diff options
Diffstat (limited to 'lib')
46 files changed, 287 insertions, 193 deletions
diff --git a/lib/libcrypto/doc/DH_generate_key.pod b/lib/libcrypto/doc/DH_generate_key.pod index 81f09fdf45e..148e13762b7 100644 --- a/lib/libcrypto/doc/DH_generate_key.pod +++ b/lib/libcrypto/doc/DH_generate_key.pod @@ -40,7 +40,8 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. =head1 SEE ALSO -L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)> +L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, +L<DH_size(3)|DH_size(3)> =head1 HISTORY diff --git a/lib/libcrypto/doc/DH_generate_parameters.pod b/lib/libcrypto/doc/DH_generate_parameters.pod index 862aa0c39ac..d19e0217ee7 100644 --- a/lib/libcrypto/doc/DH_generate_parameters.pod +++ b/lib/libcrypto/doc/DH_generate_parameters.pod @@ -23,11 +23,11 @@ seeded prior to calling DH_generate_parameters(). B<prime_len> is the length in bits of the safe prime to be generated. B<generator> is a small number E<gt> 1, typically 2 or 5. -A callback function may be used to provide feedback about the progress -of the key generation. If B<callback> is not B<NULL>, it will be -called as described in L<BN_generate_prime(3)|BN_generate_prime(3)> while a random prime -number is generated, and when a prime has been found, B<callback(3, -0, cb_arg)> is called. +A callback function may be used to provide feedback about the progress of the +key generation. If B<callback> is not B<NULL>, it will be called as described +in L<BN_generate_prime(3)|BN_generate_prime(3)> while a random prime number is +generated, and when a prime has been found, B<callback(3, 0, cb_arg)> is +called. DH_check() validates Diffie-Hellman parameters. It checks that B<p> is a safe prime, and that B<g> is a suitable generator. In the case of an diff --git a/lib/libcrypto/doc/DH_get_ex_new_index.pod b/lib/libcrypto/doc/DH_get_ex_new_index.pod index fa5eab26502..934ec094bbc 100644 --- a/lib/libcrypto/doc/DH_get_ex_new_index.pod +++ b/lib/libcrypto/doc/DH_get_ex_new_index.pod @@ -2,7 +2,8 @@ =head1 NAME -DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data - add application specific data to DH structures +DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data - add application specific +data to DH structures =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/DH_new.pod b/lib/libcrypto/doc/DH_new.pod index 60c930093e0..d6c3ca82b5f 100644 --- a/lib/libcrypto/doc/DH_new.pod +++ b/lib/libcrypto/doc/DH_new.pod @@ -21,9 +21,9 @@ erased before the memory is returned to the system. =head1 RETURN VALUES -If the allocation fails, DH_new() returns B<NULL> and sets an error -code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns -a pointer to the newly allocated structure. +If the allocation fails, DH_new() returns B<NULL> and sets an error code that +can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a +pointer to the newly allocated structure. DH_free() returns no value. diff --git a/lib/libcrypto/doc/DSA_get_ex_new_index.pod b/lib/libcrypto/doc/DSA_get_ex_new_index.pod index fb6efc11826..e2fcabf3705 100644 --- a/lib/libcrypto/doc/DSA_get_ex_new_index.pod +++ b/lib/libcrypto/doc/DSA_get_ex_new_index.pod @@ -2,7 +2,8 @@ =head1 NAME -DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data - add application specific data to DSA structures +DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data - add application +specific data to DSA structures =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/DSA_set_method.pod b/lib/libcrypto/doc/DSA_set_method.pod index 5ad7362f589..707370adf76 100644 --- a/lib/libcrypto/doc/DSA_set_method.pod +++ b/lib/libcrypto/doc/DSA_set_method.pod @@ -103,8 +103,8 @@ B<DSA_METHOD>s. DSA_set_default_method() returns no value. -DSA_set_method() returns non-zero if the provided B<meth> was successfully set as -the method for B<dsa> (including unloading the ENGINE handle if the previous +DSA_set_method() returns non-zero if the provided B<meth> was successfully set +as the method for B<dsa> (including unloading the ENGINE handle if the previous method was supplied by an ENGINE). DSA_new_method() returns NULL and sets an error code that can be @@ -117,8 +117,8 @@ As of version 0.9.7, DSA_METHOD implementations are grouped together with other algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a default ENGINE is specified for DSA functionality using an ENGINE API function, that will override any DSA defaults set using the DSA API (ie. -DSA_set_default_method()). For this reason, the ENGINE API is the recommended way -to control default implementations for use in DSA and other cryptographic +DSA_set_default_method()). For this reason, the ENGINE API is the recommended +way to control default implementations for use in DSA and other cryptographic algorithms. =head1 SEE ALSO diff --git a/lib/libcrypto/doc/EVP_DigestInit.pod b/lib/libcrypto/doc/EVP_DigestInit.pod index dcc5d73f690..2ff01b9c7c8 100644 --- a/lib/libcrypto/doc/EVP_DigestInit.pod +++ b/lib/libcrypto/doc/EVP_DigestInit.pod @@ -4,12 +4,12 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, -EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, -EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, -EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_sha224, EVP_sha256, -EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2, -EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - -EVP digest routines +EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, +EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, +EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha, +EVP_sha1, EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, +EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, +EVP_get_digestbyobj - EVP digest routines =head1 SYNOPSIS @@ -127,11 +127,11 @@ normally used when setting ASN1 OIDs. EVP_MD_CTX_md() returns the B<EVP_MD> structure corresponding to the passed B<EVP_MD_CTX>. -EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated -with this digest. For example EVP_sha1() is associated with RSA so this will -return B<NID_sha1WithRSAEncryption>. Since digests and signature algorithms -are no longer linked this function is only retained for compatibility -reasons. +EVP_MD_pkey_type() returns the NID of the public key signing algorithm +associated with this digest. For example EVP_sha1() is associated with RSA so +this will return B<NID_sha1WithRSAEncryption>. Since digests and signature +algorithms are no longer linked this function is only retained for +compatibility reasons. EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B<EVP_MD> diff --git a/lib/libcrypto/doc/EVP_DigestSignInit.pod b/lib/libcrypto/doc/EVP_DigestSignInit.pod index 11e8f6f9370..7aec6daeccd 100644 --- a/lib/libcrypto/doc/EVP_DigestSignInit.pod +++ b/lib/libcrypto/doc/EVP_DigestSignInit.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing functions +EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing +functions =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/EVP_DigestVerifyInit.pod b/lib/libcrypto/doc/EVP_DigestVerifyInit.pod index 819e0d4b9fb..60666bfddc3 100644 --- a/lib/libcrypto/doc/EVP_DigestVerifyInit.pod +++ b/lib/libcrypto/doc/EVP_DigestVerifyInit.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP signature verification functions +EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP +signature verification functions =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/EVP_EncryptInit.pod b/lib/libcrypto/doc/EVP_EncryptInit.pod index 84875e0fe09..d42445cf104 100644 --- a/lib/libcrypto/doc/EVP_EncryptInit.pod +++ b/lib/libcrypto/doc/EVP_EncryptInit.pod @@ -239,11 +239,13 @@ RC5 can be set. EVP_EncryptInit_ex(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex() return 1 for success and 0 for failure. -EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure. -EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success. +EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for +failure. EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for +success. -EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for failure. -EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success. +EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for +failure. EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for +success. EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure. @@ -285,11 +287,13 @@ Null cipher: does nothing. DES in CBC, ECB, CFB and OFB modes respectively. -=item EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), EVP_des_ede_cfb(void) +=item EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), +EVP_des_ede_cfb(void) Two key triple DES in CBC, ECB, CFB and OFB modes respectively. -=item EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void) +=item EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), +EVP_des_ede3_cfb(void) Three key triple DES in CBC, ECB, CFB and OFB modes respectively. @@ -299,44 +303,49 @@ DESX algorithm in CBC mode. =item EVP_rc4(void) -RC4 stream cipher. This is a variable key length cipher with default key length 128 bits. +RC4 stream cipher. This is a variable key length cipher with default key length +128 bits. =item EVP_rc4_40(void) -RC4 stream cipher with 40 bit key length. This is obsolete and new code should use EVP_rc4() -and the EVP_CIPHER_CTX_set_key_length() function. +RC4 stream cipher with 40 bit key length. This is obsolete and new code should +use EVP_rc4() and the EVP_CIPHER_CTX_set_key_length() function. -=item EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void) +=item EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), +EVP_idea_ofb(void), EVP_idea_cbc(void) IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively. =item EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void) -RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key -length cipher with an additional parameter called "effective key bits" or "effective key length". -By default both are set to 128 bits. +RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a +variable key length cipher with an additional parameter called "effective key +bits" or "effective key length". By default both are set to 128 bits. =item EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void) -RC2 algorithm in CBC mode with a default key length and effective key length of 40 and 64 bits. -These are obsolete and new code should use EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length() and -EVP_CIPHER_CTX_ctrl() to set the key length and effective key length. +RC2 algorithm in CBC mode with a default key length and effective key length of +40 and 64 bits. These are obsolete and new code should use EVP_rc2_cbc(), +EVP_CIPHER_CTX_set_key_length() and EVP_CIPHER_CTX_ctrl() to set the key length +and effective key length. =item EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void); -Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key -length cipher. +Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This +is a variable key length cipher. -=item EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void) +=item EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), +EVP_cast5_ofb(void) -CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key -length cipher. +CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is +a variable key length cipher. -=item EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void) +=item EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), +EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void) -RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key length -cipher with an additional "number of rounds" parameter. By default the key length is set to 128 -bits and 12 rounds. +RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a +variable key length cipher with an additional "number of rounds" parameter. By +default the key length is set to 128 bits and 12 rounds. =back diff --git a/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod b/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod index e8d1ddda75a..ba6e51100b5 100644 --- a/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod +++ b/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod @@ -65,14 +65,15 @@ RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and decrypt only), RSA_X931_PADDING for X9.31 padding (signature operations only) and RSA_PKCS1_PSS_PADDING (sign and verify only). -Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md() -is used. If this macro is called for PKCS#1 padding the plaintext buffer is -an actual digest value and is encapsulated in a DigestInfo structure according -to PKCS#1 when signing and this structure is expected (and stripped off) when +Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md() is +used. If this macro is called for PKCS#1 padding the plaintext buffer is an +actual digest value and is encapsulated in a DigestInfo structure according to +PKCS#1 when signing and this structure is expected (and stripped off) when verifying. If this control is not used with RSA and PKCS#1 padding then the supplied data is used directly and not encapsulated. In the case of X9.31 padding for RSA the algorithm identifier byte is added or checked and removed -if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte. +if this control is called. If it is not called then the first byte of the +plaintext buffer is expected to be the algorithm identifier byte. The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro sets the RSA PSS salt length to B<len> as its name implies it is only supported for PSS padding. Two special diff --git a/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod b/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod index a9af8675801..9822d6806ff 100644 --- a/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod +++ b/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free - public key algorithm context functions. +EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free - +public key algorithm context functions. =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/EVP_PKEY_cmp.pod b/lib/libcrypto/doc/EVP_PKEY_cmp.pod index 41452452992..c3892160866 100644 --- a/lib/libcrypto/doc/EVP_PKEY_cmp.pod +++ b/lib/libcrypto/doc/EVP_PKEY_cmp.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, EVP_PKEY_cmp - public key parameter and comparison functions +EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, +EVP_PKEY_cmp - public key parameter and comparison functions =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/EVP_PKEY_derive.pod b/lib/libcrypto/doc/EVP_PKEY_derive.pod index de877ead1a0..2424ce0e54c 100644 --- a/lib/libcrypto/doc/EVP_PKEY_derive.pod +++ b/lib/libcrypto/doc/EVP_PKEY_derive.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive - derive public key algorithm shared secret. +EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive - derive public +key algorithm shared secret. =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/EVP_PKEY_keygen.pod b/lib/libcrypto/doc/EVP_PKEY_keygen.pod index b6102da036c..378fb310ffd 100644 --- a/lib/libcrypto/doc/EVP_PKEY_keygen.pod +++ b/lib/libcrypto/doc/EVP_PKEY_keygen.pod @@ -2,7 +2,10 @@ =head1 NAME -EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data - key and parameter generation functions +EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, +EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, +EVP_PKEY_CTX_get_keygen_info, EVP_PKEVP_PKEY_CTX_set_app_data, +EVP_PKEY_CTX_get_app_data - key and parameter generation functions =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/EVP_PKEY_print_private.pod b/lib/libcrypto/doc/EVP_PKEY_print_private.pod index c9b7a898217..eabbaed264a 100644 --- a/lib/libcrypto/doc/EVP_PKEY_print_private.pod +++ b/lib/libcrypto/doc/EVP_PKEY_print_private.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public key algorithm printing routines. +EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public +key algorithm printing routines. =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod b/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod index 8afb1b22e18..c2031c3d0b7 100644 --- a/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod +++ b/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod @@ -4,8 +4,8 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, -EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, -EVP_PKEY_type - EVP_PKEY assignment functions. +EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, +EVP_PKEY_assign_EC_KEY, EVP_PKEY_type - EVP_PKEY assignment functions. =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/EVP_PKEY_verify.pod b/lib/libcrypto/doc/EVP_PKEY_verify.pod index f7ae4f9ebe7..ba317b4e7bc 100644 --- a/lib/libcrypto/doc/EVP_PKEY_verify.pod +++ b/lib/libcrypto/doc/EVP_PKEY_verify.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public key algorithm +EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public +key algorithm =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod b/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod index 00d53db783a..4debf7bff04 100644 --- a/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod +++ b/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using a public key algorithm +EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using +a public key algorithm =head1 SYNOPSIS @@ -45,7 +46,8 @@ context if several operations are performed using the same parameters. =head1 RETURN VALUES -EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() return 1 for success +EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() return 1 for +success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm. diff --git a/lib/libcrypto/doc/EVP_VerifyInit.pod b/lib/libcrypto/doc/EVP_VerifyInit.pod index 0ffb0a80775..c665ee2ebc9 100644 --- a/lib/libcrypto/doc/EVP_VerifyInit.pod +++ b/lib/libcrypto/doc/EVP_VerifyInit.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification functions +EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification +functions =head1 SYNOPSIS @@ -38,8 +39,8 @@ implementation of digest B<type>. EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for failure. -EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some -other error occurred. +EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if +some other error occurred. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. diff --git a/lib/libcrypto/doc/OBJ_nid2obj.pod b/lib/libcrypto/doc/OBJ_nid2obj.pod index 458ef025f07..b2b8af990c0 100644 --- a/lib/libcrypto/doc/OBJ_nid2obj.pod +++ b/lib/libcrypto/doc/OBJ_nid2obj.pod @@ -2,9 +2,9 @@ =head1 NAME -OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, -OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup - ASN1 object utility -functions +OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, +OBJ_sn2nid, OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup +- ASN1 object utility functions =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod b/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod index c39ac35e78a..2f63a18a71d 100644 --- a/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod +++ b/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod @@ -94,8 +94,8 @@ L<crypto(3)|crypto(3)> =head1 HISTORY -SSLeay() and SSLEAY_VERSION_NUMBER are available in all versions of SSLeay and OpenSSL. -OPENSSL_VERSION_NUMBER is available in all versions of OpenSSL. +SSLeay() and SSLEAY_VERSION_NUMBER are available in all versions of SSLeay and +OpenSSL. OPENSSL_VERSION_NUMBER is available in all versions of OpenSSL. B<SSLEAY_DIR> was added in OpenSSL 0.9.7. =cut diff --git a/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod b/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod index e63411b5bba..cc6c07fa244 100644 --- a/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod +++ b/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod @@ -39,24 +39,24 @@ None of the functions return a value. A typical application will call OpenSSL_add_all_algorithms() initially and EVP_cleanup() before exiting. -An application does not need to add algorithms to use them explicitly, for example -by EVP_sha1(). It just needs to add them if it (or any of the functions it calls) -needs to lookup algorithms. +An application does not need to add algorithms to use them explicitly, for +example by EVP_sha1(). It just needs to add them if it (or any of the functions +it calls) needs to lookup algorithms. -The cipher and digest lookup functions are used in many parts of the library. If -the table is not initialized several functions will misbehave and complain they -cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries. -This is a common query in the OpenSSL mailing lists. +The cipher and digest lookup functions are used in many parts of the library. +If the table is not initialized several functions will misbehave and complain +they cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME +libraries. This is a common query in the OpenSSL mailing lists. Calling OpenSSL_add_all_algorithms() links in all algorithms: as a result a -statically linked executable can be quite large. If this is important it is possible -to just add the required ciphers and digests. +statically linked executable can be quite large. If this is important it is +possible to just add the required ciphers and digests. =head1 BUGS -Although the functions do not return error codes it is possible for them to fail. -This will only happen as a result of a memory allocation failure so this is not -too much of a problem in practice. +Although the functions do not return error codes it is possible for them to +fail. This will only happen as a result of a memory allocation failure so this +is not too much of a problem in practice. =head1 SEE ALSO diff --git a/lib/libcrypto/doc/PEM_read_bio_PrivateKey.pod b/lib/libcrypto/doc/PEM_read_bio_PrivateKey.pod index e196bf14986..7e821f69c3e 100644 --- a/lib/libcrypto/doc/PEM_read_bio_PrivateKey.pod +++ b/lib/libcrypto/doc/PEM_read_bio_PrivateKey.pod @@ -2,7 +2,29 @@ =head1 NAME -PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines +PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, +PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, +PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, +PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, +PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, +PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, +PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, +PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, +PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, +PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, +PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, +PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, +PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, +PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, +PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, +PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, +PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, +PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, +PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, +PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, +PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, +PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, +PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/PEM_write_bio_CMS_stream.pod b/lib/libcrypto/doc/PEM_write_bio_CMS_stream.pod index e070c45c2e9..f9946adebf2 100644 --- a/lib/libcrypto/doc/PEM_write_bio_CMS_stream.pod +++ b/lib/libcrypto/doc/PEM_write_bio_CMS_stream.pod @@ -2,7 +2,7 @@ =head1 NAME - PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format. +PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format. =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/PKCS12_create.pod b/lib/libcrypto/doc/PKCS12_create.pod index 0a1e460cf11..382193ec950 100644 --- a/lib/libcrypto/doc/PKCS12_create.pod +++ b/lib/libcrypto/doc/PKCS12_create.pod @@ -38,13 +38,13 @@ The default MAC iteration count is 1 in order to retain compatibility with old software which did not interpret MAC iteration counts. If such compatibility is not required then B<mac_iter> should be set to PKCS12_DEFAULT_ITER. -B<keytype> adds a flag to the store private key. This is a non standard extension -that is only currently interpreted by MSIE. If set to zero the flag is omitted, -if set to B<KEY_SIG> the key can be used for signing only, if set to B<KEY_EX> -it can be used for signing and encryption. This option was useful for old -export grade software which could use signing only keys of arbitrary size but -had restrictions on the permissible sizes of keys which could be used for -encryption. +B<keytype> adds a flag to the store private key. This is a non standard +extension that is only currently interpreted by MSIE. If set to zero the flag +is omitted, if set to B<KEY_SIG> the key can be used for signing only, if set +to B<KEY_EX> it can be used for signing and encryption. This option was useful +for old export grade software which could use signing only keys of arbitrary +size but had restrictions on the permissible sizes of keys which could be used +for encryption. =head1 NEW FUNCTIONALITY IN OPENSSL 0.9.8 diff --git a/lib/libcrypto/doc/PKCS7_decrypt.pod b/lib/libcrypto/doc/PKCS7_decrypt.pod index b0ca067b892..78919998ce7 100644 --- a/lib/libcrypto/doc/PKCS7_decrypt.pod +++ b/lib/libcrypto/doc/PKCS7_decrypt.pod @@ -6,7 +6,9 @@ PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure =head1 SYNOPSIS -int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); + #include <openssl/pkcs7.h> + + int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); =head1 DESCRIPTION @@ -20,8 +22,9 @@ B<flags> is an optional set of flags. OpenSSL_add_all_algorithms() (or equivalent) should be called before using this function or errors about unknown algorithms will occur. -Although the recipients certificate is not needed to decrypt the data it is needed -to locate the appropriate (of possible several) recipients in the PKCS#7 structure. +Although the recipients certificate is not needed to decrypt the data it is +needed to locate the appropriate (of possible several) recipients in the PKCS#7 +structure. The following flags can be passed in the B<flags> parameter. @@ -36,8 +39,9 @@ The error can be obtained from ERR_get_error(3) =head1 BUGS -PKCS7_decrypt() must be passed the correct recipient key and certificate. It would -be better if it could look up the correct key and certificate from a database. +PKCS7_decrypt() must be passed the correct recipient key and certificate. It +would be better if it could look up the correct key and certificate from a +database. The lack of single pass processing and need to hold all data in memory as mentioned in PKCS7_sign() also applies to PKCS7_verify(). diff --git a/lib/libcrypto/doc/PKCS7_verify.pod b/lib/libcrypto/doc/PKCS7_verify.pod index 51ada03f2d9..f88e66632ba 100644 --- a/lib/libcrypto/doc/PKCS7_verify.pod +++ b/lib/libcrypto/doc/PKCS7_verify.pod @@ -37,9 +37,9 @@ be signedData. There must be at least one signature on the data and if the content is detached B<indata> cannot be B<NULL>. An attempt is made to locate all the signer's certificates, first looking in -the B<certs> parameter (if it is not B<NULL>) and then looking in any certificates -contained in the B<p7> structure itself. If any signer's certificates cannot be -located the operation fails. +the B<certs> parameter (if it is not B<NULL>) and then looking in any +certificates contained in the B<p7> structure itself. If any signer's +certificates cannot be located the operation fails. Each signer's certificate is chain verified using the B<smimesign> purpose and the supplied trusted certificate store. Any internal certificates in the message @@ -50,9 +50,9 @@ the signature's checked. If all signature's verify correctly then the function is successful. -Any of the following flags (ored together) can be passed in the B<flags> parameter -to change the default verify behaviour. Only the flag B<PKCS7_NOINTERN> is -meaningful to PKCS7_get0_signers(). +Any of the following flags (ored together) can be passed in the B<flags> +parameter to change the default verify behaviour. Only the flag +B<PKCS7_NOINTERN> is meaningful to PKCS7_get0_signers(). If B<PKCS7_NOINTERN> is set the certificates in the message itself are not searched when locating the signer's certificate. This means that all the signers diff --git a/lib/libcrypto/doc/RAND_bytes.pod b/lib/libcrypto/doc/RAND_bytes.pod index 1a9b91e2814..34c945b4e5d 100644 --- a/lib/libcrypto/doc/RAND_bytes.pod +++ b/lib/libcrypto/doc/RAND_bytes.pod @@ -30,11 +30,10 @@ the new pseudo-random bytes unless disabled at compile time (see FAQ). =head1 RETURN VALUES -RAND_bytes() returns 1 on success, 0 otherwise. The error code can be -obtained by L<ERR_get_error(3)|ERR_get_error(3)>. RAND_pseudo_bytes() returns 1 if the -bytes generated are cryptographically strong, 0 otherwise. Both -functions return -1 if they are not supported by the current RAND -method. +RAND_bytes() returns 1 on success, 0 otherwise. The error code can be obtained +by L<ERR_get_error(3)|ERR_get_error(3)>. RAND_pseudo_bytes() returns 1 if the +bytes generated are cryptographically strong, 0 otherwise. Both functions +return -1 if they are not supported by the current RAND method. =head1 SEE ALSO diff --git a/lib/libcrypto/doc/RAND_load_file.pod b/lib/libcrypto/doc/RAND_load_file.pod index 3f7e944d86b..28118e3c2e8 100644 --- a/lib/libcrypto/doc/RAND_load_file.pod +++ b/lib/libcrypto/doc/RAND_load_file.pod @@ -43,7 +43,8 @@ error. =head1 SEE ALSO -L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> +L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, +L<RAND_cleanup(3)|RAND_cleanup(3)> =head1 HISTORY diff --git a/lib/libcrypto/doc/RSA_blinding_on.pod b/lib/libcrypto/doc/RSA_blinding_on.pod index fd2c69abd86..e6af8d4355b 100644 --- a/lib/libcrypto/doc/RSA_blinding_on.pod +++ b/lib/libcrypto/doc/RSA_blinding_on.pod @@ -2,7 +2,8 @@ =head1 NAME -RSA_blinding_on, RSA_blinding_off - protect the RSA operation from timing attacks +RSA_blinding_on, RSA_blinding_off - protect the RSA operation from timing +attacks =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/RSA_get_ex_new_index.pod b/lib/libcrypto/doc/RSA_get_ex_new_index.pod index 7d0fd1f91de..b1ac1167dd9 100644 --- a/lib/libcrypto/doc/RSA_get_ex_new_index.pod +++ b/lib/libcrypto/doc/RSA_get_ex_new_index.pod @@ -2,7 +2,8 @@ =head1 NAME -RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specific data to RSA structures +RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application +specific data to RSA structures =head1 SYNOPSIS @@ -78,26 +79,27 @@ corresponding parameters when B<RSA_get_ex_new_index()> was called. B<dup_func()> is called when a structure is being copied. Pointers to the destination and source B<CRYPTO_EX_DATA> structures are passed in the B<to> and B<from> parameters respectively. The B<from_d> parameter is passed a pointer to -the source application data when the function is called, when the function returns -the value is copied to the destination: the application can thus modify the data -pointed to by B<from_d> and have different values in the source and destination. -The B<idx>, B<argl> and B<argp> parameters are the same as those in B<new_func()> -and B<free_func()>. +the source application data when the function is called, when the function +returns the value is copied to the destination: the application can thus modify +the data pointed to by B<from_d> and have different values in the source and +destination. The B<idx>, B<argl> and B<argp> parameters are the same as those +in B<new_func()> and B<free_func()>. =head1 RETURN VALUES -B<RSA_get_ex_new_index()> returns a new index or -1 on failure (note 0 is a valid -index value). +B<RSA_get_ex_new_index()> returns a new index or -1 on failure (note 0 is a +valid index value). B<RSA_set_ex_data()> returns 1 on success or 0 on failure. B<RSA_get_ex_data()> returns the application data or 0 on failure. 0 may also -be valid application data but currently it can only fail if given an invalid B<idx> -parameter. +be valid application data but currently it can only fail if given an invalid +B<idx> parameter. B<new_func()> and B<dup_func()> should return 0 for failure and 1 for success. -On failure an error code can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>. +On failure an error code can be obtained from +L<ERR_get_error(3)|ERR_get_error(3)>. =head1 BUGS diff --git a/lib/libcrypto/doc/RSA_new.pod b/lib/libcrypto/doc/RSA_new.pod index 3d15b928243..41e5e60340d 100644 --- a/lib/libcrypto/doc/RSA_new.pod +++ b/lib/libcrypto/doc/RSA_new.pod @@ -22,9 +22,9 @@ erased before the memory is returned to the system. =head1 RETURN VALUES -If the allocation fails, RSA_new() returns B<NULL> and sets an error -code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns -a pointer to the newly allocated structure. +If the allocation fails, RSA_new() returns B<NULL> and sets an error code that +can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a +pointer to the newly allocated structure. RSA_free() returns no value. diff --git a/lib/libcrypto/doc/RSA_private_encrypt.pod b/lib/libcrypto/doc/RSA_private_encrypt.pod index 4c4d1311721..aa2bc1bd76c 100644 --- a/lib/libcrypto/doc/RSA_private_encrypt.pod +++ b/lib/libcrypto/doc/RSA_private_encrypt.pod @@ -29,10 +29,9 @@ B<padding> denotes one of the following modes: =item RSA_PKCS1_PADDING -PKCS #1 v1.5 padding. This function does not handle the -B<algorithmIdentifier> specified in PKCS #1. When generating or -verifying PKCS #1 signatures, L<RSA_sign(3)|RSA_sign(3)> and L<RSA_verify(3)|RSA_verify(3)> should be -used. +PKCS #1 v1.5 padding. This function does not handle the B<algorithmIdentifier> +specified in PKCS #1. When generating or verifying PKCS #1 signatures, +L<RSA_sign(3)|RSA_sign(3)> and L<RSA_verify(3)|RSA_verify(3)> should be used. =item RSA_NO_PADDING diff --git a/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod b/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod index e70380bbfc9..315a9af9e88 100644 --- a/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod +++ b/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod @@ -26,7 +26,8 @@ memory. B<dummy> is ignored. -The random number generator must be seeded prior to calling RSA_sign_ASN1_OCTET_STRING(). +The random number generator must be seeded prior to calling +RSA_sign_ASN1_OCTET_STRING(). RSA_verify_ASN1_OCTET_STRING() verifies that the signature B<sigbuf> of size B<siglen> is the DER representation of a given octet string diff --git a/lib/libcrypto/doc/SHA1.pod b/lib/libcrypto/doc/SHA1.pod index 232af9227e4..9fffdf59e7b 100644 --- a/lib/libcrypto/doc/SHA1.pod +++ b/lib/libcrypto/doc/SHA1.pod @@ -60,7 +60,8 @@ ANSI X9.30 =head1 SEE ALSO -L<ripemd(3)|ripemd(3)>, L<hmac(3)|hmac(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)> +L<ripemd(3)|ripemd(3)>, L<hmac(3)|hmac(3)>, +L<EVP_DigestInit(3)|EVP_DigestInit(3)> =head1 HISTORY diff --git a/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod b/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod index 5b9e81b922d..c6442b947fe 100644 --- a/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod +++ b/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod @@ -2,8 +2,9 @@ =head1 NAME -X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, -X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions +X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, +X509_NAME_add_entry_by_NID, X509_NAME_add_entry, X509_NAME_delete_entry - +X509_NAME modification functions =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/X509_NAME_print_ex.pod b/lib/libcrypto/doc/X509_NAME_print_ex.pod index b2d86d4ddb9..ff5d788d88e 100644 --- a/lib/libcrypto/doc/X509_NAME_print_ex.pod +++ b/lib/libcrypto/doc/X509_NAME_print_ex.pod @@ -16,16 +16,16 @@ X509_NAME_oneline - X509_NAME printing routines. =head1 DESCRIPTION -X509_NAME_print_ex() prints a human readable version of B<nm> to BIO B<out>. Each -line (for multiline formats) is indented by B<indent> spaces. The output format -can be extensively customised by use of the B<flags> parameter. +X509_NAME_print_ex() prints a human readable version of B<nm> to BIO B<out>. +Each line (for multiline formats) is indented by B<indent> spaces. The output +format can be extensively customised by use of the B<flags> parameter. -X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() except the output is -written to FILE pointer B<fp>. +X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() except the output +is written to FILE pointer B<fp>. X509_NAME_oneline() prints an ASCII version of B<a> to B<buf>. At most B<size> -bytes will be written. If B<buf> is B<NULL> then a buffer is dynamically allocated -and returned, otherwise B<buf> is returned. +bytes will be written. If B<buf> is B<NULL> then a buffer is dynamically +allocated and returned, otherwise B<buf> is returned. X509_NAME_print() prints out B<name> to B<bp> indenting each line by B<obase> characters. Multiple lines are used if the output (including indent) exceeds @@ -33,10 +33,10 @@ characters. Multiple lines are used if the output (including indent) exceeds =head1 NOTES -The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which -produce a non standard output form, they don't handle multi character fields and -have various quirks and inconsistencies. Their use is strongly discouraged in new -applications. +The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions +which produce a non standard output form, they don't handle multi character +fields and have various quirks and inconsistencies. Their use is strongly +discouraged in new applications. Although there are a large number of possible flags for most purposes B<XN_FLAG_ONELINE>, B<XN_FLAG_MULTILINE> or B<XN_FLAG_RFC2253> will suffice. @@ -49,15 +49,16 @@ The complete set of the flags supported by X509_NAME_print_ex() is listed below. Several options can be ored together. The options B<XN_FLAG_SEP_COMMA_PLUS>, B<XN_FLAG_SEP_CPLUS_SPC>, -B<XN_FLAG_SEP_SPLUS_SPC> and B<XN_FLAG_SEP_MULTILINE> determine the field separators -to use. Two distinct separators are used between distinct RelativeDistinguishedName -components and separate values in the same RDN for a multi-valued RDN. Multi-valued -RDNs are currently very rare so the second separator will hardly ever be used. +B<XN_FLAG_SEP_SPLUS_SPC> and B<XN_FLAG_SEP_MULTILINE> determine the field +separators to use. Two distinct separators are used between distinct +RelativeDistinguishedName components and separate values in the same RDN for a +multi-valued RDN. Multi-valued RDNs are currently very rare so the second +separator will hardly ever be used. -B<XN_FLAG_SEP_COMMA_PLUS> uses comma and plus as separators. B<XN_FLAG_SEP_CPLUS_SPC> -uses comma and plus with spaces: this is more readable that plain comma and plus. -B<XN_FLAG_SEP_SPLUS_SPC> uses spaced semicolon and plus. B<XN_FLAG_SEP_MULTILINE> uses -spaced newline and plus respectively. +B<XN_FLAG_SEP_COMMA_PLUS> uses comma and plus as separators. +B<XN_FLAG_SEP_CPLUS_SPC> uses comma and plus with spaces: this is more readable +that plain comma and plus. B<XN_FLAG_SEP_SPLUS_SPC> uses spaced semicolon and +plus. B<XN_FLAG_SEP_MULTILINE> uses spaced newline and plus respectively. If B<XN_FLAG_DN_REV> is set the whole DN is printed in reversed order. @@ -92,7 +93,8 @@ B<XN_FLAG_ONELINE> is a more readable one line format which is the same as: B<XN_FLAG_MULTILINE> is a multiline format which is the same as: B<ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN> -B<XN_FLAG_COMPAT> uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally. +B<XN_FLAG_COMPAT> uses a format identical to X509_NAME_print(): in fact it +calls X509_NAME_print() internally. =head1 SEE ALSO diff --git a/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod b/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod index 60e8332ae9d..5760f64fcbe 100644 --- a/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod +++ b/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod @@ -2,7 +2,10 @@ =head1 NAME -X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_depth, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string - get or set certificate verification status information +X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, +X509_STORE_CTX_get_error_depth, X509_STORE_CTX_get_current_cert, +X509_STORE_CTX_get1_chain, X509_verify_cert_error_string - get or set +certificate verification status information =head1 SYNOPSIS @@ -82,19 +85,22 @@ of an untrusted certificate cannot be found. the CRL of a certificate could not be found. -=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature> +=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt +certificate's signature> the certificate signature could not be decrypted. This means that the actual signature value could not be determined rather than it not matching the expected value, this is only meaningful for RSA keys. -=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature> +=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's +signature> the CRL signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value. Unused. -=item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key> +=item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer +public key> the public key in the certificate SubjectPublicKeyInfo could not be read. @@ -112,7 +118,8 @@ the certificate is not yet valid: the notBefore date is after the current time. =item B<X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired> -the certificate has expired: that is the notAfter date is before the current time. +the certificate has expired: that is the notAfter date is before the current +time. =item B<X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid> @@ -122,19 +129,23 @@ the CRL is not yet valid. the CRL has expired. -=item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field> +=item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in +certificate's notBefore field> the certificate notBefore field contains an invalid time. -=item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field> +=item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's +notAfter field> the certificate notAfter field contains an invalid time. -=item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field> +=item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's +lastUpdate field> the CRL lastUpdate field contains an invalid time. -=item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field> +=item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's +nextUpdate field> the CRL nextUpdate field contains an invalid time. @@ -147,17 +158,20 @@ an error occurred trying to allocate memory. This should never happen. the passed certificate is self signed and the same certificate cannot be found in the list of trusted certificates. -=item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain> +=item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in +certificate chain> the certificate chain could be built up using the untrusted certificates but the root could not be found locally. -=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate> +=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local +issuer certificate> the issuer certificate of a locally looked up certificate could not be found. This normally means the list of trusted certificates is not complete. -=item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate> +=item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first +certificate> no signatures could be verified because the chain contains only one certificate and it is not self signed. @@ -198,34 +212,39 @@ did not match the issuer name of the current certificate. This is only set if issuer check debugging is enabled it is used for status notification and is B<not> in itself an error. -=item B<X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch> +=item B<X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier +mismatch> the current candidate issuer certificate was rejected because its subject key identifier was present and did not match the authority key identifier current certificate. This is only set if issuer check debugging is enabled it is used for status notification and is B<not> in itself an error. -=item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch> +=item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial +number mismatch> the current candidate issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of the current certificate. This is only set if issuer check debugging is enabled it is used for status notification and is B<not> in itself an error. -=item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing> +=item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate +signing> the current candidate issuer certificate was rejected because its keyUsage extension does not permit certificate signing. This is only set if issuer check debugging is enabled it is used for status notification and is B<not> in itself an error. -=item B<X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension> +=item B<X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate +extension> A certificate extension had an invalid value (for example an incorrect encoding) or some value inconsistent with other extensions. -=item B<X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension> +=item B<X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent +certificate policy extension> A certificate policies extension had an invalid value (for example an incorrect encoding) or some value inconsistent with other extensions. This error only @@ -252,17 +271,20 @@ A name constraint violation occured in the permitted subtrees. A name constraint violation occured in the excluded subtrees. -=item B<X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported> +=item B<X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not +supported> A certificate name constraints extension included a minimum or maximum field: this is not supported. -=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type> +=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint +type> An unsupported name constraint type was encountered. OpenSSL currently only supports directory name, DNS name, email and URI types. -=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax> +=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name +constraint syntax> The format of the name constraint is not recognised: for example an email address format of a form not mentioned in RFC3280. This could be caused by diff --git a/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod b/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod index 1b75967ccd6..392b36c3ae6 100644 --- a/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod +++ b/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod @@ -2,7 +2,9 @@ =head1 NAME -X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data - add application specific data to X509_STORE_CTX structures +X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, +X509_STORE_CTX_get_ex_data - add application specific data to X509_STORE_CTX +structures =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/X509_STORE_CTX_new.pod b/lib/libcrypto/doc/X509_STORE_CTX_new.pod index 1c55236aa29..8f602274eea 100644 --- a/lib/libcrypto/doc/X509_STORE_CTX_new.pod +++ b/lib/libcrypto/doc/X509_STORE_CTX_new.pod @@ -2,7 +2,11 @@ =head1 NAME -X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set_chain, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_set_default - X509_STORE_CTX initialisation +X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, +X509_STORE_CTX_init, X509_STORE_CTX_trusted_stack, X509_STORE_CTX_set_cert, +X509_STORE_CTX_set_chain, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_param, +X509_STORE_CTX_set0_param, X509_STORE_CTX_set_default - X509_STORE_CTX +initialisation =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod b/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod index 012f2d2c757..f9602b3e77b 100644 --- a/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod +++ b/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod @@ -2,7 +2,8 @@ =head1 NAME -X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb - set verification callback +X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb - set verification +callback =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod b/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod index e5da5bec085..f213a9c117b 100644 --- a/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod +++ b/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod @@ -2,7 +2,12 @@ =head1 NAME -X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies - X509 verification parameters +X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, +X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, +X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, +X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, +X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies - X509 +verification parameters =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/bn.pod b/lib/libcrypto/doc/bn.pod index cd2f8e50c6c..4a3f24ba307 100644 --- a/lib/libcrypto/doc/bn.pod +++ b/lib/libcrypto/doc/bn.pod @@ -166,10 +166,10 @@ of B<BIGNUM>s to external formats is described in L<BN_bn2bin(3)|BN_bn2bin(3)>. =head1 SEE ALSO -L<bn_internal(3)|bn_internal(3)>, -L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, -L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>, -L<BN_copy(3)|BN_copy(3)>, L<BN_swap(3)|BN_swap(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, +L<bn_internal(3)|bn_internal(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, +L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<BN_new(3)|BN_new(3)>, +L<BN_CTX_new(3)|BN_CTX_new(3)>, L<BN_copy(3)|BN_copy(3)>, +L<BN_swap(3)|BN_swap(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>, L<BN_cmp(3)|BN_cmp(3)>, L<BN_zero(3)|BN_zero(3)>, L<BN_rand(3)|BN_rand(3)>, L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>, diff --git a/lib/libcrypto/doc/d2i_RSAPublicKey.pod b/lib/libcrypto/doc/d2i_RSAPublicKey.pod index 1711dc038fd..68e7f27de5b 100644 --- a/lib/libcrypto/doc/d2i_RSAPublicKey.pod +++ b/lib/libcrypto/doc/d2i_RSAPublicKey.pod @@ -29,14 +29,14 @@ d2i_Netscape_RSA - RSA public and private key encoding functions. =head1 DESCRIPTION -d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey -structure. +d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 +RSAPublicKey structure. d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() decode and encode an RSA public key using a SubjectPublicKeyInfo (certificate public key) structure. -d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey -structure. +d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 +RSAPrivateKey structure. d2i_Netscape_RSA(), i2d_Netscape_RSA() decode and encode an RSA private key in NET format. diff --git a/lib/libcrypto/doc/dh.pod b/lib/libcrypto/doc/dh.pod index 97aaa75731e..5fb9890a770 100644 --- a/lib/libcrypto/doc/dh.pod +++ b/lib/libcrypto/doc/dh.pod @@ -40,10 +40,11 @@ dh - Diffie-Hellman key agreement =head1 DESCRIPTION -These functions implement the Diffie-Hellman key agreement protocol. -The generation of shared DH parameters is described in -L<DH_generate_parameters(3)|DH_generate_parameters(3)>; L<DH_generate_key(3)|DH_generate_key(3)> describes how -to perform a key agreement. +These functions implement the Diffie-Hellman key agreement protocol. The +generation of shared DH parameters is described in +L<DH_generate_parameters(3)|DH_generate_parameters(3)>; +L<DH_generate_key(3)|DH_generate_key(3)> describes how to perform a key +agreement. The B<DH> structure consists of several BIGNUM components. |