diff options
Diffstat (limited to 'deps/openssl/openssl/doc')
53 files changed, 561 insertions, 12 deletions
diff --git a/deps/openssl/openssl/doc/apps/asn1parse.pod b/deps/openssl/openssl/doc/apps/asn1parse.pod index 76a765daf9..a84dbc37dc 100644 --- a/deps/openssl/openssl/doc/apps/asn1parse.pod +++ b/deps/openssl/openssl/doc/apps/asn1parse.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-asn1parse, asn1parse - ASN.1 parsing tool =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/ca.pod b/deps/openssl/openssl/doc/apps/ca.pod index c90e6482e5..cc26bf48a3 100644 --- a/deps/openssl/openssl/doc/apps/ca.pod +++ b/deps/openssl/openssl/doc/apps/ca.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-ca, ca - sample minimal CA application =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/ciphers.pod b/deps/openssl/openssl/doc/apps/ciphers.pod index 35d40bbf27..fa16124d08 100644 --- a/deps/openssl/openssl/doc/apps/ciphers.pod +++ b/deps/openssl/openssl/doc/apps/ciphers.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-ciphers, ciphers - SSL cipher display and cipher list tool. =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/cms.pod b/deps/openssl/openssl/doc/apps/cms.pod index ac69804228..4a7783d47a 100644 --- a/deps/openssl/openssl/doc/apps/cms.pod +++ b/deps/openssl/openssl/doc/apps/cms.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-cms, cms - CMS utility =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/crl.pod b/deps/openssl/openssl/doc/apps/crl.pod index 044a9da915..cdced1c742 100644 --- a/deps/openssl/openssl/doc/apps/crl.pod +++ b/deps/openssl/openssl/doc/apps/crl.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-crl, crl - CRL utility =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/crl2pkcs7.pod b/deps/openssl/openssl/doc/apps/crl2pkcs7.pod index 3797bc0df4..18654c5afa 100644 --- a/deps/openssl/openssl/doc/apps/crl2pkcs7.pod +++ b/deps/openssl/openssl/doc/apps/crl2pkcs7.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-crl2pkcs7, crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates. =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/dgst.pod b/deps/openssl/openssl/doc/apps/dgst.pod index b27bb946b1..72d6c87fab 100644 --- a/deps/openssl/openssl/doc/apps/dgst.pod +++ b/deps/openssl/openssl/doc/apps/dgst.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-dgst, dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/dhparam.pod b/deps/openssl/openssl/doc/apps/dhparam.pod index 1cd4c76663..018d993508 100644 --- a/deps/openssl/openssl/doc/apps/dhparam.pod +++ b/deps/openssl/openssl/doc/apps/dhparam.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-dhparam, dhparam - DH parameter manipulation and generation =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/dsa.pod b/deps/openssl/openssl/doc/apps/dsa.pod index 8bf6cc9dca..77d66089be 100644 --- a/deps/openssl/openssl/doc/apps/dsa.pod +++ b/deps/openssl/openssl/doc/apps/dsa.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-dsa, dsa - DSA key processing =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/dsaparam.pod b/deps/openssl/openssl/doc/apps/dsaparam.pod index ba5ec4d72c..4469034913 100644 --- a/deps/openssl/openssl/doc/apps/dsaparam.pod +++ b/deps/openssl/openssl/doc/apps/dsaparam.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-dsaparam, dsaparam - DSA parameter manipulation and generation =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/ec.pod b/deps/openssl/openssl/doc/apps/ec.pod index 5c7b45d4e7..658eac5d50 100644 --- a/deps/openssl/openssl/doc/apps/ec.pod +++ b/deps/openssl/openssl/doc/apps/ec.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-ec, ec - EC key processing =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/ecparam.pod b/deps/openssl/openssl/doc/apps/ecparam.pod index 88e9d1e83d..ba2f3b9ae2 100644 --- a/deps/openssl/openssl/doc/apps/ecparam.pod +++ b/deps/openssl/openssl/doc/apps/ecparam.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-ecparam, ecparam - EC parameter manipulation and generation =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/enc.pod b/deps/openssl/openssl/doc/apps/enc.pod index 41791ad671..aceafcd4d5 100644 --- a/deps/openssl/openssl/doc/apps/enc.pod +++ b/deps/openssl/openssl/doc/apps/enc.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-enc, enc - symmetric cipher routines =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/errstr.pod b/deps/openssl/openssl/doc/apps/errstr.pod index b3c6ccfc9c..0dee51c844 100644 --- a/deps/openssl/openssl/doc/apps/errstr.pod +++ b/deps/openssl/openssl/doc/apps/errstr.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-errstr, errstr - lookup error codes =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/gendsa.pod b/deps/openssl/openssl/doc/apps/gendsa.pod index d9f56be890..2c8e5c86f2 100644 --- a/deps/openssl/openssl/doc/apps/gendsa.pod +++ b/deps/openssl/openssl/doc/apps/gendsa.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-gendsa, gendsa - generate a DSA private key from a set of parameters =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/genpkey.pod b/deps/openssl/openssl/doc/apps/genpkey.pod index 929edcd26f..4d09fc0937 100644 --- a/deps/openssl/openssl/doc/apps/genpkey.pod +++ b/deps/openssl/openssl/doc/apps/genpkey.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-genpkey, genpkey - generate a private key =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/genrsa.pod b/deps/openssl/openssl/doc/apps/genrsa.pod index f4ed9593ae..8be06834f5 100644 --- a/deps/openssl/openssl/doc/apps/genrsa.pod +++ b/deps/openssl/openssl/doc/apps/genrsa.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-genrsa, genrsa - generate an RSA private key =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/nseq.pod b/deps/openssl/openssl/doc/apps/nseq.pod index 989c3108fb..de441fa87a 100644 --- a/deps/openssl/openssl/doc/apps/nseq.pod +++ b/deps/openssl/openssl/doc/apps/nseq.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-nseq, nseq - create or examine a netscape certificate sequence =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/ocsp.pod b/deps/openssl/openssl/doc/apps/ocsp.pod index 1bb7958d20..9e2716f008 100644 --- a/deps/openssl/openssl/doc/apps/ocsp.pod +++ b/deps/openssl/openssl/doc/apps/ocsp.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-ocsp, ocsp - Online Certificate Status Protocol utility =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/passwd.pod b/deps/openssl/openssl/doc/apps/passwd.pod index f44982549b..7f74ce016d 100644 --- a/deps/openssl/openssl/doc/apps/passwd.pod +++ b/deps/openssl/openssl/doc/apps/passwd.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-passwd, passwd - compute password hashes =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/pkcs12.pod b/deps/openssl/openssl/doc/apps/pkcs12.pod index 744984838d..debc9ea27a 100644 --- a/deps/openssl/openssl/doc/apps/pkcs12.pod +++ b/deps/openssl/openssl/doc/apps/pkcs12.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-pkcs12, pkcs12 - PKCS#12 file utility =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/pkcs7.pod b/deps/openssl/openssl/doc/apps/pkcs7.pod index acfb8100f0..651e9371c1 100644 --- a/deps/openssl/openssl/doc/apps/pkcs7.pod +++ b/deps/openssl/openssl/doc/apps/pkcs7.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-pkcs7, pkcs7 - PKCS#7 utility =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/pkcs8.pod b/deps/openssl/openssl/doc/apps/pkcs8.pod index 6901f1f3f2..f741741e5a 100644 --- a/deps/openssl/openssl/doc/apps/pkcs8.pod +++ b/deps/openssl/openssl/doc/apps/pkcs8.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-pkcs8, pkcs8 - PKCS#8 format private key conversion tool =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/pkey.pod b/deps/openssl/openssl/doc/apps/pkey.pod index 4851223f3f..6db8a62383 100644 --- a/deps/openssl/openssl/doc/apps/pkey.pod +++ b/deps/openssl/openssl/doc/apps/pkey.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-pkey, pkey - public or private key processing tool =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/pkeyparam.pod b/deps/openssl/openssl/doc/apps/pkeyparam.pod index 154f6721af..27c10a6a74 100644 --- a/deps/openssl/openssl/doc/apps/pkeyparam.pod +++ b/deps/openssl/openssl/doc/apps/pkeyparam.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-pkeyparam, pkeyparam - public key algorithm parameter processing tool =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/pkeyutl.pod b/deps/openssl/openssl/doc/apps/pkeyutl.pod index 5da347c97d..78b3b02a7d 100644 --- a/deps/openssl/openssl/doc/apps/pkeyutl.pod +++ b/deps/openssl/openssl/doc/apps/pkeyutl.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-pkeyutl, pkeyutl - public key algorithm utility =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/rand.pod b/deps/openssl/openssl/doc/apps/rand.pod index d1d213ef43..94df10d939 100644 --- a/deps/openssl/openssl/doc/apps/rand.pod +++ b/deps/openssl/openssl/doc/apps/rand.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-rand, rand - generate pseudo-random bytes =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/req.pod b/deps/openssl/openssl/doc/apps/req.pod index 1682ba5143..20b2f39e90 100644 --- a/deps/openssl/openssl/doc/apps/req.pod +++ b/deps/openssl/openssl/doc/apps/req.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-req, req - PKCS#10 certificate request and certificate generating utility. =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/rsa.pod b/deps/openssl/openssl/doc/apps/rsa.pod index 21cbf8ee00..7e43e0f3d0 100644 --- a/deps/openssl/openssl/doc/apps/rsa.pod +++ b/deps/openssl/openssl/doc/apps/rsa.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-rsa, rsa - RSA key processing tool =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/rsautl.pod b/deps/openssl/openssl/doc/apps/rsautl.pod index 1a498c2f62..e16ce29cf6 100644 --- a/deps/openssl/openssl/doc/apps/rsautl.pod +++ b/deps/openssl/openssl/doc/apps/rsautl.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-rsautl, rsautl - RSA utility =head1 SYNOPSIS @@ -105,7 +106,7 @@ Recover the signed data Examine the raw signed data: - openssl rsautl -verify -in file -inkey key.pem -raw -hexdump + openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ diff --git a/deps/openssl/openssl/doc/apps/s_client.pod b/deps/openssl/openssl/doc/apps/s_client.pod index b45acbc5e3..d9413a0cf2 100644 --- a/deps/openssl/openssl/doc/apps/s_client.pod +++ b/deps/openssl/openssl/doc/apps/s_client.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-s_client, s_client - SSL/TLS client program =head1 SYNOPSIS @@ -197,12 +198,14 @@ Can be used to override the implicit B<-ign_eof> after B<-quiet>. =item B<-psk_identity identity> Use the PSK identity B<identity> when using a PSK cipher suite. +The default value is "Client_identity" (without the quotes). =item B<-psk key> Use the PSK key B<key> when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. +This option must be provided in order to use a PSK cipher. =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> diff --git a/deps/openssl/openssl/doc/apps/s_server.pod b/deps/openssl/openssl/doc/apps/s_server.pod index 1fe93ddfbe..9916fc3ef6 100644 --- a/deps/openssl/openssl/doc/apps/s_server.pod +++ b/deps/openssl/openssl/doc/apps/s_server.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-s_server, s_server - SSL/TLS server program =head1 SYNOPSIS @@ -219,6 +220,7 @@ Use the PSK identity hint B<hint> when using a PSK cipher suite. Use the PSK key B<key> when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. +This option must be provided in order to use a PSK cipher. =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> @@ -403,10 +405,6 @@ a web browser the command: can be used for example. -Most web browsers (in particular Netscape and MSIE) only support RSA cipher -suites, so they cannot connect to servers which don't use a certificate -carrying an RSA key or a version of OpenSSL with RSA disabled. - Although specifying an empty list of CAs when requesting a client certificate is strictly speaking a protocol violation, some SSL clients interpret this to mean any CA is acceptable. This is useful for debugging purposes. diff --git a/deps/openssl/openssl/doc/apps/s_time.pod b/deps/openssl/openssl/doc/apps/s_time.pod index 9082d876fe..1fa02800a4 100644 --- a/deps/openssl/openssl/doc/apps/s_time.pod +++ b/deps/openssl/openssl/doc/apps/s_time.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-s_time, s_time - SSL/TLS performance timing program =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/sess_id.pod b/deps/openssl/openssl/doc/apps/sess_id.pod index 9988d2cd3d..0771baef11 100644 --- a/deps/openssl/openssl/doc/apps/sess_id.pod +++ b/deps/openssl/openssl/doc/apps/sess_id.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-sess_id, sess_id - SSL/TLS session handling utility =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/smime.pod b/deps/openssl/openssl/doc/apps/smime.pod index 04a83ca8e4..fbf60da27f 100644 --- a/deps/openssl/openssl/doc/apps/smime.pod +++ b/deps/openssl/openssl/doc/apps/smime.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-smime, smime - S/MIME utility =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/speed.pod b/deps/openssl/openssl/doc/apps/speed.pod index 1cd1998d16..2bfe91e371 100644 --- a/deps/openssl/openssl/doc/apps/speed.pod +++ b/deps/openssl/openssl/doc/apps/speed.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-speed, speed - test library performance =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/spkac.pod b/deps/openssl/openssl/doc/apps/spkac.pod index 97fb80e401..b8a5477a06 100644 --- a/deps/openssl/openssl/doc/apps/spkac.pod +++ b/deps/openssl/openssl/doc/apps/spkac.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-spkac, spkac - SPKAC printing and generating utility =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/ts.pod b/deps/openssl/openssl/doc/apps/ts.pod index d6aa47d314..5da019b2eb 100644 --- a/deps/openssl/openssl/doc/apps/ts.pod +++ b/deps/openssl/openssl/doc/apps/ts.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-ts, ts - Time Stamping Authority tool (client/server) =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/tsget.pod b/deps/openssl/openssl/doc/apps/tsget.pod index 56db985c4b..4856c850d8 100644 --- a/deps/openssl/openssl/doc/apps/tsget.pod +++ b/deps/openssl/openssl/doc/apps/tsget.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-tsget, tsget - Time Stamping HTTP/HTTPS client =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/verify.pod b/deps/openssl/openssl/doc/apps/verify.pod index b3767325ae..321d5ac7e1 100644 --- a/deps/openssl/openssl/doc/apps/verify.pod +++ b/deps/openssl/openssl/doc/apps/verify.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-verify, verify - Utility to verify certificates. =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/version.pod b/deps/openssl/openssl/doc/apps/version.pod index 58f543bc3e..675b0f84d6 100644 --- a/deps/openssl/openssl/doc/apps/version.pod +++ b/deps/openssl/openssl/doc/apps/version.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-version, version - print OpenSSL version information =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/apps/x509.pod b/deps/openssl/openssl/doc/apps/x509.pod index 1479a74957..d50625862a 100644 --- a/deps/openssl/openssl/doc/apps/x509.pod +++ b/deps/openssl/openssl/doc/apps/x509.pod @@ -3,6 +3,7 @@ =head1 NAME +openssl-x509, x509 - Certificate display and signing utility =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/crypto/BN_bn2bin.pod b/deps/openssl/openssl/doc/crypto/BN_bn2bin.pod index 3bed47f8f1..f6bb484f90 100644 --- a/deps/openssl/openssl/doc/crypto/BN_bn2bin.pod +++ b/deps/openssl/openssl/doc/crypto/BN_bn2bin.pod @@ -70,8 +70,9 @@ BN_bn2bin() returns the length of the big-endian number placed at B<to>. BN_bin2bn() returns the B<BIGNUM>, NULL on error. BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL -on error. BN_hex2bn() and BN_dec2bn() return the number's length in -hexadecimal or decimal digits, and 0 on error. +on error. BN_hex2bn() and BN_dec2bn() return the number of characters +used in parsing, or 0 on error, in which +case no new B<BIGNUM> will be created. BN_print_fp() and BN_print() return 1 on success, 0 on write errors. diff --git a/deps/openssl/openssl/doc/crypto/BN_new.pod b/deps/openssl/openssl/doc/crypto/BN_new.pod index ab7a105e3a..d446603191 100644 --- a/deps/openssl/openssl/doc/crypto/BN_new.pod +++ b/deps/openssl/openssl/doc/crypto/BN_new.pod @@ -30,10 +30,12 @@ to the value 0. BN_free() frees the components of the B<BIGNUM>, and if it was created by BN_new(), also the structure itself. BN_clear_free() additionally overwrites the data before the memory is returned to the system. +If B<a> is NULL, nothing is done. =head1 RETURN VALUES -BN_new() returns a pointer to the B<BIGNUM>. If the allocation fails, +BN_new() returns a pointer to the B<BIGNUM> initialised to the value 0. +If the allocation fails, it returns B<NULL> and sets an error code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. diff --git a/deps/openssl/openssl/doc/crypto/EVP_EncryptInit.pod b/deps/openssl/openssl/doc/crypto/EVP_EncryptInit.pod index 0c0a30c1ff..dc9a2d76c5 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_EncryptInit.pod +++ b/deps/openssl/openssl/doc/crypto/EVP_EncryptInit.pod @@ -395,8 +395,7 @@ processed (e.g. after an EVP_EncryptFinal() call). EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag); Sets the expected tag to B<taglen> bytes from B<tag>. This call is only legal -when decrypting data and must be made B<before> any data is processed (e.g. -before any EVP_DecryptUpdate() call). +when decrypting data. =head1 CCM Mode diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_meth_new.pod b/deps/openssl/openssl/doc/crypto/EVP_PKEY_meth_new.pod new file mode 100644 index 0000000000..041492a8f0 --- /dev/null +++ b/deps/openssl/openssl/doc/crypto/EVP_PKEY_meth_new.pod @@ -0,0 +1,376 @@ +=pod + +=head1 NAME + +EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, +EVP_PKEY_meth_add0, EVP_PKEY_METHOD, +EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, +EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, +EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, +EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, +EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, +EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, +EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, +EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, +EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, +EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl +- manipulating EVP_PKEY_METHOD structure + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + typedef struct evp_pkey_method_st EVP_PKEY_METHOD; + + EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); + void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); + void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); + const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); + int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); + + void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init) (EVP_PKEY_CTX *ctx)); + void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, + int (*copy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, + void (*cleanup) (EVP_PKEY_CTX *ctx)); + void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, + int (*paramgen_init) (EVP_PKEY_CTX *ctx), + int (*paramgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, + int (*keygen_init) (EVP_PKEY_CTX *ctx), + int (*keygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, + int (*sign_init) (EVP_PKEY_CTX *ctx), + int (*sign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, + int (*verify_init) (EVP_PKEY_CTX *ctx), + int (*verify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, + int (*verify_recover_init) (EVP_PKEY_CTX + *ctx), + int (*verify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, + int (*signctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*signctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*verifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, + int (*encrypt_init) (EVP_PKEY_CTX *ctx), + int (*encryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, + int (*decrypt_init) (EVP_PKEY_CTX *ctx), + int (*decrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, + int (*derive_init) (EVP_PKEY_CTX *ctx), + int (*derive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (*ctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + + void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, + int (**pinit) (EVP_PKEY_CTX *ctx)); + void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, + int (**pcopy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, + void (**pcleanup) (EVP_PKEY_CTX *ctx)); + void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, + int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, + int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, + int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, + int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX + *ctx), + int (**pverify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, + int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, + int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, + int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + +=head1 DESCRIPTION + +B<EVP_PKEY_METHOD> is a structure which holds a set of methods for a +specific public key cryptographic algorithm. Those methods are usually +used to perform different jobs, such as generating a key, signing or +verifying, encrypting or decrypting, etc. + +There are two places where the B<EVP_PKEY_METHOD> objects are stored: one +is a built-in static array representing the standard methods for different +algorithms, and the other one is a stack of user-defined application-specific +methods, which can be manipulated by using L<EVP_PKEY_meth_add0(3)>. + +The B<EVP_PKEY_METHOD> objects are usually referenced by B<EVP_PKEY_CTX> +objects. + +=head2 Methods + +The methods are the underlying implementations of a particular public key +algorithm present by the B<EVP_PKEY_CTX> object. + + int (*init) (EVP_PKEY_CTX *ctx); + int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); + void (*cleanup) (EVP_PKEY_CTX *ctx); + +The init() method is called to initialize algorithm-specific data when a new +B<EVP_PKEY_CTX> is created. As opposed to init(), the cleanup() method is called +when an B<EVP_PKEY_CTX> is freed. The copy() method is called when an B<EVP_PKEY_CTX> +is being duplicated. Refer to L<EVP_PKEY_CTX_new(3)>, L<EVP_PKEY_CTX_new_id(3)>, +L<EVP_PKEY_CTX_free(3)> and L<EVP_PKEY_CTX_dup(3)>. + + int (*paramgen_init) (EVP_PKEY_CTX *ctx); + int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); + +The paramgen_init() and paramgen() methods deal with key parameter generation. +They are called by L<EVP_PKEY_paramgen_init(3)> and L<EVP_PKEY_paramgen(3)> to +handle the parameter generation process. + + int (*keygen_init) (EVP_PKEY_CTX *ctx); + int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); + +The keygen_init() and keygen() methods are used to generate the actual key for +the specified algorithm. They are called by L<EVP_PKEY_keygen_init(3)> and +L<EVP_PKEY_keygen(3)>. + + int (*sign_init) (EVP_PKEY_CTX *ctx); + int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + +The sign_init() and sign() methods are used to generate the signature of a +piece of data using a private key. They are called by L<EVP_PKEY_sign_init(3)> +and L<EVP_PKEY_sign(3)>. + + int (*verify_init) (EVP_PKEY_CTX *ctx); + int (*verify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); + +The verify_init() and verify() methods are used to verify whether a signature is +valid. They are called by L<EVP_PKEY_verify_init(3)> and L<EVP_PKEY_verify(3)>. + + int (*verify_recover_init) (EVP_PKEY_CTX *ctx); + int (*verify_recover) (EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); + +The verify_recover_init() and verify_recover() methods are used to verify a +signature and then recover the digest from the signature (for instance, a +signature that was generated by RSA signing algorithm). They are called by +L<EVP_PKEY_verify_recover_init(3)> and L<EVP_PKEY_verify_recover(3)>. + + int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); + int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx); + +The signctx_init() and signctx() methods are used to sign a digest present by +a B<EVP_MD_CTX> object. They are called by the EVP_DigestSign functions. See +L<EVP_DigestSignInit(3)> for detail. + + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); + int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, + EVP_MD_CTX *mctx); + +The verifyctx_init() and verifyctx() methods are used to verify a signature +against the data in a B<EVP_MD_CTX> object. They are called by the various +EVP_DigestVerify functions. See L<EVP_DigestVerifyInit(3)> for detail. + + int (*encrypt_init) (EVP_PKEY_CTX *ctx); + int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +The encrypt_init() and encrypt() methods are used to encrypt a piece of data. +They are called by L<EVP_PKEY_encrypt_init(3)> and L<EVP_PKEY_encrypt(3)>. + + int (*decrypt_init) (EVP_PKEY_CTX *ctx); + int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +The decrypt_init() and decrypt() methods are used to decrypt a piece of data. +They are called by L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)>. + + int (*derive_init) (EVP_PKEY_CTX *ctx); + int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +The derive_init() and derive() methods are used to derive the shared secret +from a public key algorithm (for instance, the DH algorithm). They are called by +L<EVP_PKEY_derive_init(3)> and L<EVP_PKEY_derive(3)>. + + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); + int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); + +The ctrl() and ctrl_str() methods are used to adjust algorithm-specific +settings. See L<EVP_PKEY_CTX_ctrl(3)> and related functions for detail. + + int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen); + +The digestsign() and digestverify() methods are used to generate or verify +a signature in a one-shot mode. They could be called by L<EVP_DigetSign(3)> +and L<EVP_DigestVerify(3)>. + +=head2 Functions + +EVP_PKEY_meth_new() creates and returns a new B<EVP_PKEY_METHOD> object, +and associates the given B<id> and B<flags>. The following flags are +supported: + + EVP_PKEY_FLAG_AUTOARGLEN + EVP_PKEY_FLAG_SIGCTX_CUSTOM + +If an B<EVP_PKEY_METHOD> is set with the B<EVP_PKEY_FLAG_AUTOARGLEN> flag, the +maximum size of the output buffer will be automatically calculated or checked +in corresponding EVP methods by the EVP framework. Thus the implementations of +these methods don't need to care about handling the case of returning output +buffer size by themselves. For details on the output buffer size, refer to +L<EVP_PKEY_sign(3)>. + +The B<EVP_PKEY_FLAG_SIGCTX_CUSTOM> is used to indicate the signctx() method +of an B<EVP_PKEY_METHOD> is always called by the EVP framework while doing a +digest signing operation by calling L<EVP_DigestSignFinal(3)>. + +EVP_PKEY_meth_free() frees an existing B<EVP_PKEY_METHOD> pointed by +B<pmeth>. + +EVP_PKEY_meth_copy() copies an B<EVP_PKEY_METHOD> object from B<src> +to B<dst>. + +EVP_PKEY_meth_find() finds an B<EVP_PKEY_METHOD> object with the B<id>. +This function first searches through the user-defined method objects and +then the built-in objects. + +EVP_PKEY_meth_add0() adds B<pmeth> to the user defined stack of methods. + +The EVP_PKEY_meth_set functions set the corresponding fields of +B<EVP_PKEY_METHOD> structure with the arguments passed. + +The EVP_PKEY_meth_get functions get the corresponding fields of +B<EVP_PKEY_METHOD> structure to the arguments provided. + +=head1 RETURN VALUES + +EVP_PKEY_meth_new() returns a pointer to a new B<EVP_PKEY_METHOD> +object or returns NULL on error. + +EVP_PKEY_meth_free() and EVP_PKEY_meth_copy() do not return values. + +EVP_PKEY_meth_find() returns a pointer to the found B<EVP_PKEY_METHOD> +object or returns NULL if not found. + +EVP_PKEY_meth_add0() returns 1 if method is added successfully or 0 +if an error occurred. + +All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return +values. For the 'get' functions, function pointers are returned by +arguments. + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/deps/openssl/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod index b8f678fe72..f20f815d47 100644 --- a/deps/openssl/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod +++ b/deps/openssl/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod @@ -104,6 +104,13 @@ The RSA_padding_check_xxx() functions return the length of the recovered data, -1 on error. Error codes can be obtained by calling L<ERR_get_error(3)|ERR_get_error(3)>. +=head1 WARNING + +The RSA_padding_check_PKCS1_type_2() padding check leaks timing +information which can potentially be used to mount a Bleichenbacher +padding oracle attack. This is an inherent weakness in the PKCS #1 +v1.5 padding design. Prefer PKCS1_OAEP padding. + =head1 SEE ALSO L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>, diff --git a/deps/openssl/openssl/doc/crypto/RSA_public_encrypt.pod b/deps/openssl/openssl/doc/crypto/RSA_public_encrypt.pod index 0541f348b3..4d7c1f2cac 100644 --- a/deps/openssl/openssl/doc/crypto/RSA_public_encrypt.pod +++ b/deps/openssl/openssl/doc/crypto/RSA_public_encrypt.pod @@ -67,6 +67,13 @@ recovered plaintext. On error, -1 is returned; the error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +=head1 WARNING + +Decryption failures in the RSA_PKCS1_PADDING mode leak information +which can potentially be used to mount a Bleichenbacher padding oracle +attack. This is an inherent weakness in the PKCS #1 v1.5 padding +design. Prefer RSA_PKCS1_OAEP_PADDING. + =head1 CONFORMING TO SSL, PKCS #1 v2.0 diff --git a/deps/openssl/openssl/doc/crypto/X509_check_private_key.pod b/deps/openssl/openssl/doc/crypto/X509_check_private_key.pod new file mode 100644 index 0000000000..a1fb07b109 --- /dev/null +++ b/deps/openssl/openssl/doc/crypto/X509_check_private_key.pod @@ -0,0 +1,54 @@ +=pod + +=head1 NAME + +X509_check_private_key, X509_REQ_check_private_key - check the consistency +of a private key with the public key in an X509 certificate or certificate +request + +=head1 SYNOPSIS + + #include <openssl/x509.h> + + int X509_check_private_key(X509 *x, EVP_PKEY *k); + + int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k); + +=head1 DESCRIPTION + +X509_check_private_key() function checks the consistency of private +key B<k> with the public key in B<x>. + +X509_REQ_check_private_key() is equivalent to X509_check_private_key() +except that B<x> represents a certificate request of structure B<X509_REQ>. + +=head1 RETURN VALUE + +X509_check_private_key() and X509_REQ_check_private_key() return 1 if +the keys match each other, and 0 if not. + +If the key is invalid or an error occurred, the reason code can be +obtained using L<ERR_get_error(3)>. + +=head1 BUGS + +The B<check_private_key> functions don't check if B<k> itself is indeed +a private key or not. It merely compares the public materials (e.g. exponent +and modulus of an RSA key) and/or key parameters (e.g. EC params of an EC key) +of a key pair. So if you pass a public key to these functions in B<k>, it will +return success. + +=head1 SEE ALSO + +L<ERR_get_error(3)> + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/hmac.pod b/deps/openssl/openssl/doc/crypto/hmac.pod index 2c8f20a201..ca9798af62 100644 --- a/deps/openssl/openssl/doc/crypto/hmac.pod +++ b/deps/openssl/openssl/doc/crypto/hmac.pod @@ -38,7 +38,8 @@ B<key_len> bytes long. It places the result in B<md> (which must have space for the output of the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes). If B<md> is NULL, the digest is placed in a static array. The size of -the output is placed in B<md_len>, unless it is B<NULL>. +the output is placed in B<md_len>, unless it is B<NULL>. Note: passing a NULL +value for B<md> to use the static array is not thread safe. B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc. diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod b/deps/openssl/openssl/doc/ssl/SSL_CTX_set_tlsext_servername_callback.pod index 3b0a50956d..3b0a50956d 100644 --- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod +++ b/deps/openssl/openssl/doc/ssl/SSL_CTX_set_tlsext_servername_callback.pod diff --git a/deps/openssl/openssl/doc/ssl/SSL_export_keying_material.pod b/deps/openssl/openssl/doc/ssl/SSL_export_keying_material.pod new file mode 100644 index 0000000000..ccb99ec9a8 --- /dev/null +++ b/deps/openssl/openssl/doc/ssl/SSL_export_keying_material.pod @@ -0,0 +1,61 @@ +=pod + +=head1 NAME + +SSL_export_keying_material - obtain keying material for application use + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context); + +=head1 DESCRIPTION + +During the creation of a TLS or DTLS connection shared keying material is +established between the two endpoints. The function SSL_export_keying_material() +enables an application to use some of this keying material for its own purposes +in accordance with RFC5705. + +An application may need to securely establish the context within which this +keying material will be used. For example this may include identifiers for the +application session, application algorithms or parameters, or the lifetime of +the context. The context value is left to the application but must be the same +on both sides of the communication. + +For a given SSL connection B<s>, B<olen> bytes of data will be written to +B<out>. The application specific context should be supplied in the location +pointed to by B<context> and should be B<contextlen> bytes long. Provision of +a context is optional. If the context should be omitted entirely then +B<use_context> should be set to 0. Otherwise it should be any other value. If +B<use_context> is 0 then the values of B<context> and B<contextlen> are ignored. +Note that a zero length context is treated differently to no context at all, and +will result in different keying material being returned. + +An application specific label should be provided in the location pointed to by +B<label> and should be B<llen> bytes long. Typically this will be a value from +the IANA Exporter Label Registry +(L<https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels>). +Alternatively labels beginning with "EXPERIMENTAL" are permitted by the standard +to be used without registration. + +Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and +above. Attempting to use it in SSLv3 will result in an error. + +=head1 RETURN VALUES + +SSL_export_keying_material() returns 0 or -1 on failure or 1 on success. + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_set_connect_state.pod b/deps/openssl/openssl/doc/ssl/SSL_set_connect_state.pod index d88a057def..14facc6a57 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_set_connect_state.pod +++ b/deps/openssl/openssl/doc/ssl/SSL_set_connect_state.pod @@ -25,7 +25,7 @@ it was either assigned a dedicated client method, a dedicated server method, or a generic method, that can be used for both client and server connections. (The method might have been changed with L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> or -SSL_set_ssl_method().) +SSL_set_ssl_method(3).) When beginning a new handshake, the SSL engine must know whether it must call the connect (client) or accept (server) routines. Even though it may |