Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 1bc74519 编写于 作者: R Rich Salz
浏览文件
操作

Fix nits in pod files. 

Add doc-nit-check to help find future issues.
Make podchecker be almost clean.
Remove trailing whitespace.
Tab expansion
Reviewed-by: NRichard Levitte <levitte@openssl.org>
上级 e990ec52
展开全部 隐藏空白更改
内联 并排
Showing with 1263 addition and 1295 deletion
doc/apps/CA.pl.pod
浏览文件 @ 1bc74519
=pod
=head1 NAME
......@@ -103,7 +102,7 @@ B<cessationOfOperation>, B<certificateHold>, or B<removeFromCRL>.
=item B<-verify>
verifies certificates against the CA certificate for "demoCA". If no certificates
are specified on the command line it tries to verify the file "newcert.pem".
are specified on the command line it tries to verify the file "newcert.pem".
=item B<files>
......@@ -148,7 +147,7 @@ enter cacert.pem when prompted for the CA file name.
Create a DSA certificate request and private key (a different set of parameters
can optionally be created first):
openssl req -out newreq.pem -newkey dsa:dsap.pem
openssl req -out newreq.pem -newkey dsa:dsap.pem
Sign the request:
......@@ -169,7 +168,7 @@ be wrong. In this case the command:
perl -S CA.pl
can be used and the B<OPENSSL_CONF> environment variable changed to point to
can be used and the B<OPENSSL_CONF> environment variable changed to point to
the correct path of the configuration file "openssl.cnf".
The script is intended as a simple front end for the B<openssl> program for use
......
doc/apps/asn1parse.pod
浏览文件 @ 1bc74519
......@@ -92,7 +92,7 @@ L<ASN1_generate_nconf(3)> format. If B<file> only is
present then the string is obtained from the default section using the name
B<asn1>. The encoded data is passed through the ASN1 parser and printed out as
though it came from a file, the contents can thus be examined and written to a
file using the B<out> option.
file using the B<out> option.
=item B<-strictpem>
......@@ -108,20 +108,20 @@ END marker in a PEM file.
The output will typically contain lines like this:
0:d=0 hl=4 l= 681 cons: SEQUENCE
0:d=0 hl=4 l= 681 cons: SEQUENCE
.....
229:d=3 hl=3 l= 141 prim: BIT STRING
373:d=2 hl=3 l= 162 cons: cont [ 3 ]
376:d=3 hl=3 l= 159 cons: SEQUENCE
379:d=4 hl=2 l= 29 cons: SEQUENCE
373:d=2 hl=3 l= 162 cons: cont [ 3 ]
376:d=3 hl=3 l= 159 cons: SEQUENCE
379:d=4 hl=2 l= 29 cons: SEQUENCE
381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
386:d=5 hl=2 l= 22 prim: OCTET STRING
410:d=4 hl=2 l= 112 cons: SEQUENCE
386:d=5 hl=2 l= 22 prim: OCTET STRING
410:d=4 hl=2 l= 112 cons: SEQUENCE
412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
417:d=5 hl=2 l= 105 prim: OCTET STRING
524:d=4 hl=2 l= 12 cons: SEQUENCE
417:d=5 hl=2 l= 105 prim: OCTET STRING
524:d=4 hl=2 l= 12 cons: SEQUENCE
.....
......@@ -133,27 +133,27 @@ the contents octets.
The B<-i> option can be used to make the output more readable.
Some knowledge of the ASN.1 structure is needed to interpret the output.
Some knowledge of the ASN.1 structure is needed to interpret the output.
In this example the BIT STRING at offset 229 is the certificate public key.
The contents octets of this will contain the public key information. This can
be examined using the option B<-strparse 229> to yield:
0:d=0 hl=3 l= 137 cons: SEQUENCE
0:d=0 hl=3 l= 137 cons: SEQUENCE
3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
135:d=1 hl=2 l= 3 prim: INTEGER :010001
=head1 NOTES
If an OID is not part of OpenSSL's internal table it will be represented in
numerical form (for example 1.2.3.4). The file passed to the B<-oid> option
numerical form (for example 1.2.3.4). The file passed to the B<-oid> option
allows additional OIDs to be included. Each line consists of three columns,
the first column is the OID in numerical format and should be followed by white
space. The second column is the "short name" which is a single word followed
by white space. The final column is the rest of the line and is the
"long name". B<asn1parse> displays the long name. Example:
C<1.2.3.4 shortName A long name>
C<1.2.3.4 shortName A long name>
=head1 EXAMPLES
......
doc/apps/ca.pod
浏览文件 @ 1bc74519
=pod
=head1 NAME
......@@ -101,7 +100,7 @@ section for information on the required input and output format.
=item B<-infiles>
if present this should be the last option, all subsequent arguments
are taken as the names of files containing certificate requests.
are taken as the names of files containing certificate requests.
=item B<-out filename>
......@@ -195,7 +194,7 @@ need this option.
=item B<-preserveDN>
Normally the DN order of a certificate is the same as the order of the
fields in the relevant policy section. When this option is set the order
fields in the relevant policy section. When this option is set the order
is the same as the request. This is largely for compatibility with the
older IE enrollment control which would only accept certificates if their
DNs match the order of the request. This is not needed for Xenroll.
......@@ -245,7 +244,7 @@ characters may be escaped by \ (backslash), no spaces are skipped.
=item B<-utf8>
this option causes field values to be interpreted as UTF8 strings, by
this option causes field values to be interpreted as UTF8 strings, by
default they are interpreted as ASCII. This means that the field
values, whether prompted from a terminal or obtained from a
configuration file, must be valid UTF8 strings.
......@@ -366,7 +365,7 @@ any) used.
This specifies a file containing additional B<OBJECT IDENTIFIERS>.
Each line of the file should consist of the numerical form of the
object identifier followed by white space then the short name followed
by white space and finally the long name.
by white space and finally the long name.
=item B<oid_section>
......@@ -398,7 +397,7 @@ an EGD socket (see L<RAND_egd(3)>).
=item B<default_days>
the same as the B<-days> option. The number of days to certify
a certificate for.
a certificate for.
=item B<default_startdate>
......@@ -521,7 +520,7 @@ this can be regarded more of a quirk than intended behaviour.
The input to the B<-spkac> command line option is a Netscape
signed public key and challenge. This will usually come from
the B<KEYGEN> tag in an HTML form to create a new private key.
the B<KEYGEN> tag in an HTML form to create a new private key.
It is however possible to create SPKACs using the B<spkac> utility.
The file should contain the variable SPKAC set to the value of
......@@ -581,18 +580,18 @@ A sample configuration file with the relevant sections for B<ca>:
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
dir = ./demoCA # top dir
database = $dir/index.txt # index file.
new_certs_dir = $dir/newcerts # new certs dir
new_certs_dir = $dir/newcerts # new certs dir
certificate = $dir/cacert.pem # The CA cert
serial = $dir/serial # serial no file
private_key = $dir/private/cakey.pem# CA private key
RANDFILE = $dir/private/.rand # random number file
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # md to use
......@@ -600,9 +599,9 @@ A sample configuration file with the relevant sections for B<ca>:
policy = policy_any # default policy
email_in_dn = no # Don't add the email into cert DN
name_opt = ca_default # Subject name display option
cert_opt = ca_default # Certificate display option
copy_extensions = none # Don't copy extensions from request
name_opt = ca_default # Subject name display option
cert_opt = ca_default # Certificate display option
copy_extensions = none # Don't copy extensions from request
[ policy_any ]
countryName = supplied
......@@ -636,7 +635,7 @@ be overridden by the B<-config> command line option.
=head1 RESTRICTIONS
The text database index file is a critical part of the process and
The text database index file is a critical part of the process and
if corrupted it can be difficult to fix. It is theoretically possible
to rebuild the index file from all the issued certificates and a current
CRL: however there is no option to do this.
......@@ -704,7 +703,7 @@ then even if a certificate is issued with CA:TRUE it will not be valid.
=head1 SEE ALSO
L<req(1)>, L<spkac(1)>, L<x509(1)>, L<CA.pl(1)>,
L<config(5)>, L<x509v3_config(5)>
L<config(5)>, L<x509v3_config(5)>
=cut
......
doc/apps/cms.pod
浏览文件 @ 1bc74519
......@@ -186,13 +186,13 @@ B<EncrytedData> type and output the content.
=item B<-sign_receipt>
Generate and output a signed receipt for the supplied message. The input
Generate and output a signed receipt for the supplied message. The input
message B<must> contain a signed receipt request. Functionality is otherwise
similar to the B<-sign> operation.
=item B<-verify_receipt receipt>
Verify a signed receipt in filename B<receipt>. The input message B<must>
Verify a signed receipt in filename B<receipt>. The input message B<must>
contain the original receipt request. Functionality is otherwise similar
to the B<-verify> operation.
......@@ -256,7 +256,7 @@ is S/MIME and it uses the multipart/signed MIME content type.
this option adds plain text (text/plain) MIME headers to the supplied
message if encrypting or signing. If decrypting or verifying it strips
off text headers: if the decrypted or verified message is not of MIME
off text headers: if the decrypted or verified message is not of MIME
type text/plain then an error occurs.
=item B<-noout>
......@@ -298,11 +298,11 @@ default digest algorithm for the signing key will be used (usually SHA1).
the encryption algorithm to use. For example triple DES (168 bits) - B<-des3>
or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the
EVP_get_cipherbyname() function) can also be used preceded by a dash, for
EVP_get_cipherbyname() function) can also be used preceded by a dash, for
example B<-aes-128-cbc>. See L<B<enc>|enc(1)> for a list of ciphers
supported by your version of OpenSSL.
If not specified triple DES is used. Only used with B<-encrypt> and
If not specified triple DES is used. Only used with B<-encrypt> and
B<-EncryptedData_create> commands.
=item B<-nointern>
......@@ -408,7 +408,7 @@ address where receipts should be supplied.
=item B<-receipt_request_to emailaddress>
Add an explicit email address where signed receipts should be sent to. This
Add an explicit email address where signed receipts should be sent to. This
option B<must> but supplied if a signed receipt it requested.
=item B<-receipt_request_print>
......@@ -436,7 +436,7 @@ B<KEKRecipientInfo> structures.
set the encapsulated content type to B<type> if not supplied the B<Data> type
is used. The B<type> argument can be any valid OID name in either text or
numerical format.
numerical format.
=item B<-inkey file>
......@@ -469,7 +469,7 @@ all others.
=item B<cert.pem...>
one or more certificates of message recipients: used when encrypting
a message.
a message.
=item B<-to, -from, -subject>
......@@ -534,7 +534,7 @@ attempt is made to locate the recipient by trying each potential recipient
in turn using the supplied private key. To thwart the MMA attack
(Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are
tried whether they succeed or not and if no recipients match the message
is "decrypted" using a random key which will typically output garbage.
is "decrypted" using a random key which will typically output garbage.
The B<-debug_decrypt> option can be used to disable the MMA attack protection
and return an error if no recipient can be found: this option should be used
with caution. For a fuller description see L<CMS_decrypt(3)>).
......@@ -598,29 +598,29 @@ be processed by the older B<smime> command.
Create a cleartext signed message:
openssl cms -sign -in message.txt -text -out mail.msg \
-signer mycert.pem
-signer mycert.pem
Create an opaque signed message
openssl cms -sign -in message.txt -text -out mail.msg -nodetach \
-signer mycert.pem
-signer mycert.pem
Create a signed message, include some additional certificates and
read the private key from another file:
openssl cms -sign -in in.txt -text -out mail.msg \
-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
Create a signed message with two signers, use key identifier:
openssl cms -sign -in message.txt -text -out mail.msg \
-signer mycert.pem -signer othercert.pem -keyid
-signer mycert.pem -signer othercert.pem -keyid
Send a signed message under Unix directly to sendmail, including headers:
openssl cms -sign -in in.txt -text -signer mycert.pem \
-from steve@openssl.org -to someone@somewhere \
-subject "Signed message" | sendmail someone@somewhere
-from steve@openssl.org -to someone@somewhere \
-subject "Signed message" | sendmail someone@somewhere
Verify a message and extract the signer's certificate if successful:
......@@ -629,15 +629,15 @@ Verify a message and extract the signer's certificate if successful:
Send encrypted mail using triple DES:
openssl cms -encrypt -in in.txt -from steve@openssl.org \
-to someone@somewhere -subject "Encrypted message" \
-des3 user.pem -out mail.msg
-to someone@somewhere -subject "Encrypted message" \
-des3 user.pem -out mail.msg
Sign and encrypt mail:
openssl cms -sign -in ml.txt -signer my.pem -text \
| openssl cms -encrypt -out mail.msg \
-from steve@openssl.org -to someone@somewhere \
-subject "Signed and Encrypted message" -des3 user.pem
| openssl cms -encrypt -out mail.msg \
-from steve@openssl.org -to someone@somewhere \
-subject "Signed and Encrypted message" -des3 user.pem
Note: the encryption command does not include the B<-text> option because the
message being encrypted already has MIME headers.
......@@ -654,7 +654,7 @@ it with:
-----BEGIN PKCS7-----
-----END PKCS7-----
and using the command,
and using the command,
openssl cms -verify -inform PEM -in signature.pem -content content.txt
......@@ -673,17 +673,17 @@ Add a signer to an existing message:
Sign mail using RSA-PSS:
openssl cms -sign -in message.txt -text -out mail.msg \
-signer mycert.pem -keyopt rsa_padding_mode:pss
-signer mycert.pem -keyopt rsa_padding_mode:pss
Create encrypted mail using RSA-OAEP:
openssl cms -encrypt -in plain.txt -out mail.msg \
-recip cert.pem -keyopt rsa_padding_mode:oaep
-recip cert.pem -keyopt rsa_padding_mode:oaep
Use SHA256 KDF with an ECDH certificate:
openssl cms -encrypt -in plain.txt -out mail.msg \
-recip ecdhcert.pem -keyopt ecdh_kdf_md:sha256
-recip ecdhcert.pem -keyopt ecdh_kdf_md:sha256
=head1 BUGS
......@@ -715,7 +715,7 @@ The B<keyopt> option was first added in OpenSSL 1.1.0
The use of B<-recip> to specify the recipient when encrypting mail was first
added to OpenSSL 1.1.0
Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0.
Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0.
The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added
to OpenSSL 1.1.0.
......
doc/apps/config.pod
浏览文件 @ 1bc74519
=pod
=for comment openssl_manual_section:5
......@@ -63,14 +62,14 @@ functionality: any sub command uses the master OpenSSL configuration file
unless an option is used in the sub command to use an alternative configuration
file.
To enable library configuration the default section needs to contain an
To enable library configuration the default section needs to contain an
appropriate line which points to the main configuration section. The default
name is B<openssl_conf> which is used by the B<openssl> utility. Other
applications may use an alternative name such as B<myapplicaton_conf>.
The configuration section should consist of a set of name value pairs which
contain specific module configuration information. The B<name> represents
the name of the I<configuration module> the meaning of the B<value> is
the name of the I<configuration module> the meaning of the B<value> is
module specific: it may, for example, represent a further configuration
section containing configuration module specific information. E.g.
......@@ -102,7 +101,7 @@ B<all> the B<openssl> utility sub commands can see the new objects as well
as any compliant applications. For example:
[new_oids]
some_new_oid = 1.2.3.4
some_other_oid = 1.2.3.5
......@@ -141,7 +140,7 @@ For example:
[bar_section]
... "bar" ENGINE specific commands ...
The command B<engine_id> is used to give the ENGINE name. If used this
The command B<engine_id> is used to give the ENGINE name. If used this
command must be first. For example:
[engine_section]
......@@ -168,7 +167,7 @@ The command B<default_algorithms> sets the default algorithms an ENGINE will
supply using the functions ENGINE_set_default_string().
If the name matches none of the above command names it is assumed to be a
ctrl command which is sent to the ENGINE. The value of the command is the
ctrl command which is sent to the ENGINE. The value of the command is the
argument to the ctrl command. If the value is the string B<EMPTY> then no
value is sent to the command.
......@@ -266,7 +265,7 @@ Here is a sample configuration file using some of the features
mentioned above.
# This is the default section.
HOME=/temp
RANDFILE= ${ENV::HOME}/.rnd
configdir=$ENV::HOME/config
......@@ -296,7 +295,7 @@ the B<TEMP> or B<TMP> environment variables but they may not be
set to any value at all. If you just include the environment variable
names and the variable doesn't exist then this will cause an error when
an attempt is made to load the configuration file. By making use of the
default section both values can be looked up with B<TEMP> taking
default section both values can be looked up with B<TEMP> taking
priority and B</tmp> used if neither is defined:
TMP=/tmp
......
doc/apps/crl.pod
浏览文件 @ 1bc74519
......@@ -42,7 +42,7 @@ the DER form with header and footer lines.
=item B<-outform DER|PEM>
This specifies the output format, the options have the same meaning as the
This specifies the output format, the options have the same meaning as the
B<-inform> option.
=item B<-in filename>
......
doc/apps/crl2pkcs7.pod
浏览文件 @ 1bc74519
......@@ -74,8 +74,8 @@ Create a PKCS#7 structure from a certificate and CRL:
Creates a PKCS#7 structure in DER format with no CRL from several
different certificates:
openssl crl2pkcs7 -nocrl -certfile newcert.pem
-certfile demoCA/cacert.pem -outform DER -out p7.der
openssl crl2pkcs7 -nocrl -certfile newcert.pem
-certfile demoCA/cacert.pem -outform DER -out p7.der
=head1 NOTES
......
doc/apps/dgst.pod
浏览文件 @ 1bc74519
......@@ -156,7 +156,7 @@ a file or files containing random data used to seed the random number
generator, or an EGD socket (see L<RAND_egd(3)>).
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
all others.
=item B<-fips-fingerprint>
......
doc/apps/dhparam.pod
浏览文件 @ 1bc74519
......@@ -44,7 +44,7 @@ additional header and footer lines.
=item B<-outform DER|PEM>
This specifies the output format, the options have the same meaning as the
This specifies the output format, the options have the same meaning as the
B<-inform> option.
=item B<-in> I<filename>
......@@ -123,7 +123,7 @@ for all available algorithms.
The program B<dhparam> combines the functionality of the programs B<dh> and
B<gendh> in previous versions of OpenSSL. The B<dh> and B<gendh>
programs are retained for now but may have different purposes in future
programs are retained for now but may have different purposes in future
versions of OpenSSL.
=head1 NOTES
......
doc/apps/dsa.pod
浏览文件 @ 1bc74519
......@@ -59,7 +59,7 @@ PKCS#8 format is also accepted.
=item B<-outform DER|PEM>
This specifies the output format, the options have the same meaning as the
This specifies the output format, the options have the same meaning as the
B<-inform> option.
=item B<-in filename>
......@@ -149,7 +149,7 @@ To encrypt a private key using triple DES:
openssl dsa -in key.pem -des3 -out keyout.pem
To convert a private key from PEM to DER format:
To convert a private key from PEM to DER format:
openssl dsa -in key.pem -outform DER -out keyout.der
......
doc/apps/dsaparam.pod
浏览文件 @ 1bc74519
......@@ -41,7 +41,7 @@ of the B<DER> format base64 encoded with additional header and footer lines.
=item B<-outform DER|PEM>
This specifies the output format, the options have the same meaning as the
This specifies the output format, the options have the same meaning as the
B<-inform> option.
=item B<-in filename>
......
doc/apps/ec.pod
浏览文件 @ 1bc74519
......@@ -31,7 +31,7 @@ B<openssl> B<ec>
=head1 DESCRIPTION
The B<ec> command processes EC keys. They can be converted between various
forms and their components printed out. B<Note> OpenSSL uses the
forms and their components printed out. B<Note> OpenSSL uses the
private key format specified in 'SEC 1: Elliptic Curve Cryptography'
(http://www.secg.org/). To convert an OpenSSL EC private key into the
PKCS#8 private key format use the B<pkcs8> command.
......@@ -55,7 +55,7 @@ PKCS#8 format is also accepted.
=item B<-outform DER|PEM>
This specifies the output format, the options have the same meaning as the
This specifies the output format, the options have the same meaning as the
B<-inform> option.
=item B<-in filename>
......@@ -83,7 +83,7 @@ see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
=item B<-des|-des3|-idea>
These options encrypt the private key with the DES, triple DES, IDEA or
These options encrypt the private key with the DES, triple DES, IDEA or
any other cipher supported by OpenSSL before outputting it. A pass phrase is
prompted for.
If none of these options is specified the key is written in plain text. This
......@@ -130,7 +130,7 @@ the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.
This specifies how the elliptic curve parameters are encoded.
Possible value are: B<named_curve>, i.e. the ec parameters are
specified by an OID, or B<explicit> where the ec parameters are
explicitly given (see RFC 3279 for the definition of the
explicitly given (see RFC 3279 for the definition of the
EC parameters structures). The default value is B<named_curve>.
B<Note> the B<implicitlyCA> alternative ,as specified in RFC 3279,
is currently not implemented in OpenSSL.
......@@ -170,7 +170,7 @@ To encrypt a private key using triple DES:
openssl ec -in key.pem -des3 -out keyout.pem
To convert a private key from PEM to DER format:
To convert a private key from PEM to DER format:
openssl ec -in key.pem -outform DER -out keyout.der
......
doc/apps/ecparam.pod
浏览文件 @ 1bc74519
......@@ -41,12 +41,12 @@ Print out a usage message.
This specifies the input format. The B<DER> option uses an ASN.1 DER encoded
form compatible with RFC 3279 EcpkParameters. The PEM form is the default
format: it consists of the B<DER> format base64 encoded with additional
format: it consists of the B<DER> format base64 encoded with additional
header and footer lines.
=item B<-outform DER|PEM>
This specifies the output format, the options have the same meaning as the
This specifies the output format, the options have the same meaning as the
B<-inform> option.
=item B<-in filename>
......@@ -102,7 +102,7 @@ the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.
This specifies how the elliptic curve parameters are encoded.
Possible value are: B<named_curve>, i.e. the ec parameters are
specified by an OID, or B<explicit> where the ec parameters are
explicitly given (see RFC 3279 for the definition of the
explicitly given (see RFC 3279 for the definition of the
EC parameters structures). The default value is B<named_curve>.
B<Note> the B<implicitlyCA> alternative ,as specified in RFC 3279,
is currently not implemented in OpenSSL.
......@@ -141,7 +141,7 @@ PEM format EC parameters use the header and footer lines:
-----END EC PARAMETERS-----
OpenSSL is currently not able to generate new groups and therefore
B<ecparam> can only create EC parameters from known (named) curves.
B<ecparam> can only create EC parameters from known (named) curves.
=head1 EXAMPLES
......
doc/apps/enc.pod
浏览文件 @ 1bc74519
......@@ -257,7 +257,7 @@ authentication tag.
desx DESX algorithm.
gost89 GOST 28147-89 in CFB mode (provided by ccgost engine)
gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine)
gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine)
idea-cbc IDEA algorithm in CBC mode
idea same as idea-cbc
......@@ -283,13 +283,13 @@ authentication tag.
rc5-ecb RC5 cipher in ECB mode
rc5-ofb RC5 cipher in OFB mode
aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode
aes[128|192|256] Alias for aes-[128|192|256]-cbc
aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode
aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode
aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode
aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode
aes[128|192|256] Alias for aes-[128|192|256]-cbc
aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode
aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode
aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode
=head1 EXAMPLES
......@@ -299,11 +299,11 @@ Just base64 encode a binary file:
Decode the same file
openssl base64 -d -in file.b64 -out file.bin
openssl base64 -d -in file.b64 -out file.bin
Encrypt a file using triple DES in CBC mode using a prompted password:
openssl des3 -salt -in file.txt -out file.des3
openssl des3 -salt -in file.txt -out file.des3
Decrypt a file using a supplied password:
......
doc/apps/engine.pod
浏览文件 @ 1bc74519
=pod
=head1 NAME
......@@ -52,6 +51,7 @@ Tests if each specified engine is available, and displays the answer.
Displays an error trace for any unavailable engine.
=item B<-pre> I<command>
=item B<-post> I<command>
Command-line configuration of engines.
......
doc/apps/errstr.pod
浏览文件 @ 1bc74519
......@@ -11,7 +11,7 @@ B<openssl errstr error_code>
=head1 DESCRIPTION
Sometimes an application will not load error message and only
numerical forms will be available. The B<errstr> utility can be used to
numerical forms will be available. The B<errstr> utility can be used to
display the meaning of the hex code. The hex code is the hex digits after the
second colon.
......@@ -22,7 +22,7 @@ The error code:
27594:error:2006D080:lib(32):func(109):reason(128):bss_file.c:107:
can be displayed with:
openssl errstr 2006D080
to produce the error message:
......
doc/apps/genpkey.pod
浏览文件 @ 1bc74519
......@@ -213,12 +213,12 @@ Encrypt output private key using 128 bit AES and the passphrase "hello":
Generate a 2048 bit RSA key using 3 as the public exponent:
openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \
-pkeyopt rsa_keygen_pubexp:3
-pkeyopt rsa_keygen_pubexp:3
Generate 1024 bit DSA parameters:
openssl genpkey -genparam -algorithm DSA -out dsap.pem \
-pkeyopt dsa_paramgen_bits:1024
-pkeyopt dsa_paramgen_bits:1024
Generate DSA key from parameters:
......@@ -227,7 +227,7 @@ Generate DSA key from parameters:
Generate 1024 bit DH parameters:
openssl genpkey -genparam -algorithm DH -out dhp.pem \
-pkeyopt dh_paramgen_prime_len:1024
-pkeyopt dh_paramgen_prime_len:1024
Output RFC5114 2048 bit DH parameters with 224 bit subgroup:
......@@ -240,8 +240,8 @@ Generate DH key from parameters:
Generate EC parameters:
openssl genpkey -genparam -algorithm EC -out ecp.pem \
-pkeyopt ec_paramgen_curve:secp384r1 \
-pkeyopt ec_param_enc:named_curve
-pkeyopt ec_paramgen_curve:secp384r1 \
-pkeyopt ec_param_enc:named_curve
Generate EC key from parameters:
......@@ -250,8 +250,8 @@ Generate EC key from parameters:
Generate EC key directly:
openssl genpkey -algorithm EC -out eckey.pem \
-pkeyopt ec_paramgen_curve:P-384 \
-pkeyopt ec_param_enc:named_curve
-pkeyopt ec_paramgen_curve:P-384 \
-pkeyopt ec_param_enc:named_curve
=head1 HISTORY
......
doc/apps/ocsp.pod
浏览文件 @ 1bc74519
......@@ -337,13 +337,13 @@ option.
=item B<-nrequest number>
The OCSP server will exit after receiving B<number> requests, default unlimited.
The OCSP server will exit after receiving B<number> requests, default unlimited.
=item B<-nmin minutes>, B<-ndays days>
Number of minutes or days when fresh revocation information is available: used in the
B<nextUpdate> field. If neither option is present then the B<nextUpdate> field is
omitted meaning fresh revocation information is immediately available.
B<nextUpdate> field. If neither option is present then the B<nextUpdate> field
is omitted meaning fresh revocation information is immediately available.
=back
......@@ -413,7 +413,7 @@ Create an OCSP request and write it to a file:
openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der
Send a query to an OCSP responder with URL http://ocsp.myhost.com/ save the
Send a query to an OCSP responder with URL http://ocsp.myhost.com/ save the
response to a file, print it out in text form, and verify the response:
openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \
......@@ -427,7 +427,7 @@ OCSP server on port 8888 using a standard B<ca> configuration, and a separate
responder certificate. All requests and responses are printed to a file.
openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
-text -out log.txt
-text -out log.txt
As above but exit after processing one request:
......
doc/apps/pkcs12.pod
浏览文件 @ 1bc74519
=pod
=head1 NAME
......@@ -337,7 +336,7 @@ Output only client certificates to a file:
openssl pkcs12 -in file.p12 -clcerts -out file.pem
Don't encrypt the private key:
openssl pkcs12 -in file.p12 -out file.pem -nodes
Print some info about a PKCS#12 file:
......
doc/apps/pkcs7.pod
浏览文件 @ 1bc74519
......@@ -37,7 +37,7 @@ the DER form with header and footer lines.
=item B<-outform DER|PEM>
This specifies the output format, the options have the same meaning as the
This specifies the output format, the options have the same meaning as the
B<-inform> option.
=item B<-in filename>
......@@ -100,7 +100,7 @@ For compatibility with some CAs it will also accept:
There is no option to print out all the fields of a PKCS#7 file.
This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they
This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they
cannot currently parse, for example, the new CMS as described in RFC2630.
=head1 SEE ALSO
......
doc/apps/pkey.pod
浏览文件 @ 1bc74519
=pod
=head1 NAME
......@@ -42,7 +41,7 @@ This specifies the input format DER or PEM.
=item B<-outform DER|PEM>
This specifies the output format, the options have the same meaning as the
This specifies the output format, the options have the same meaning as the
B<-inform> option.
=item B<-in filename>
......@@ -76,7 +75,7 @@ name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.
=item B<-text>
prints out the various public or private key components in
plain text in addition to the encoded version.
plain text in addition to the encoded version.
=item B<-text_pub>
......@@ -116,7 +115,7 @@ To encrypt a private key using triple DES:
openssl pkey -in key.pem -des3 -out keyout.pem
To convert a private key from PEM to DER format:
To convert a private key from PEM to DER format:
openssl pkey -in key.pem -outform DER -out keyout.der
......@@ -135,7 +134,7 @@ To just output the public part of a private key:
=head1 SEE ALSO
L<genpkey(1)>, L<rsa(1)>, L<pkcs8(1)>,
L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)>
L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)>
=cut
......
doc/apps/pkeyparam.pod
浏览文件 @ 1bc74519
=pod
=head1 NAME
......@@ -40,7 +39,7 @@ this option is not specified.
=item B<-text>
prints out the parameters in plain text in addition to the encoded version.
prints out the parameters in plain text in addition to the encoded version.
=item B<-noout>
......@@ -69,7 +68,7 @@ PEM format is supported because the key type is determined by the PEM headers.
=head1 SEE ALSO
L<genpkey(1)>, L<rsa(1)>, L<pkcs8(1)>,
L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)>
L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)>
=cut
......
doc/apps/pkeyutl.pod
浏览文件 @ 1bc74519
......@@ -84,11 +84,11 @@ the peer key format PEM, DER or ENGINE. Default is PEM.
=item B<-pubin>
the input file is a public key.
the input file is a public key.
=item B<-certin>
the input is a certificate containing a public key.
the input is a certificate containing a public key.
=item B<-rev>
......@@ -198,7 +198,7 @@ This sets the RSA padding mode. Acceptable values for B<mode> are B<pkcs1> for
PKCS#1 padding, B<sslv23> for SSLv23 padding, B<none> for no padding, B<oaep>
for B<OAEP> mode, B<x931> for X9.31 mode and B<pss> for PSS.
In PKCS#1 padding if the message digest is not set then the supplied data is
In PKCS#1 padding if the message digest is not set then the supplied data is
signed or verified directly instead of using a B<DigestInfo> structure. If a
digest is set then the a B<DigestInfo> structure is used and its the length
must correspond to the digest type.
......
doc/apps/req.pod
浏览文件 @ 1bc74519
=pod
=head1 NAME
......@@ -70,7 +69,7 @@ footer lines.
=item B<-outform DER|PEM>
This specifies the output format, the options have the same meaning as the
This specifies the output format, the options have the same meaning as the
B<-inform> option.
=item B<-in filename>
......@@ -257,7 +256,7 @@ a variety of purposes.
=item B<-utf8>
this option causes field values to be interpreted as UTF8 strings, by
this option causes field values to be interpreted as UTF8 strings, by
default they are interpreted as ASCII. This means that the field
values, whether prompted from a terminal or obtained from a
configuration file, must be valid UTF8 strings.
......@@ -272,7 +271,7 @@ set multiple options. See the L<x509(1)> manual page for details.
=item B<-reqopt>
customise the output format used with B<-text>. The B<option> argument can be
a single option or multiple options separated by commas.
a single option or multiple options separated by commas.
See discussion of the B<-certopt> parameter in the L<x509(1)>
command.
......@@ -342,7 +341,7 @@ overridden by the B<-keyout> option.
This specifies a file containing additional B<OBJECT IDENTIFIERS>.
Each line of the file should consist of the numerical form of the
object identifier followed by white space then the short name followed
by white space and finally the long name.
by white space and finally the long name.
=item B<oid_section>
......@@ -376,7 +375,7 @@ This option masks out the use of certain string types in certain
fields. Most users will not need to change this option.
It can be set to several values B<default> which is also the default
option uses PrintableStrings, T61Strings and BMPStrings if the
option uses PrintableStrings, T61Strings and BMPStrings if the
B<pkix> value is used then only PrintableStrings and BMPStrings will
be used. This follows the PKIX recommendation in RFC2459. If the
B<utf8only> option is used then only UTF8Strings will be used: this
......@@ -388,7 +387,7 @@ problems with BMPStrings and UTF8Strings: in particular Netscape.
this specifies the configuration file section containing a list of
extensions to add to the certificate request. It can be overridden
by the B<-reqexts> command line switch. See the
by the B<-reqexts> command line switch. See the
L<x509v3_config(5)> manual page for details of the
extension section format.
......@@ -499,8 +498,8 @@ Generate a self signed root certificate:
Example of a file pointed to by the B<oid_file> option:
1.2.3.4 shortName A longer Name
1.2.3.6 otherName Other longer Name
1.2.3.4 shortName A longer Name
1.2.3.6 otherName Other longer Name
Example of a section pointed to by B<oid_section> making use of variable
expansion:
......@@ -511,34 +510,34 @@ expansion:
Sample configuration file prompting for field values:
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
req_extensions = v3_ca
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
req_extensions = v3_ca
dirstring_type = nobmp
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
localityName = Locality Name (eg, city)
localityName = Locality Name (eg, city)
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, YOUR name)
commonName_max = 64
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
emailAddress = Email Address
emailAddress_max = 40
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
[ v3_ca ]
......@@ -549,27 +548,27 @@ Sample configuration file prompting for field values:
Sample configuration containing all field values:
RANDFILE = $ENV::HOME/.rnd
RANDFILE = $ENV::HOME/.rnd
[ req ]
default_bits = 2048
default_keyfile = keyfile.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
output_password = mypass
default_bits = 2048
default_keyfile = keyfile.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
output_password = mypass
[ req_distinguished_name ]
C = GB
ST = Test State or Province
L = Test Locality
O = Organization Name
OU = Organizational Unit Name
CN = Common Name
emailAddress = test@email.address
C = GB
ST = Test State or Province
L = Test Locality
O = Organization Name
OU = Organizational Unit Name
CN = Common Name
emailAddress = test@email.address
[ req_attributes ]
challengePassword = A challenge password
challengePassword = A challenge password
=head1 NOTES
......@@ -596,13 +595,13 @@ by the script in an extendedKeyUsage extension.
The following messages are frequently asked about:
Using configuration from /some/path/openssl.cnf
Unable to load config info
Using configuration from /some/path/openssl.cnf
Unable to load config info
This is followed some time later by...
unable to find 'distinguished_name' in config
problems making Certificate Request
unable to find 'distinguished_name' in config
problems making Certificate Request
The first error message is the clue: it can't find the configuration
file! Certain operations (like examining a certificate request) don't
......@@ -652,7 +651,7 @@ address in subjectAltName should be input by the user.
L<x509(1)>, L<ca(1)>, L<genrsa(1)>,
L<gendsa(1)>, L<config(5)>,
L<x509v3_config(5)>
L<x509v3_config(5)>
=cut
......
doc/apps/rsa.pod
浏览文件 @ 1bc74519
=pod
=head1 NAME
......@@ -61,7 +60,7 @@ section.
=item B<-outform DER|NET|PEM>
This specifies the output format, the options have the same meaning as the
This specifies the output format, the options have the same meaning as the
B<-inform> option.
=item B<-in filename>
......@@ -100,7 +99,7 @@ These options can only be used with PEM format output files.
=item B<-text>
prints out the various public or private key components in
plain text in addition to the encoded version.
plain text in addition to the encoded version.
=item B<-noout>
......@@ -176,7 +175,7 @@ To encrypt a private key using triple DES:
openssl rsa -in key.pem -des3 -out keyout.pem
To convert a private key from PEM to DER format:
To convert a private key from PEM to DER format:
openssl rsa -in key.pem -outform DER -out keyout.der
......@@ -203,7 +202,7 @@ without having to manually edit them.
=head1 SEE ALSO
L<pkcs8(1)>, L<dsa(1)>, L<genrsa(1)>,
L<gendsa(1)>
L<gendsa(1)>
=cut
......
doc/apps/rsautl.pod
浏览文件 @ 1bc74519
......@@ -61,7 +61,7 @@ the input file is an RSA public key.
=item B<-certin>
the input is a certificate containing an RSA public key.
the input is a certificate containing an RSA public key.
=item B<-sign>
......@@ -136,24 +136,24 @@ example in certs/pca-cert.pem . Running B<asn1parse> as follows yields:
openssl asn1parse -in pca-cert.pem
0:d=0 hl=4 l= 742 cons: SEQUENCE
4:d=1 hl=4 l= 591 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
0:d=0 hl=4 l= 742 cons: SEQUENCE
4:d=1 hl=4 l= 591 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 1 prim: INTEGER :00
16:d=2 hl=2 l= 13 cons: SEQUENCE
16:d=2 hl=2 l= 13 cons: SEQUENCE
18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
29:d=3 hl=2 l= 0 prim: NULL
31:d=2 hl=2 l= 92 cons: SEQUENCE
33:d=3 hl=2 l= 11 cons: SET
35:d=4 hl=2 l= 9 cons: SEQUENCE
29:d=3 hl=2 l= 0 prim: NULL
31:d=2 hl=2 l= 92 cons: SEQUENCE
33:d=3 hl=2 l= 11 cons: SET
35:d=4 hl=2 l= 9 cons: SEQUENCE
37:d=5 hl=2 l= 3 prim: OBJECT :countryName
42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU
....
599:d=1 hl=2 l= 13 cons: SEQUENCE
599:d=1 hl=2 l= 13 cons: SEQUENCE
601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
612:d=2 hl=2 l= 0 prim: NULL
614:d=1 hl=3 l= 129 prim: BIT STRING
612:d=2 hl=2 l= 0 prim: NULL
614:d=1 hl=3 l= 129 prim: BIT STRING
The final BIT STRING contains the actual signature. It can be extracted with:
......@@ -161,18 +161,18 @@ The final BIT STRING contains the actual signature. It can be extracted with:
openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
The certificate public key can be extracted with:
openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
The signature can be analysed with:
openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
0:d=0 hl=2 l= 32 cons: SEQUENCE
2:d=1 hl=2 l= 12 cons: SEQUENCE
0:d=0 hl=2 l= 32 cons: SEQUENCE
2:d=1 hl=2 l= 12 cons: SEQUENCE
4:d=2 hl=2 l= 8 prim: OBJECT :md5
14:d=2 hl=2 l= 0 prim: NULL
16:d=1 hl=2 l= 16 prim: OCTET STRING
14:d=2 hl=2 l= 0 prim: NULL
16:d=1 hl=2 l= 16 prim: OCTET STRING
0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..
This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
......
doc/apps/s_client.pod
浏览文件 @ 1bc74519
=pod
=head1 NAME
......@@ -416,7 +415,7 @@ print out a hex dump of any TLS extensions received from the server.
=item B<-no_ticket>
disable RFC4507bis session ticket support.
disable RFC4507bis session ticket support.
=item B<-sess_out filename>
......@@ -444,7 +443,7 @@ all others.
=item B<-serverinfo types>
a list of comma-separated TLS Extension Types (numbers between 0 and
a list of comma-separated TLS Extension Types (numbers between 0 and
65535). Each type will be sent as an empty ClientHello TLS Extension.
The server's response (if any) will be encoded and displayed as a PEM
file.
......
doc/apps/sess_id.pod
浏览文件 @ 1bc74519
=pod
=head1 NAME
......@@ -57,7 +56,7 @@ output if this option is not specified.
=item B<-text>
prints out the various public or private key components in
plain text in addition to the encoded version.
plain text in addition to the encoded version.
=item B<-cert>
......
doc/apps/smime.pod
浏览文件 @ 1bc74519
......@@ -170,7 +170,7 @@ is S/MIME and it uses the multipart/signed MIME content type.
this option adds plain text (text/plain) MIME headers to the supplied
message if encrypting or signing. If decrypting or verifying it strips
off text headers: if the decrypted or verified message is not of MIME
off text headers: if the decrypted or verified message is not of MIME
type text/plain then an error occurs.
=item B<-CAfile file>
......@@ -201,7 +201,7 @@ default digest algorithm for the signing key will be used (usually SHA1).
the encryption algorithm to use. For example DES (56 bits) - B<-des>,
triple DES (168 bits) - B<-des3>,
EVP_get_cipherbyname() function) can also be used preceded by a dash, for
EVP_get_cipherbyname() function) can also be used preceded by a dash, for
example B<-aes-128-cbc>. See L<B<enc>|enc(1)> for list of ciphers
supported by your version of OpenSSL.
......@@ -301,7 +301,7 @@ all others.
=item B<cert.pem...>
one or more certificates of message recipients: used when encrypting
a message.
a message.
=item B<-to, -from, -subject>
......@@ -398,29 +398,29 @@ the signers certificates.
Create a cleartext signed message:
openssl smime -sign -in message.txt -text -out mail.msg \
-signer mycert.pem
-signer mycert.pem
Create an opaque signed message:
openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
-signer mycert.pem
-signer mycert.pem
Create a signed message, include some additional certificates and
read the private key from another file:
openssl smime -sign -in in.txt -text -out mail.msg \
-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
Create a signed message with two signers:
openssl smime -sign -in message.txt -text -out mail.msg \
-signer mycert.pem -signer othercert.pem
-signer mycert.pem -signer othercert.pem
Send a signed message under Unix directly to sendmail, including headers:
openssl smime -sign -in in.txt -text -signer mycert.pem \
-from steve@openssl.org -to someone@somewhere \
-subject "Signed message" | sendmail someone@somewhere
-from steve@openssl.org -to someone@somewhere \
-subject "Signed message" | sendmail someone@somewhere
Verify a message and extract the signer's certificate if successful:
......@@ -429,15 +429,15 @@ Verify a message and extract the signer's certificate if successful:
Send encrypted mail using triple DES:
openssl smime -encrypt -in in.txt -from steve@openssl.org \
-to someone@somewhere -subject "Encrypted message" \
-des3 user.pem -out mail.msg
-to someone@somewhere -subject "Encrypted message" \
-des3 user.pem -out mail.msg
Sign and encrypt mail:
openssl smime -sign -in ml.txt -signer my.pem -text \
| openssl smime -encrypt -out mail.msg \
-from steve@openssl.org -to someone@somewhere \
-subject "Signed and Encrypted message" -des3 user.pem
| openssl smime -encrypt -out mail.msg \
-from steve@openssl.org -to someone@somewhere \
-subject "Signed and Encrypted message" -des3 user.pem
Note: the encryption command does not include the B<-text> option because the
message being encrypted already has MIME headers.
......@@ -454,7 +454,7 @@ it with:
-----BEGIN PKCS7-----
-----END PKCS7-----
and using the command:
and using the command:
openssl smime -verify -inform PEM -in signature.pem -content content.txt
......
doc/apps/ts.pod
浏览文件 @ 1bc74519
......@@ -522,13 +522,13 @@ To create a time stamp request for design1.txt with SHA-1
without nonce and policy and no certificate is required in the response:
openssl ts -query -data design1.txt -no_nonce \
-out design1.tsq
-out design1.tsq
To create a similar time stamp request with specifying the message imprint
explicitly:
openssl ts -query -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
-no_nonce -out design1.tsq
-no_nonce -out design1.tsq
To print the content of the previous request in human readable format:
......@@ -540,7 +540,7 @@ specifies a policy id (assuming the tsa_policy1 name is defined in the
OID section of the config file):
openssl ts -query -data design2.txt -md5 \
-tspolicy tsa_policy1 -cert -out design2.tsq
-tspolicy tsa_policy1 -cert -out design2.tsq
=head2 Time Stamp Response
......@@ -557,7 +557,7 @@ tsakey.pem is the private key of the TSA.
To create a time stamp response for a request:
openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \
-signer tsacert.pem -out design1.tsr
-signer tsacert.pem -out design1.tsr
If you want to use the settings in the config file you could just write:
......@@ -589,20 +589,20 @@ valid response:
To verify a time stamp reply against a request:
openssl ts -verify -queryfile design1.tsq -in design1.tsr \
-CAfile cacert.pem -untrusted tsacert.pem
-CAfile cacert.pem -untrusted tsacert.pem
To verify a time stamp reply that includes the certificate chain:
openssl ts -verify -queryfile design2.tsq -in design2.tsr \
-CAfile cacert.pem
-CAfile cacert.pem
To verify a time stamp token against the original data file:
openssl ts -verify -data design2.txt -in design2.tsr \
-CAfile cacert.pem
-CAfile cacert.pem
To verify a time stamp token against a message imprint:
openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
-in design2.tsr -CAfile cacert.pem
-in design2.tsr -CAfile cacert.pem
You could also look at the 'test' directory for more examples.
......
doc/apps/tsget.pod
浏览文件 @ 1bc74519
......@@ -33,15 +33,15 @@ line.
The tool sends the following HTTP request for each time stamp request:
POST url HTTP/1.1
User-Agent: OpenTSA tsget.pl/<version>
Host: <host>:<port>
Pragma: no-cache
Content-Type: application/timestamp-query
Accept: application/timestamp-reply
Content-Length: length of body
POST url HTTP/1.1
User-Agent: OpenTSA tsget.pl/<version>
Host: <host>:<port>
Pragma: no-cache
Content-Type: application/timestamp-query
Accept: application/timestamp-reply
Content-Length: length of body
...binary request specified by the user...
...binary request specified by the user...
B<tsget> expects a response of type application/timestamp-reply, which is
written to a file without any interpretation.
......@@ -142,7 +142,7 @@ time stamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests
and at port 8443 for HTTPS requests, the TSA service is available at the /tsa
absolute path.
Get a time stamp response for file1.tsq over HTTP, output is written to
Get a time stamp response for file1.tsq over HTTP, output is written to
file1.tsr:
tsget -h http://tsa.opentsa.org:8080/tsa file1.tsq
......@@ -151,40 +151,40 @@ Get a time stamp response for file1.tsq and file2.tsq over HTTP showing
progress, output is written to file1.reply and file2.reply respectively:
tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \
file1.tsq file2.tsq
file1.tsq file2.tsq
Create a time stamp request, write it to file3.tsq, send it to the server and
write the response to file3.tsr:
openssl ts -query -data file3.txt -cert | tee file3.tsq \
| tsget -h http://tsa.opentsa.org:8080/tsa \
-o file3.tsr
| tsget -h http://tsa.opentsa.org:8080/tsa \
-o file3.tsr
Get a time stamp response for file1.tsq over HTTPS without client
authentication:
tsget -h https://tsa.opentsa.org:8443/tsa \
-C cacerts.pem file1.tsq
-C cacerts.pem file1.tsq
Get a time stamp response for file1.tsq over HTTPS with certificate-based
client authentication (it will ask for the passphrase if client_key.pem is
protected):
tsget -h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
-k client_key.pem -c client_cert.pem file1.tsq
-k client_key.pem -c client_cert.pem file1.tsq
You can shorten the previous command line if you make use of the B<TSGET>
environment variable. The following commands do the same as the previous
example:
TSGET='-h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
-k client_key.pem -c client_cert.pem'
-k client_key.pem -c client_cert.pem'
export TSGET
tsget file1.tsq
=head1 SEE ALSO
L<openssl(1)>, L<ts(1)>, L<curl(1)>,
L<openssl(1)>, L<ts(1)>, L<curl(1)>,
B<RFC 3161>
=cut
......
doc/apps/verify.pod
浏览文件 @ 1bc74519
......@@ -148,8 +148,8 @@ Set policy variable inhibit-policy-mapping (see RFC5280).
=item B<-no_check_time>
This option suppresses checking the validity period of certificates and CRLs
against the current time. If option B<-attime timestamp> is used to specify
This option suppresses checking the validity period of certificates and CRLs
against the current time. If option B<-attime timestamp> is used to specify
a verification time, the check is not suppressed.
=item B<-partial_chain>
......
doc/apps/x509.pod
浏览文件 @ 1bc74519
=pod
=head1 NAME
......@@ -93,7 +92,7 @@ obsolete.
=item B<-outform DER|PEM|NET>
This specifies the output format, the options have the same meaning as the
This specifies the output format, the options have the same meaning as the
B<-inform> option.
=item B<-in filename>
......@@ -322,7 +321,7 @@ can thus behave like a "mini CA".
=item B<-signkey filename>
this option causes the input file to be self signed using the supplied
private key.
private key.
If the input file is a certificate it sets the issuer name to the
subject name (i.e. makes it self signed) changes the public key to the
......@@ -403,7 +402,7 @@ an even number of hex digits with the serial number to use. After each
use the serial number is incremented and written out to the file again.
The default filename consists of the CA certificate file base name with
".srl" appended. For example if the CA certificate file is called
".srl" appended. For example if the CA certificate file is called
"mycacert.pem" it expects to find a serial number file called "mycacert.srl".
=item B<-CAcreateserial>
......@@ -707,20 +706,20 @@ Convert a certificate request into a self signed certificate using
extensions for a CA:
openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \
-signkey key.pem -out cacert.pem
-signkey key.pem -out cacert.pem
Sign a certificate request using the CA certificate above and add user
certificate extensions:
openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \
-CA cacert.pem -CAkey key.pem -CAcreateserial
-CA cacert.pem -CAkey key.pem -CAcreateserial
Set a certificate to be trusted for SSL client use and change set its alias to
"Steve's Class 1 CA"
openssl x509 -in cert.pem -addtrust clientAuth \
-setalias "Steve's Class 1 CA" -out trust.pem
-setalias "Steve's Class 1 CA" -out trust.pem
=head1 NOTES
......@@ -854,7 +853,7 @@ if the keyUsage extension is present.
The extended key usage extension must be absent or include the "email
protection" OID. Netscape certificate type must be absent or must have the
S/MIME CA bit set: this is used as a work around if the basicConstraints
extension is absent.
extension is absent.
=item B<CRL Signing>
......@@ -884,7 +883,7 @@ dates rather than an offset from the current time.
L<req(1)>, L<ca(1)>, L<genrsa(1)>,
L<gendsa(1)>, L<verify(1)>,
L<x509v3_config(5)>
L<x509v3_config(5)>
=head1 HISTORY
......@@ -892,7 +891,7 @@ The hash algorithm used in the B<-subject_hash> and B<-issuer_hash> options
before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding
of the distinguished name. In OpenSSL 1.0.0 and later it is based on a
canonical version of the DN using SHA1. This means that any directories using
the old form must have their links rebuilt using B<c_rehash> or similar.
the old form must have their links rebuilt using B<c_rehash> or similar.
=cut
......
doc/apps/x509v3_config.pod
浏览文件 @ 1bc74519
......@@ -108,19 +108,19 @@ These can either be object short names or the dotted numerical form of OIDs.
While any OID can be used only certain values make sense. In particular the
following PKIX, NS and MS values are meaningful:
Value Meaning
----- -------
serverAuth SSL/TLS Web Server Authentication.
clientAuth SSL/TLS Web Client Authentication.
codeSigning Code signing.
emailProtection E-mail Protection (S/MIME).
timeStamping Trusted Timestamping
OCSPSigning OCSP Signing
ipsecIKE ipsec Internet Key Exchnage
msCodeInd Microsoft Individual Code Signing (authenticode)
msCodeCom Microsoft Commercial Code Signing (authenticode)
msCTLSign Microsoft Trust List Signing
msEFS Microsoft Encrypted File System
Value Meaning
----- -------
serverAuth SSL/TLS Web Server Authentication.
clientAuth SSL/TLS Web Client Authentication.
codeSigning Code signing.
emailProtection E-mail Protection (S/MIME).
timeStamping Trusted Timestamping
OCSPSigning OCSP Signing
ipsecIKE ipsec Internet Key Exchnage
msCodeInd Microsoft Individual Code Signing (authenticode)
msCodeCom Microsoft Commercial Code Signing (authenticode)
msCTLSign Microsoft Trust List Signing
msEFS Microsoft Encrypted File System
Examples:
......
doc/crypto/ASN1_STRING_length.pod
浏览文件 @ 1bc74519
......@@ -72,8 +72,6 @@ character in big endian format, UTF8String will be in UTF8 format.
Similar care should be take to ensure the data is in the correct format
when calling ASN1_STRING_set().
=head1 RETURN VALUES
=head1 SEE ALSO
L<ERR_get_error(3)>
......
doc/crypto/ASN1_STRING_print_ex.pod
浏览文件 @ 1bc74519
......@@ -30,7 +30,7 @@ with '.'.
ASN1_STRING_print() is a legacy function which should be avoided in new applications.
Although there are a large number of options frequently B<ASN1_STRFLGS_RFC2253> is
Although there are a large number of options frequently B<ASN1_STRFLGS_RFC2253> is
suitable, or on UTF8 terminals B<ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB>.
The complete set of supported options for B<flags> is listed below.
......@@ -75,7 +75,7 @@ Normally non character string types (such as OCTET STRING) are assumed to be
one byte per character, if B<ASN1_STRFLGS_DUMP_UNKNOWN> is set then they will
be dumped instead.
When a type is dumped normally just the content octets are printed, if
When a type is dumped normally just the content octets are printed, if
B<ASN1_STRFLGS_DUMP_DER> is set then the complete encoding is dumped
instead (including tag and length octets).
......
doc/crypto/ASN1_TIME_set.pod
浏览文件 @ 1bc74519
......@@ -100,7 +100,7 @@ Determine if one time is later or sooner than the current time:
int day, sec;
if (!ASN1_TIME_diff(&day, &sec, NULL, to))
/* Invalid time format */
/* Invalid time format */
if (day > 0 || sec > 0)
printf("Later\n");
......
doc/crypto/ASN1_generate_nconf.pod
浏览文件 @ 1bc74519
......@@ -52,7 +52,7 @@ only the B<ASCII> format is permissible.
This encodes a boolean type. The B<value> string is mandatory and
should be B<TRUE> or B<FALSE>. Additionally B<TRUE>, B<true>, B<Y>,
B<y>, B<YES>, B<yes>, B<FALSE>, B<false>, B<N>, B<n>, B<NO> and B<no>
are acceptable.
are acceptable.
=item B<NULL>
......@@ -78,12 +78,12 @@ a short name, a long name or numerical format.
=item B<UTCTIME>, B<UTC>
Encodes an ASN1 B<UTCTime> structure, the value should be in
the format B<YYMMDDHHMMSSZ>.
the format B<YYMMDDHHMMSSZ>.
=item B<GENERALIZEDTIME>, B<GENTIME>
Encodes an ASN1 B<GeneralizedTime> structure, the value should be in
the format B<YYYYMMDDHHMMSSZ>.
the format B<YYYYMMDDHHMMSSZ>.
=item B<OCTETSTRING>, B<OCT>
......
doc/crypto/ASYNC_start_job.pod
浏览文件 @ 1bc74519
......@@ -267,7 +267,7 @@ The following example demonstrates how to use most of the core async APIs:
/* Wait for the job to be woken */
printf("Waiting for the job to be woken up\n");
if (!ASYNC_WAIT_CTX_get_all_fds(ctx, NULL, &numfds)
|| numfds > 1) {
printf("Unexpected number of fds\n");
......
doc/crypto/BIO_ctrl.pod
浏览文件 @ 1bc74519
......@@ -13,7 +13,7 @@ BIO_get_info_callback, BIO_set_info_callback - BIO control operations
long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
int BIO_reset(BIO *b);
......@@ -94,7 +94,7 @@ return the amount of pending data.
=head1 NOTES
BIO_flush(), because it can write data may return 0 or -1 indicating
that the call should be retried later in a similar manner to BIO_write().
that the call should be retried later in a similar manner to BIO_write().
The BIO_should_retry() call should be used and appropriate action taken
is the call fails.
......@@ -121,7 +121,7 @@ operation.
Some of the return values are ambiguous and care should be taken. In
particular a return value of 0 can be returned if an operation is not
supported, if an error occurred, if EOF has not been reached and in
the case of BIO_seek() on a file BIO for a successful operation.
the case of BIO_seek() on a file BIO for a successful operation.
=head1 SEE ALSO
......
doc/crypto/BIO_f_base64.pod
浏览文件 @ 1bc74519
......@@ -9,7 +9,7 @@ BIO_f_base64 - base64 BIO filter
#include <openssl/bio.h>
#include <openssl/evp.h>
const BIO_METHOD * BIO_f_base64(void);
const BIO_METHOD * BIO_f_base64(void);
=head1 DESCRIPTION
......@@ -17,7 +17,7 @@ BIO_f_base64() returns the base64 BIO method. This is a filter
BIO that base64 encodes any data written through it and decodes
any data read through it.
Base64 BIOs do not support BIO_gets() or BIO_puts().
Base64 BIOs do not support BIO_gets() or BIO_puts().
BIO_flush() on a base64 BIO that is being written through is
used to signal that no more data is to be encoded: this is used
......@@ -63,8 +63,8 @@ data to standard output:
bio = BIO_new_fp(stdin, BIO_NOCLOSE);
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
BIO_push(b64, bio);
while((inlen = BIO_read(b64, inbuf, 512)) > 0)
BIO_write(bio_out, inbuf, inlen);
while((inlen = BIO_read(b64, inbuf, 512)) > 0)
BIO_write(bio_out, inbuf, inlen);
BIO_flush(bio_out);
BIO_free_all(b64);
......
doc/crypto/BIO_f_cipher.pod
浏览文件 @ 1bc74519
......@@ -9,9 +9,9 @@ BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx - cipher
#include <openssl/bio.h>
#include <openssl/evp.h>
const BIO_METHOD * BIO_f_cipher(void);
const BIO_METHOD *BIO_f_cipher(void);
void BIO_set_cipher(BIO *b,const EVP_CIPHER *cipher,
unsigned char *key, unsigned char *iv, int enc);
unsigned char *key, unsigned char *iv, int enc);
int BIO_get_cipher_status(BIO *b)
int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx)
......@@ -22,7 +22,7 @@ BIO that encrypts any data written through it, and decrypts any data
read from it. It is a BIO wrapper for the cipher routines
EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal().
Cipher BIOs do not support BIO_gets() or BIO_puts().
Cipher BIOs do not support BIO_gets() or BIO_puts().
BIO_flush() on an encryption BIO that is being written through is
used to signal that no more data is to be encrypted: this is used
......
doc/crypto/BIO_f_md.pod
浏览文件 @ 1bc74519
......@@ -9,7 +9,7 @@ BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx - message digest BIO filter
#include <openssl/bio.h>
#include <openssl/evp.h>
const BIO_METHOD * BIO_f_md(void);
const BIO_METHOD * BIO_f_md(void);
int BIO_set_md(BIO *b,EVP_MD *md);
int BIO_get_md(BIO *b,EVP_MD **mdp);
int BIO_get_md_ctx(BIO *b,EVP_MD_CTX **mdcp);
......@@ -103,7 +103,7 @@ The next example digests data by reading through a chain instead:
BIO_set_md(mdtmp, EVP_md5());
bio = BIO_push(mdtmp, bio);
do {
rdlen = BIO_read(bio, buf, sizeof(buf));
rdlen = BIO_read(bio, buf, sizeof(buf));
/* Might want to do something with the data here */
} while(rdlen > 0);
......@@ -114,17 +114,17 @@ outputs them. This could be used with the examples above.
unsigned char mdbuf[EVP_MAX_MD_SIZE];
int mdlen;
int i;
mdtmp = bio; /* Assume bio has previously been set up */
mdtmp = bio; /* Assume bio has previously been set up */
do {
EVP_MD *md;
mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
EVP_MD *md;
mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
if(!mdtmp) break;
BIO_get_md(mdtmp, &md);
BIO_get_md(mdtmp, &md);
printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
for(i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
printf("\n");
mdtmp = BIO_next(mdtmp);
mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
for(i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
printf("\n");
mdtmp = BIO_next(mdtmp);
} while(mdtmp);
BIO_free_all(bio);
......
doc/crypto/BIO_f_null.pod
浏览文件 @ 1bc74519
......@@ -8,7 +8,7 @@ BIO_f_null - null filter
#include <openssl/bio.h>
const BIO_METHOD * BIO_f_null(void);
const BIO_METHOD * BIO_f_null(void);
=head1 DESCRIPTION
......
doc/crypto/BIO_f_ssl.pod
浏览文件 @ 1bc74519
......@@ -14,15 +14,15 @@ BIO_ssl_shutdown - SSL BIO
const BIO_METHOD *BIO_f_ssl(void);
#define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
#define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
#define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
#define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
#define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
#define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
#define BIO_set_ssl_renegotiate_bytes(b,num) \
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
#define BIO_set_ssl_renegotiate_timeout(b,seconds) \
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
#define BIO_get_num_renegotiates(b) \
BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
......@@ -30,13 +30,13 @@ BIO_ssl_shutdown - SSL BIO
int BIO_ssl_copy_session_id(BIO *to,BIO *from);
void BIO_ssl_shutdown(BIO *bio);
#define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
#define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
=head1 DESCRIPTION
BIO_f_ssl() returns the SSL BIO method. This is a filter BIO which
is a wrapper round the OpenSSL SSL routines adding a BIO "flavour" to
SSL I/O.
SSL I/O.
I/O performed on an SSL BIO communicates using the SSL protocol with
the SSLs read and write BIOs. If an SSL connection is not established
......@@ -63,7 +63,7 @@ BIO_set_ssl_mode() sets the SSL BIO mode to B<client>. If B<client>
is 1 client mode is set. If B<client> is 0 server mode is set.
BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count
to B<num>. When set after every B<num> bytes of I/O (read and write)
to B<num>. When set after every B<num> bytes of I/O (read and write)
the SSL session is automatically renegotiated. B<num> must be at
least 512 bytes.
......@@ -84,7 +84,7 @@ BIO_new_buffer_ssl_connect() creates a new BIO chain consisting
of a buffering BIO, an SSL BIO (using B<ctx>) and a connect
BIO.
BIO_ssl_copy_session_id() copies an SSL session id between
BIO_ssl_copy_session_id() copies an SSL session id between
BIO chains B<from> and B<to>. It does this by locating the
SSL BIOs in each chain and calling SSL_copy_session_id() on
the internal SSL pointer.
......@@ -170,24 +170,24 @@ unencrypted example in L<BIO_s_connect(3)>.
out = BIO_new_fp(stdout, BIO_NOCLOSE);
if(BIO_do_connect(sbio) <= 0) {
fprintf(stderr, "Error connecting to server\n");
ERR_print_errors_fp(stderr);
/* whatever ... */
fprintf(stderr, "Error connecting to server\n");
ERR_print_errors_fp(stderr);
/* whatever ... */
}
if(BIO_do_handshake(sbio) <= 0) {
fprintf(stderr, "Error establishing SSL connection\n");
ERR_print_errors_fp(stderr);
/* whatever ... */
fprintf(stderr, "Error establishing SSL connection\n");
ERR_print_errors_fp(stderr);
/* whatever ... */
}
/* Could examine ssl here to get connection info */
BIO_puts(sbio, "GET / HTTP/1.0\n\n");
for(;;) {
len = BIO_read(sbio, tmpbuf, 1024);
if(len <= 0) break;
BIO_write(out, tmpbuf, len);
for(;;) {
len = BIO_read(sbio, tmpbuf, 1024);
if(len <= 0) break;
BIO_write(out, tmpbuf, len);
}
BIO_free_all(sbio);
BIO_free(out);
......@@ -208,12 +208,12 @@ a client and also echoes the request to standard output.
ctx = SSL_CTX_new(TLS_server_method());
if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM)
|| !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM)
|| !SSL_CTX_check_private_key(ctx)) {
|| !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM)
|| !SSL_CTX_check_private_key(ctx)) {
fprintf(stderr, "Error setting up SSL_CTX\n");
ERR_print_errors_fp(stderr);
return 0;
fprintf(stderr, "Error setting up SSL_CTX\n");
ERR_print_errors_fp(stderr);
return 0;
}
/* Might do other things here like setting verify locations and
......@@ -245,25 +245,25 @@ a client and also echoes the request to standard output.
/* By doing this when a new connection is established
* we automatically have sbio inserted into it. The
* BIO chain is now 'swallowed' by the accept BIO and
* will be freed when the accept BIO is freed.
* will be freed when the accept BIO is freed.
*/
BIO_set_accept_bios(acpt,sbio);
out = BIO_new_fp(stdout, BIO_NOCLOSE);
/* Setup accept BIO */
if(BIO_do_accept(acpt) <= 0) {
fprintf(stderr, "Error setting up accept BIO\n");
ERR_print_errors_fp(stderr);
return 0;
fprintf(stderr, "Error setting up accept BIO\n");
ERR_print_errors_fp(stderr);
return 0;
}
/* Now wait for incoming connection */
if(BIO_do_accept(acpt) <= 0) {
fprintf(stderr, "Error in connection\n");
ERR_print_errors_fp(stderr);
return 0;
fprintf(stderr, "Error in connection\n");
ERR_print_errors_fp(stderr);
return 0;
}
/* We only want one connection so remove and free
......@@ -275,9 +275,9 @@ a client and also echoes the request to standard output.
BIO_free_all(acpt);
if(BIO_do_handshake(sbio) <= 0) {
fprintf(stderr, "Error in SSL handshake\n");
ERR_print_errors_fp(stderr);
return 0;
fprintf(stderr, "Error in SSL handshake\n");
ERR_print_errors_fp(stderr);
return 0;
}
BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
......@@ -285,12 +285,12 @@ a client and also echoes the request to standard output.
BIO_puts(sbio, "--------------------------------------------------\r\n");
for(;;) {
len = BIO_gets(sbio, tmpbuf, 1024);
len = BIO_gets(sbio, tmpbuf, 1024);
if(len <= 0) break;
BIO_write(sbio, tmpbuf, len);
BIO_write(out, tmpbuf, len);
/* Look for blank line signifying end of headers*/
if((tmpbuf[0] == '\r') || (tmpbuf[0] == '\n')) break;
BIO_write(sbio, tmpbuf, len);
BIO_write(out, tmpbuf, len);
/* Look for blank line signifying end of headers*/
if((tmpbuf[0] == '\r') || (tmpbuf[0] == '\n')) break;
}
BIO_puts(sbio, "--------------------------------------------------\r\n");
......
doc/crypto/BIO_find_type.pod
浏览文件 @ 1bc74519
......@@ -8,35 +8,35 @@ BIO_find_type, BIO_next, BIO_method_type - BIO chain traversal
#include <openssl/bio.h>
BIO * BIO_find_type(BIO *b,int bio_type);
BIO * BIO_next(BIO *b);
#define BIO_method_type(b) ((b)->method->type)
#define BIO_TYPE_NONE 0
#define BIO_TYPE_MEM (1|0x0400)
#define BIO_TYPE_FILE (2|0x0400)
#define BIO_TYPE_FD (4|0x0400|0x0100)
#define BIO_TYPE_SOCKET (5|0x0400|0x0100)
#define BIO_TYPE_NULL (6|0x0400)
#define BIO_TYPE_SSL (7|0x0200)
#define BIO_TYPE_MD (8|0x0200)
#define BIO_TYPE_BUFFER (9|0x0200)
#define BIO_TYPE_CIPHER (10|0x0200)
#define BIO_TYPE_BASE64 (11|0x0200)
#define BIO_TYPE_CONNECT (12|0x0400|0x0100)
#define BIO_TYPE_ACCEPT (13|0x0400|0x0100)
#define BIO_TYPE_PROXY_CLIENT (14|0x0200)
#define BIO_TYPE_PROXY_SERVER (15|0x0200)
#define BIO_TYPE_NBIO_TEST (16|0x0200)
#define BIO_TYPE_NULL_FILTER (17|0x0200)
#define BIO_TYPE_BER (18|0x0200)
#define BIO_TYPE_BIO (19|0x0400)
#define BIO_TYPE_DESCRIPTOR 0x0100
#define BIO_TYPE_FILTER 0x0200
#define BIO_TYPE_SOURCE_SINK 0x0400
BIO * BIO_find_type(BIO *b,int bio_type);
BIO * BIO_next(BIO *b);
#define BIO_method_type(b) ((b)->method->type)
#define BIO_TYPE_NONE 0
#define BIO_TYPE_MEM (1|0x0400)
#define BIO_TYPE_FILE (2|0x0400)
#define BIO_TYPE_FD (4|0x0400|0x0100)
#define BIO_TYPE_SOCKET (5|0x0400|0x0100)
#define BIO_TYPE_NULL (6|0x0400)
#define BIO_TYPE_SSL (7|0x0200)
#define BIO_TYPE_MD (8|0x0200)
#define BIO_TYPE_BUFFER (9|0x0200)
#define BIO_TYPE_CIPHER (10|0x0200)
#define BIO_TYPE_BASE64 (11|0x0200)
#define BIO_TYPE_CONNECT (12|0x0400|0x0100)
#define BIO_TYPE_ACCEPT (13|0x0400|0x0100)
#define BIO_TYPE_PROXY_CLIENT (14|0x0200)
#define BIO_TYPE_PROXY_SERVER (15|0x0200)
#define BIO_TYPE_NBIO_TEST (16|0x0200)
#define BIO_TYPE_NULL_FILTER (17|0x0200)
#define BIO_TYPE_BER (18|0x0200)
#define BIO_TYPE_BIO (19|0x0400)
#define BIO_TYPE_DESCRIPTOR 0x0100
#define BIO_TYPE_FILTER 0x0200
#define BIO_TYPE_SOURCE_SINK 0x0400
=head1 DESCRIPTION
......@@ -68,15 +68,15 @@ BIO_method_type() returns the type of the BIO B<b>.
Traverse a chain looking for digest BIOs:
BIO *btmp;
btmp = in_bio; /* in_bio is chain to search through */
btmp = in_bio; /* in_bio is chain to search through */
do {
btmp = BIO_find_type(btmp, BIO_TYPE_MD);
if(btmp == NULL) break; /* Not found */
/* btmp is a digest BIO, do something with it ...*/
...
btmp = BIO_find_type(btmp, BIO_TYPE_MD);
if(btmp == NULL) break; /* Not found */
/* btmp is a digest BIO, do something with it ...*/
...
btmp = BIO_next(btmp);
btmp = BIO_next(btmp);
} while(btmp);
......
doc/crypto/BIO_get_ex_new_index.pod
浏览文件 @ 1bc74519
......@@ -23,9 +23,9 @@ crypto structures:
#include <openssl/x509.h>
int X509_get_ex_new_index(long argl, void *argp,
CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func,
CRYPTO_EX_free *free_func);
CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func,
CRYPTO_EX_free *free_func);
int X509_set_ex_data(X509 *d, int idx, void *arg);
......
doc/crypto/BIO_new.pod
浏览文件 @ 1bc74519
......@@ -8,12 +8,12 @@ BIO_new, BIO_set, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all - BIO allocation
#include <openssl/bio.h>
BIO * BIO_new(const BIO_METHOD *type);
int BIO_set(BIO *a,const BIO_METHOD *type);
int BIO_up_ref(BIO *a);
int BIO_free(BIO *a);
void BIO_vfree(BIO *a);
void BIO_free_all(BIO *a);
BIO * BIO_new(const BIO_METHOD *type);
int BIO_set(BIO *a,const BIO_METHOD *type);
int BIO_up_ref(BIO *a);
int BIO_free(BIO *a);
void BIO_vfree(BIO *a);
void BIO_free_all(BIO *a);
=head1 DESCRIPTION
......
doc/crypto/BIO_new_CMS.pod
浏览文件 @ 1bc74519
......@@ -2,7 +2,7 @@
=head1 NAME
BIO_new_CMS - CMS streaming filter BIO
BIO_new_CMS - CMS streaming filter BIO
=head1 SYNOPSIS
......
doc/crypto/BIO_parse_hostserv.pod
浏览文件 @ 1bc74519
......@@ -42,23 +42,18 @@ The service part can be a service name or its port number.
The returned values will depend on the given B<hostserv> string
and B<hostserv_prio>, as follows:
=for comment
The following is ONE verbatim block. To make sure it's rendered as
one block and not several, the blank lines in between have one space.
They should be left as is.
host + ':' + service => *host = "host", *service = "service"
host + ':' + '*' => *host = "host", *service = NULL
host + ':' => *host = "host", *service = NULL
':' + service => *host = NULL, *service = "service"
'*' + ':' + service => *host = NULL, *service = "service"
in case no ':' is present in the string, the result depends on
hostserv_prio, as follows:
when hostserv_prio == BIO_PARSE_PRIO_HOST
host => *host = "host", *service untouched
when hostserv_prio == BIO_PARSE_PRIO_SERV
service => *host untouched, *service = "service"
......
doc/crypto/BIO_read.pod
浏览文件 @ 1bc74519
......@@ -8,10 +8,10 @@ BIO_read, BIO_write, BIO_gets, BIO_puts - BIO I/O functions
#include <openssl/bio.h>
int BIO_read(BIO *b, void *buf, int len);
int BIO_gets(BIO *b, char *buf, int size);
int BIO_write(BIO *b, const void *buf, int len);
int BIO_puts(BIO *b, const char *buf);
int BIO_read(BIO *b, void *buf, int len);
int BIO_gets(BIO *b, char *buf, int size);
int BIO_write(BIO *b, const void *buf, int len);
int BIO_puts(BIO *b, const char *buf);
=head1 DESCRIPTION
......
doc/crypto/BIO_s_accept.pod
浏览文件 @ 1bc74519
......@@ -23,9 +23,9 @@ BIO_get_bind_mode, BIO_do_accept - accept BIO
long BIO_set_bind_mode(BIO *b, long mode);
long BIO_get_bind_mode(BIO *b);
#define BIO_BIND_NORMAL 0
#define BIO_BIND_REUSEADDR_IF_UNUSED 1
#define BIO_BIND_REUSEADDR 2
#define BIO_BIND_NORMAL 0
#define BIO_BIND_REUSEADDR_IF_UNUSED 1
#define BIO_BIND_REUSEADDR 2
int BIO_do_accept(BIO *b);
......@@ -75,7 +75,7 @@ BIO_set_nbio_accept() sets the accept socket to blocking mode
BIO_set_accept_bios() can be used to set a chain of BIOs which
will be duplicated and prepended to the chain when an incoming
connection is received. This is useful if, for example, a
connection is received. This is useful if, for example, a
buffering or SSL BIO is required for each connection. The
chain of BIOs must not be freed after this call, they will
be automatically freed when the accept BIO is freed.
......@@ -165,16 +165,16 @@ down each and finally closes both down.
/* First call to BIO_accept() sets up accept BIO */
if(BIO_do_accept(abio) <= 0) {
fprintf(stderr, "Error setting up accept\n");
ERR_print_errors_fp(stderr);
exit(0);
fprintf(stderr, "Error setting up accept\n");
ERR_print_errors_fp(stderr);
exit(0);
}
/* Wait for incoming connection */
if(BIO_do_accept(abio) <= 0) {
fprintf(stderr, "Error accepting connection\n");
ERR_print_errors_fp(stderr);
exit(0);
fprintf(stderr, "Error accepting connection\n");
ERR_print_errors_fp(stderr);
exit(0);
}
fprintf(stderr, "Connection 1 established\n");
/* Retrieve BIO for connection */
......@@ -183,9 +183,9 @@ down each and finally closes both down.
fprintf(stderr, "Sent out data on connection 1\n");
/* Wait for another connection */
if(BIO_do_accept(abio) <= 0) {
fprintf(stderr, "Error accepting connection\n");
ERR_print_errors_fp(stderr);
exit(0);
fprintf(stderr, "Error accepting connection\n");
ERR_print_errors_fp(stderr);
exit(0);
}
fprintf(stderr, "Connection 2 established\n");
/* Close accept BIO to refuse further connections */
......
doc/crypto/BIO_s_bio.pod
浏览文件 @ 1bc74519
......@@ -2,7 +2,7 @@
=head1 NAME
BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr,
BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr,
BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair,
BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request,
BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request - BIO pair BIO
......@@ -65,7 +65,7 @@ up any half of the pair will automatically destroy the association.
BIO_shutdown_wr() is used to close down a BIO B<b>. After this call no further
writes on BIO B<b> are allowed (they will return an error). Reads on the other
half of the pair will return any pending data or EOF when all pending data has
been read.
been read.
BIO_set_write_buf_size() sets the write buffer size of BIO B<b> to B<size>.
If the size is not initialized a default value is used. This is currently
......@@ -159,7 +159,7 @@ without having to go through the SSL-interface.
socket
...
SSL_free(ssl); /* implicitly frees internal_bio */
SSL_free(ssl); /* implicitly frees internal_bio */
BIO_free(network_bio);
...
......
doc/crypto/BIO_s_connect.pod
浏览文件 @ 1bc74519
......@@ -81,7 +81,7 @@ This return value is an internal pointer which should not be modified.
BIO_set_nbio() sets the non blocking I/O flag to B<n>. If B<n> is
zero then blocking I/O is set. If B<n> is 1 then non blocking I/O
is set. Blocking I/O is the default. The call to BIO_set_nbio()
should be made before the connection is established because
should be made before the connection is established because
non blocking I/O is set during the connect process.
BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into
......@@ -168,15 +168,15 @@ to retrieve a page and copy the result to standard output.
cbio = BIO_new_connect("localhost:http");
out = BIO_new_fp(stdout, BIO_NOCLOSE);
if(BIO_do_connect(cbio) <= 0) {
fprintf(stderr, "Error connecting to server\n");
ERR_print_errors_fp(stderr);
/* whatever ... */
}
fprintf(stderr, "Error connecting to server\n");
ERR_print_errors_fp(stderr);
/* whatever ... */
}
BIO_puts(cbio, "GET / HTTP/1.0\n\n");
for(;;) {
len = BIO_read(cbio, tmpbuf, 1024);
if(len <= 0) break;
BIO_write(out, tmpbuf, len);
for(;;) {
len = BIO_read(cbio, tmpbuf, 1024);
if(len <= 0) break;
BIO_write(out, tmpbuf, len);
}
BIO_free(cbio);
BIO_free(out);
......
doc/crypto/BIO_s_fd.pod
浏览文件 @ 1bc74519
......@@ -8,10 +8,10 @@ BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd - file descriptor BIO
#include <openssl/bio.h>
const BIO_METHOD * BIO_s_fd(void);
const BIO_METHOD * BIO_s_fd(void);
#define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
#define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
#define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
#define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
BIO *BIO_new_fd(int fd, int close_flag);
......@@ -46,7 +46,7 @@ BIO_new_fd() returns a file descriptor BIO using B<fd> and B<close_flag>.
=head1 NOTES
The behaviour of BIO_read() and BIO_write() depends on the behavior of the
platforms read() and write() calls on the descriptor. If the underlying
platforms read() and write() calls on the descriptor. If the underlying
file descriptor is in a non blocking mode then the BIO will behave in the
manner described in the L<BIO_read(3)> and L<BIO_should_retry(3)>
manual pages.
......
doc/crypto/BIO_s_file.pod
浏览文件 @ 1bc74519
......@@ -10,7 +10,7 @@ BIO_rw_filename - FILE bio
#include <openssl/bio.h>
const BIO_METHOD * BIO_s_file(void);
const BIO_METHOD * BIO_s_file(void);
BIO *BIO_new_file(const char *filename, const char *mode);
BIO *BIO_new_fp(FILE *stream, int flags);
......
doc/crypto/BIO_s_mem.pod
浏览文件 @ 1bc74519
......@@ -9,8 +9,8 @@ BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO
#include <openssl/bio.h>
const BIO_METHOD * BIO_s_mem(void);
const BIO_METHOD * BIO_s_secmem(void);
const BIO_METHOD * BIO_s_mem(void);
const BIO_METHOD * BIO_s_secmem(void);
BIO_set_mem_eof_return(BIO *b,int v)
long BIO_get_mem_data(BIO *b, char **pp)
......@@ -21,7 +21,7 @@ BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO
=head1 DESCRIPTION
BIO_s_mem() return the memory BIO method function.
BIO_s_mem() return the memory BIO method function.
A memory BIO is a source/sink BIO which uses memory for its I/O. Data
written to a memory BIO is stored in a BUF_MEM structure which is extended
......@@ -41,7 +41,7 @@ BUF_MEM structure is also freed.
Calling BIO_reset() on a read write memory BIO clears any data in it if the
flag BIO_FLAGS_NONCLEAR_RST is not set. On a read only BIO or if the flag
BIO_FLAGS_NONCLEAR_RST is set it restores the BIO to its original state and
BIO_FLAGS_NONCLEAR_RST is set it restores the BIO to its original state and
the data can be read again.
BIO_eof() is true if no data is in the BIO.
......@@ -96,7 +96,7 @@ There should be an option to set the maximum size of a memory BIO.
Create a memory BIO and write some data to it:
BIO *mem = BIO_new(BIO_s_mem());
BIO_puts(mem, "Hello World\n");
BIO_puts(mem, "Hello World\n");
Create a read only memory BIO:
......@@ -110,7 +110,7 @@ Extract the BUF_MEM structure from a memory BIO and then free up the BIO:
BIO_get_mem_ptr(mem, &bptr);
BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
BIO_free(mem);
=head1 SEE ALSO
......
doc/crypto/BIO_s_null.pod
浏览文件 @ 1bc74519
......@@ -8,7 +8,7 @@ BIO_s_null - null data sink
#include <openssl/bio.h>
const BIO_METHOD * BIO_s_null(void);
const BIO_METHOD * BIO_s_null(void);
=head1 DESCRIPTION
......
doc/crypto/BIO_set_callback.pod
浏览文件 @ 1bc74519
......@@ -9,16 +9,16 @@ BIO_debug_callback - BIO callback functions
#include <openssl/bio.h>
#define BIO_set_callback(b,cb) ((b)->callback=(cb))
#define BIO_get_callback(b) ((b)->callback)
#define BIO_set_callback_arg(b,arg) ((b)->cb_arg=(char *)(arg))
#define BIO_get_callback_arg(b) ((b)->cb_arg)
#define BIO_set_callback(b,cb) ((b)->callback=(cb))
#define BIO_get_callback(b) ((b)->callback)
#define BIO_set_callback_arg(b,arg) ((b)->cb_arg=(char *)(arg))
#define BIO_get_callback_arg(b) ((b)->cb_arg)
long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
long argl,long ret);
long argl,long ret);
typedef long (*callback)(BIO *b, int oper, const char *argp,
int argi, long argl, long retvalue);
int argi, long argl, long retvalue);
=head1 DESCRIPTION
......
doc/crypto/BIO_should_retry.pod
浏览文件 @ 1bc74519
......@@ -11,17 +11,17 @@ functions
#include <openssl/bio.h>
#define BIO_should_read(a) ((a)->flags & BIO_FLAGS_READ)
#define BIO_should_write(a) ((a)->flags & BIO_FLAGS_WRITE)
#define BIO_should_io_special(a) ((a)->flags & BIO_FLAGS_IO_SPECIAL)
#define BIO_retry_type(a) ((a)->flags & BIO_FLAGS_RWS)
#define BIO_should_retry(a) ((a)->flags & BIO_FLAGS_SHOULD_RETRY)
#define BIO_FLAGS_READ 0x01
#define BIO_FLAGS_WRITE 0x02
#define BIO_FLAGS_IO_SPECIAL 0x04
#define BIO_should_read(a) ((a)->flags & BIO_FLAGS_READ)
#define BIO_should_write(a) ((a)->flags & BIO_FLAGS_WRITE)
#define BIO_should_io_special(a) ((a)->flags & BIO_FLAGS_IO_SPECIAL)
#define BIO_retry_type(a) ((a)->flags & BIO_FLAGS_RWS)
#define BIO_should_retry(a) ((a)->flags & BIO_FLAGS_SHOULD_RETRY)
#define BIO_FLAGS_READ 0x01
#define BIO_FLAGS_WRITE 0x02
#define BIO_FLAGS_IO_SPECIAL 0x04
#define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
#define BIO_FLAGS_SHOULD_RETRY 0x08
#define BIO_FLAGS_SHOULD_RETRY 0x08
BIO *BIO_get_retry_BIO(BIO *bio, int *reason);
int BIO_get_retry_reason(BIO *bio);
......@@ -53,7 +53,7 @@ B<BIO_FLAGS_IO_SPECIAL> though current BIO types will only set one of
these.
BIO_get_retry_BIO() determines the precise reason for the special
condition, it returns the BIO that caused this condition and if
condition, it returns the BIO that caused this condition and if
B<reason> is not NULL it contains the reason code. The meaning of
the reason code and the action that should be taken depends on
the type of BIO that resulted in this condition.
......@@ -99,7 +99,7 @@ available and then retry the BIO operation. By combining the retry
conditions of several non blocking BIOs in a single select() call
it is possible to service several BIOs in a single thread, though
the performance may be poor if SSL BIOs are present because long delays
can occur during the initial handshake process.
can occur during the initial handshake process.
It is possible for a BIO to block indefinitely if the underlying I/O
structure cannot process or return any data. This depends on the behaviour of
......
doc/crypto/BN_BLINDING_new.pod
浏览文件 @ 1bc74519
......@@ -2,8 +2,8 @@
=head1 NAME
BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert,
BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex,
BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert,
BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex,
BN_BLINDING_is_current_thread, BN_BLINDING_set_current_thread,
BN_BLINDING_lock, BN_BLINDING_unlock, BN_BLINDING_get_flags,
BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functions.
......@@ -13,15 +13,15 @@ BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functi
#include <openssl/bn.h>
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
BIGNUM *mod);
BIGNUM *mod);
void BN_BLINDING_free(BN_BLINDING *b);
int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
BN_CTX *ctx);
BN_CTX *ctx);
int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
BN_CTX *ctx);
BN_CTX *ctx);
int BN_BLINDING_is_current_thread(BN_BLINDING *b);
void BN_BLINDING_set_current_thread(BN_BLINDING *b);
int BN_BLINDING_lock(BN_BLINDING *b);
......@@ -29,10 +29,10 @@ BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functi
unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
BN_MONT_CTX *m_ctx);
const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
BN_MONT_CTX *m_ctx);
=head1 DESCRIPTION
......@@ -102,7 +102,7 @@ succeeded or 0 on error.
BN_BLINDING_get_flags() returns the currently set B<BN_BLINDING> flags
(a B<unsigned long> value).
BN_BLINDING_create_param() returns the newly created B<BN_BLINDING>
BN_BLINDING_create_param() returns the newly created B<BN_BLINDING>
parameters or NULL on error.
=head1 SEE ALSO
......
doc/crypto/BN_generate_prime.pod
浏览文件 @ 1bc74519
......@@ -39,7 +39,7 @@ Deprecated:
BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int,
int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int,
void *), BN_CTX *ctx, void *cb_arg);
int BN_is_prime_fasttest(const BIGNUM *a, int checks,
......
doc/crypto/CMS_add0_cert.pod
浏览文件 @ 1bc74519
......@@ -20,7 +20,7 @@ CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_ge
=head1 DESCRIPTION
CMS_add0_cert() and CMS_add1_cert() add certificate B<cert> to B<cms>.
must be of type signed data or enveloped data.
must be of type signed data or enveloped data.
CMS_get1_certs() returns all certificates in B<cms>.
......@@ -46,7 +46,7 @@ than once.
=head1 RETURN VALUES
CMS_add0_cert(), CMS_add1_cert() and CMS_add0_crl() and CMS_add1_crl() return
1 for success and 0 for failure.
1 for success and 0 for failure.
CMS_get1_certs() and CMS_get1_crls() return the STACK of certificates or CRLs
or NULL if there are none or an error occurs. The only error which will occur
......
doc/crypto/CMS_add1_recipient_cert.pod
浏览文件 @ 1bc74519
......@@ -2,7 +2,7 @@
=head1 NAME
CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS enveloped data structure
CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS enveloped data structure
=head1 SYNOPSIS
......
doc/crypto/CMS_add1_signer.pod
浏览文件 @ 1bc74519
......@@ -2,7 +2,7 @@
=head1 NAME
CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure.
CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure.
=head1 SYNOPSIS
......@@ -52,7 +52,7 @@ structure. An error occurs if a matching digest value cannot be found to copy.
The returned CMS_ContentInfo structure will be valid and finalized when this
flag is set.
If B<CMS_PARTIAL> is set in addition to B<CMS_REUSE_DIGEST> then the
If B<CMS_PARTIAL> is set in addition to B<CMS_REUSE_DIGEST> then the
CMS_SignerInfo structure will not be finalized so additional attributes
can be added. In this case an explicit call to CMS_SignerInfo_sign() is
needed to finalize it.
......@@ -81,7 +81,7 @@ If any of these algorithms is not available then it will not be included: for ex
not loaded.
CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo
structure just added, this can be used to set additional attributes
structure just added, this can be used to set additional attributes
before it is finalized.
=head1 RETURN VALUES
......
doc/crypto/CMS_decrypt.pod
浏览文件 @ 1bc74519
......@@ -2,7 +2,7 @@
=head1 NAME
CMS_decrypt - decrypt content from a CMS envelopedData structure
CMS_decrypt - decrypt content from a CMS envelopedData structure
=head1 SYNOPSIS
......
doc/crypto/CMS_encrypt.pod
浏览文件 @ 1bc74519
......@@ -2,7 +2,7 @@
=head1 NAME
CMS_encrypt - create a CMS envelopedData structure
CMS_encrypt - create a CMS envelopedData structure
=head1 SYNOPSIS
......@@ -26,7 +26,7 @@ EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use
because most clients will support it.
The algorithm passed in the B<cipher> parameter must support ASN1 encoding of
its parameters.
its parameters.
Many browsers implement a "sign and encrypt" option which is simply an S/MIME
envelopedData containing an S/MIME signed message. This can be readily produced
......
doc/crypto/CMS_final.pod
浏览文件 @ 1bc74519
......@@ -2,7 +2,7 @@
=head1 NAME
CMS_final - finalise a CMS_ContentInfo structure
CMS_final - finalise a CMS_ContentInfo structure
=head1 SYNOPSIS
......@@ -14,7 +14,7 @@
CMS_final() finalises the structure B<cms>. It's purpose is to perform any
operations necessary on B<cms> (digest computation for example) and set the
appropriate fields. The parameter B<data> contains the content to be
appropriate fields. The parameter B<data> contains the content to be
processed. The B<dcont> parameter contains a BIO to write content to after
processing: this is only used with detached data and will usually be set to
NULL.
......
doc/crypto/CMS_get0_RecipientInfos.pod
浏览文件 @ 1bc74519
......@@ -34,7 +34,7 @@ CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, or CMS_RECIPINFO_OTHER.
CMS_RecipientInfo_ktri_get0_signer_id() retrieves the certificate recipient
identifier associated with a specific CMS_RecipientInfo structure B<ri>, which
must be of type CMS_RECIPINFO_TRANS. Either the keyidentifier will be set in
B<keyid> or B<both> issuer name and serial number in B<issuer> and B<sno>.
B<keyid> or B<both> issuer name and serial number in B<issuer> and B<sno>.
CMS_RecipientInfo_ktri_cert_cmp() compares the certificate B<cert> against the
CMS_RecipientInfo structure B<ri>, which must be of type CMS_RECIPINFO_TRANS.
......
doc/crypto/CMS_get0_SignerInfos.pod
浏览文件 @ 1bc74519
......@@ -25,7 +25,7 @@ associated with a specific CMS_SignerInfo structure B<si>. Either the
keyidentifier will be set in B<keyid> or B<both> issuer name and serial number
in B<issuer> and B<sno>.
CMS_SignerInfo_get0_signature() retrieves the signature associated with
CMS_SignerInfo_get0_signature() retrieves the signature associated with
B<si> in a pointer to an ASN1_OCTET_STRING structure. This pointer returned
corresponds to the internal signature value if B<si> so it may be read or
modified.
......
doc/crypto/CMS_get0_type.pod
浏览文件 @ 1bc74519
......@@ -2,7 +2,7 @@
=head1 NAME
CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content - get and set CMS content types and content
CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content - get and set CMS content types and content
=head1 SYNOPSIS
......
doc/crypto/CMS_get1_ReceiptRequest.pod
浏览文件 @ 1bc74519
......@@ -2,7 +2,7 @@
=head1 NAME
CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values - CMS signed receipt request functions.
CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values - CMS signed receipt request functions.
=head1 SYNOPSIS
......@@ -45,7 +45,7 @@ CMS_verify().
=head1 RETURN VALUES
CMS_ReceiptRequest_create0() returns a signed receipt request structure or
CMS_ReceiptRequest_create0() returns a signed receipt request structure or
NULL if an error occurred.
CMS_add1_ReceiptRequest() returns 1 for success or 0 is an error occurred.
......
doc/crypto/CMS_sign.pod
浏览文件 @ 1bc74519
......@@ -2,7 +2,7 @@
=head1 NAME
CMS_sign - create a CMS SignedData structure
CMS_sign - create a CMS SignedData structure
=head1 SYNOPSIS
......@@ -96,7 +96,7 @@ B<certs>, B<signcert> and B<pkey> parameters can all be B<NULL> and the
B<CMS_PARTIAL> flag set. Then one or more signers can be added using the
function CMS_sign_add1_signer(), non default digests can be used and custom
attributes added. CMS_final() must then be called to finalize the
structure if streaming is not enabled.
structure if streaming is not enabled.
=head1 BUGS
......
doc/crypto/CMS_sign_receipt.pod
浏览文件 @ 1bc74519
......@@ -2,7 +2,7 @@
=head1 NAME
CMS_sign_receipt - create a CMS signed receipt
CMS_sign_receipt - create a CMS signed receipt
=head1 SYNOPSIS
......
doc/crypto/CMS_uncompress.pod
浏览文件 @ 1bc74519
......@@ -2,7 +2,7 @@
=head1 NAME
CMS_uncompress - uncompress a CMS CompressedData structure
CMS_uncompress - uncompress a CMS CompressedData structure
=head1 SYNOPSIS
......
doc/crypto/CMS_verify.pod
浏览文件 @ 1bc74519
......@@ -67,7 +67,7 @@ returned.
If B<CMS_NO_SIGNER_CERT_VERIFY> is set the signing certificates are not
verified.
If B<CMS_NO_ATTR_VERIFY> is set the signed attributes signature is not
If B<CMS_NO_ATTR_VERIFY> is set the signed attributes signature is not
verified.
If B<CMS_NO_CONTENT_VERIFY> is set then the content digest is not checked.
......@@ -81,13 +81,13 @@ certificates supplied in B<certs> then the verify will fail because the
signer cannot be found.
In some cases the standard techniques for looking up and validating
certificates are not appropriate: for example an application may wish to
certificates are not appropriate: for example an application may wish to
lookup certificates in a database or perform customised verification. This
can be achieved by setting and verifying the signers certificates manually
can be achieved by setting and verifying the signers certificates manually
using the signed data utility functions.
Care should be taken when modifying the default verify behaviour, for example
setting B<CMS_NO_CONTENT_VERIFY> will totally disable all content verification
setting B<CMS_NO_CONTENT_VERIFY> will totally disable all content verification
and any modified content will be considered valid. This combination is however
useful if one merely wishes to write the content to B<out> and its validity
is not considered important.
......
doc/crypto/CMS_verify_receipt.pod
浏览文件 @ 1bc74519
......@@ -2,7 +2,7 @@
=head1 NAME
CMS_verify_receipt - verify a CMS signed receipt
CMS_verify_receipt - verify a CMS signed receipt
=head1 SYNOPSIS
......@@ -16,7 +16,7 @@ CMS_verify_receipt() verifies a CMS signed receipt. B<rcms> is the signed
receipt to verify. B<ocms> is the original SignedData structure containing the
receipt request. B<certs> is a set of certificates in which to search for the
signing certificate. B<store> is a trusted certificate store (used for chain
verification).
verification).
B<flags> is an optional set of flags, which can be used to modify the verify
operation.
......
doc/crypto/CONF_modules_free.pod
浏览文件 @ 1bc74519
......@@ -2,8 +2,8 @@
=head1 NAME
CONF_modules_free, CONF_modules_finish, CONF_modules_unload -
OpenSSL configuration cleanup functions
CONF_modules_free, CONF_modules_finish, CONF_modules_unload -
OpenSSL configuration cleanup functions
=head1 SYNOPSIS
......
doc/crypto/CONF_modules_load_file.pod
浏览文件 @ 1bc74519
......@@ -2,16 +2,16 @@
=head1 NAME
CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions
CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions
=head1 SYNOPSIS
#include <openssl/conf.h>
int CONF_modules_load_file(const char *filename, const char *appname,
unsigned long flags);
unsigned long flags);
int CONF_modules_load(const CONF *cnf, const char *appname,
unsigned long flags);
unsigned long flags);
=head1 DESCRIPTION
......
doc/crypto/CRYPTO_get_ex_new_index.pod
浏览文件 @ 1bc74519
......@@ -12,9 +12,9 @@ CRYPTO_get_ex_data, CRYPTO_free_ex_data
int CRYPTO_get_ex_new_index(int class_index,
long argl, void *argp,
CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func,
CRYPTO_EX_free *free_func);
CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func,
CRYPTO_EX_free *free_func);
typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
int idx, long argl, void *argp);
......
doc/crypto/DH_generate_parameters.pod
浏览文件 @ 1bc74519
......@@ -2,7 +2,6 @@
=head1 NAME
DH_generate_parameters_ex, DH_generate_parameters,
DH_check - generate and check Diffie-Hellman parameters
......@@ -29,7 +28,7 @@ structure. The pseudo-random number generator must be
seeded prior to calling DH_generate_parameters().
B<prime_len> is the length in bits of the safe prime to be generated.
B<generator> is a small number E<gt> 1, typically 2 or 5.
B<generator> is a small number E<gt> 1, typically 2 or 5.
A callback function may be used to provide feedback about the progress
of the key generation. If B<cb> is not B<NULL>, it will be
......
doc/crypto/DSA_do_sign.pod
浏览文件 @ 1bc74519
......@@ -11,7 +11,7 @@ DSA_do_sign, DSA_do_verify - raw DSA signature operations
DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
int DSA_do_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
DSA_SIG *sig, DSA *dsa);
=head1 DESCRIPTION
......
doc/crypto/DSA_generate_parameters.pod
浏览文件 @ 1bc74519
......@@ -9,15 +9,15 @@ DSA_generate_parameters_ex, DSA_generate_parameters - generate DSA parameters
#include <openssl/dsa.h>
int DSA_generate_parameters_ex(DSA *dsa, int bits,
const unsigned char *seed,int seed_len,
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
const unsigned char *seed,int seed_len,
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
Deprecated:
#if OPENSSL_API_COMPAT < 0x00908000L
DSA *DSA_generate_parameters(int bits, unsigned char *seed,
int seed_len, int *counter_ret, unsigned long *h_ret,
void (*callback)(int, int, void *), void *cb_arg);
void (*callback)(int, int, void *), void *cb_arg);
#endif
=head1 DESCRIPTION
......
doc/crypto/DSA_set_method.pod
浏览文件 @ 1bc74519
......@@ -37,7 +37,7 @@ been set as a default for DSA, so this function is no longer recommended.
DSA_get_default_method() returns a pointer to the current default
DSA_METHOD. However, the meaningfulness of this result is dependent on
whether the ENGINE API is being used, so this function is no longer
whether the ENGINE API is being used, so this function is no longer
recommended.
DSA_set_method() selects B<meth> to perform all operations using the key
......
doc/crypto/DSA_sign.pod
浏览文件 @ 1bc74519
......@@ -8,14 +8,14 @@ DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures
#include <openssl/dsa.h>
int DSA_sign(int type, const unsigned char *dgst, int len,
unsigned char *sigret, unsigned int *siglen, DSA *dsa);
int DSA_sign(int type, const unsigned char *dgst, int len,
unsigned char *sigret, unsigned int *siglen, DSA *dsa);
int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
BIGNUM **rp);
int DSA_verify(int type, const unsigned char *dgst, int len,
unsigned char *sigbuf, int siglen, DSA *dsa);
int DSA_verify(int type, const unsigned char *dgst, int len,
unsigned char *sigbuf, int siglen, DSA *dsa);
=head1 DESCRIPTION
......
doc/crypto/EC_GROUP_copy.pod
浏览文件 @ 1bc74519
......@@ -46,8 +46,8 @@ EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROU
int EC_GROUP_get_basis_type(const EC_GROUP *);
int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
unsigned int *k2, unsigned int *k3);
int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
unsigned int *k2, unsigned int *k3);
=head1 DESCRIPTION
......@@ -86,26 +86,25 @@ applications would have to explicitly set the named curve form) in OpenSSL
1.1.0 and later the named curve form is the default.
The point_conversion_form for a curve controls how EC_POINT data is encoded as ASN1 as defined in X9.62 (ECDSA).
point_conversion_form_t is an enum defined as follows:
point_conversion_form_t is an enum defined as follows:
typedef enum {
/** the point is encoded as z||x, where the octet z specifies
* which solution of the quadratic equation y is */
POINT_CONVERSION_COMPRESSED = 2,
/** the point is encoded as z||x||y, where z is the octet 0x02 */
POINT_CONVERSION_UNCOMPRESSED = 4,
/** the point is encoded as z||x||y, where the octet z specifies
/** the point is encoded as z||x, where the octet z specifies
* which solution of the quadratic equation y is */
POINT_CONVERSION_COMPRESSED = 2,
/** the point is encoded as z||x||y, where z is the octet 0x02 */
POINT_CONVERSION_UNCOMPRESSED = 4,
/** the point is encoded as z||x||y, where the octet z specifies
* which solution of the quadratic equation y is */
POINT_CONVERSION_HYBRID = 6
POINT_CONVERSION_HYBRID = 6
} point_conversion_form_t;
For POINT_CONVERSION_UNCOMPRESSED the point is encoded as an octet signifying the UNCOMPRESSED form has been used followed by
the octets for x, followed by the octets for y.
For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For
POINT_CONVERSION_COMPRESSED the point is encoded as an octet signifying that the COMPRESSED form has been used AND which of
the two possible solutions for y has been used, followed by the octets for x.
the two possible solutions for y has been used, followed by the octets for x.
For POINT_CONVERSION_HYBRID the point is encoded as an octet signifying the HYBRID form has been used AND which of the two
possible solutions for y has been used, followed by the octets for x, followed by the octets for y.
......
doc/crypto/EC_GROUP_new.pod
浏览文件 @ 1bc74519
......@@ -78,10 +78,10 @@ provided. The return value is the total number of curves available (whether that
not). Passing a NULL B<r>, or setting B<nitems> to 0 will do nothing other than return the total number of curves available.
The EC_builtin_curve structure is defined as follows:
typedef struct {
int nid;
const char *comment;
} EC_builtin_curve;
typedef struct {
int nid;
const char *comment;
} EC_builtin_curve;
Each EC_builtin_curve item has a unique integer id (B<nid>), and a human readable comment string describing the curve.
......
doc/crypto/ERR_load_crypto_strings.pod
浏览文件 @ 1bc74519
......@@ -21,7 +21,7 @@ Deprecated:
#if OPENSSL_API_COMPAT < 0x10100000L
void SSL_load_error_strings(void);
#endif
=head1 DESCRIPTION
All of the following functions are deprecated from OpenSSL 1.1.0. No explicit
......
doc/crypto/EVP_BytesToKey.pod
浏览文件 @ 1bc74519
......@@ -44,7 +44,7 @@ defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC.
The key and IV is derived by concatenating D_1, D_2, etc until
enough data is available for the key and IV. D_i is defined as:
D_i = HASH^count(D_(i-1) || data || salt)
D_i = HASH^count(D_(i-1) || data || salt)
where || denotes concatenation, D_0 is empty, HASH is the digest
algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data)
......
doc/crypto/EVP_CIPHER_meth_new.pod
浏览文件 @ 1bc74519
......@@ -19,7 +19,7 @@ EVP_CIPHER_meth_get_ctrl - Routines to build up EVP_CIPHER methods
EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher);
void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size);
......@@ -44,7 +44,7 @@ EVP_CIPHER_meth_get_ctrl - Routines to build up EVP_CIPHER methods
int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
int (*ctrl) (EVP_CIPHER_CTX *, int type,
int arg, void *ptr));
int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv,
......@@ -82,37 +82,14 @@ With the exception of cipher modes, of which only one may be present,
several flags can be or'd together.
The available flags are:
=over 4
=over 4
=item The cipher modes:
=over 4
=item EVP_CIPH_STREAM_CIPHER
=item EVP_CIPH_ECB_MODE
=item EVP_CIPH_CBC_MODE
=item EVP_CIPH_CFB_MODE
=item EVP_CIPH_OFB_MODE
=item EVP_CIPH_CTR_MODE
=over
=item EVP_CIPH_GCM_MODE
=item EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE,
EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE,
EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE,
EVP_CIPH_OCB_MODE
=item EVP_CIPH_CCM_MODE
=item EVP_CIPH_XTS_MODE
=item EVP_CIPH_WRAP_MODE
=item EVP_CIPH_OCB_MODE
=back
The cipher mode.
=item EVP_CIPH_VARIABLE_LENGTH
......@@ -197,13 +174,8 @@ This indicates that this is an AEAD cipher implementation.
=item EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
=begin comment
I could use some help explaining this one!
=end comment
=back
Allow interleaving of crypto blocks, a particular optimization only applicable
to certain TLS ciphers.
=back
......@@ -234,6 +206,7 @@ EVP_CIPHER_CTX_free().
EVP_CIPHER_meth_set_ctrl() sets the control function for B<cipher>.
=head1 RETURN VALUES
EVP_CIPHER_meth_get_input_blocksize(), EVP_CIPHER_meth_get_result_size(),
EVP_CIPHER_meth_get_app_datasize(), EVP_CIPHER_meth_get_flags(),
......
doc/crypto/EVP_DigestInit.pod
浏览文件 @ 1bc74519
......@@ -32,10 +32,10 @@ EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines
int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
#define EVP_MAX_MD_SIZE 64 /* SHA512 */
#define EVP_MAX_MD_SIZE 64 /* SHA512 */
int EVP_MD_type(const EVP_MD *md);
int EVP_MD_pkey_type(const EVP_MD *md);
int EVP_MD_pkey_type(const EVP_MD *md);
int EVP_MD_size(const EVP_MD *md);
int EVP_MD_block_size(const EVP_MD *md);
......@@ -213,15 +213,15 @@ digest name passed on the command line.
int md_len, i;
if(!argv[1]) {
printf("Usage: mdtest digestname\n");
exit(1);
printf("Usage: mdtest digestname\n");
exit(1);
}
md = EVP_get_digestbyname(argv[1]);
if(!md) {
printf("Unknown message digest %s\n", argv[1]);
exit(1);
printf("Unknown message digest %s\n", argv[1]);
exit(1);
}
mdctx = EVP_MD_CTX_new();
......@@ -233,7 +233,7 @@ digest name passed on the command line.
printf("Digest is: ");
for(i = 0; i < md_len; i++)
printf("%02x", md_value[i]);
printf("%02x", md_value[i]);
printf("\n");
exit(0);
......
doc/crypto/EVP_DigestSignInit.pod
浏览文件 @ 1bc74519
......@@ -9,7 +9,7 @@ EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing func
#include <openssl/evp.h>
int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);
......@@ -56,7 +56,7 @@ needed to be used to sign using SHA1 and DSA. This is no longer necessary and
the use of clone digest is now discouraged.
For some key types and parameters the random number generator must be seeded
or the operation will fail.
or the operation will fail.
The call to EVP_DigestSignFinal() internally finalizes a copy of the digest
context. This means that calls to EVP_DigestSignUpdate() and
......@@ -81,7 +81,7 @@ L<sha(3)>, L<dgst(1)>
=head1 HISTORY
EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal()
EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal()
were first added to OpenSSL 1.0.0.
=cut
......
doc/crypto/EVP_DigestVerifyInit.pod
浏览文件 @ 1bc74519
......@@ -9,7 +9,7 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP signat
#include <openssl/evp.h>
int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen);
......@@ -56,7 +56,7 @@ needed to be used to sign using SHA1 and DSA. This is no longer necessary and
the use of clone digest is now discouraged.
For some key types and parameters the random number generator must be seeded
or the operation will fail.
or the operation will fail.
The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest
context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can
......@@ -76,7 +76,7 @@ L<sha(3)>, L<dgst(1)>
=head1 HISTORY
EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal()
EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal()
were first added to OpenSSL 1.0.0.
=cut
......
doc/crypto/EVP_EncryptInit.pod
浏览文件 @ 1bc74519
......@@ -40,14 +40,14 @@ EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm - EVP cipher routines
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
ENGINE *impl, unsigned char *key, unsigned char *iv);
ENGINE *impl, unsigned char *key, unsigned char *iv);
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl);
int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
ENGINE *impl, unsigned char *key, unsigned char *iv);
ENGINE *impl, unsigned char *key, unsigned char *iv);
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
......@@ -83,12 +83,12 @@ EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm - EVP cipher routines
#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
#define EVP_CIPHER_nid(e) ((e)->nid)
#define EVP_CIPHER_block_size(e) ((e)->block_size)
#define EVP_CIPHER_key_length(e) ((e)->key_len)
#define EVP_CIPHER_iv_length(e) ((e)->iv_len)
#define EVP_CIPHER_flags(e) ((e)->flags)
#define EVP_CIPHER_mode(e) ((e)->flags) & EVP_CIPH_MODE)
#define EVP_CIPHER_nid(e) ((e)->nid)
#define EVP_CIPHER_block_size(e) ((e)->block_size)
#define EVP_CIPHER_key_length(e) ((e)->key_len)
#define EVP_CIPHER_iv_length(e) ((e)->iv_len)
#define EVP_CIPHER_flags(e) ((e)->flags)
#define EVP_CIPHER_mode(e) ((e)->flags) & EVP_CIPH_MODE)
int EVP_CIPHER_type(const EVP_CIPHER *ctx);
const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
......@@ -384,13 +384,13 @@ bits and 12 rounds.
AES Galois Counter Mode (GCM) for 128, 192 and 256 bit keys respectively.
These ciphers require additional control operations to function correctly: see
the L</GCM and OCB modes> section below for details.
the L</GCM and OCB Modes> section below for details.
=item EVP_aes_128_ocb(void), EVP_aes_192_ocb(void), EVP_aes_256_ocb(void)
Offset Codebook Mode (OCB) for 128, 192 and 256 bit keys respectively.
These ciphers require additional control operations to function correctly: see
the L</GCM and OCB modes> section below for details.
the L</GCM and OCB Modes> section below for details.
=item EVP_aes_128_ccm(), EVP_aes_192_ccm(), EVP_aes_256_ccm()
......@@ -526,46 +526,46 @@ for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode.
Encrypt a string using IDEA:
int do_crypt(char *outfile)
{
unsigned char outbuf[1024];
int outlen, tmplen;
/* Bogus key and IV: we'd normally set these from
* another source.
*/
unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
unsigned char iv[] = {1,2,3,4,5,6,7,8};
char intext[] = "Some Crypto Text";
EVP_CIPHER_CTX ctx;
FILE *out;
ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv);
if(!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext)))
{
/* Error */
return 0;
}
/* Buffer passed to EVP_EncryptFinal() must be after data just
* encrypted to avoid overwriting it.
*/
if(!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen))
{
/* Error */
return 0;
}
outlen += tmplen;
EVP_CIPHER_CTX_free(ctx);
/* Need binary mode for fopen because encrypted data is
* binary data. Also cannot use strlen() on it because
{
unsigned char outbuf[1024];
int outlen, tmplen;
/* Bogus key and IV: we'd normally set these from
* another source.
*/
unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
unsigned char iv[] = {1,2,3,4,5,6,7,8};
char intext[] = "Some Crypto Text";
EVP_CIPHER_CTX ctx;
FILE *out;
ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv);
if(!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext)))
{
/* Error */
return 0;
}
/* Buffer passed to EVP_EncryptFinal() must be after data just
* encrypted to avoid overwriting it.
*/
if(!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen))
{
/* Error */
return 0;
}
outlen += tmplen;
EVP_CIPHER_CTX_free(ctx);
/* Need binary mode for fopen because encrypted data is
* binary data. Also cannot use strlen() on it because
* it wont be null terminated and may contain embedded
* nulls.
*/
out = fopen(outfile, "wb");
fwrite(outbuf, 1, outlen, out);
fclose(out);
return 1;
}
* nulls.
*/
out = fopen(outfile, "wb");
fwrite(outbuf, 1, outlen, out);
fclose(out);
return 1;
}
The ciphertext from the above example can be decrypted using the B<openssl>
utility with the command line (shown on two lines for clarity):
......@@ -577,50 +577,50 @@ General encryption and decryption function example using FILE I/O and AES128
with a 128-bit key:
int do_crypt(FILE *in, FILE *out, int do_encrypt)
{
/* Allow enough space in output buffer for additional block */
unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
int inlen, outlen;
EVP_CIPHER_CTX *ctx;
/* Bogus key and IV: we'd normally set these from
* another source.
*/
unsigned char key[] = "0123456789abcdeF";
unsigned char iv[] = "1234567887654321";
/* Don't set key or IV right away; we want to check lengths */
ctx = EVP_CIPHER_CTX_new();
EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
do_encrypt);
OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
/* Now we can set key and IV */
EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt);
for(;;)
{
inlen = fread(inbuf, 1, 1024, in);
if(inlen <= 0) break;
if(!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen))
{
/* Error */
EVP_CIPHER_CTX_free(ctx);
return 0;
}
fwrite(outbuf, 1, outlen, out);
}
if(!EVP_CipherFinal_ex(ctx, outbuf, &outlen))
{
/* Error */
EVP_CIPHER_CTX_free(ctx);
return 0;
}
fwrite(outbuf, 1, outlen, out);
EVP_CIPHER_CTX_free(ctx);
return 1;
}
{
/* Allow enough space in output buffer for additional block */
unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
int inlen, outlen;
EVP_CIPHER_CTX *ctx;
/* Bogus key and IV: we'd normally set these from
* another source.
*/
unsigned char key[] = "0123456789abcdeF";
unsigned char iv[] = "1234567887654321";
/* Don't set key or IV right away; we want to check lengths */
ctx = EVP_CIPHER_CTX_new();
EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
do_encrypt);
OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
/* Now we can set key and IV */
EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt);
for(;;)
{
inlen = fread(inbuf, 1, 1024, in);
if(inlen <= 0) break;
if(!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen))
{
/* Error */
EVP_CIPHER_CTX_free(ctx);
return 0;
}
fwrite(outbuf, 1, outlen, out);
}
if(!EVP_CipherFinal_ex(ctx, outbuf, &outlen))
{
/* Error */
EVP_CIPHER_CTX_free(ctx);
return 0;
}
fwrite(outbuf, 1, outlen, out);
EVP_CIPHER_CTX_free(ctx);
return 1;
}
=head1 SEE ALSO
......
doc/crypto/EVP_OpenInit.pod
浏览文件 @ 1bc74519
......@@ -9,7 +9,7 @@ EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption
#include <openssl/evp.h>
int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
int ekl,unsigned char *iv,EVP_PKEY *priv);
int ekl,unsigned char *iv,EVP_PKEY *priv);
int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
......@@ -27,7 +27,7 @@ B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>.
The IV is supplied in the B<iv> parameter.
EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties
as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as
as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as
documented on the L<EVP_EncryptInit(3)> manual
page.
......
doc/crypto/EVP_PKEY_CTX_ctrl.pod
浏览文件 @ 1bc74519
......@@ -16,9 +16,9 @@ EVP_PKEY_CTX_set_ec_param_enc - algorithm specific control operations
#include <openssl/evp.h>
int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
int cmd, int p1, void *p2);
int cmd, int p1, void *p2);
int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
const char *value);
const char *value);
#include <openssl/rsa.h>
......
doc/crypto/EVP_PKEY_cmp.pod
浏览文件 @ 1bc74519
......@@ -56,7 +56,7 @@ keys match, 0 if they don't match, -1 if the key types are different and
=head1 SEE ALSO
L<EVP_PKEY_CTX_new(3)>,
L<EVP_PKEY_keygen(3)>
L<EVP_PKEY_keygen(3)>
=cut
......
doc/crypto/EVP_PKEY_decrypt.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/EVP_PKEY_derive.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/EVP_PKEY_encrypt.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/EVP_PKEY_keygen.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/EVP_PKEY_sign.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/EVP_PKEY_verify.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/EVP_SealInit.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/EVP_SignInit.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/EVP_VerifyInit.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/OBJ_nid2obj.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/OCSP_response_status.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/OPENSSL_malloc.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/PKCS12_create.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/PKCS5_PBKDF2_HMAC.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/PKCS7_encrypt.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/PKCS7_sign.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/PKCS7_verify.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/RAND_set_rand_method.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/RSA_private_encrypt.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/RSA_set_method.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/RSA_sign.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/SMIME_read_CMS.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/SMIME_write_CMS.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/X509_LOOKUP_hash_dir.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/X509_NAME_print_ex.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/X509_STORE_CTX_new.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/X509_check_host.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/X509_check_issued.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/X509_get_pubkey.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/blowfish.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/bn.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/bn_internal.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/buffer.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/crypto.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/d2i_DSAPublicKey.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/d2i_ECPKParameters.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/d2i_PKCS8PrivateKey.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/d2i_RSAPublicKey.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/d2i_X509.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/d2i_X509_NAME.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/des.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/des_modes.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/dh.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/dsa.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/ec.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/engine.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/err.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/evp.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/hmac.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/i2d_CMS_bio_stream.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/lhash.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/md5.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/mdc2.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/pem.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/rand.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/ripemd.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/rsa.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/sha.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/threads.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/crypto/ui.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_CTX_add_session.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_CTX_flush_sessions.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_CTX_sess_set_get_cb.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_CTX_set1_curves.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_CTX_set_cert_store.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_CTX_set_verify.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_CTX_use_certificate.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_CTX_use_serverinfo.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_SESSION_get_time.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_accept.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_alert_type_string.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_connect.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_get_client_CA_list.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_get_current_cipher.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_get_psk_identity.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_library_init.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_load_client_CA_file.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_read.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_set1_host.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_shutdown.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/SSL_write.pod
浏览文件 @ 1bc74519
此差异已折叠。
doc/ssl/ssl.pod
浏览文件 @ 1bc74519
此差异已折叠。
util/doc-nit-check.pl 0 → 100644
浏览文件 @ 1bc74519
此差异已折叠。
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册