77 100644 --- a/secure/lib/libcrypto/man/X509_digest.3 +++ b/secure/lib/libcrypto/man/X509_digest.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_DIGEST 3" -.TH X509_DIGEST 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_DIGEST 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_dup.3 b/secure/lib/libcrypto/man/X509_dup.3 index 16287a55f60d..93e18c98584d 100644 --- a/secure/lib/libcrypto/man/X509_dup.3 +++ b/secure/lib/libcrypto/man/X509_dup.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_DUP 3" -.TH X509_DUP 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_DUP 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_get0_notBefore.3 b/secure/lib/libcrypto/man/X509_get0_notBefore.3 index f878ca6fb527..12a6d59b947b 100644 --- a/secure/lib/libcrypto/man/X509_get0_notBefore.3 +++ b/secure/lib/libcrypto/man/X509_get0_notBefore.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET0_NOTBEFORE 3" -.TH X509_GET0_NOTBEFORE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_GET0_NOTBEFORE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_get0_signature.3 b/secure/lib/libcrypto/man/X509_get0_signature.3 index e20c0b0b5637..e9a7f4837a30 100644 --- a/secure/lib/libcrypto/man/X509_get0_signature.3 +++ b/secure/lib/libcrypto/man/X509_get0_signature.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET0_SIGNATURE 3" -.TH X509_GET0_SIGNATURE 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_GET0_SIGNATURE 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_get0_uids.3 b/secure/lib/libcrypto/man/X509_get0_uids.3 index 95ce3721b564..742fc71a2c40 100644 --- a/secure/lib/libcrypto/man/X509_get0_uids.3 +++ b/secure/lib/libcrypto/man/X509_get0_uids.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET0_UIDS 3" -.TH X509_GET0_UIDS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_GET0_UIDS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_get_extension_flags.3 b/secure/lib/libcrypto/man/X509_get_extension_flags.3 index dc9e3ee7e367..c0146c0e3195 100644 --- a/secure/lib/libcrypto/man/X509_get_extension_flags.3 +++ b/secure/lib/libcrypto/man/X509_get_extension_flags.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET_EXTENSION_FLAGS 3" -.TH X509_GET_EXTENSION_FLAGS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_GET_EXTENSION_FLAGS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_get_pubkey.3 b/secure/lib/libcrypto/man/X509_get_pubkey.3 index 6153e38f8cff..6fd823acec30 100644 --- a/secure/lib/libcrypto/man/X509_get_pubkey.3 +++ b/secure/lib/libcrypto/man/X509_get_pubkey.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET_PUBKEY 3" -.TH X509_GET_PUBKEY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_GET_PUBKEY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_get_serialNumber.3 b/secure/lib/libcrypto/man/X509_get_serialNumber.3 index ba967d364800..464f1c0020ba 100644 --- a/secure/lib/libcrypto/man/X509_get_serialNumber.3 +++ b/secure/lib/libcrypto/man/X509_get_serialNumber.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET_SERIALNUMBER 3" -.TH X509_GET_SERIALNUMBER 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_GET_SERIALNUMBER 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_get_subject_name.3 b/secure/lib/libcrypto/man/X509_get_subject_name.3 index aeddc0f3c36b..b056d3480195 100644 --- a/secure/lib/libcrypto/man/X509_get_subject_name.3 +++ b/secure/lib/libcrypto/man/X509_get_subject_name.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET_SUBJECT_NAME 3" -.TH X509_GET_SUBJECT_NAME 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_GET_SUBJECT_NAME 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_get_version.3 b/secure/lib/libcrypto/man/X509_get_version.3 index 9397b4c8c702..73065034be05 100644 --- a/secure/lib/libcrypto/man/X509_get_version.3 +++ b/secure/lib/libcrypto/man/X509_get_version.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_GET_VERSION 3" -.TH X509_GET_VERSION 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_GET_VERSION 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/X509_new.3 index 1f44f70fd4cb..de1353f59784 100644 --- a/secure/lib/libcrypto/man/X509_new.3 +++ b/secure/lib/libcrypto/man/X509_new.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_NEW 3" -.TH X509_NEW 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_NEW 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_sign.3 b/secure/lib/libcrypto/man/X509_sign.3 index 7ec94661862b..fde61ff41e5c 100644 --- a/secure/lib/libcrypto/man/X509_sign.3 +++ b/secure/lib/libcrypto/man/X509_sign.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_SIGN 3" -.TH X509_SIGN 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_SIGN 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_verify_cert.3 b/secure/lib/libcrypto/man/X509_verify_cert.3 index 7780519d72a2..fab02e6ff4d7 100644 --- a/secure/lib/libcrypto/man/X509_verify_cert.3 +++ b/secure/lib/libcrypto/man/X509_verify_cert.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509_VERIFY_CERT 3" -.TH X509_VERIFY_CERT 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509_VERIFY_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3 b/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3 index e4aad4140b62..2028b107d357 100644 --- a/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3 +++ b/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509V3_GET_EXT_BY_NID 3" -.TH X509V3_GET_EXT_BY_NID 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509V3_GET_EXT_BY_NID 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3 index 5b298057bc26..96733a383166 100644 --- a/secure/lib/libcrypto/man/d2i_DHparams.3 +++ b/secure/lib/libcrypto/man/d2i_DHparams.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "D2I_DHPARAMS 3" -.TH D2I_DHPARAMS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH D2I_DHPARAMS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 index 01e93c6a69dd..b2a78550aaf9 100644 --- a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 +++ b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "D2I_PKCS8PRIVATEKEY_BIO 3" -.TH D2I_PKCS8PRIVATEKEY_BIO 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH D2I_PKCS8PRIVATEKEY_BIO 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PrivateKey.3 index 0eac8647bf4c..c7fbaf861cf9 100644 --- a/secure/lib/libcrypto/man/d2i_PrivateKey.3 +++ b/secure/lib/libcrypto/man/d2i_PrivateKey.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "D2I_PRIVATEKEY 3" -.TH D2I_PRIVATEKEY 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH D2I_PRIVATEKEY 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 b/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 index fd1ff1303b4e..082f9f6970a5 100644 --- a/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 +++ b/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "D2I_SSL_SESSION 3" -.TH D2I_SSL_SESSION 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH D2I_SSL_SESSION 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3 index dcfd42bf6672..0f9e840e9f46 100644 --- a/secure/lib/libcrypto/man/d2i_X509.3 +++ b/secure/lib/libcrypto/man/d2i_X509.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "D2I_X509 3" -.TH D2I_X509 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH D2I_X509 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 index fd0d24658dc2..c7cd21d8225a 100644 --- a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 +++ b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "I2D_CMS_BIO_STREAM 3" -.TH I2D_CMS_BIO_STREAM 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH I2D_CMS_BIO_STREAM 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 index f7dfb73fb434..feb2a63d5bcb 100644 --- a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 +++ b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "I2D_PKCS7_BIO_STREAM 3" -.TH I2D_PKCS7_BIO_STREAM 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH I2D_PKCS7_BIO_STREAM 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/i2d_re_X509_tbs.3 b/secure/lib/libcrypto/man/i2d_re_X509_tbs.3 index bf489906d502..036aea450d7b 100644 --- a/secure/lib/libcrypto/man/i2d_re_X509_tbs.3 +++ b/secure/lib/libcrypto/man/i2d_re_X509_tbs.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "I2D_RE_X509_TBS 3" -.TH I2D_RE_X509_TBS 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH I2D_RE_X509_TBS 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/o2i_SCT_LIST.3 b/secure/lib/libcrypto/man/o2i_SCT_LIST.3 index f98a663ed0ba..0aa43c0254b9 100644 --- a/secure/lib/libcrypto/man/o2i_SCT_LIST.3 +++ b/secure/lib/libcrypto/man/o2i_SCT_LIST.3 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "O2I_SCT_LIST 3" -.TH O2I_SCT_LIST 3 "2018-09-11" "1.1.1" "OpenSSL" +.TH O2I_SCT_LIST 3 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/Version.map b/secure/lib/libssl/Version.map index f1c482691f73..9011ff99d88d 100644 --- a/secure/lib/libssl/Version.map +++ b/secure/lib/libssl/Version.map @@ -507,5 +507,10 @@ OPENSSL_1_1_1 { SSL_verify_client_post_handshake; SSL_write_early_data; SSL_write_ex; - local: *; } OPENSSL_1_1_0d; + +OPENSSL_1_1_1a { + global: + SSL_get_signature_type_nid; + local: *; +} OPENSSL_1_1_1; diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1 index 0eecd9ac0b5e..126e63cbaa85 100644 --- a/secure/usr.bin/openssl/man/CA.pl.1 +++ b/secure/usr.bin/openssl/man/CA.pl.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CA.PL 1" -.TH CA.PL 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH CA.PL 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1 index a62ec132cf5a..a9d20be114bf 100644 --- a/secure/usr.bin/openssl/man/asn1parse.1 +++ b/secure/usr.bin/openssl/man/asn1parse.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ASN1PARSE 1" -.TH ASN1PARSE 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH ASN1PARSE 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1 index 110d21a109e9..c155e2415098 100644 --- a/secure/usr.bin/openssl/man/ca.1 +++ b/secure/usr.bin/openssl/man/ca.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CA 1" -.TH CA 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH CA 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -348,8 +348,10 @@ for all available algorithms. .IP "\fB\-subj arg\fR" 4 .IX Item "-subj arg" Supersedes subject name given in the request. -The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR, -characters may be escaped by \e (backslash), no spaces are skipped. +The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR. +Keyword characters may be escaped by \e (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the resulting certificate. .IP "\fB\-utf8\fR" 4 .IX Item "-utf8" This option causes field values to be interpreted as \s-1UTF8\s0 strings, by diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1 index f9b56e902ce0..82d7870c8e31 100644 --- a/secure/usr.bin/openssl/man/ciphers.1 +++ b/secure/usr.bin/openssl/man/ciphers.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CIPHERS 1" -.TH CIPHERS 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH CIPHERS 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/cms.1 b/secure/usr.bin/openssl/man/cms.1 index 7f29de61d0ea..152fc013ecc2 100644 --- a/secure/usr.bin/openssl/man/cms.1 +++ b/secure/usr.bin/openssl/man/cms.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CMS 1" -.TH CMS 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH CMS 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1 index c584a6054592..628cb3213b1b 100644 --- a/secure/usr.bin/openssl/man/crl.1 +++ b/secure/usr.bin/openssl/man/crl.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CRL 1" -.TH CRL 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH CRL 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1 index 12102f2304d6..20a5269e33f6 100644 --- a/secure/usr.bin/openssl/man/crl2pkcs7.1 +++ b/secure/usr.bin/openssl/man/crl2pkcs7.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "CRL2PKCS7 1" -.TH CRL2PKCS7 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH CRL2PKCS7 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1 index 846e01c0d007..db0c6100ae4e 100644 --- a/secure/usr.bin/openssl/man/dgst.1 +++ b/secure/usr.bin/openssl/man/dgst.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DGST 1" -.TH DGST 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH DGST 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1 index 95514740d747..f0a753566e98 100644 --- a/secure/usr.bin/openssl/man/dhparam.1 +++ b/secure/usr.bin/openssl/man/dhparam.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DHPARAM 1" -.TH DHPARAM 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH DHPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1 index 5f860ac6c859..a799b42bfff5 100644 --- a/secure/usr.bin/openssl/man/dsa.1 +++ b/secure/usr.bin/openssl/man/dsa.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSA 1" -.TH DSA 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH DSA 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1 index 33b6cfb0c103..b9c6088097d1 100644 --- a/secure/usr.bin/openssl/man/dsaparam.1 +++ b/secure/usr.bin/openssl/man/dsaparam.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "DSAPARAM 1" -.TH DSAPARAM 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH DSAPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1 index 1a752538bf74..b2288579a600 100644 --- a/secure/usr.bin/openssl/man/ec.1 +++ b/secure/usr.bin/openssl/man/ec.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "EC 1" -.TH EC 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH EC 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1 index 9157c6314a41..a422cf92a865 100644 --- a/secure/usr.bin/openssl/man/ecparam.1 +++ b/secure/usr.bin/openssl/man/ecparam.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ECPARAM 1" -.TH ECPARAM 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH ECPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1 index a3a27af063ea..c39476ff7383 100644 --- a/secure/usr.bin/openssl/man/enc.1 +++ b/secure/usr.bin/openssl/man/enc.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ENC 1" -.TH ENC 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH ENC 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -352,7 +352,7 @@ ones provided by configured engines. The \fBenc\fR program does not support authenticated encryption modes like \s-1CCM\s0 and \s-1GCM,\s0 and will not support such modes in the future. The \fBenc\fR interface by necessity must begin streaming output (e.g., -to standard output when \fB\-out\fR is not used before the authentication +to standard output when \fB\-out\fR is not used) before the authentication tag could be validated, leading to the usage of \fBenc\fR in pipelines that begin processing untrusted data and are not capable of rolling back upon authentication failure. The \s-1AEAD\s0 modes currently in common @@ -372,6 +372,7 @@ standard data format and performs the needed key/iv/nonce management. \& \& bf\-cbc Blowfish in CBC mode \& bf Alias for bf\-cbc +\& blowfish Alias for bf\-cbc \& bf\-cfb Blowfish in CFB mode \& bf\-ecb Blowfish in ECB mode \& bf\-ofb Blowfish in OFB mode @@ -383,6 +384,8 @@ standard data format and performs the needed key/iv/nonce management. \& cast5\-ecb CAST5 in ECB mode \& cast5\-ofb CAST5 in OFB mode \& +\& chacha20 ChaCha20 algorithm +\& \& des\-cbc DES in CBC mode \& des Alias for des\-cbc \& des\-cfb DES in CFB mode @@ -429,6 +432,19 @@ standard data format and performs the needed key/iv/nonce management. \& rc5\-ecb RC5 cipher in ECB mode \& rc5\-ofb RC5 cipher in OFB mode \& +\& seed\-cbc SEED cipher in CBC mode +\& seed Alias for seed\-cbc +\& seed\-cfb SEED cipher in CFB mode +\& seed\-ecb SEED cipher in ECB mode +\& seed\-ofb SEED cipher in OFB mode +\& +\& sm4\-cbc SM4 cipher in CBC mode +\& sm4 Alias for sm4\-cbc +\& sm4\-cfb SM4 cipher in CFB mode +\& sm4\-ctr SM4 cipher in CTR mode +\& sm4\-ecb SM4 cipher in ECB mode +\& sm4\-ofb SM4 cipher in OFB mode +\& \& aes\-[128|192|256]\-cbc 128/192/256 bit AES in CBC mode \& aes[128|192|256] Alias for aes\-[128|192|256]\-cbc \& aes\-[128|192|256]\-cfb 128/192/256 bit AES in 128 bit CFB mode @@ -438,6 +454,15 @@ standard data format and performs the needed key/iv/nonce management. \& aes\-[128|192|256]\-ecb 128/192/256 bit AES in ECB mode \& aes\-[128|192|256]\-ofb 128/192/256 bit AES in OFB mode \& +\& aria\-[128|192|256]\-cbc 128/192/256 bit ARIA in CBC mode +\& aria[128|192|256] Alias for aria\-[128|192|256]\-cbc +\& aria\-[128|192|256]\-cfb 128/192/256 bit ARIA in 128 bit CFB mode +\& aria\-[128|192|256]\-cfb1 128/192/256 bit ARIA in 1 bit CFB mode +\& aria\-[128|192|256]\-cfb8 128/192/256 bit ARIA in 8 bit CFB mode +\& aria\-[128|192|256]\-ctr 128/192/256 bit ARIA in CTR mode +\& aria\-[128|192|256]\-ecb 128/192/256 bit ARIA in ECB mode +\& aria\-[128|192|256]\-ofb 128/192/256 bit ARIA in OFB mode +\& \& camellia\-[128|192|256]\-cbc 128/192/256 bit Camellia in CBC mode \& camellia[128|192|256] Alias for camellia\-[128|192|256]\-cbc \& camellia\-[128|192|256]\-cfb 128/192/256 bit Camellia in 128 bit CFB mode @@ -461,35 +486,32 @@ Decode the same file \& openssl base64 \-d \-in file.b64 \-out file.bin .Ve .PP -Encrypt a file using triple \s-1DES\s0 in \s-1CBC\s0 mode using a prompted password: +Encrypt a file using \s-1AES\-128\s0 using a prompted password +and \s-1PBKDF2\s0 key derivation: .PP .Vb 1 -\& openssl des3 \-salt \-in file.txt \-out file.des3 +\& openssl enc \-aes128 \-pbkdf2 \-in file.txt \-out file.aes128 .Ve .PP Decrypt a file using a supplied password: .PP -.Vb 1 -\& openssl des3 \-d \-salt \-in file.des3 \-out file.txt \-k mypassword +.Vb 2 +\& openssl enc \-aes128 \-pbkdf2 \-d \-in file.aes128 \-out file.txt \e +\& \-pass pass:<password> .Ve .PP Encrypt a file then base64 encode it (so it can be sent via mail for example) -using Blowfish in \s-1CBC\s0 mode: +using \s-1AES\-256\s0 in \s-1CTR\s0 mode and \s-1PBKDF2\s0 key derivation: .PP .Vb 1 -\& openssl bf \-a \-salt \-in file.txt \-out file.bf +\& openssl enc \-aes\-256\-ctr \-pbkdf2 \-a \-in file.txt \-out file.aes256 .Ve .PP -Base64 decode a file then decrypt it: +Base64 decode a file then decrypt it using a password supplied in a file: .PP -.Vb 1 -\& openssl bf \-d \-salt \-a \-in file.bf \-out file.txt -.Ve -.PP -Decrypt some data using a supplied 40 bit \s-1RC4\s0 key: -.PP -.Vb 1 -\& openssl rc4\-40 \-in file.rc4 \-out file.txt \-K 0102030405 +.Vb 2 +\& openssl enc \-aes\-256\-ctr \-pbkdf2 \-d \-a \-in file.aes256 \-out file.txt \e +\& \-pass file:<passfile> .Ve .SH "BUGS" .IX Header "BUGS" diff --git a/secure/usr.bin/openssl/man/engine.1 b/secure/usr.bin/openssl/man/engine.1 index fe9591ca396f..851f31e46ae3 100644 --- a/secure/usr.bin/openssl/man/engine.1 +++ b/secure/usr.bin/openssl/man/engine.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ENGINE 1" -.TH ENGINE 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH ENGINE 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1 index 2debaab43215..25f92828f289 100644 --- a/secure/usr.bin/openssl/man/errstr.1 +++ b/secure/usr.bin/openssl/man/errstr.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "ERRSTR 1" -.TH ERRSTR 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH ERRSTR 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1 index 14d9fd9261fb..cdcaaf281d71 100644 --- a/secure/usr.bin/openssl/man/gendsa.1 +++ b/secure/usr.bin/openssl/man/gendsa.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "GENDSA 1" -.TH GENDSA 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH GENDSA 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/genpkey.1 b/secure/usr.bin/openssl/man/genpkey.1 index cbfda8622c75..1fd374770d10 100644 --- a/secure/usr.bin/openssl/man/genpkey.1 +++ b/secure/usr.bin/openssl/man/genpkey.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "GENPKEY 1" -.TH GENPKEY 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH GENPKEY 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1 index 5500dd79dace..f2221a082d6a 100644 --- a/secure/usr.bin/openssl/man/genrsa.1 +++ b/secure/usr.bin/openssl/man/genrsa.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "GENRSA 1" -.TH GENRSA 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH GENRSA 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/list.1 b/secure/usr.bin/openssl/man/list.1 index a64ec72c1e86..8b0d6cf3486f 100644 --- a/secure/usr.bin/openssl/man/list.1 +++ b/secure/usr.bin/openssl/man/list.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "LIST 1" -.TH LIST 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH LIST 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1 index eb7629438308..c18182844792 100644 --- a/secure/usr.bin/openssl/man/nseq.1 +++ b/secure/usr.bin/openssl/man/nseq.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "NSEQ 1" -.TH NSEQ 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH NSEQ 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1 index 2ce141bc6b2b..a8c9c564d3fe 100644 --- a/secure/usr.bin/openssl/man/ocsp.1 +++ b/secure/usr.bin/openssl/man/ocsp.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OCSP 1" -.TH OCSP 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH OCSP 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1 index e45cd31fc43d..bd6dbf7a6976 100644 --- a/secure/usr.bin/openssl/man/openssl.1 +++ b/secure/usr.bin/openssl/man/openssl.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL 1" -.TH OPENSSL 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH OPENSSL 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -172,6 +172,9 @@ The \fBopenssl\fR program provides a rich variety of commands (\fIcommand\fR in \&\s-1SYNOPSIS\s0 above), each of which often has a wealth of options and arguments (\fIcommand_opts\fR and \fIcommand_args\fR in the \s-1SYNOPSIS\s0). .PP +Detailed documentation and use cases for most standard subcommands are available +(e.g., \fIx509\fR\|(1) or \fIopenssl\-x509\fR\|(1)). +.PP Many commands use an external configuration file for some or all of their arguments and have a \fB\-config\fR option to specify that file. The environment variable \fB\s-1OPENSSL_CONF\s0\fR can be used to specify @@ -427,18 +430,53 @@ BLAKE2s\-256 Digest \&\s-1SM3\s0 Digest .SS "Encoding and Cipher Commands" .IX Subsection "Encoding and Cipher Commands" +The following aliases provide convenient access to the most used encodings +and ciphers. +.PP +Depending on how OpenSSL was configured and built, not all ciphers listed +here may be present. See \fIenc\fR\|(1) for more information and command usage. +.IP "\fBaes128\fR, \fBaes\-128\-cbc\fR, \fBaes\-128\-cfb\fR, \fBaes\-128\-ctr\fR, \fBaes\-128\-ecb\fR, \fBaes\-128\-ofb\fR" 4 +.IX Item "aes128, aes-128-cbc, aes-128-cfb, aes-128-ctr, aes-128-ecb, aes-128-ofb" +\&\s-1AES\-128\s0 Cipher +.IP "\fBaes192\fR, \fBaes\-192\-cbc\fR, \fBaes\-192\-cfb\fR, \fBaes\-192\-ctr\fR, \fBaes\-192\-ecb\fR, \fBaes\-192\-ofb\fR" 4 +.IX Item "aes192, aes-192-cbc, aes-192-cfb, aes-192-ctr, aes-192-ecb, aes-192-ofb" +\&\s-1AES\-192\s0 Cipher +.IP "\fBaes256\fR, \fBaes\-256\-cbc\fR, \fBaes\-256\-cfb\fR, \fBaes\-256\-ctr\fR, \fBaes\-256\-ecb\fR, \fBaes\-256\-ofb\fR" 4 +.IX Item "aes256, aes-256-cbc, aes-256-cfb, aes-256-ctr, aes-256-ecb, aes-256-ofb" +\&\s-1AES\-256\s0 Cipher +.IP "\fBaria128\fR, \fBaria\-128\-cbc\fR, \fBaria\-128\-cfb\fR, \fBaria\-128\-ctr\fR, \fBaria\-128\-ecb\fR, \fBaria\-128\-ofb\fR" 4 +.IX Item "aria128, aria-128-cbc, aria-128-cfb, aria-128-ctr, aria-128-ecb, aria-128-ofb" +Aria\-128 Cipher +.IP "\fBaria192\fR, \fBaria\-192\-cbc\fR, \fBaria\-192\-cfb\fR, \fBaria\-192\-ctr\fR, \fBaria\-192\-ecb\fR, \fBaria\-192\-ofb\fR" 4 +.IX Item "aria192, aria-192-cbc, aria-192-cfb, aria-192-ctr, aria-192-ecb, aria-192-ofb" +Aria\-192 Cipher +.IP "\fBaria256\fR, \fBaria\-256\-cbc\fR, \fBaria\-256\-cfb\fR, \fBaria\-256\-ctr\fR, \fBaria\-256\-ecb\fR, \fBaria\-256\-ofb\fR" 4 +.IX Item "aria256, aria-256-cbc, aria-256-cfb, aria-256-ctr, aria-256-ecb, aria-256-ofb" +Aria\-256 Cipher .IP "\fBbase64\fR" 4 .IX Item "base64" Base64 Encoding .IP "\fBbf\fR, \fBbf-cbc\fR, \fBbf-cfb\fR, \fBbf-ecb\fR, \fBbf-ofb\fR" 4 .IX Item "bf, bf-cbc, bf-cfb, bf-ecb, bf-ofb" Blowfish Cipher +.IP "\fBcamellia128\fR, \fBcamellia\-128\-cbc\fR, \fBcamellia\-128\-cfb\fR, \fBcamellia\-128\-ctr\fR, \fBcamellia\-128\-ecb\fR, \fBcamellia\-128\-ofb\fR" 4 +.IX Item "camellia128, camellia-128-cbc, camellia-128-cfb, camellia-128-ctr, camellia-128-ecb, camellia-128-ofb" +Camellia\-128 Cipher +.IP "\fBcamellia192\fR, \fBcamellia\-192\-cbc\fR, \fBcamellia\-192\-cfb\fR, \fBcamellia\-192\-ctr\fR, \fBcamellia\-192\-ecb\fR, \fBcamellia\-192\-ofb\fR" 4 +.IX Item "camellia192, camellia-192-cbc, camellia-192-cfb, camellia-192-ctr, camellia-192-ecb, camellia-192-ofb" +Camellia\-192 Cipher +.IP "\fBcamellia256\fR, \fBcamellia\-256\-cbc\fR, \fBcamellia\-256\-cfb\fR, \fBcamellia\-256\-ctr\fR, \fBcamellia\-256\-ecb\fR, \fBcamellia\-256\-ofb\fR" 4 +.IX Item "camellia256, camellia-256-cbc, camellia-256-cfb, camellia-256-ctr, camellia-256-ecb, camellia-256-ofb" +Camellia\-256 Cipher .IP "\fBcast\fR, \fBcast-cbc\fR" 4 .IX Item "cast, cast-cbc" \&\s-1CAST\s0 Cipher .IP "\fBcast5\-cbc\fR, \fBcast5\-cfb\fR, \fBcast5\-ecb\fR, \fBcast5\-ofb\fR" 4 .IX Item "cast5-cbc, cast5-cfb, cast5-ecb, cast5-ofb" \&\s-1CAST5\s0 Cipher +.IP "\fBchacha20\fR" 4 +.IX Item "chacha20" +Chacha20 Cipher .IP "\fBdes\fR, \fBdes-cbc\fR, \fBdes-cfb\fR, \fBdes-ecb\fR, \fBdes-ede\fR, \fBdes-ede-cbc\fR, \fBdes-ede-cfb\fR, \fBdes-ede-ofb\fR, \fBdes-ofb\fR" 4 .IX Item "des, des-cbc, des-cfb, des-ecb, des-ede, des-ede-cbc, des-ede-cfb, des-ede-ofb, des-ofb" \&\s-1DES\s0 Cipher @@ -457,6 +495,12 @@ Triple-DES Cipher .IP "\fBrc5\fR, \fBrc5\-cbc\fR, \fBrc5\-cfb\fR, \fBrc5\-ecb\fR, \fBrc5\-ofb\fR" 4 .IX Item "rc5, rc5-cbc, rc5-cfb, rc5-ecb, rc5-ofb" \&\s-1RC5\s0 Cipher +.IP "\fBseed\fR, \fBseed-cbc\fR, \fBseed-cfb\fR, \fBseed-ecb\fR, \fBseed-ofb\fR" 4 +.IX Item "seed, seed-cbc, seed-cfb, seed-ecb, seed-ofb" +\&\s-1SEED\s0 Cipher +.IP "\fBsm4\fR, \fBsm4\-cbc\fR, \fBsm4\-cfb\fR, \fBsm4\-ctr\fR, \fBsm4\-ecb\fR, \fBsm4\-ofb\fR" 4 +.IX Item "sm4, sm4-cbc, sm4-cfb, sm4-ctr, sm4-ecb, sm4-ofb" +\&\s-1SM4\s0 Cipher .SH "OPTIONS" .IX Header "OPTIONS" Details of which options are available depend on the specific command. diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1 index a01d9e4d28e8..b44ea2d0d68a 100644 --- a/secure/usr.bin/openssl/man/passwd.1 +++ b/secure/usr.bin/openssl/man/passwd.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PASSWD 1" -.TH PASSWD 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH PASSWD 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1 index 34d4f5559866..dca9461fefad 100644 --- a/secure/usr.bin/openssl/man/pkcs12.1 +++ b/secure/usr.bin/openssl/man/pkcs12.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12 1" -.TH PKCS12 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH PKCS12 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1 index 0b2be258a231..9154b12bf9c3 100644 --- a/secure/usr.bin/openssl/man/pkcs7.1 +++ b/secure/usr.bin/openssl/man/pkcs7.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7 1" -.TH PKCS7 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH PKCS7 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1 index da5edfc5b9ca..ad6119457bea 100644 --- a/secure/usr.bin/openssl/man/pkcs8.1 +++ b/secure/usr.bin/openssl/man/pkcs8.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKCS8 1" -.TH PKCS8 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH PKCS8 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkey.1 b/secure/usr.bin/openssl/man/pkey.1 index c5d6ce0e139f..6a9196412fe8 100644 --- a/secure/usr.bin/openssl/man/pkey.1 +++ b/secure/usr.bin/openssl/man/pkey.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKEY 1" -.TH PKEY 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH PKEY 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkeyparam.1 b/secure/usr.bin/openssl/man/pkeyparam.1 index e4ee8bd9a013..0f84ec6ff4da 100644 --- a/secure/usr.bin/openssl/man/pkeyparam.1 +++ b/secure/usr.bin/openssl/man/pkeyparam.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKEYPARAM 1" -.TH PKEYPARAM 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH PKEYPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkeyutl.1 b/secure/usr.bin/openssl/man/pkeyutl.1 index bd5bbde52353..1c413421a3a7 100644 --- a/secure/usr.bin/openssl/man/pkeyutl.1 +++ b/secure/usr.bin/openssl/man/pkeyutl.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PKEYUTL 1" -.TH PKEYUTL 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH PKEYUTL 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/prime.1 b/secure/usr.bin/openssl/man/prime.1 index 0a073a027128..ded2a5e5ac52 100644 --- a/secure/usr.bin/openssl/man/prime.1 +++ b/secure/usr.bin/openssl/man/prime.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "PRIME 1" -.TH PRIME 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH PRIME 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1 index c2c1191737cd..ae88ed6a3b9b 100644 --- a/secure/usr.bin/openssl/man/rand.1 +++ b/secure/usr.bin/openssl/man/rand.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RAND 1" -.TH RAND 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH RAND 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1 index afc45dce57a4..20cf8fe68768 100644 --- a/secure/usr.bin/openssl/man/req.1 +++ b/secure/usr.bin/openssl/man/req.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "REQ 1" -.TH REQ 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH REQ 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -323,8 +323,10 @@ see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fIopenssl\fR\|(1). .IX Item "-subj arg" Sets subject name for new request or supersedes the subject name when processing a request. -The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR, -characters may be escaped by \e (backslash), no spaces are skipped. +The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR. +Keyword characters may be escaped by \e (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the request. .IP "\fB\-multivalue\-rdn\fR" 4 .IX Item "-multivalue-rdn" This option causes the \-subj argument to be interpreted with full diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1 index 1f1c8644f3bb..53e2d89a7f74 100644 --- a/secure/usr.bin/openssl/man/rsa.1 +++ b/secure/usr.bin/openssl/man/rsa.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSA 1" -.TH RSA 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH RSA 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -140,8 +140,8 @@ openssl\-rsa, rsa \- RSA key processing tool .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBrsa\fR [\fB\-help\fR] -[\fB\-inform PEM|NET|DER\fR] -[\fB\-outform PEM|NET|DER\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] [\fB\-in filename\fR] [\fB\-passin arg\fR] [\fB\-out filename\fR] @@ -179,16 +179,15 @@ utility. .IP "\fB\-help\fR" 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-inform DER|NET|PEM\fR" 4 -.IX Item "-inform DER|NET|PEM" +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format. The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines. On input PKCS#8 format private -keys are also accepted. The \fB\s-1NET\s0\fR form is a format is described in the \fB\s-1NOTES\s0\fR -section. -.IP "\fB\-outform DER|NET|PEM\fR" 4 -.IX Item "-outform DER|NET|PEM" +keys are also accepted. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" This specifies the output format, the options have the same meaning and default as the \fB\-inform\fR option. .IP "\fB\-in filename\fR" 4 @@ -272,17 +271,6 @@ The \s-1PEM\s0 \fBRSAPublicKey\fR format uses the header and footer lines: \& \-\-\-\-\-BEGIN RSA PUBLIC KEY\-\-\-\-\- \& \-\-\-\-\-END RSA PUBLIC KEY\-\-\-\-\- .Ve -.PP -The \fB\s-1NET\s0\fR form is a format compatible with older Netscape servers -and Microsoft \s-1IIS\s0 .key files, this uses unsalted \s-1RC4\s0 for its encryption. -It is not very secure and so should only be used when necessary. -.PP -Some newer version of \s-1IIS\s0 have additional data in the exported .key -files. To use these with the utility, view the file with a binary editor -and look for the string \*(L"private-key\*(R", then trace back to the byte -sequence 0x30, 0x82 (this is an \s-1ASN1 SEQUENCE\s0). Copy all the data -from this point onwards to another file and use that as the input -to the \fBrsa\fR utility with the \fB\-inform \s-1NET\s0\fR option. .SH "EXAMPLES" .IX Header "EXAMPLES" To remove the pass phrase on an \s-1RSA\s0 private key: @@ -322,9 +310,6 @@ Output the public part of a private key in \fBRSAPublicKey\fR format: .Ve .SH "BUGS" .IX Header "BUGS" -The command line password arguments don't currently work with -\&\fB\s-1NET\s0\fR format. -.PP There should be an option that automatically handles .key files, without having to manually edit them. .SH "SEE ALSO" diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1 index 9a2183296025..089d1ac60789 100644 --- a/secure/usr.bin/openssl/man/rsautl.1 +++ b/secure/usr.bin/openssl/man/rsautl.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "RSAUTL 1" -.TH RSAUTL 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH RSAUTL 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1 index 79283319546f..3601cd511b79 100644 --- a/secure/usr.bin/openssl/man/s_client.1 +++ b/secure/usr.bin/openssl/man/s_client.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "S_CLIENT 1" -.TH S_CLIENT 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH S_CLIENT 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1 index 109d65719f85..f3fa8ae0e466 100644 --- a/secure/usr.bin/openssl/man/s_server.1 +++ b/secure/usr.bin/openssl/man/s_server.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "S_SERVER 1" -.TH S_SERVER 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH S_SERVER 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -492,12 +492,13 @@ Inhibit printing of session and certificate information. Sends a status message back to the client when it connects. This includes information about the ciphers used and various session parameters. The output is in \s-1HTML\s0 format so this option will normally be used with a -web browser. +web browser. Cannot be used in conjunction with \fB\-early_data\fR. .IP "\fB\-WWW\fR" 4 .IX Item "-WWW" Emulates a simple web server. Pages will be resolved relative to the current directory, for example if the \s-1URL\s0 https://myhost/page.html is -requested the file ./page.html will be loaded. +requested the file ./page.html will be loaded. Cannot be used in conjunction +with \fB\-early_data\fR. .IP "\fB\-tlsextdebug\fR" 4 .IX Item "-tlsextdebug" Print a hex dump of any \s-1TLS\s0 extensions received from the server. @@ -507,7 +508,8 @@ Emulates a simple web server. Pages will be resolved relative to the current directory, for example if the \s-1URL\s0 https://myhost/page.html is requested the file ./page.html will be loaded. The files loaded are assumed to contain a complete and correct \s-1HTTP\s0 response (lines that -are part of the \s-1HTTP\s0 response line and headers must end with \s-1CRLF\s0). +are part of the \s-1HTTP\s0 response line and headers must end with \s-1CRLF\s0). Cannot be +used in conjunction with \fB\-early_data\fR. .IP "\fB\-id_prefix val\fR" 4 .IX Item "-id_prefix val" Generate \s-1SSL/TLS\s0 session IDs prefixed by \fBval\fR. This is mostly useful @@ -560,7 +562,8 @@ output. .IP "\fB\-rev\fR" 4 .IX Item "-rev" Simple test server which just reverses the text received from the client -and sends it back to the server. Also sets \fB\-brief\fR. +and sends it back to the server. Also sets \fB\-brief\fR. Cannot be used in +conjunction with \fB\-early_data\fR. .IP "\fB\-async\fR" 4 .IX Item "-async" Switch on asynchronous mode. Cryptographic operations will be performed @@ -745,7 +748,8 @@ flag). The default value is approximately 16k. The argument must be an integer greater than or equal to 0. .IP "\fB\-early_data\fR" 4 .IX Item "-early_data" -Accept early data where possible. +Accept early data where possible. Cannot be used in conjunction with \fB\-www\fR, +\&\fB\-WWW\fR, \fB\-HTTP\fR or \fB\-rev\fR. .IP "\fB\-anti_replay\fR, \fB\-no_anti_replay\fR" 4 .IX Item "-anti_replay, -no_anti_replay" Switches replay protection on or off, respectively. Replay protection is on by diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1 index 220b5e4b4486..0439fe218f68 100644 --- a/secure/usr.bin/openssl/man/s_time.1 +++ b/secure/usr.bin/openssl/man/s_time.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "S_TIME 1" -.TH S_TIME 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH S_TIME 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1 index e13d2bea8639..dac71229957c 100644 --- a/secure/usr.bin/openssl/man/sess_id.1 +++ b/secure/usr.bin/openssl/man/sess_id.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SESS_ID 1" -.TH SESS_ID 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH SESS_ID 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1 index 80dc532af552..d200e89e52a9 100644 --- a/secure/usr.bin/openssl/man/smime.1 +++ b/secure/usr.bin/openssl/man/smime.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SMIME 1" -.TH SMIME 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH SMIME 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1 index 1a20ee8b9c07..1b556805bd00 100644 --- a/secure/usr.bin/openssl/man/speed.1 +++ b/secure/usr.bin/openssl/man/speed.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SPEED 1" -.TH SPEED 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH SPEED 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1 index cbd60d3f8b5f..99cb3e60b390 100644 --- a/secure/usr.bin/openssl/man/spkac.1 +++ b/secure/usr.bin/openssl/man/spkac.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SPKAC 1" -.TH SPKAC 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH SPKAC 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/srp.1 b/secure/usr.bin/openssl/man/srp.1 index e328b09ccf78..109ca21f1015 100644 --- a/secure/usr.bin/openssl/man/srp.1 +++ b/secure/usr.bin/openssl/man/srp.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "SRP 1" -.TH SRP 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH SRP 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/storeutl.1 b/secure/usr.bin/openssl/man/storeutl.1 index 8c7f9b2d147f..b09f3f473297 100644 --- a/secure/usr.bin/openssl/man/storeutl.1 +++ b/secure/usr.bin/openssl/man/storeutl.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "STOREUTL 1" -.TH STOREUTL 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH STOREUTL 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -203,8 +203,11 @@ returned. .IP "\fB\-subject arg\fR" 4 .IX Item "-subject arg" Search for an object having the subject name \fBarg\fR. -The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR, -characters may be escaped by \e (backslash), no spaces are skipped. +The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR. +Keyword characters may be escaped by \e (backslash), and whitespace is retained. +Empty values are permitted but are ignored for the search. That is, +a search with an empty value will have the same effect as not specifying +the type at all. .IP "\fB\-issuer arg\fR" 4 .IX Item "-issuer arg" .PD 0 diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1 index 7b597e4b42e8..43ad019c7290 100644 --- a/secure/usr.bin/openssl/man/ts.1 +++ b/secure/usr.bin/openssl/man/ts.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "TS 1" -.TH TS 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH TS 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/tsget.1 b/secure/usr.bin/openssl/man/tsget.1 index a0c6201f2427..9dc722411cb0 100644 --- a/secure/usr.bin/openssl/man/tsget.1 +++ b/secure/usr.bin/openssl/man/tsget.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "TSGET 1" -.TH TSGET 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH TSGET 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1 index f36841d8a99e..92d18ae51430 100644 --- a/secure/usr.bin/openssl/man/verify.1 +++ b/secure/usr.bin/openssl/man/verify.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "VERIFY 1" -.TH VERIFY 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH VERIFY 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1 index f2f60adb8b68..7b4cb41e3701 100644 --- a/secure/usr.bin/openssl/man/version.1 +++ b/secure/usr.bin/openssl/man/version.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "VERSION 1" -.TH VERSION 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH VERSION 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1 index 8a657bf02173..c7a8c229929f 100644 --- a/secure/usr.bin/openssl/man/x509.1 +++ b/secure/usr.bin/openssl/man/x509.1 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "X509 1" -.TH X509 1 "2018-09-11" "1.1.1" "OpenSSL" +.TH X509 1 "2018-11-20" "1.1.1a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -140,8 +140,8 @@ openssl\-x509, x509 \- Certificate display and signing utility .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBx509\fR [\fB\-help\fR] -[\fB\-inform DER|PEM|NET\fR] -[\fB\-outform DER|PEM|NET\fR] +[\fB\-inform DER|PEM\fR] +[\fB\-outform DER|PEM\fR] [\fB\-keyform DER|PEM\fR] [\fB\-CAform DER|PEM\fR] [\fB\-CAkeyform DER|PEM\fR] @@ -212,16 +212,15 @@ various sections. .IP "\fB\-help\fR" 4 .IX Item "-help" Print out a usage message. -.IP "\fB\-inform DER|PEM|NET\fR" 4 -.IX Item "-inform DER|PEM|NET" +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" This specifies the input format normally the command will expect an X509 certificate but this can change if other options such as \fB\-req\fR are present. The \s-1DER\s0 format is the \s-1DER\s0 encoding of the certificate and \s-1PEM\s0 is the base64 encoding of the \s-1DER\s0 encoding with header and footer lines -added. The \s-1NET\s0 option is an obscure Netscape server format that is now -obsolete. The default format is \s-1PEM.\s0 -.IP "\fB\-outform DER|PEM|NET\fR" 4 -.IX Item "-outform DER|PEM|NET" +added. The default format is \s-1PEM.\s0 +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" This specifies the output format, the options have the same meaning and default as the \fB\-inform\fR option. .IP "\fB\-in filename\fR" 4 |