diff options
author | Sam Roberts <vieuxtech@gmail.com> | 2018-11-20 09:33:57 -0800 |
---|---|---|
committer | Sam Roberts <vieuxtech@gmail.com> | 2018-11-22 09:05:12 -0800 |
commit | 790fae59a36db6a4a981a28f7c8210eb67e7947f (patch) | |
tree | 989897ac997931a4e21ffda867928083ff850634 /deps/openssl/openssl/doc/crypto | |
parent | 33a25b29a4d654f5c2a5c74725862bccb2fcccfb (diff) | |
download | android-node-v8-790fae59a36db6a4a981a28f7c8210eb67e7947f.tar.gz android-node-v8-790fae59a36db6a4a981a28f7c8210eb67e7947f.tar.bz2 android-node-v8-790fae59a36db6a4a981a28f7c8210eb67e7947f.zip |
deps: upgrade openssl sources to 1.1.0j
This updates all sources in deps/openssl/openssl with openssl-1.1.0j.
PR-URL: https://github.com/nodejs/node/pull/24523
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Diffstat (limited to 'deps/openssl/openssl/doc/crypto')
6 files changed, 38 insertions, 16 deletions
diff --git a/deps/openssl/openssl/doc/crypto/EVP_DigestInit.pod b/deps/openssl/openssl/doc/crypto/EVP_DigestInit.pod index 1dc76cbdf8..9fda29ba07 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_DigestInit.pod +++ b/deps/openssl/openssl/doc/crypto/EVP_DigestInit.pod @@ -223,7 +223,7 @@ EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context instead of initializing and cleaning it up on each call and allow non default implementations of digests to be specified. -If digest contexts are not cleaned up after use +If digest contexts are not cleaned up after use, memory leaks will occur. EVP_MD_CTX_size(), EVP_MD_CTX_block_size(), EVP_MD_CTX_type(), diff --git a/deps/openssl/openssl/doc/crypto/EVP_DigestSignInit.pod b/deps/openssl/openssl/doc/crypto/EVP_DigestSignInit.pod index 5fadc82e6a..a3938d5800 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_DigestSignInit.pod +++ b/deps/openssl/openssl/doc/crypto/EVP_DigestSignInit.pod @@ -19,14 +19,16 @@ The EVP signature routines are a high level interface to digital signatures. EVP_DigestSignInit() sets up signing context B<ctx> to use digest B<type> from ENGINE B<impl> and private key B<pkey>. B<ctx> must be created with -EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL the +EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL, the EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can -be used to set alternative signing options. The digest B<type> may be NULL if -the signing algorithm supports it. +be used to set alternative signing options. Note that any existing value in +B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be freed +directly by the application (it will be freed automatically when the EVP_MD_CTX +is freed). The digest B<type> may be NULL if the signing algorithm supports it. Only EVP_PKEY types that support signing can be used with these functions. This includes MAC algorithms where the MAC generation is considered as a form of -"signing." Built-in EVP_PKEY types supported by these functions are CMAC, DSA, +"signing". Built-in EVP_PKEY types supported by these functions are CMAC, DSA, ECDSA, HMAC and RSA. Not all digests can be used for all key types. The following combinations apply. @@ -69,17 +71,17 @@ signature context B<ctx>. This function can be called several times on the same B<ctx> to include additional data. This function is currently implemented using a macro. -EVP_DigestSignFinal() signs the data in B<ctx> places the signature in B<sig>. +EVP_DigestSignFinal() signs the data in B<ctx> and places the signature in B<sig>. If B<sig> is B<NULL> then the maximum size of the output buffer is written to the B<siglen> parameter. If B<sig> is not B<NULL> then before the call the -B<siglen> parameter should contain the length of the B<sig> buffer, if the +B<siglen> parameter should contain the length of the B<sig> buffer. If the call is successful the signature is written to B<sig> and the amount of data written to B<siglen>. =head1 RETURN VALUES EVP_DigestSignInit() EVP_DigestSignUpdate() and EVP_DigestSignaFinal() return -1 for success and 0 or a negative value for failure. In particular a return +1 for success and 0 or a negative value for failure. In particular, a return value of -2 indicates the operation is not supported by the public key algorithm. @@ -103,7 +105,7 @@ The call to EVP_DigestSignFinal() internally finalizes a copy of the digest context. This means that calls to EVP_DigestSignUpdate() and EVP_DigestSignFinal() can be called later to digest and sign additional data. -Since only a copy of the digest context is ever finalized the context must +Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak will occur. diff --git a/deps/openssl/openssl/doc/crypto/EVP_DigestVerifyInit.pod b/deps/openssl/openssl/doc/crypto/EVP_DigestVerifyInit.pod index ce59422d3e..ff1153b644 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_DigestVerifyInit.pod +++ b/deps/openssl/openssl/doc/crypto/EVP_DigestVerifyInit.pod @@ -19,9 +19,12 @@ The EVP signature routines are a high level interface to digital signatures. EVP_DigestVerifyInit() sets up verification context B<ctx> to use digest B<type> from ENGINE B<impl> and public key B<pkey>. B<ctx> must be created -with EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL the +with EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL, the EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this -can be used to set alternative verification options. +can be used to set alternative verification options. Note that any existing +value in B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be +freed directly by the application (it will be freed automatically when the +EVP_MD_CTX is freed). EVP_DigestVerifyUpdate() hashes B<cnt> bytes of data at B<d> into the verification context B<ctx>. This function can be called several times on the @@ -62,7 +65,7 @@ The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data. -Since only a copy of the digest context is ever finalized the context must +Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak will occur. @@ -81,7 +84,7 @@ were first added to OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/OCSP_resp_find_status.pod b/deps/openssl/openssl/doc/crypto/OCSP_resp_find_status.pod index e014df500b..a4e3c1c2f0 100644 --- a/deps/openssl/openssl/doc/crypto/OCSP_resp_find_status.pod +++ b/deps/openssl/openssl/doc/crypto/OCSP_resp_find_status.pod @@ -6,6 +6,9 @@ OCSP_resp_get0_certs, OCSP_resp_get0_signer, OCSP_resp_get0_id, OCSP_resp_get0_produced_at, +OCSP_resp_get0_signature, +OCSP_resp_get0_tbs_sigalg, +OCSP_resp_get0_respdata, OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity, OCSP_basic_verify @@ -32,6 +35,9 @@ OCSP_basic_verify const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( const OCSP_BASICRESP* single); + const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); + const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); + const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, @@ -78,6 +84,12 @@ B<*revtime>, B<*thisupd> and B<*nextupd>. OCSP_resp_get0_produced_at() extracts the B<producedAt> field from the single response B<bs>. +OCSP_resp_get0_signature() returns the signature from B<bs>. + +OCSP_resp_get0_tbs_sigalg() returns the B<signatureAlgorithm> from B<bs>. + +OCSP_resp_get0_respdata() returns the B<tbsResponseData> from B<bs>. + OCSP_resp_get0_certs() returns any certificates included in B<bs>. OCSP_resp_get0_signer() attempts to retrieve the certificate that directly diff --git a/deps/openssl/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/deps/openssl/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod index f5429d217e..01623bac76 100644 --- a/deps/openssl/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod +++ b/deps/openssl/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod @@ -2,13 +2,14 @@ =head1 NAME -OPENSSL_VERSION_NUMBER, OpenSSL_version, +OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, OpenSSL_version, OpenSSL_version_num - get OpenSSL version number =head1 SYNOPSIS #include <openssl/opensslv.h> #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL + #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx" #include <openssl/crypto.h> @@ -45,6 +46,10 @@ Version 0.9.5a had an interim interpretation that is like the current one, except the patch level got the highest bit set, to keep continuity. The number was therefore 0x0090581f. +OPENSSL_VERSION_TEXT is the text variant of the version number and the +release date. For example, +"OpenSSL 1.0.1a 15 Oct 2015". + OpenSSL_version_num() returns the version number. OpenSSL_version() returns different strings depending on B<t>: diff --git a/deps/openssl/openssl/doc/crypto/RSA_meth_new.pod b/deps/openssl/openssl/doc/crypto/RSA_meth_new.pod index 9c89426a9a..8f6d428afc 100644 --- a/deps/openssl/openssl/doc/crypto/RSA_meth_new.pod +++ b/deps/openssl/openssl/doc/crypto/RSA_meth_new.pod @@ -58,9 +58,9 @@ RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen int padding)); /* Can be null */ int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) - (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); + (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); int RSA_meth_set_mod_exp(RSA_METHOD *rsa, - int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, + int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx)); /* Can be null */ int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) |