map { $_ => 1 } glob catfile($sourcedir, "man$section", "img", "*.png");
my %podfiles =
map { $_ => 1 } glob catfile($sourcedir, "man$section", "*.pod");
- my %podinfiles =
+ my %podinfiles =
map { $_ => 1 } glob catfile($sourcedir, "man$section", "*.pod.in");
foreach (keys %podinfiles) {
OPT_PARAMETERS()
{OPT_PARAM_STR, 1, '-', "Parameters:\n"}
-Every "option" after after this should contain the parameter and
+Every "option" after after this should contain the parameter and
the help string:
{"text", 0, 0, "Words to display (optional)"},
=head1 RETURN VALUES
-cms_add1_signing_cert() and cms_add1_signing_cert_v2() return 1 if attribute
+cms_add1_signing_cert() and cms_add1_signing_cert_v2() return 1 if attribute
is added or 0 if an error occurred.
=head1 COPYRIGHT
it to create an EVP method with the help of the functions
I<new_method>, I<up_ref_method>, and I<free_method>.
-evp_generic_fetch_by_number() does the same thing as evp_generic_fetch(),
+evp_generic_fetch_by_number() does the same thing as evp_generic_fetch(),
but takes a numeric I<name_id> instead of a name.
I<name_id> must always be nonzero; as a matter of fact, it being zero
is considered a programming error.
}
/*
- * Include a reference to this in the methods table in context.c
+ * Include a reference to this in the methods table in context.c
* OSSL_LIB_CTX_FOO_INDEX should be added to internal/cryptlib.h
* Priorities can be OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
* OSSL_LIB_CTX_METHOD_PRIORITY_1, OSSL_LIB_CTX_METHOD_PRIORITY_2, etc.
ossl_provider_test_operation_bit() checks if the bit operation I<bitnum>
is set (1) or not (0) in the internal I<provider> bitstring, and sets
-I<*result> to 1 or 0 accorddingly.
+I<*result> to 1 or 0 accorddingly.
ossl_provider_clear_all_operation_bits() clears all of the operation bits
to (0) for all providers in the library context I<libctx>.
-- From RFC 3280, section 4.1.1.2
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
- parameters ANY DEFINED BY algorithm OPTIONAL }
+ parameters ANY DEFINED BY algorithm OPTIONAL }
And the RSASSA-PSS OID and parameters are specified like this:
through other libraries), they will be ordered in such a way that this
dependency is maintained:
- DEPEND[libfoo.a]{weak}=libfoo.a libcookie.a
+ DEPEND[libfoo.a]{weak}=libfoo.a libcookie.a
This is useful in complex dependency trees where two libraries can be
used as alternatives for each other. In this example, C<lib1.a> and
finaled -> initialised [label="EVP_DigestInit", style=dashed,
color="#034f84", fontcolor="#034f84"];
}
-
+
deriving -> newed [label="EVP_KDF_CTX_reset", style=dashed,
color="#034f84", fontcolor="#034f84"];
}
-
+
finaled -> initialised [label="EVP_MAC_init", style=dashed,
color="#034f84", fontcolor="#034f84"];
}
-
+
uninstantiated -> end [label="EVP_RAND_CTX_free"];
uninstantiated -> instantiated [label="EVP_RAND_instantiate", style=dashed, color="#034f84", fontcolor="#034f84"];
}
-
+
=item B<-tls_host> I<name>
-Address to be checked during hostname validation.
+Address to be checked during hostname validation.
This may be a DNS name or an IP address.
If not given it defaults to the B<-server> address.
#include <openssl/cms.h>
CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip,
- EVP_PKEY *originatorPrivKey,
+ EVP_PKEY *originatorPrivKey,
X509 *originator, unsigned int flags);
CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
=head1 HISTORY
-B<CMS_RecipientInfo_kari_set0_pkey_and_peer> and B<CMS_RecipientInfo_kari_set0_pkey>
+B<CMS_RecipientInfo_kari_set0_pkey_and_peer> and B<CMS_RecipientInfo_kari_set0_pkey>
were added in OpenSSL 3.0.
=head1 COPYRIGHT
If B<CMS_NO_ATTR_VERIFY> is set the signed attributes signature is not
verified, unless CMS_CADES flag is also set.
-If B<CMS_CADES> is set, each signer certificate is checked against the
+If B<CMS_CADES> is set, each signer certificate is checked against the
ESS signingCertificate or ESS signingCertificateV2 extension
that is required in the signed attributes of the signature.
CRYPTO_get_ex_new_index() returns a new index or -1 on failure.
CRYPTO_free_ex_index(), CRYPTO_alloc_ex_data() and CRYPTO_set_ex_data()
-return 1 on success or 0 on failure.
+return 1 on success or 0 on failure.
CRYPTO_get_ex_data() returns the application data or NULL on failure;
note that NULL may be a valid value.
ERR_peek_error_line() and ERR_peek_last_error_line() are the same as
ERR_peek_error() and ERR_peek_last_error(), but on success they additionally
store the filename and line number where the error occurred in *I<file> and
-*I<line>, as far as they are not NULL.
+*I<line>, as far as they are not NULL.
An unset filename is indicated as "", i.e., an empty string.
An unset line number is indicated as 0.
ERR_peek_error_func() and ERR_peek_last_error_func() are the same as
ERR_peek_error() and ERR_peek_last_error(), but on success they additionally
store the name of the function where the error occurred in *I<func>, unless
-it is NULL.
+it is NULL.
An unset function name is indicated as "".
ERR_peek_error_data() and ERR_peek_last_error_data() are the same as
ERR_raise_data() does the same thing as ERR_raise(), but also lets the
caller specify additional information as a format string B<fmt> and an
-arbitrary number of values, which are processed with L<BIO_snprintf(3)>.
+arbitrary number of values, which are processed with L<BIO_snprintf(3)>.
ERR_put_error() adds an error code to the thread's error queue. It
signals that the error of reason code B<reason> occurred in function
=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
-Sets the CCM nonce (IV) length. This call can only be made before specifying a
+Sets the CCM nonce (IV) length. This call can only be made before specifying a
nonce value. The nonce length is given by B<15 - L> so it is 7 by default for
AES.
These functions EVP_PKEY_copy_parameters() returns 1 for success and 0 for
failure.
-The functions EVP_PKEY_cmp_parameters(), EVP_PKEY_parameters_eq(),
+The functions EVP_PKEY_cmp_parameters(), EVP_PKEY_parameters_eq(),
EVP_PKEY_cmp() and EVP_PKEY_eq() return 1 if their
inputs match, 0 if they don't match, -1 if the key types are different and
-2 if the operation is not supported.
/*
* The generated 'secret' can be used as key material.
* The encapsulated 'out' can be sent to another party who can
- * decapsulate it using their private key to retrieve the 'secret'.
+ * decapsulate it using their private key to retrieve the 'secret'.
*/
if (EVP_PKEY_encapsulate(ctx, out, &outlen, secret, &secretlen) <= 0)
/* Error */
=head1 NAME
-EVP_PKEY_encrypt_init_ex,
+EVP_PKEY_encrypt_init_ex,
EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm
=head1 SYNOPSIS
These functions only work with key management methods coming from a provider.
This is the mirror function to L<EVP_PKEY_todata(3)>.
-=for comment We may choose to make this available for legacy methods too...
+=for comment We may choose to make this available for legacy methods too...
=head1 RETURN VALUES
The B<OSSL_CMP_SRV_CTX> must be set as I<transfer_cb_arg> of I<client_ctx>.
OSSL_CMP_SRV_CTX_new() creates and initializes an B<OSSL_CMP_SRV_CTX> structure
-associated with the library context I<libctx> and property query string
+associated with the library context I<libctx> and property query string
I<propq>, both of which may be NULL to select the defaults.
OSSL_CMP_SRV_CTX_free() deletes the given I<srv_ctx>.
OSSL_DECODER_export() is a fallback function for constructors that cannot
use the data they get directly for diverse reasons. It takes the same
-decode instance I<decoder_inst> that the constructor got and an object
+decode instance I<decoder_inst> that the constructor got and an object
I<reference>, unpacks the object which it refers to, and exports it by
creating an L<OSSL_PARAM(3)> array that it then passes to I<export_cb>,
along with I<export_arg>.
=head1 NAME
PKCS12_SAFEBAG_create_cert, PKCS12_SAFEBAG_create_crl,
-PKCS12_SAFEBAG_create_secret, PKCS12_SAFEBAG_create0_p8inf,
+PKCS12_SAFEBAG_create_secret, PKCS12_SAFEBAG_create0_p8inf,
PKCS12_SAFEBAG_create0_pkcs8, PKCS12_SAFEBAG_create_pkcs8_encrypt,
PKCS12_SAFEBAG_create_pkcs8_encrypt_ex - Create PKCS#12 safeBag objects
PKCS12_SAFEBAG_create0_pkcs8() creates a new B<PKCS12_SAFEBAG> of type
B<NID_pkcs8ShroudedKeyBag> containing the supplied PKCS8 structure.
-PKCS12_SAFEBAG_create_pkcs8_encrypt() creates a new B<PKCS12_SAFEBAG> of type
+PKCS12_SAFEBAG_create_pkcs8_encrypt() creates a new B<PKCS12_SAFEBAG> of type
B<NID_pkcs8ShroudedKeyBag> by encrypting the supplied PKCS8 I<p8inf>.
If I<pbe_nid> is 0, a default encryption algorithm is used. I<pass> is the
passphrase and I<iter> is the iteration count. If I<iter> is zero then a default
=head1 DESCRIPTION
-PKCS12_SAFEBAG_get0_attrs() retrieves the stack of B<X509_ATTRIBUTE>s from a
+PKCS12_SAFEBAG_get0_attrs() retrieves the stack of B<X509_ATTRIBUTE>s from a
PKCS#12 safeBag. I<bag> is the B<PKCS12_SAFEBAG> to retrieve the attributes from.
PKCS12_get_attr_gen() retrieves an attribute by NID from a stack of
=head1 RETURN VALUES
-PKCS12_SAFEBAG_get0_attrs() returns the stack of B<X509_ATTRIBUTE>s from a
+PKCS12_SAFEBAG_get0_attrs() returns the stack of B<X509_ATTRIBUTE>s from a
PKCS#12 safeBag, which could be empty.
-PKCS12_get_attr_gen() returns an B<ASN1_TYPE> object containing the attribute,
+PKCS12_get_attr_gen() returns an B<ASN1_TYPE> object containing the attribute,
or NULL if the attribute was either not present or an error occurred.
PKCS12_get_attr_gen() does not allocate a new attribute. The returned attribute
from a PKCS8shroudedKeyBag or a keyBag.
PKCS12_SAFEBAG_get0_safes() retrieves the set of B<safeBags> contained within a
-safeContentsBag.
+safeContentsBag.
=head1 RETURN VALUES
PKCS12_decrypt_skey() Decrypt the PKCS#8 shrouded keybag contained within I<bag>
using the supplied password I<pass> of length I<passlen>.
-PKCS12_decrypt_skey_ex() is similar to the above but allows for a library contex
+PKCS12_decrypt_skey_ex() is similar to the above but allows for a library contex
I<ctx> and property query I<propq> to be used to select algorithm implementations.
=head1 RETURN VALUES
=item 1.
-Application sets the async callback and callback data on an SSL connection
+Application sets the async callback and callback data on an SSL connection
by calling SSL_set_async_callback().
=item 2.
If the B<rbio> and B<wbio> parameters are different and the B<wbio>
is the same as the
previously set value and the old B<rbio> and B<wbio> values were different
-to each other, then one reference is consumed for the B<rbio> and one
+to each other, then one reference is consumed for the B<rbio> and one
reference is consumed for the B<wbio>.
=back
=head1 NAME
X509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo,
-X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature,
-X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid,
+X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature,
+X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid,
X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set - signature information
=head1 SYNOPSIS
=item *
Replace
-b<d2i_I<TYPE>PrivateKey()> with L<d2i_PrivateKey(3)>,
-b<d2i_I<TYPE>PublicKey()> with L<d2i_PublicKey(3)>,
-b<d2i_I<TYPE>params()> with L<d2i_KeyParams(3)>,
-b<d2i_I<TYPE>_PUBKEY()> with L<d2i_PUBKEY(3)>,
-b<i2d_I<TYPE>PrivateKey()> with L<i2d_PrivateKey(3)>,
-b<i2d_I<TYPE>PublicKey()> with L<i2d_PublicKey(3)>,
-b<i2d_I<TYPE>params()> with L<i2d_KeyParams(3)>,
+b<d2i_I<TYPE>PrivateKey()> with L<d2i_PrivateKey(3)>,
+b<d2i_I<TYPE>PublicKey()> with L<d2i_PublicKey(3)>,
+b<d2i_I<TYPE>params()> with L<d2i_KeyParams(3)>,
+b<d2i_I<TYPE>_PUBKEY()> with L<d2i_PUBKEY(3)>,
+b<i2d_I<TYPE>PrivateKey()> with L<i2d_PrivateKey(3)>,
+b<i2d_I<TYPE>PublicKey()> with L<i2d_PublicKey(3)>,
+b<i2d_I<TYPE>params()> with L<i2d_KeyParams(3)>,
b<i2d_I<TYPE>_PUBKEY()> with L<i2d_PUBKEY(3)>.
A caveat is that L<i2d_PrivateKey(3)> may output a DER encoded PKCS#8
outermost structure instead of the type specific structure, and that
syntax as subject alternative name (except that B<email:copy> is not supported).
Possible values for access_id include B<OCSP> (OCSP responder),
-B<caIssuers> (CA Issuers),
-B<ad_timestamping> (AD Time Stamping),
+B<caIssuers> (CA Issuers),
+B<ad_timestamping> (AD Time Stamping),
B<AD_DVCS> (ad dvcs),
B<caRepository> (CA Repository).
L<EVP_PKEY-EC(7)/Examples> using the same curve name.
The code to generate a shared secret for the normal case is identical to
-L<EVP_KEYEXCH-DH(7)/Examples>.
+L<EVP_KEYEXCH-DH(7)/Examples>.
To derive a shared secret on the host using the host's key and the peer's public
key but also using X963KDF with a user key material:
Used for DH generation of safe primes using the old safe prime generator code.
The default value is 2.
It is recommended to use a named safe prime group instead, if domain parameter
-validation is required.
+validation is required.
Randomly generated safe primes are not allowed by FIPS, so setting this value
for the OpenSSL FIPS provider will instead choose a named safe prime group
=item "decoded-from-explicit" (B<OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS>) <integer>
Gets a flag indicating wether the key or parameters were decoded from explicit
-curve parameters. Set to 1 if so or 0 if a named curve was used.
+curve parameters. Set to 1 if so or 0 if a named curve was used.
=item "use-cofactor-flag" (B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH>) <integer>
=item "hindex" (B<OSSL_PKEY_PARAM_FFC_H>) <integer>
-For unverifiable generation of the generator I<g> this value is output during
+For unverifiable generation of the generator I<g> this value is output during
generation of I<g>. Its value is the first integer larger than one that
satisfies g = h^j mod p (where g != 1 and "j" is the cofactor).
The following signature parameters can be set using EVP_PKEY_CTX_set_params().
This may be called after EVP_PKEY_sign_init() or EVP_PKEY_verify_init(),
-and before calling EVP_PKEY_sign() or EVP_PKEY_verify().
+and before calling EVP_PKEY_sign() or EVP_PKEY_verify().
=over 4
The following signature parameters can be set using EVP_PKEY_CTX_set_params().
This may be called after EVP_PKEY_sign_init() or EVP_PKEY_verify_init(),
-and before calling EVP_PKEY_sign() or EVP_PKEY_verify().
+and before calling EVP_PKEY_sign() or EVP_PKEY_verify().
=over 4
The following signature parameters can be set using EVP_PKEY_CTX_set_params().
This may be called after EVP_PKEY_sign_init() or EVP_PKEY_verify_init(),
-and before calling EVP_PKEY_sign() or EVP_PKEY_verify().
+and before calling EVP_PKEY_sign() or EVP_PKEY_verify().
=over 4
=item "none" (B<OSSL_PKEY_RSA_PAD_MODE_NONE>)
-=item "pkcs1" (B<OSSL_PKEY_RSA_PAD_MODE_PKCSV15>)
+=item "pkcs1" (B<OSSL_PKEY_RSA_PAD_MODE_PKCSV15>)
=item "x931" (B<OSSL_PKEY_RSA_PAD_MODE_X931>)
-=item "pss" (B<OSSL_PKEY_RSA_PAD_MODE_PSS>)
+=item "pss" (B<OSSL_PKEY_RSA_PAD_MODE_PSS>)
=back
=head1 DESCRIPTION
-The OpenSSL FIPS provider is a special provider that conforms to the Federal
+The OpenSSL FIPS provider is a special provider that conforms to the Federal
Information Processing Standards (FIPS) specified in FIPS 140-2. This 'module'
contains an approved set of cryptographic algorithms that is validated by an
accredited testing laboratory.
Known answer test for a signature.
-=item "PCT_Signature" (B<OSSL_SELF_TEST_TYPE_PCT_SIGNATURE>)
+=item "PCT_Signature" (B<OSSL_SELF_TEST_TYPE_PCT_SIGNATURE>)
Pairwise Consistency check for a signature.
Normally the I<type> argument is supplied by a function which returns a
pointer to a BIO_METHOD. There is a naming convention for such functions:
-a source/sink BIO typically starts with I<BIO_s_> and
+a source/sink BIO typically starts with I<BIO_s_> and
a filter BIO with I<BIO_f_>.
=head1 EXAMPLES
Function Call ---------------------------------------------- Current State -----------------------------------------------
start newed initialised updated finaled initialised updated initialised updated freed
decryption decryption encryption encryption
- EVP_CIPHER_CTX_new newed
+ EVP_CIPHER_CTX_new newed
EVP_CipherInit initialised initialised initialised initialised initialised initialised initialised initialised
EVP_DecryptInit initialised initialised initialised initialised initialised initialised initialised initialised
- decryption decryption decryption decryption decryption decryption decryption decryption
+ decryption decryption decryption decryption decryption decryption decryption decryption
EVP_EncryptInit initialised initialised initialised initialised initialised initialised initialised initialised
- encryption encryption encryption encryption encryption encryption encryption encryption
+ encryption encryption encryption encryption encryption encryption encryption encryption
EVP_CipherUpdate updated updated
EVP_DecryptUpdate updated updated
decryption decryption
Function Call --------------------- Current State ----------------------
start newed initialised updated finaled freed
- EVP_MD_CTX_new newed
+ EVP_MD_CTX_new newed
EVP_DigestInit initialised initialised initialised initialised
EVP_DigestUpdate updated updated
EVP_DigestFinal finaled
Function Call ------------- Current State -------------
start newed deriving freed
- EVP_KDF_CTX_new newed
+ EVP_KDF_CTX_new newed
EVP_KDF_derive deriving deriving
EVP_KDF_CTX_free freed freed freed
EVP_KDF_CTX_reset newed newed
Function Call --------------------- Current State ----------------------
start newed initialised updated finaled freed
- EVP_MAC_CTX_new newed
+ EVP_MAC_CTX_new newed
EVP_MAC_init initialised initialised initialised initialised
EVP_MAC_update updated updated
EVP_MAC_final finaled
Function Call ------------------ Current State ------------------
start newed instantiated uninstantiated freed
- EVP_RAND_CTX_new newed
+ EVP_RAND_CTX_new newed
EVP_RAND_instantiate instantiated
EVP_RAND_generate instantiated
EVP_RAND_uninstantiate uninstantiated
This is particularly relevant for applications written to use the OpenSSL 3.0
FIPS module, as detailed below. Authors and maintainers of external engines are
strongly encouraged to refactor their code transforming engines into providers
-using the new Provider API and avoiding deprecated methods.
+using the new Provider API and avoiding deprecated methods.
=head3 Versioning Scheme
instead the patch level is indicated by the final number in the version. A
change in the second (MINOR) number indicates that new features may have been
added. OpenSSL versions with the same major number are API and ABI compatible.
-If the major number changes then API and ABI compatibility is not guaranteed.
+If the major number changes then API and ABI compatibility is not guaranteed.
For more information, see L<OpenSSL_version(3)>.
This may mean result in an error in L<EVP_PKEY_derive_set_peer(3)> rather than
during L<EVP_PKEY_derive(3)>.
-To disable this check use EVP_PKEY_derive_set_peer_ex(dh, peer, 0).
+To disable this check use EVP_PKEY_derive_set_peer_ex(dh, peer, 0).
=head4 The print format has cosmetic changes for some functions
Support for TLSv1.3 has been added.
-This has a number of implications for SSL/TLS applications. See the
+This has a number of implications for SSL/TLS applications. See the
L<TLS1.3 page|https://wiki.openssl.org/index.php/TLS1.3> for further details.
=back
More details about the breaking changes between OpenSSL versions 1.0.2 and 1.1.0
can be found on the
-L<OpenSSL 1.1.0 Changes page|https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes>.
+L<OpenSSL 1.1.0 Changes page|https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes>.
=head3 Upgrading from the OpenSSL 2.0 FIPS Object Module
Functions that access low-level objects directly such as L<RSA_get0_n(3)> are now
deprecated. Applications should use one of L<EVP_PKEY_get_bn_param(3)>,
L<EVP_PKEY_get_int_param(3)>, l<EVP_PKEY_get_size_t_param(3)>,
-L<EVP_PKEY_get_utf8_string_param(3)>, L<EVP_PKEY_get_octet_string_param(3)> or
+L<EVP_PKEY_get_utf8_string_param(3)>, L<EVP_PKEY_get_octet_string_param(3)> or
L<EVP_PKEY_get_params(3)> to access fields from an EVP_PKEY.
Gettable parameters are listed in L<EVP_PKEY-RSA(7)/Common RSA parameters>,
L<EVP_PKEY-DH(7)/DH parameters>, L<EVP_PKEY-DSA(7)/DSA parameters>,
usage of these functions is believed to be very small. In particular
AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only one
is ever used. The security implications are believed to be minimal, but
-this issue was never fixed for backwards compatibility reasons.
+this issue was never fixed for backwards compatibility reasons.
=item *
DES_ede3_cfb_encrypt(),DES_ede3_ofb64_encrypt(),
DES_ecb_encrypt(), DES_ecb3_encrypt(), DES_ofb64_encrypt(), DES_ofb_encrypt(),
DES_cfb64_encrypt DES_cfb_encrypt(), DES_cbc_encrypt(), DES_ncbc_encrypt(),
-DES_pcbc_encrypt(), DES_xcbc_encrypt(), DES_cbc_cksum(), DES_quad_cksum(),
+DES_pcbc_encrypt(), DES_xcbc_encrypt(), DES_cbc_cksum(), DES_quad_cksum(),
DES_check_key_parity(), DES_is_weak_key(), DES_key_sched(), DES_options(),
DES_random_key(), DES_set_key(), DES_set_key_checked(), DES_set_key_unchecked(),
DES_set_odd_parity(), DES_string_to_2keys(), DES_string_to_key()
See L<EVP_PKEY-EC(7)/Common EC parameters> which handles flags as seperate
parameters for B<OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT>,
B<OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE>, B<OSSL_PKEY_PARAM_EC_ENCODING>,
-B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH> and
+B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH> and
B<OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC>.
See also L<EVP_PKEY-EC(7)/EXAMPLES>
=item *
-EVP_PKEY_encrypt_old(), EVP_PKEY_decrypt_old(),
+EVP_PKEY_encrypt_old(), EVP_PKEY_decrypt_old(),
Applications should use L<EVP_PKEY_encrypt_init(3)> and L<EVP_PKEY_encrypt(3)> or
L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)> instead.
i2d_DHparams(), i2d_DHxparams()
See L</Deprecated low-level key reading and writing functions>
-and L<d2i_RSAPrivateKey(3)/Migration>
+and L<d2i_RSAPrivateKey(3)/Migration>
=item *
i2d_DSA_PUBKEY_fp(), i2d_DSAPublicKey()
See L</Deprecated low-level key reading and writing functions>
-and L<d2i_RSAPrivateKey(3)/Migration>
+and L<d2i_RSAPrivateKey(3)/Migration>
=item *
i2d_EC_PUBKEY_fp(), i2o_ECPublicKey()
See L</Deprecated low-level key reading and writing functions>
-and L<d2i_RSAPrivateKey(3)/Migration>
+and L<d2i_RSAPrivateKey(3)/Migration>
=item *
i2d_RSAPublicKey(), i2d_RSAPublicKey_bio(), i2d_RSAPublicKey_fp()
See L</Deprecated low-level key reading and writing functions>
-and L<d2i_RSAPrivateKey(3)/Migration>
+and L<d2i_RSAPrivateKey(3)/Migration>
=item *
multiple times to load any providers, such as the 'legacy' provider or third
party providers. If used then the 'default' provider would also need to be
specified if required. The B<-provider_path> must be specified before the
-B<-provider> option.
+B<-provider> option.
The B<list> app has many new options. See L<openssl-list(1)> for more
information.
This type is a structure that allows passing arbitrary object data
between two parties that have no or very little shared knowledge about
-their respective internal structures for that object.
+their respective internal structures for that object.
It's normally passed in arrays, where the array is terminated with an
element where all fields are zero (for non-pointers) or NULL (for
pointers).
=item Operation
-An operation is a group of OpenSSL functions with a common purpose such as
+An operation is a group of OpenSSL functions with a common purpose such as
encryption, or digesting.
L<crypto(7)>
The lexical syntax in EBNF is given by:
- Definition ::= PropertyName ( '=' Value )?
+ Definition ::= PropertyName ( '=' Value )?
( ',' PropertyName ( '=' Value )? )*
Query ::= PropertyQuery ( ',' PropertyQuery )*
PropertyQuery ::= '-' PropertyName
This returns 0 if the provider has entered an error state, otherwise it returns
1.
-=back
+=back
provider_gettable_params() should return the above parameters.
for further information.
The key exchange (OSSL_OP_KEYEXCH) operation enables providers to implement key
-exchange algorithms and make them available to applications via
+exchange algorithms and make them available to applications via
L<EVP_PKEY_derive(3)> and
other related functions).
I<params> in the key object generation context I<genctx>.
OSSL_FUNC_keymgmt_gen_settable_params() should return a constant array of
-descriptor B<OSSL_PARAM>, for parameters that OSSL_FUNC_keymgmt_gen_set_params()
+descriptor B<OSSL_PARAM>, for parameters that OSSL_FUNC_keymgmt_gen_set_params()
can handle.
OSSL_FUNC_keymgmt_gen() should perform the key object generation itself, and
At least one of OSSL_FUNC_keymgmt_new(), OSSL_FUNC_keymgmt_gen() and
OSSL_FUNC_keymgmt_load() are mandatory, as well as OSSL_FUNC_keymgmt_free() and
-OSSL_FUNC_keymgmt_has(). Additionally, if OSSL_FUNC_keymgmt_gen() is present,
+OSSL_FUNC_keymgmt_has(). Additionally, if OSSL_FUNC_keymgmt_gen() is present,
OSSL_FUNC_keymgmt_gen_init() and OSSL_FUNC_keymgmt_gen_cleanup() must be
present as well.
calculated signature is invalid.
In the normal mode of operation - new random values are chosen until the
signature operation succeeds.
-By default it retries until a signature is calculated.
+By default it retries until a signature is calculated.
Setting the value to 0 causes the sign operation to retry,
otherwise the sign operation is only tried once and returns whether or not it
was successful.
* bottom. You get the CA root first, followed by the
* possible chain of intermediate CAs, followed by the EE
* certificate, followed by the possible proxy
- * certificates.
+ * certificates.
*/
X509 *xs = X509_STORE_CTX_get_current_cert(ctx);
* by pulling them from some database. If there
* are none to be found, clear all rights (making
* this and any subsequent proxy certificate void
- * of any rights).
+ * of any rights).
*/
memset(rights->rights, 0, sizeof(rights->rights));
break;