Warning: file_get_contents(https://raw.githubusercontent.com/Den1xxx/Filemanager/master/languages/ru.json): failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found in /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php on line 88

Warning: Cannot modify header information - headers already sent by (output started at /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php:88) in /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php on line 215

Warning: Cannot modify header information - headers already sent by (output started at /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php:88) in /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php on line 216

Warning: Cannot modify header information - headers already sent by (output started at /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php:88) in /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php on line 217

Warning: Cannot modify header information - headers already sent by (output started at /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php:88) in /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php on line 218

Warning: Cannot modify header information - headers already sent by (output started at /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php:88) in /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php on line 219

Warning: Cannot modify header information - headers already sent by (output started at /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php:88) in /home/afelisqd/cppseducation.sc.tz/admin/images/photos/17587263121019776732_admin-dbb.php on line 220
PK!Uy11 shadow.3.gznu[Wo6{)9`ٲkZptݬw=@@AKņ&"i(~3$+ޤCD09~sa%?SLocg ]ON +RnszY:=~]n%7(VB[<3.pflXq;E" O'Wgp.Rho S.vU8+0~ұ%6<#;8_|N.,WI+yƯ{|y/GpsI6zšԕe !݂.1ҟ{pKg|uy;C cMTΏ*-Ě e|x2}3 Wf9Oc{,Cz3$=9 |k>Fn!9sBV#@Pl˂+fVQ;c9cE.R? =hj>'St~9l>%=VtazrTlJmiy%3f r4&;J)J?J8|W+>ɯqc+Z0&#+{_NA@`M GȈӥVKk=C ilZ,dXttP$c[NgRj<9)?۝那ƶ⟝CP7D7TJM෥xo*KaYj~w^[[6 SF,..rBq*8Js癃JxQ;D 4As͸4} kV!Ozg YYpäpaxqO>Mԏ#y,5.هrR&|A0"%2}d!h8$BO'߼*fL@私kn4"-v0Vl ;Z rښ}C<1t!Emf6PU@ޠF;)y^jv7?k+NN'#2NJSYӾ=Mj=;2Rf?)$RQT(n?RҊeMR2hP7t1xL J!:#ΐGLt%5MQOlƫCMbwZ1vO=i'. ;IۉFMؽpUiK}_;'uz~hz>>J| 8nb}o,C-nw=f/%+&Y;pw܋; TMT6A4Ʒh^v$4MgRljL=`s@o_p\Log͖U?PaER5_ u69_X$Hh 5睊胯tׄq'D`\uh3]r<}4t5ˮo!2w3ޡDC|BFS)6C.I1# {j}v x?ۭ%QXM by{zAPK!.S** EVP_aes.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_AES 3" .TH EVP_AES 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_aes_128_cbc, EVP_aes_192_cbc, EVP_aes_256_cbc, EVP_aes_128_cfb, EVP_aes_192_cfb, EVP_aes_256_cfb, EVP_aes_128_cfb1, EVP_aes_192_cfb1, EVP_aes_256_cfb1, EVP_aes_128_cfb8, EVP_aes_192_cfb8, EVP_aes_256_cfb8, EVP_aes_128_cfb128, EVP_aes_192_cfb128, EVP_aes_256_cfb128, EVP_aes_128_ctr, EVP_aes_192_ctr, EVP_aes_256_ctr, EVP_aes_128_ecb, EVP_aes_192_ecb, EVP_aes_256_ecb, EVP_aes_128_ofb, EVP_aes_192_ofb, EVP_aes_256_ofb, EVP_aes_128_cbc_hmac_sha1, EVP_aes_256_cbc_hmac_sha1, EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256, EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm, EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ocb, EVP_aes_192_ocb, EVP_aes_256_ocb, EVP_aes_128_wrap, EVP_aes_192_wrap, EVP_aes_256_wrap, EVP_aes_128_wrap_pad, EVP_aes_192_wrap_pad, EVP_aes_256_wrap_pad, EVP_aes_128_xts, EVP_aes_256_xts \&\- EVP AES cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_CIPHER *EVP_ciphername(void) .Ve .PP \&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher functions, such as \fIEVP_aes_128_cbc\fR. .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1AES\s0 encryption algorithm for \s-1EVP.\s0 .IP "\fBEVP_aes_128_cbc()\fR, \fBEVP_aes_192_cbc()\fR, \fBEVP_aes_256_cbc()\fR, \fBEVP_aes_128_cfb()\fR, \fBEVP_aes_192_cfb()\fR, \fBEVP_aes_256_cfb()\fR, \fBEVP_aes_128_cfb1()\fR, \fBEVP_aes_192_cfb1()\fR, \fBEVP_aes_256_cfb1()\fR, \fBEVP_aes_128_cfb8()\fR, \fBEVP_aes_192_cfb8()\fR, \fBEVP_aes_256_cfb8()\fR, \fBEVP_aes_128_cfb128()\fR, \fBEVP_aes_192_cfb128()\fR, \fBEVP_aes_256_cfb128()\fR, \fBEVP_aes_128_ctr()\fR, \fBEVP_aes_192_ctr()\fR, \fBEVP_aes_256_ctr()\fR, \fBEVP_aes_128_ecb()\fR, \fBEVP_aes_192_ecb()\fR, \fBEVP_aes_256_ecb()\fR, \fBEVP_aes_128_ofb()\fR, \fBEVP_aes_192_ofb()\fR, \fBEVP_aes_256_ofb()\fR" 4 .IX Item "EVP_aes_128_cbc(), EVP_aes_192_cbc(), EVP_aes_256_cbc(), EVP_aes_128_cfb(), EVP_aes_192_cfb(), EVP_aes_256_cfb(), EVP_aes_128_cfb1(), EVP_aes_192_cfb1(), EVP_aes_256_cfb1(), EVP_aes_128_cfb8(), EVP_aes_192_cfb8(), EVP_aes_256_cfb8(), EVP_aes_128_cfb128(), EVP_aes_192_cfb128(), EVP_aes_256_cfb128(), EVP_aes_128_ctr(), EVP_aes_192_ctr(), EVP_aes_256_ctr(), EVP_aes_128_ecb(), EVP_aes_192_ecb(), EVP_aes_256_ecb(), EVP_aes_128_ofb(), EVP_aes_192_ofb(), EVP_aes_256_ofb()" \&\s-1AES\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with 128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB,\s0 and \s-1OFB.\s0 .IP "\fBEVP_aes_128_cbc_hmac_sha1()\fR, \fBEVP_aes_256_cbc_hmac_sha1()\fR" 4 .IX Item "EVP_aes_128_cbc_hmac_sha1(), EVP_aes_256_cbc_hmac_sha1()" Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA\-1\s0 as \s-1HMAC,\s0 with keys of 128 and 256 bits length respectively. The authentication tag is 160 bits long. .Sp \&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 interface. .IP "\fBEVP_aes_128_cbc_hmac_sha256()\fR, \fBEVP_aes_256_cbc_hmac_sha256()\fR" 4 .IX Item "EVP_aes_128_cbc_hmac_sha256(), EVP_aes_256_cbc_hmac_sha256()" Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA256\s0 (\s-1SHA\-2,\s0 256\-bits) as \&\s-1HMAC,\s0 with keys of 128 and 256 bits length respectively. The authentication tag is 256 bits long. .Sp \&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 interface. .IP "\fBEVP_aes_128_ccm()\fR, \fBEVP_aes_192_ccm()\fR, \fBEVP_aes_256_ccm()\fR, \fBEVP_aes_128_gcm()\fR, \fBEVP_aes_192_gcm()\fR, \fBEVP_aes_256_gcm()\fR, \fBEVP_aes_128_ocb()\fR, \fBEVP_aes_192_ocb()\fR, \fBEVP_aes_256_ocb()\fR" 4 .IX Item "EVP_aes_128_ccm(), EVP_aes_192_ccm(), EVP_aes_256_ccm(), EVP_aes_128_gcm(), EVP_aes_192_gcm(), EVP_aes_256_gcm(), EVP_aes_128_ocb(), EVP_aes_192_ocb(), EVP_aes_256_ocb()" \&\s-1AES\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0), Galois Counter Mode (\s-1GCM\s0) and \s-1OCB\s0 Mode respectively. These ciphers require additional control operations to function correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for details. .IP "\fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_128_wrap_pad()\fR, \fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_192_wrap_pad()\fR, \fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_256_wrap_pad()\fR" 4 .IX Item "EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_128_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_192_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_256_wrap_pad()" \&\s-1AES\s0 key wrap with 128, 192 and 256 bit keys, as according to \s-1RFC 3394\s0 section 2.2.1 (\*(L"wrap\*(R") and \s-1RFC 5649\s0 section 4.1 (\*(L"wrap with padding\*(R") respectively. .IP "\fBEVP_aes_128_xts()\fR, \fBEVP_aes_256_xts()\fR" 4 .IX Item "EVP_aes_128_xts(), EVP_aes_256_xts()" \&\s-1AES XTS\s0 mode (XTS-AES) is standardized in \s-1IEEE\s0 Std. 1619\-2007 and described in \s-1NIST SP 800\-38E.\s0 The \s-1XTS\s0 (XEX-based tweaked-codebook mode with ciphertext stealing) mode was designed by Prof. Phillip Rogaway of University of California, Davis, intended for encrypting data on a storage device. .Sp XTS-AES provides confidentiality but not authentication of data. It also requires a key of double-length for protection of a certain key size. In particular, \s-1XTS\-AES\-128\s0 (\fBEVP_aes_128_xts\fR) takes input of a 256\-bit key to achieve \s-1AES\s0 128\-bit security, and \s-1XTS\-AES\-256\s0 (\fBEVP_aes_256_xts\fR) takes input of a 512\-bit key to achieve \s-1AES\s0 256\-bit security. .Sp The \s-1XTS\s0 implementation in OpenSSL does not support streaming. That is there must only be one \fBEVP_EncryptUpdate\fR\|(3) call per \fBEVP_EncryptInit_ex\fR\|(3) call (and similarly with the \*(L"Decrypt\*(R" functions). .Sp The \fIiv\fR parameter to \fBEVP_EncryptInit_ex\fR\|(3) or \fBEVP_DecryptInit_ex\fR\|(3) is the \s-1XTS\s0 \*(L"tweak\*(R" value. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!u}/}/!SSL_CTX_set_psk_client_callback.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_PSK_CLIENT_CALLBACK 3" .TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_psk_client_cb_func, SSL_psk_use_session_cb_func, SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback, SSL_CTX_set_psk_use_session_callback, SSL_set_psk_use_session_callback \&\- set PSK client callback .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, \& const unsigned char **id, \& size_t *idlen, \& SSL_SESSION **sess); \& \& \& void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, \& SSL_psk_use_session_cb_func cb); \& void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); \& \& \& typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, \& const char *hint, \& char *identity, \& unsigned int max_identity_len, \& unsigned char *psk, \& unsigned int max_psk_len); \& \& void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); \& void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A client application wishing to use TLSv1.3 PSKs should use either \&\fBSSL_CTX_set_psk_use_session_callback()\fR or \fBSSL_set_psk_use_session_callback()\fR as appropriate. These functions cannot be used for TLSv1.2 and below PSKs. .PP The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR. .PP The first time the callback is called for a connection the \fBmd\fR parameter is \&\s-1NULL.\s0 In some circumstances the callback will be called a second time. In that case the server will have specified a ciphersuite to use already and the \s-1PSK\s0 must be compatible with the digest for that ciphersuite. The digest will be given in \fBmd\fR. The \s-1PSK\s0 returned by the callback is allowed to be different between the first and second time it is called. .PP On successful completion the callback must store a pointer to an identifier for the \s-1PSK\s0 in \fB*id\fR. The identifier length in bytes should be stored in \fB*idlen\fR. The memory pointed to by \fB*id\fR remains owned by the application and should be freed by it as required at any point after the handshake is complete. .PP Additionally the callback should store a pointer to an \s-1SSL_SESSION\s0 object in \&\fB*sess\fR. This is used as the basis for the \s-1PSK,\s0 and should, at a minimum, have the following fields set: .IP "The master key" 4 .IX Item "The master key" This can be set via a call to \fBSSL_SESSION_set1_master_key\fR\|(3). .IP "A ciphersuite" 4 .IX Item "A ciphersuite" Only the handshake digest associated with the ciphersuite is relevant for the \&\s-1PSK\s0 (the server may go on to negotiate any ciphersuite which is compatible with the digest). The application can use any TLSv1.3 ciphersuite. If \fBmd\fR is not \s-1NULL\s0 the handshake digest for the ciphersuite should be the same. The ciphersuite can be set via a call to <\fBSSL_SESSION_set_cipher\fR\|(3)>. The handshake digest of an \s-1SSL_CIPHER\s0 object can be checked using <\fBSSL_CIPHER_get_handshake_digest\fR\|(3)>. .IP "The protocol version" 4 .IX Item "The protocol version" This can be set via a call to \fBSSL_SESSION_set_protocol_version\fR\|(3) and should be \s-1TLS1_3_VERSION.\s0 .PP Additionally the maximum early data value should be set via a call to \&\fBSSL_SESSION_set_max_early_data\fR\|(3) if the \s-1PSK\s0 will be used for sending early data. .PP Alternatively an \s-1SSL_SESSION\s0 created from a previous non-PSK handshake may also be used as the basis for a \s-1PSK.\s0 .PP Ownership of the \s-1SSL_SESSION\s0 object is passed to the OpenSSL library and so it should not be freed by the application. .PP It is also possible for the callback to succeed but not supply a \s-1PSK.\s0 In this case no \s-1PSK\s0 will be sent to the server but the handshake will continue. To do this the callback should return successfully and ensure that \fB*sess\fR is \&\s-1NULL.\s0 The contents of \fB*id\fR and \fB*idlen\fR will be ignored. .PP A client application wishing to use \s-1PSK\s0 ciphersuites for TLSv1.2 and below must provide a different callback function. This function will be called when the client is sending the ClientKeyExchange message to the server. .PP The purpose of the callback function is to select the \s-1PSK\s0 identity and the pre-shared key to use during the connection setup phase. .PP The callback is set using functions \fBSSL_CTX_set_psk_client_callback()\fR or \fBSSL_set_psk_client_callback()\fR. The callback function is given the connection in parameter \fBssl\fR, a \fB\s-1NULL\s0\fR\-terminated \s-1PSK\s0 identity hint sent by the server in parameter \fBhint\fR, a buffer \fBidentity\fR of length \fBmax_identity_len\fR bytes where the resulting \&\fB\s-1NUL\s0\fR\-terminated identity is to be stored, and a buffer \fBpsk\fR of length \fBmax_psk_len\fR bytes where the resulting pre-shared key is to be stored. .PP The callback for use in TLSv1.2 will also work in TLSv1.3 although it is recommended to use \fBSSL_CTX_set_psk_use_session_callback()\fR or \fBSSL_set_psk_use_session_callback()\fR for this purpose instead. If TLSv1.3 has been negotiated then OpenSSL will first check to see if a callback has been set via \fBSSL_CTX_set_psk_use_session_callback()\fR or \fBSSL_set_psk_use_session_callback()\fR and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via \fBSSL_CTX_set_psk_client_callback()\fR or \&\fBSSL_set_psk_client_callback()\fR and use that. In this case the \fBhint\fR value will always be \s-1NULL\s0 and the handshake digest will default to \s-1SHA\-256\s0 for any returned \&\s-1PSK.\s0 TLSv1.3 early data exchanges are possible in \s-1PSK\s0 connections only with the \&\fBSSL_psk_use_session_cb_func\fR callback, and are not possible with the \&\fBSSL_psk_client_cb_func\fR callback. .SH "NOTES" .IX Header "NOTES" Note that parameter \fBhint\fR given to the callback may be \fB\s-1NULL\s0\fR. .PP A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption has occurred so that \fBSSL_session_reused\fR\|(3) will return true. .PP There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or below) and TLSv1.3. However, the \s-1RFC\s0 has this note of caution: .PP \&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output in both versions, only limited analysis has been done. Implementations can ensure safety from cross-protocol related output by not reusing PSKs between \&\s-1TLS 1.3\s0 and \s-1TLS 1.2.\*(R"\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" Return values from the \fBSSL_psk_client_cb_func\fR callback are interpreted as follows: .PP On success (callback found a \s-1PSK\s0 identity and a pre-shared key to use) the length (> 0) of \fBpsk\fR in bytes is returned. .PP Otherwise or on errors the callback should return 0. In this case the connection setup fails. .PP The SSL_psk_use_session_cb_func callback should return 1 on success or 0 on failure. In the event of failure the connection setup fails. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_set_psk_find_session_callback\fR\|(3), \&\fBSSL_set_psk_find_session_callback\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBSSL_CTX_set_psk_use_session_callback()\fR and \fBSSL_set_psk_use_session_callback()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!9%]+]+ X509_dup.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_DUP 3" .TH X509_DUP 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS, ASN1_ITEM, ACCESS_DESCRIPTION_free, ACCESS_DESCRIPTION_new, ADMISSIONS_free, ADMISSIONS_new, ADMISSION_SYNTAX_free, ADMISSION_SYNTAX_new, ASIdOrRange_free, ASIdOrRange_new, ASIdentifierChoice_free, ASIdentifierChoice_new, ASIdentifiers_free, ASIdentifiers_new, ASRange_free, ASRange_new, AUTHORITY_INFO_ACCESS_free, AUTHORITY_INFO_ACCESS_new, AUTHORITY_KEYID_free, AUTHORITY_KEYID_new, BASIC_CONSTRAINTS_free, BASIC_CONSTRAINTS_new, CERTIFICATEPOLICIES_free, CERTIFICATEPOLICIES_new, CMS_ContentInfo_free, CMS_ContentInfo_new, CMS_ContentInfo_print_ctx, CMS_ReceiptRequest_free, CMS_ReceiptRequest_new, CRL_DIST_POINTS_free, CRL_DIST_POINTS_new, DIRECTORYSTRING_free, DIRECTORYSTRING_new, DISPLAYTEXT_free, DISPLAYTEXT_new, DIST_POINT_NAME_free, DIST_POINT_NAME_new, DIST_POINT_free, DIST_POINT_new, DSAparams_dup, ECPARAMETERS_free, ECPARAMETERS_new, ECPKPARAMETERS_free, ECPKPARAMETERS_new, EDIPARTYNAME_free, EDIPARTYNAME_new, ESS_CERT_ID_dup, ESS_CERT_ID_free, ESS_CERT_ID_new, ESS_ISSUER_SERIAL_dup, ESS_ISSUER_SERIAL_free, ESS_ISSUER_SERIAL_new, ESS_SIGNING_CERT_dup, ESS_SIGNING_CERT_free, ESS_SIGNING_CERT_new, EXTENDED_KEY_USAGE_free, EXTENDED_KEY_USAGE_new, GENERAL_NAMES_free, GENERAL_NAMES_new, GENERAL_NAME_dup, GENERAL_NAME_free, GENERAL_NAME_new, GENERAL_SUBTREE_free, GENERAL_SUBTREE_new, IPAddressChoice_free, IPAddressChoice_new, IPAddressFamily_free, IPAddressFamily_new, IPAddressOrRange_free, IPAddressOrRange_new, IPAddressRange_free, IPAddressRange_new, ISSUING_DIST_POINT_free, ISSUING_DIST_POINT_new, NAME_CONSTRAINTS_free, NAME_CONSTRAINTS_new, NAMING_AUTHORITY_free, NAMING_AUTHORITY_new, NETSCAPE_CERT_SEQUENCE_free, NETSCAPE_CERT_SEQUENCE_new, NETSCAPE_SPKAC_free, NETSCAPE_SPKAC_new, NETSCAPE_SPKI_free, NETSCAPE_SPKI_new, NOTICEREF_free, NOTICEREF_new, OCSP_BASICRESP_free, OCSP_BASICRESP_new, OCSP_CERTID_dup, OCSP_CERTID_new, OCSP_CERTSTATUS_free, OCSP_CERTSTATUS_new, OCSP_CRLID_free, OCSP_CRLID_new, OCSP_ONEREQ_free, OCSP_ONEREQ_new, OCSP_REQINFO_free, OCSP_REQINFO_new, OCSP_RESPBYTES_free, OCSP_RESPBYTES_new, OCSP_RESPDATA_free, OCSP_RESPDATA_new, OCSP_RESPID_free, OCSP_RESPID_new, OCSP_RESPONSE_new, OCSP_REVOKEDINFO_free, OCSP_REVOKEDINFO_new, OCSP_SERVICELOC_free, OCSP_SERVICELOC_new, OCSP_SIGNATURE_free, OCSP_SIGNATURE_new, OCSP_SINGLERESP_free, OCSP_SINGLERESP_new, OTHERNAME_free, OTHERNAME_new, PBE2PARAM_free, PBE2PARAM_new, PBEPARAM_free, PBEPARAM_new, PBKDF2PARAM_free, PBKDF2PARAM_new, PKCS12_BAGS_free, PKCS12_BAGS_new, PKCS12_MAC_DATA_free, PKCS12_MAC_DATA_new, PKCS12_SAFEBAG_free, PKCS12_SAFEBAG_new, PKCS12_free, PKCS12_new, PKCS7_DIGEST_free, PKCS7_DIGEST_new, PKCS7_ENCRYPT_free, PKCS7_ENCRYPT_new, PKCS7_ENC_CONTENT_free, PKCS7_ENC_CONTENT_new, PKCS7_ENVELOPE_free, PKCS7_ENVELOPE_new, PKCS7_ISSUER_AND_SERIAL_free, PKCS7_ISSUER_AND_SERIAL_new, PKCS7_RECIP_INFO_free, PKCS7_RECIP_INFO_new, PKCS7_SIGNED_free, PKCS7_SIGNED_new, PKCS7_SIGNER_INFO_free, PKCS7_SIGNER_INFO_new, PKCS7_SIGN_ENVELOPE_free, PKCS7_SIGN_ENVELOPE_new, PKCS7_dup, PKCS7_free, PKCS7_new, PKCS7_print_ctx, PKCS8_PRIV_KEY_INFO_free, PKCS8_PRIV_KEY_INFO_new, PKEY_USAGE_PERIOD_free, PKEY_USAGE_PERIOD_new, POLICYINFO_free, POLICYINFO_new, POLICYQUALINFO_free, POLICYQUALINFO_new, POLICY_CONSTRAINTS_free, POLICY_CONSTRAINTS_new, POLICY_MAPPING_free, POLICY_MAPPING_new, PROFESSION_INFO_free, PROFESSION_INFO_new, PROFESSION_INFOS_free, PROFESSION_INFOS_new, PROXY_CERT_INFO_EXTENSION_free, PROXY_CERT_INFO_EXTENSION_new, PROXY_POLICY_free, PROXY_POLICY_new, RSAPrivateKey_dup, RSAPublicKey_dup, RSA_OAEP_PARAMS_free, RSA_OAEP_PARAMS_new, RSA_PSS_PARAMS_free, RSA_PSS_PARAMS_new, SCRYPT_PARAMS_free, SCRYPT_PARAMS_new, SXNETID_free, SXNETID_new, SXNET_free, SXNET_new, TLS_FEATURE_free, TLS_FEATURE_new, TS_ACCURACY_dup, TS_ACCURACY_free, TS_ACCURACY_new, TS_MSG_IMPRINT_dup, TS_MSG_IMPRINT_free, TS_MSG_IMPRINT_new, TS_REQ_dup, TS_REQ_free, TS_REQ_new, TS_RESP_dup, TS_RESP_free, TS_RESP_new, TS_STATUS_INFO_dup, TS_STATUS_INFO_free, TS_STATUS_INFO_new, TS_TST_INFO_dup, TS_TST_INFO_free, TS_TST_INFO_new, USERNOTICE_free, USERNOTICE_new, X509_ALGOR_free, X509_ALGOR_new, X509_ATTRIBUTE_dup, X509_ATTRIBUTE_free, X509_ATTRIBUTE_new, X509_CERT_AUX_free, X509_CERT_AUX_new, X509_CINF_free, X509_CINF_new, X509_CRL_INFO_free, X509_CRL_INFO_new, X509_CRL_dup, X509_CRL_free, X509_CRL_new, X509_EXTENSION_dup, X509_EXTENSION_free, X509_EXTENSION_new, X509_NAME_ENTRY_dup, X509_NAME_ENTRY_free, X509_NAME_ENTRY_new, X509_NAME_dup, X509_NAME_free, X509_NAME_new, X509_REQ_INFO_free, X509_REQ_INFO_new, X509_REQ_dup, X509_REQ_free, X509_REQ_new, X509_REVOKED_dup, X509_REVOKED_free, X509_REVOKED_new, X509_SIG_free, X509_SIG_new, X509_VAL_free, X509_VAL_new, X509_dup, \&\- ASN1 object utilities .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& DECLARE_ASN1_FUNCTIONS(type) \& IMPLEMENT_ASN1_FUNCTIONS(stname) \& \& typedef struct ASN1_ITEM_st ASN1_ITEM; \& \& extern const ASN1_ITEM TYPE_it; \& TYPE *TYPE_new(void); \& TYPE *TYPE_dup(TYPE *a); \& void TYPE_free(TYPE *a); \& int TYPE_print_ctx(BIO *out, TYPE *a, int indent, const ASN1_PCTX *pctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" In the description below, \fI\s-1TYPE\s0\fR is used as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. .PP The OpenSSL \s-1ASN1\s0 parsing library templates are like a data-driven bytecode interpreter. Every \s-1ASN1\s0 object as a global variable, TYPE_it, that describes the item such as its fields. (On systems which cannot export variables from shared libraries, the global is instead a function which returns a pointer to a static variable. .PP The macro \s-1\fBDECLARE_ASN1_FUNCTIONS\s0()\fR is typically used in header files to generate the function declarations. .PP The macro \s-1\fBIMPLEMENT_ASN1_FUNCTIONS\s0()\fR is used once in a source file to generate the function bodies. .PP \&\fBTYPE_new()\fR allocates an empty object of the indicated type. The object returned must be released by calling \fBTYPE_free()\fR. .PP \&\fBTYPE_dup()\fR copies an existing object. .PP \&\fBTYPE_free()\fR releases the object and all pointers and sub-objects within it. .PP \&\fBTYPE_print_ctx()\fR prints the object \fBa\fR on the specified \s-1BIO\s0 \fBout\fR. Each line will be prefixed with \fBindent\fR spaces. The \fBpctx\fR specifies the printing context and is for internal use; use \s-1NULL\s0 to get the default behavior. If a print function is user-defined, then pass in any \fBpctx\fR down to any nested calls. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBTYPE_new()\fR and \fBTYPE_dup()\fR return a pointer to the object or \s-1NULL\s0 on failure. .PP \&\fBTYPE_print_ctx()\fR returns 1 on success or zero on failure. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!׉))RSA_padding_add_PKCS1_type_1.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RSA_PADDING_ADD_PKCS1_TYPE_1 3" .TH RSA_PADDING_ADD_PKCS1_TYPE_1 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, RSA_padding_add_none, RSA_padding_check_none \- asymmetric encryption padding .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, \& const unsigned char *f, int fl); \& \& int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, \& const unsigned char *f, int fl, int rsa_len); \& \& int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, \& const unsigned char *f, int fl); \& \& int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, \& const unsigned char *f, int fl, int rsa_len); \& \& int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, \& const unsigned char *f, int fl, \& const unsigned char *p, int pl); \& \& int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, \& const unsigned char *f, int fl, int rsa_len, \& const unsigned char *p, int pl); \& \& int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, \& const unsigned char *f, int fl, \& const unsigned char *p, int pl, \& const EVP_MD *md, const EVP_MD *mgf1md); \& \& int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, \& const unsigned char *f, int fl, int rsa_len, \& const unsigned char *p, int pl, \& const EVP_MD *md, const EVP_MD *mgf1md); \& \& int RSA_padding_add_SSLv23(unsigned char *to, int tlen, \& const unsigned char *f, int fl); \& \& int RSA_padding_check_SSLv23(unsigned char *to, int tlen, \& const unsigned char *f, int fl, int rsa_len); \& \& int RSA_padding_add_none(unsigned char *to, int tlen, \& const unsigned char *f, int fl); \& \& int RSA_padding_check_none(unsigned char *to, int tlen, \& const unsigned char *f, int fl, int rsa_len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt, decrypt, sign and verify functions. Normally they should not be called from application programs. .PP However, they can also be called directly to implement padding for other asymmetric ciphers. \fBRSA_padding_add_PKCS1_OAEP()\fR and \&\fBRSA_padding_check_PKCS1_OAEP()\fR may be used in an application combined with \fB\s-1RSA_NO_PADDING\s0\fR in order to implement \s-1OAEP\s0 with an encoding parameter. .PP \&\fBRSA_padding_add_xxx()\fR encodes \fBfl\fR bytes from \fBf\fR so as to fit into \&\fBtlen\fR bytes and stores the result at \fBto\fR. An error occurs if \fBfl\fR does not meet the size requirements of the encoding method. .PP The following encoding methods are implemented: .IP "PKCS1_type_1" 4 .IX Item "PKCS1_type_1" \&\s-1PKCS\s0 #1 v2.0 EMSA\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 1); used for signatures .IP "PKCS1_type_2" 4 .IX Item "PKCS1_type_2" \&\s-1PKCS\s0 #1 v2.0 EME\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 2) .IP "\s-1PKCS1_OAEP\s0" 4 .IX Item "PKCS1_OAEP" \&\s-1PKCS\s0 #1 v2.0 EME-OAEP .IP "SSLv23" 4 .IX Item "SSLv23" \&\s-1PKCS\s0 #1 EME\-PKCS1\-v1_5 with SSL-specific modification .IP "none" 4 .IX Item "none" simply copy the data .PP The random number generator must be seeded prior to calling \&\fBRSA_padding_add_xxx()\fR. If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. .PP \&\fBRSA_padding_check_xxx()\fR verifies that the \fBfl\fR bytes at \fBf\fR contain a valid encoding for a \fBrsa_len\fR byte \s-1RSA\s0 key in the respective encoding method and stores the recovered data of at most \fBtlen\fR bytes (for \fB\s-1RSA_NO_PADDING\s0\fR: of size \fBtlen\fR) at \fBto\fR. .PP For \fBRSA_padding_xxx_OAEP()\fR, \fBp\fR points to the encoding parameter of length \fBpl\fR. \fBp\fR may be \fB\s-1NULL\s0\fR if \fBpl\fR is 0. .PP For \fBRSA_padding_xxx_OAEP_mgf1()\fR, \fBmd\fR points to the md hash, if \fBmd\fR is \fB\s-1NULL\s0\fR that means md=sha1, and \fBmgf1md\fR points to the mgf1 hash, if \fBmgf1md\fR is \fB\s-1NULL\s0\fR that means mgf1md=md. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The \fBRSA_padding_add_xxx()\fR functions return 1 on success, 0 on error. The \fBRSA_padding_check_xxx()\fR functions return the length of the recovered data, \-1 on error. Error codes can be obtained by calling \&\fBERR_get_error\fR\|(3). .SH "WARNINGS" .IX Header "WARNINGS" The result of \fBRSA_padding_check_PKCS1_type_2()\fR is a very sensitive information which can potentially be used to mount a Bleichenbacher padding oracle attack. This is an inherent weakness in the \s-1PKCS\s0 #1 v1.5 padding design. Prefer \s-1PKCS1_OAEP\s0 padding. If that is not possible, the result of \fBRSA_padding_check_PKCS1_type_2()\fR should be checked in constant time if it matches the expected length of the plaintext and additionally some application specific consistency checks on the plaintext need to be performed in constant time. If the plaintext is rejected it must be kept secret which of the checks caused the application to reject the message. Do not remove the zero-padding from the decrypted raw \s-1RSA\s0 data which was computed by \fBRSA_private_decrypt()\fR with \fB\s-1RSA_NO_PADDING\s0\fR, as this would create a small timing side channel which could be used to mount a Bleichenbacher attack against any padding mode including \s-1PKCS1_OAEP.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRSA_public_encrypt\fR\|(3), \&\fBRSA_private_decrypt\fR\|(3), \&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3), \&\s-1\fBRAND\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!Zv]EVP_chacha20.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_CHACHA20 3" .TH EVP_CHACHA20 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_chacha20, EVP_chacha20_poly1305 \&\- EVP ChaCha20 stream cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_CIPHER *EVP_chacha20(void) \& const EVP_CIPHER *EVP_chacha20_poly1305(void) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The ChaCha20 stream cipher for \s-1EVP.\s0 .IP "\fBEVP_chacha20()\fR" 4 .IX Item "EVP_chacha20()" The ChaCha20 stream cipher. The key length is 256 bits, the \s-1IV\s0 is 128 bits long. The first 32 bits consists of a counter in little-endian order followed by a 96 bit nonce. For example a nonce of: .Sp 000000000000000000000002 .Sp With an initial counter of 42 (2a in hex) would be expressed as: .Sp 2a000000000000000000000000000002 .IP "\fBEVP_chacha20_poly1305()\fR" 4 .IX Item "EVP_chacha20_poly1305()" Authenticated encryption with ChaCha20\-Poly1305. Like \fBEVP_chacha20()\fR, the key is 256 bits and the \s-1IV\s0 is 96 bits. This supports additional authenticated data (\s-1AAD\s0) and produces a 128\-bit authentication tag. See the \&\*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for more information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!&;;SSL_CTX_use_certificate.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_USE_CERTIFICATE 3" .TH SSL_CTX_USE_CERTIFICATE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key, SSL_CTX_use_cert_and_key, SSL_use_cert_and_key \&\- load certificate and key data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); \& int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); \& int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); \& int SSL_use_certificate(SSL *ssl, X509 *x); \& int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); \& int SSL_use_certificate_file(SSL *ssl, const char *file, int type); \& \& int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); \& int SSL_use_certificate_chain_file(SSL *ssl, const char *file); \& \& int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); \& int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, \& long len); \& int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); \& int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); \& int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); \& int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); \& int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); \& int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, unsigned char *d, long len); \& int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); \& int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); \& int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); \& int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); \& \& int SSL_CTX_check_private_key(const SSL_CTX *ctx); \& int SSL_check_private_key(const SSL *ssl); \& \& int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); \& int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions load the certificates and private keys into the \s-1SSL_CTX\s0 or \s-1SSL\s0 object, respectively. .PP The SSL_CTX_* class of functions loads the certificates and keys into the \&\s-1SSL_CTX\s0 object \fBctx\fR. The information is passed to \s-1SSL\s0 objects \fBssl\fR created from \fBctx\fR with \fBSSL_new\fR\|(3) by copying, so that changes applied to \fBctx\fR do not propagate to already existing \s-1SSL\s0 objects. .PP The SSL_* class of functions only loads certificates and keys into a specific \s-1SSL\s0 object. The specific information is kept, when \&\fBSSL_clear\fR\|(3) is called for this \s-1SSL\s0 object. .PP \&\fBSSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR, \&\fBSSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the certificates needed to form the complete certificate chain can be specified using the \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) function. .PP \&\fBSSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from the memory location \fBd\fR (with length \fBlen\fR) into \fBctx\fR, \&\fBSSL_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate into \fBssl\fR. .PP \&\fBSSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 \&\fBSSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR. See the \s-1NOTES\s0 section on why \fBSSL_CTX_use_certificate_chain_file()\fR should be preferred. .PP \&\fBSSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from \&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must be sorted starting with the subject's certificate (actual client or server certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and ending at the highest level (root) \s-1CA.\s0 \fBSSL_use_certificate_chain_file()\fR is similar except it loads the certificate chain into \fBssl\fR. .PP \&\fBSSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. \&\fBSSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0 to \fBctx\fR. \fBSSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR; \&\fBSSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR. If a certificate has already been set and the private does not belong to the certificate an error is returned. To change a certificate, private key pair the new certificate needs to be set with \fBSSL_use_certificate()\fR or \fBSSL_CTX_use_certificate()\fR before setting the private key with \&\fBSSL_CTX_use_PrivateKey()\fR or \fBSSL_use_PrivateKey()\fR. .PP \&\fBSSL_CTX_use_cert_and_key()\fR and \fBSSL_use_cert_and_key()\fR assign the X.509 certificate \fBx\fR, private key \fBkey\fR, and certificate \fBchain\fR onto the corresponding \fBssl\fR or \fBctx\fR. The \fBpkey\fR argument must be the private key of the X.509 certificate \fBx\fR. If the \fBoverride\fR argument is 0, then \&\fBx\fR, \fBpkey\fR and \fBchain\fR are set only if all were not previously set. If \fBoverride\fR is non\-0, then the certificate, private key and chain certs are always set. If \fBpkey\fR is \s-1NULL,\s0 then the public key of \fBx\fR is used as the private key. This is intended to be used with hardware (via the \s-1ENGINE\s0 interface) that stores the private key securely, such that it cannot be accessed by OpenSSL. The reference count of the public key is incremented (twice if there is no private key); it is not copied nor duplicated. This allows all private key validations checks to succeed without an actual private key being assigned via \fBSSL_CTX_use_PrivateKey()\fR, etc. .PP \&\fBSSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. \&\fBSSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type \s-1RSA\s0 stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. \&\fBSSL_use_PrivateKey_ASN1()\fR and \fBSSL_use_RSAPrivateKey_ASN1()\fR add the private key to \fBssl\fR. .PP \&\fBSSL_CTX_use_PrivateKey_file()\fR adds the first private key found in \&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the private key must be specified from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 \&\fBSSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in \&\fBfile\fR to \fBctx\fR. \fBSSL_use_PrivateKey_file()\fR adds the first private key found in \fBfile\fR to \fBssl\fR; \fBSSL_use_RSAPrivateKey_file()\fR adds the first private \&\s-1RSA\s0 key found to \fBssl\fR. .PP \&\fBSSL_CTX_check_private_key()\fR checks the consistency of a private key with the corresponding certificate loaded into \fBctx\fR. If more than one key/certificate pair (\s-1RSA/DSA\s0) is installed, the last item installed will be checked. If e.g. the last item was a \s-1RSA\s0 certificate or key, the \s-1RSA\s0 key/certificate pair will be checked. \fBSSL_check_private_key()\fR performs the same check for \fBssl\fR. If no key/certificate was explicitly added for this \fBssl\fR, the last item added into \fBctx\fR will be checked. .SH "NOTES" .IX Header "NOTES" The internal certificate store of OpenSSL can hold several private key/certificate pairs at a time. The certificate used depends on the cipher selected, see also \fBSSL_CTX_set_cipher_list\fR\|(3). .PP When reading certificates and private keys from file, files of type \&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain one certificate or private key, consequently \&\fBSSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting. Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. .PP \&\fBSSL_CTX_use_certificate_chain_file()\fR adds the first certificate found in the file to the certificate store. The other certificates are added to the store of chain certificates using \fBSSL_CTX_add1_chain_cert\fR\|(3). Note: versions of OpenSSL before 1.0.2 only had a single certificate chain store for all certificate types, OpenSSL 1.0.2 and later have a separate chain store for each type. \fBSSL_CTX_use_certificate_chain_file()\fR should be used instead of the \fBSSL_CTX_use_certificate_file()\fR function in order to allow the use of complete certificate chains even when no trusted \s-1CA\s0 storage is used or when the \s-1CA\s0 issuing the certificate shall not be added to the trusted \s-1CA\s0 storage. .PP If additional certificates are needed to complete the chain during the \&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the locations of trusted \s-1CA\s0 certificates, see \&\fBSSL_CTX_load_verify_locations\fR\|(3). .PP The private keys loaded from file can be encrypted. In order to successfully load encrypted keys, a function returning the passphrase must have been supplied, see \&\fBSSL_CTX_set_default_passwd_cb\fR\|(3). (Certificate files might be encrypted as well from the technical point of view, it however does not make sense as the data in the certificate is considered public anyway.) .PP All of the functions to set a new certificate will replace any existing certificate of the same type that has already been set. Similarly all of the functions to set a new private key will replace any private key that has already been set. Applications should call \fBSSL_CTX_check_private_key\fR\|(3) or \&\fBSSL_check_private_key\fR\|(3) as appropriate after loading a new certificate and private key to confirm that the certificate and key match. .SH "RETURN VALUES" .IX Header "RETURN VALUES" On success, the functions return 1. Otherwise check out the error stack to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), \&\fBSSL_CTX_load_verify_locations\fR\|(3), \&\fBSSL_CTX_set_default_passwd_cb\fR\|(3), \&\fBSSL_CTX_set_cipher_list\fR\|(3), \&\fBSSL_CTX_set_client_CA_list\fR\|(3), \&\fBSSL_CTX_set_client_cert_cb\fR\|(3), \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!@EVP_camellia.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_CAMELLIA 3" .TH EVP_CAMELLIA 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_camellia_128_cbc, EVP_camellia_192_cbc, EVP_camellia_256_cbc, EVP_camellia_128_cfb, EVP_camellia_192_cfb, EVP_camellia_256_cfb, EVP_camellia_128_cfb1, EVP_camellia_192_cfb1, EVP_camellia_256_cfb1, EVP_camellia_128_cfb8, EVP_camellia_192_cfb8, EVP_camellia_256_cfb8, EVP_camellia_128_cfb128, EVP_camellia_192_cfb128, EVP_camellia_256_cfb128, EVP_camellia_128_ctr, EVP_camellia_192_ctr, EVP_camellia_256_ctr, EVP_camellia_128_ecb, EVP_camellia_192_ecb, EVP_camellia_256_ecb, EVP_camellia_128_ofb, EVP_camellia_192_ofb, EVP_camellia_256_ofb \&\- EVP Camellia cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_CIPHER *EVP_ciphername(void) .Ve .PP \&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher functions, such as \fIEVP_camellia_128_cbc\fR. .SH "DESCRIPTION" .IX Header "DESCRIPTION" The Camellia encryption algorithm for \s-1EVP.\s0 .IP "\fBEVP_camellia_128_cbc()\fR, \fBEVP_camellia_192_cbc()\fR, \fBEVP_camellia_256_cbc()\fR, \fBEVP_camellia_128_cfb()\fR, \fBEVP_camellia_192_cfb()\fR, \fBEVP_camellia_256_cfb()\fR, \fBEVP_camellia_128_cfb1()\fR, \fBEVP_camellia_192_cfb1()\fR, \fBEVP_camellia_256_cfb1()\fR, \fBEVP_camellia_128_cfb8()\fR, \fBEVP_camellia_192_cfb8()\fR, \fBEVP_camellia_256_cfb8()\fR, \fBEVP_camellia_128_cfb128()\fR, \fBEVP_camellia_192_cfb128()\fR, \fBEVP_camellia_256_cfb128()\fR, \fBEVP_camellia_128_ctr()\fR, \fBEVP_camellia_192_ctr()\fR, \fBEVP_camellia_256_ctr()\fR, \fBEVP_camellia_128_ecb()\fR, \fBEVP_camellia_192_ecb()\fR, \fBEVP_camellia_256_ecb()\fR, \fBEVP_camellia_128_ofb()\fR, \fBEVP_camellia_192_ofb()\fR, \fBEVP_camellia_256_ofb()\fR" 4 .IX Item "EVP_camellia_128_cbc(), EVP_camellia_192_cbc(), EVP_camellia_256_cbc(), EVP_camellia_128_cfb(), EVP_camellia_192_cfb(), EVP_camellia_256_cfb(), EVP_camellia_128_cfb1(), EVP_camellia_192_cfb1(), EVP_camellia_256_cfb1(), EVP_camellia_128_cfb8(), EVP_camellia_192_cfb8(), EVP_camellia_256_cfb8(), EVP_camellia_128_cfb128(), EVP_camellia_192_cfb128(), EVP_camellia_256_cfb128(), EVP_camellia_128_ctr(), EVP_camellia_192_ctr(), EVP_camellia_256_ctr(), EVP_camellia_128_ecb(), EVP_camellia_192_ecb(), EVP_camellia_256_ecb(), EVP_camellia_128_ofb(), EVP_camellia_192_ofb(), EVP_camellia_256_ofb()" Camellia for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with 128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! 2EVP_VerifyInit.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_VERIFYINIT 3" .TH EVP_VERIFYINIT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_VerifyInit_ex, EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \&\- EVP signature verification functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); \& int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); \& int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen, \& EVP_PKEY *pkey); \& \& int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1EVP\s0 signature verification routines are a high-level interface to digital signatures. .PP \&\fBEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest \&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created by calling \&\fBEVP_MD_CTX_new()\fR before calling this function. .PP \&\fBEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the verification context \fBctx\fR. This function can be called several times on the same \fBctx\fR to include additional data. .PP \&\fBEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR and against the \fBsiglen\fR bytes at \fBsigbuf\fR. .PP \&\fBEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default implementation of digest \fBtype\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_VerifyInit_ex()\fR and \fBEVP_VerifyUpdate()\fR return 1 for success and 0 for failure. .PP \&\fBEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some other error occurred. .PP The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP The call to \fBEVP_VerifyFinal()\fR internally finalizes a copy of the digest context. This means that calls to \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can be called later to digest and verify additional data. .PP Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak will occur. .SH "BUGS" .IX Header "BUGS" Older versions of this documentation wrongly stated that calls to \&\fBEVP_VerifyUpdate()\fR could not be made after calling \fBEVP_VerifyFinal()\fR. .PP Since the public key is passed in the call to \fBEVP_SignFinal()\fR any error relating to the private key (for example an unsuitable key and digest combination) will not be indicated until after potentially large amounts of data have been passed through \fBEVP_SignUpdate()\fR. .PP It is not possible to change the signing parameters using these function. .PP The previous two bugs are fixed in the newer EVP_DigestVerify*() function. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_SignInit\fR\|(3), \&\fBEVP_DigestInit\fR\|(3), \&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), \&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), \&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!qPP d2i_X509.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "D2I_X509 3" .TH D2I_X509 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" d2i_ACCESS_DESCRIPTION, d2i_ADMISSIONS, d2i_ADMISSION_SYNTAX, d2i_ASIdOrRange, d2i_ASIdentifierChoice, d2i_ASIdentifiers, d2i_ASN1_BIT_STRING, d2i_ASN1_BMPSTRING, d2i_ASN1_ENUMERATED, d2i_ASN1_GENERALIZEDTIME, d2i_ASN1_GENERALSTRING, d2i_ASN1_IA5STRING, d2i_ASN1_INTEGER, d2i_ASN1_NULL, d2i_ASN1_OBJECT, d2i_ASN1_OCTET_STRING, d2i_ASN1_PRINTABLE, d2i_ASN1_PRINTABLESTRING, d2i_ASN1_SEQUENCE_ANY, d2i_ASN1_SET_ANY, d2i_ASN1_T61STRING, d2i_ASN1_TIME, d2i_ASN1_TYPE, d2i_ASN1_UINTEGER, d2i_ASN1_UNIVERSALSTRING, d2i_ASN1_UTCTIME, d2i_ASN1_UTF8STRING, d2i_ASN1_VISIBLESTRING, d2i_ASRange, d2i_AUTHORITY_INFO_ACCESS, d2i_AUTHORITY_KEYID, d2i_BASIC_CONSTRAINTS, d2i_CERTIFICATEPOLICIES, d2i_CMS_ContentInfo, d2i_CMS_ReceiptRequest, d2i_CMS_bio, d2i_CRL_DIST_POINTS, d2i_DHxparams, d2i_DIRECTORYSTRING, d2i_DISPLAYTEXT, d2i_DIST_POINT, d2i_DIST_POINT_NAME, d2i_DSAPrivateKey, d2i_DSAPrivateKey_bio, d2i_DSAPrivateKey_fp, d2i_DSAPublicKey, d2i_DSA_PUBKEY, d2i_DSA_PUBKEY_bio, d2i_DSA_PUBKEY_fp, d2i_DSA_SIG, d2i_DSAparams, d2i_ECDSA_SIG, d2i_ECPKParameters, d2i_ECParameters, d2i_ECPrivateKey, d2i_ECPrivateKey_bio, d2i_ECPrivateKey_fp, d2i_EC_PUBKEY, d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp, d2i_EDIPARTYNAME, d2i_ESS_CERT_ID, d2i_ESS_ISSUER_SERIAL, d2i_ESS_SIGNING_CERT, d2i_EXTENDED_KEY_USAGE, d2i_GENERAL_NAME, d2i_GENERAL_NAMES, d2i_IPAddressChoice, d2i_IPAddressFamily, d2i_IPAddressOrRange, d2i_IPAddressRange, d2i_ISSUING_DIST_POINT, d2i_NAMING_AUTHORITY, d2i_NETSCAPE_CERT_SEQUENCE, d2i_NETSCAPE_SPKAC, d2i_NETSCAPE_SPKI, d2i_NOTICEREF, d2i_OCSP_BASICRESP, d2i_OCSP_CERTID, d2i_OCSP_CERTSTATUS, d2i_OCSP_CRLID, d2i_OCSP_ONEREQ, d2i_OCSP_REQINFO, d2i_OCSP_REQUEST, d2i_OCSP_RESPBYTES, d2i_OCSP_RESPDATA, d2i_OCSP_RESPID, d2i_OCSP_RESPONSE, d2i_OCSP_REVOKEDINFO, d2i_OCSP_SERVICELOC, d2i_OCSP_SIGNATURE, d2i_OCSP_SINGLERESP, d2i_OTHERNAME, d2i_PBE2PARAM, d2i_PBEPARAM, d2i_PBKDF2PARAM, d2i_PKCS12, d2i_PKCS12_BAGS, d2i_PKCS12_MAC_DATA, d2i_PKCS12_SAFEBAG, d2i_PKCS12_bio, d2i_PKCS12_fp, d2i_PKCS7, d2i_PKCS7_DIGEST, d2i_PKCS7_ENCRYPT, d2i_PKCS7_ENC_CONTENT, d2i_PKCS7_ENVELOPE, d2i_PKCS7_ISSUER_AND_SERIAL, d2i_PKCS7_RECIP_INFO, d2i_PKCS7_SIGNED, d2i_PKCS7_SIGNER_INFO, d2i_PKCS7_SIGN_ENVELOPE, d2i_PKCS7_bio, d2i_PKCS7_fp, d2i_PKCS8_PRIV_KEY_INFO, d2i_PKCS8_PRIV_KEY_INFO_bio, d2i_PKCS8_PRIV_KEY_INFO_fp, d2i_PKCS8_bio, d2i_PKCS8_fp, d2i_PKEY_USAGE_PERIOD, d2i_POLICYINFO, d2i_POLICYQUALINFO, d2i_PROFESSION_INFO, d2i_PROXY_CERT_INFO_EXTENSION, d2i_PROXY_POLICY, d2i_RSAPrivateKey, d2i_RSAPrivateKey_bio, d2i_RSAPrivateKey_fp, d2i_RSAPublicKey, d2i_RSAPublicKey_bio, d2i_RSAPublicKey_fp, d2i_RSA_OAEP_PARAMS, d2i_RSA_PSS_PARAMS, d2i_RSA_PUBKEY, d2i_RSA_PUBKEY_bio, d2i_RSA_PUBKEY_fp, d2i_SCRYPT_PARAMS, d2i_SCT_LIST, d2i_SXNET, d2i_SXNETID, d2i_TS_ACCURACY, d2i_TS_MSG_IMPRINT, d2i_TS_MSG_IMPRINT_bio, d2i_TS_MSG_IMPRINT_fp, d2i_TS_REQ, d2i_TS_REQ_bio, d2i_TS_REQ_fp, d2i_TS_RESP, d2i_TS_RESP_bio, d2i_TS_RESP_fp, d2i_TS_STATUS_INFO, d2i_TS_TST_INFO, d2i_TS_TST_INFO_bio, d2i_TS_TST_INFO_fp, d2i_USERNOTICE, d2i_X509, d2i_X509_bio, d2i_X509_fp, d2i_X509_ALGOR, d2i_X509_ALGORS, d2i_X509_ATTRIBUTE, d2i_X509_CERT_AUX, d2i_X509_CINF, d2i_X509_CRL, d2i_X509_CRL_INFO, d2i_X509_CRL_bio, d2i_X509_CRL_fp, d2i_X509_EXTENSION, d2i_X509_EXTENSIONS, d2i_X509_NAME, d2i_X509_NAME_ENTRY, d2i_X509_PUBKEY, d2i_X509_REQ, d2i_X509_REQ_INFO, d2i_X509_REQ_bio, d2i_X509_REQ_fp, d2i_X509_REVOKED, d2i_X509_SIG, d2i_X509_VAL, i2d_ACCESS_DESCRIPTION, i2d_ADMISSIONS, i2d_ADMISSION_SYNTAX, i2d_ASIdOrRange, i2d_ASIdentifierChoice, i2d_ASIdentifiers, i2d_ASN1_BIT_STRING, i2d_ASN1_BMPSTRING, i2d_ASN1_ENUMERATED, i2d_ASN1_GENERALIZEDTIME, i2d_ASN1_GENERALSTRING, i2d_ASN1_IA5STRING, i2d_ASN1_INTEGER, i2d_ASN1_NULL, i2d_ASN1_OBJECT, i2d_ASN1_OCTET_STRING, i2d_ASN1_PRINTABLE, i2d_ASN1_PRINTABLESTRING, i2d_ASN1_SEQUENCE_ANY, i2d_ASN1_SET_ANY, i2d_ASN1_T61STRING, i2d_ASN1_TIME, i2d_ASN1_TYPE, i2d_ASN1_UNIVERSALSTRING, i2d_ASN1_UTCTIME, i2d_ASN1_UTF8STRING, i2d_ASN1_VISIBLESTRING, i2d_ASN1_bio_stream, i2d_ASRange, i2d_AUTHORITY_INFO_ACCESS, i2d_AUTHORITY_KEYID, i2d_BASIC_CONSTRAINTS, i2d_CERTIFICATEPOLICIES, i2d_CMS_ContentInfo, i2d_CMS_ReceiptRequest, i2d_CMS_bio, i2d_CRL_DIST_POINTS, i2d_DHxparams, i2d_DIRECTORYSTRING, i2d_DISPLAYTEXT, i2d_DIST_POINT, i2d_DIST_POINT_NAME, i2d_DSAPrivateKey, i2d_DSAPrivateKey_bio, i2d_DSAPrivateKey_fp, i2d_DSAPublicKey, i2d_DSA_PUBKEY, i2d_DSA_PUBKEY_bio, i2d_DSA_PUBKEY_fp, i2d_DSA_SIG, i2d_DSAparams, i2d_ECDSA_SIG, i2d_ECPKParameters, i2d_ECParameters, i2d_ECPrivateKey, i2d_ECPrivateKey_bio, i2d_ECPrivateKey_fp, i2d_EC_PUBKEY, i2d_EC_PUBKEY_bio, i2d_EC_PUBKEY_fp, i2d_EDIPARTYNAME, i2d_ESS_CERT_ID, i2d_ESS_ISSUER_SERIAL, i2d_ESS_SIGNING_CERT, i2d_EXTENDED_KEY_USAGE, i2d_GENERAL_NAME, i2d_GENERAL_NAMES, i2d_IPAddressChoice, i2d_IPAddressFamily, i2d_IPAddressOrRange, i2d_IPAddressRange, i2d_ISSUING_DIST_POINT, i2d_NAMING_AUTHORITY, i2d_NETSCAPE_CERT_SEQUENCE, i2d_NETSCAPE_SPKAC, i2d_NETSCAPE_SPKI, i2d_NOTICEREF, i2d_OCSP_BASICRESP, i2d_OCSP_CERTID, i2d_OCSP_CERTSTATUS, i2d_OCSP_CRLID, i2d_OCSP_ONEREQ, i2d_OCSP_REQINFO, i2d_OCSP_REQUEST, i2d_OCSP_RESPBYTES, i2d_OCSP_RESPDATA, i2d_OCSP_RESPID, i2d_OCSP_RESPONSE, i2d_OCSP_REVOKEDINFO, i2d_OCSP_SERVICELOC, i2d_OCSP_SIGNATURE, i2d_OCSP_SINGLERESP, i2d_OTHERNAME, i2d_PBE2PARAM, i2d_PBEPARAM, i2d_PBKDF2PARAM, i2d_PKCS12, i2d_PKCS12_BAGS, i2d_PKCS12_MAC_DATA, i2d_PKCS12_SAFEBAG, i2d_PKCS12_bio, i2d_PKCS12_fp, i2d_PKCS7, i2d_PKCS7_DIGEST, i2d_PKCS7_ENCRYPT, i2d_PKCS7_ENC_CONTENT, i2d_PKCS7_ENVELOPE, i2d_PKCS7_ISSUER_AND_SERIAL, i2d_PKCS7_NDEF, i2d_PKCS7_RECIP_INFO, i2d_PKCS7_SIGNED, i2d_PKCS7_SIGNER_INFO, i2d_PKCS7_SIGN_ENVELOPE, i2d_PKCS7_bio, i2d_PKCS7_fp, i2d_PKCS8PrivateKeyInfo_bio, i2d_PKCS8PrivateKeyInfo_fp, i2d_PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO_bio, i2d_PKCS8_PRIV_KEY_INFO_fp, i2d_PKCS8_bio, i2d_PKCS8_fp, i2d_PKEY_USAGE_PERIOD, i2d_POLICYINFO, i2d_POLICYQUALINFO, i2d_PROFESSION_INFO, i2d_PROXY_CERT_INFO_EXTENSION, i2d_PROXY_POLICY, i2d_RSAPrivateKey, i2d_RSAPrivateKey_bio, i2d_RSAPrivateKey_fp, i2d_RSAPublicKey, i2d_RSAPublicKey_bio, i2d_RSAPublicKey_fp, i2d_RSA_OAEP_PARAMS, i2d_RSA_PSS_PARAMS, i2d_RSA_PUBKEY, i2d_RSA_PUBKEY_bio, i2d_RSA_PUBKEY_fp, i2d_SCRYPT_PARAMS, i2d_SCT_LIST, i2d_SXNET, i2d_SXNETID, i2d_TS_ACCURACY, i2d_TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT_bio, i2d_TS_MSG_IMPRINT_fp, i2d_TS_REQ, i2d_TS_REQ_bio, i2d_TS_REQ_fp, i2d_TS_RESP, i2d_TS_RESP_bio, i2d_TS_RESP_fp, i2d_TS_STATUS_INFO, i2d_TS_TST_INFO, i2d_TS_TST_INFO_bio, i2d_TS_TST_INFO_fp, i2d_USERNOTICE, i2d_X509, i2d_X509_bio, i2d_X509_fp, i2d_X509_ALGOR, i2d_X509_ALGORS, i2d_X509_ATTRIBUTE, i2d_X509_CERT_AUX, i2d_X509_CINF, i2d_X509_CRL, i2d_X509_CRL_INFO, i2d_X509_CRL_bio, i2d_X509_CRL_fp, i2d_X509_EXTENSION, i2d_X509_EXTENSIONS, i2d_X509_NAME, i2d_X509_NAME_ENTRY, i2d_X509_PUBKEY, i2d_X509_REQ, i2d_X509_REQ_INFO, i2d_X509_REQ_bio, i2d_X509_REQ_fp, i2d_X509_REVOKED, i2d_X509_SIG, i2d_X509_VAL, \&\- convert objects from/to ASN.1/DER representation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 3 \& TYPE *d2i_TYPE(TYPE **a, const unsigned char **ppin, long length); \& TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a); \& TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a); \& \& int i2d_TYPE(TYPE *a, unsigned char **ppout); \& int i2d_TYPE_fp(FILE *fp, TYPE *a); \& int i2d_TYPE_bio(BIO *bp, TYPE *a); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" In the description here, \fI\s-1TYPE\s0\fR is used a placeholder for any of the OpenSSL datatypes, such as \fIX509_CRL\fR. The function parameters \fIppin\fR and \fIppout\fR are generally either both named \fIpp\fR in the headers, or \fIin\fR and \fIout\fR. .PP These functions convert OpenSSL objects to and from their \s-1ASN.1/DER\s0 encoding. Unlike the C structures which can have pointers to sub-objects within, the \s-1DER\s0 is a serialized encoding, suitable for sending over the network, writing to a file, and so on. .PP \&\fBd2i_TYPE()\fR attempts to decode \fBlen\fR bytes at \fB*ppin\fR. If successful a pointer to the \fB\s-1TYPE\s0\fR structure is returned and \fB*ppin\fR is incremented to the byte following the parsed data. If \fBa\fR is not \fB\s-1NULL\s0\fR then a pointer to the returned structure is also written to \fB*a\fR. If an error occurred then \fB\s-1NULL\s0\fR is returned. .PP On a successful return, if \fB*a\fR is not \fB\s-1NULL\s0\fR then it is assumed that \fB*a\fR contains a valid \fB\s-1TYPE\s0\fR structure and an attempt is made to reuse it. This \&\*(L"reuse\*(R" capability is present for historical compatibility but its use is \&\fBstrongly discouraged\fR (see \s-1BUGS\s0 below, and the discussion in the \s-1RETURN VALUES\s0 section). .PP \&\fBd2i_TYPE_bio()\fR is similar to \fBd2i_TYPE()\fR except it attempts to parse data from \s-1BIO\s0 \fBbp\fR. .PP \&\fBd2i_TYPE_fp()\fR is similar to \fBd2i_TYPE()\fR except it attempts to parse data from \s-1FILE\s0 pointer \fBfp\fR. .PP \&\fBi2d_TYPE()\fR encodes the structure pointed to by \fBa\fR into \s-1DER\s0 format. If \fBppout\fR is not \fB\s-1NULL\s0\fR, it writes the \s-1DER\s0 encoded data to the buffer at \fB*ppout\fR, and increments it to point after the data just written. If the return value is negative an error occurred, otherwise it returns the length of the encoded data. .PP If \fB*ppout\fR is \fB\s-1NULL\s0\fR memory will be allocated for a buffer and the encoded data written to it. In this case \fB*ppout\fR is not incremented and it points to the start of the data just written. .PP \&\fBi2d_TYPE_bio()\fR is similar to \fBi2d_TYPE()\fR except it writes the encoding of the structure \fBa\fR to \s-1BIO\s0 \fBbp\fR and it returns 1 for success and 0 for failure. .PP \&\fBi2d_TYPE_fp()\fR is similar to \fBi2d_TYPE()\fR except it writes the encoding of the structure \fBa\fR to \s-1BIO\s0 \fBbp\fR and it returns 1 for success and 0 for failure. .PP These routines do not encrypt private keys and therefore offer no security; use \fBPEM_write_PrivateKey\fR\|(3) or similar for writing to files. .SH "NOTES" .IX Header "NOTES" The letters \fBi\fR and \fBd\fR in \fBi2d_TYPE\fR stand for \&\*(L"internal\*(R" (that is, an internal C structure) and \*(L"\s-1DER\*(R"\s0 respectively. So \fBi2d_TYPE\fR converts from internal to \s-1DER.\s0 .PP The functions can also understand \fB\s-1BER\s0\fR forms. .PP The actual \s-1TYPE\s0 structure passed to \fBi2d_TYPE()\fR must be a valid populated \fB\s-1TYPE\s0\fR structure \*(-- it \fBcannot\fR simply be fed with an empty structure such as that returned by \fBTYPE_new()\fR. .PP The encoded data is in binary form and may contain embedded zeros. Therefore, any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. Functions such as \fBstrlen()\fR will \fBnot\fR return the correct length of the encoded structure. .PP The ways that \fB*ppin\fR and \fB*ppout\fR are incremented after the operation can trap the unwary. See the \fB\s-1WARNINGS\s0\fR section for some common errors. The reason for this-auto increment behaviour is to reflect a typical usage of \s-1ASN1\s0 functions: after one structure is encoded or decoded another will be processed after it. .PP The following points about the data types might be useful: .IP "\fB\s-1ASN1_OBJECT\s0\fR" 4 .IX Item "ASN1_OBJECT" Represents an \s-1ASN1 OBJECT IDENTIFIER.\s0 .IP "\fBDHparams\fR" 4 .IX Item "DHparams" Represents a PKCS#3 \s-1DH\s0 parameters structure. .IP "\fBDHxparams\fR" 4 .IX Item "DHxparams" Represents an \s-1ANSI X9.42 DH\s0 parameters structure. .IP "\fB\s-1DSA_PUBKEY\s0\fR" 4 .IX Item "DSA_PUBKEY" Represents a \s-1DSA\s0 public key using a \fBSubjectPublicKeyInfo\fR structure. .IP "\fBDSAPublicKey, DSAPrivateKey\fR" 4 .IX Item "DSAPublicKey, DSAPrivateKey" Use a non-standard OpenSSL format and should be avoided; use \fB\s-1DSA_PUBKEY\s0\fR, \&\fB\fBPEM_write_PrivateKey\fB\|(3)\fR, or similar instead. .IP "\fB\s-1ECDSA_SIG\s0\fR" 4 .IX Item "ECDSA_SIG" Represents an \s-1ECDSA\s0 signature. .IP "\fBRSAPublicKey\fR" 4 .IX Item "RSAPublicKey" Represents a PKCS#1 \s-1RSA\s0 public key structure. .IP "\fBX509_ALGOR\fR" 4 .IX Item "X509_ALGOR" Represents an \fBAlgorithmIdentifier\fR structure as used in \s-1IETF RFC 6960\s0 and elsewhere. .IP "\fBX509_Name\fR" 4 .IX Item "X509_Name" Represents a \fBName\fR type as used for subject and issuer names in \&\s-1IETF RFC 6960\s0 and elsewhere. .IP "\fBX509_REQ\fR" 4 .IX Item "X509_REQ" Represents a PKCS#10 certificate request. .IP "\fBX509_SIG\fR" 4 .IX Item "X509_SIG" Represents the \fBDigestInfo\fR structure defined in PKCS#1 and PKCS#7. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBd2i_TYPE()\fR, \fBd2i_TYPE_bio()\fR and \fBd2i_TYPE_fp()\fR return a valid \fB\s-1TYPE\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurs. If the \*(L"reuse\*(R" capability has been used with a valid structure being passed in via \fBa\fR, then the object is freed in the event of error and \fB*a\fR is set to \s-1NULL.\s0 .PP \&\fBi2d_TYPE()\fR returns the number of bytes successfully encoded or a negative value if an error occurs. .PP \&\fBi2d_TYPE_bio()\fR and \fBi2d_TYPE_fp()\fR return 1 for success and 0 if an error occurs. .SH "EXAMPLES" .IX Header "EXAMPLES" Allocate and encode the \s-1DER\s0 encoding of an X509 structure: .PP .Vb 2 \& int len; \& unsigned char *buf; \& \& buf = NULL; \& len = i2d_X509(x, &buf); \& if (len < 0) \& /* error */ .Ve .PP Attempt to decode a buffer: .PP .Vb 4 \& X509 *x; \& unsigned char *buf; \& const unsigned char *p; \& int len; \& \& /* Set up buf and len to point to the input buffer. */ \& p = buf; \& x = d2i_X509(NULL, &p, len); \& if (x == NULL) \& /* error */ .Ve .PP Alternative technique: .PP .Vb 4 \& X509 *x; \& unsigned char *buf; \& const unsigned char *p; \& int len; \& \& /* Set up buf and len to point to the input buffer. */ \& p = buf; \& x = NULL; \& \& if (d2i_X509(&x, &p, len) == NULL) \& /* error */ .Ve .SH "WARNINGS" .IX Header "WARNINGS" Using a temporary variable is mandatory. A common mistake is to attempt to use a buffer directly as follows: .PP .Vb 2 \& int len; \& unsigned char *buf; \& \& len = i2d_X509(x, NULL); \& buf = OPENSSL_malloc(len); \& ... \& i2d_X509(x, &buf); \& ... \& OPENSSL_free(buf); .Ve .PP This code will result in \fBbuf\fR apparently containing garbage because it was incremented after the call to point after the data just written. Also \fBbuf\fR will no longer contain the pointer allocated by \fBOPENSSL_malloc()\fR and the subsequent call to \fBOPENSSL_free()\fR is likely to crash. .PP Another trap to avoid is misuse of the \fBa\fR argument to \fBd2i_TYPE()\fR: .PP .Vb 1 \& X509 *x; \& \& if (d2i_X509(&x, &p, len) == NULL) \& /* error */ .Ve .PP This will probably crash somewhere in \fBd2i_X509()\fR. The reason for this is that the variable \fBx\fR is uninitialized and an attempt will be made to interpret its (invalid) value as an \fBX509\fR structure, typically causing a segmentation violation. If \fBx\fR is set to \s-1NULL\s0 first then this will not happen. .SH "BUGS" .IX Header "BUGS" In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fBd2i_TYPE()\fR when \&\fB*a\fR is valid is broken and some parts of the reused structure may persist if they are not present in the new one. Additionally, in versions of OpenSSL prior to 1.1.0, when the \*(L"reuse\*(R" behaviour is used and an error occurs the behaviour is inconsistent. Some functions behaved as described here, while some did not free \fB*a\fR on error and did not set \fB*a\fR to \s-1NULL.\s0 .PP As a result of the above issues the \*(L"reuse\*(R" behaviour is strongly discouraged. .PP \&\fBi2d_TYPE()\fR will not return an error in many versions of OpenSSL, if mandatory fields are not initialized due to a programming error then the encoded structure may contain invalid data or omit the fields entirely and will not be parsed by \fBd2i_TYPE()\fR. This may be fixed in future so code should not assume that \fBi2d_TYPE()\fR will always succeed. .PP Any function which encodes a structure (\fBi2d_TYPE()\fR, \&\fBi2d_TYPE()\fR or \fBi2d_TYPE()\fR) may return a stale encoding if the structure has been modified after deserialization or previous serialization. This is because some objects cache the encoding for efficiency reasons. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 1998\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!11UI_create_method.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "UI_CREATE_METHOD 3" .TH UI_CREATE_METHOD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" UI_METHOD, UI_create_method, UI_destroy_method, UI_method_set_opener, UI_method_set_writer, UI_method_set_flusher, UI_method_set_reader, UI_method_set_closer, UI_method_set_data_duplicator, UI_method_set_prompt_constructor, UI_method_set_ex_data, UI_method_get_opener, UI_method_get_writer, UI_method_get_flusher, UI_method_get_reader, UI_method_get_closer, UI_method_get_data_duplicator, UI_method_get_data_destructor, UI_method_get_prompt_constructor, UI_method_get_ex_data \- user interface method creation and destruction .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef struct ui_method_st UI_METHOD; \& \& UI_METHOD *UI_create_method(const char *name); \& void UI_destroy_method(UI_METHOD *ui_method); \& int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); \& int UI_method_set_writer(UI_METHOD *method, \& int (*writer) (UI *ui, UI_STRING *uis)); \& int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); \& int UI_method_set_reader(UI_METHOD *method, \& int (*reader) (UI *ui, UI_STRING *uis)); \& int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); \& int UI_method_set_data_duplicator(UI_METHOD *method, \& void *(*duplicator) (UI *ui, void *ui_data), \& void (*destructor)(UI *ui, void *ui_data)); \& int UI_method_set_prompt_constructor(UI_METHOD *method, \& char *(*prompt_constructor) (UI *ui, \& const char \& *object_desc, \& const char \& *object_name)); \& int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); \& int (*UI_method_get_opener(const UI_METHOD *method)) (UI *); \& int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *); \& int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *); \& int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *); \& int (*UI_method_get_closer(const UI_METHOD *method)) (UI *); \& char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) \& (UI *, const char *, const char *); \& void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *); \& void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); \& const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A method contains a few functions that implement the low-level of the User Interface. These functions are: .IP "an opener" 4 .IX Item "an opener" This function takes a reference to a \s-1UI\s0 and starts a session, for example by opening a channel to a tty, or by creating a dialog box. .IP "a writer" 4 .IX Item "a writer" This function takes a reference to a \s-1UI\s0 and a \s-1UI\s0 String, and writes the string where appropriate, maybe to the tty, maybe added as a field label in a dialog box. Note that this gets fed all strings associated with a \s-1UI,\s0 one after the other, so care must be taken which ones it actually uses. .IP "a flusher" 4 .IX Item "a flusher" This function takes a reference to a \s-1UI,\s0 and flushes everything that has been output so far. For example, if the method builds up a dialog box, this can be used to actually display it and accepting input ended with a pressed button. .IP "a reader" 4 .IX Item "a reader" This function takes a reference to a \s-1UI\s0 and a \s-1UI\s0 string and reads off the given prompt, maybe from the tty, maybe from a field in a dialog box. Note that this gets fed all strings associated with a \s-1UI,\s0 one after the other, so care must be taken which ones it actually uses. .IP "a closer" 4 .IX Item "a closer" This function takes a reference to a \s-1UI,\s0 and closes the session, maybe by closing the channel to the tty, maybe by destroying a dialog box. .PP All of these functions are expected to return 0 on error, 1 on success, or \-1 on out-off-band events, for example if some prompting has been cancelled (by pressing Ctrl-C, for example). Only the flusher or the reader are expected to return \-1. If returned by another of the functions, it's treated as if 0 was returned. .PP Regarding the writer and the reader, don't assume the former should only write and don't assume the latter should only read. This depends on the needs of the method. .PP For example, a typical tty reader wouldn't write the prompts in the write, but would rather do so in the reader, because of the sequential nature of prompting on a tty. This is how the \fBUI_OpenSSL()\fR method does it. .PP In contrast, a method that builds up a dialog box would add all prompt text in the writer, have all input read in the flusher and store the results in some temporary buffer, and finally have the reader just fetch those results. .PP The central function that uses these method functions is \fBUI_process()\fR, and it does it in five steps: .IP "1." 4 Open the session using the opener function if that one's defined. If an error occurs, jump to 5. .IP "2." 4 For every \s-1UI\s0 String associated with the \s-1UI,\s0 call the writer function if that one's defined. If an error occurs, jump to 5. .IP "3." 4 Flush everything using the flusher function if that one's defined. If an error occurs, jump to 5. .IP "4." 4 For every \s-1UI\s0 String associated with the \s-1UI,\s0 call the reader function if that one's defined. If an error occurs, jump to 5. .IP "5." 4 Close the session using the closer function if that one's defined. .PP \&\fBUI_create_method()\fR creates a new \s-1UI\s0 method with a given \fBname\fR. .PP \&\fBUI_destroy_method()\fR destroys the given \s-1UI\s0 method \fBui_method\fR. .PP \&\fBUI_method_set_opener()\fR, \fBUI_method_set_writer()\fR, \&\fBUI_method_set_flusher()\fR, \fBUI_method_set_reader()\fR and \&\fBUI_method_set_closer()\fR set the five main method function to the given function pointer. .PP \&\fBUI_method_set_data_duplicator()\fR sets the user data duplicator and destructor. See \fBUI_dup_user_data\fR\|(3). .PP \&\fBUI_method_set_prompt_constructor()\fR sets the prompt constructor. See \fBUI_construct_prompt\fR\|(3). .PP \&\fBUI_method_set_ex_data()\fR sets application specific data with a given \&\s-1EX_DATA\s0 index. See \fBCRYPTO_get_ex_new_index\fR\|(3) for general information on how to get that index. .PP \&\fBUI_method_get_opener()\fR, \fBUI_method_get_writer()\fR, \&\fBUI_method_get_flusher()\fR, \fBUI_method_get_reader()\fR, \&\fBUI_method_get_closer()\fR, \fBUI_method_get_data_duplicator()\fR, \&\fBUI_method_get_data_destructor()\fR and \fBUI_method_get_prompt_constructor()\fR return the different method functions. .PP \&\fBUI_method_get_ex_data()\fR returns the application data previously stored with \fBUI_method_set_ex_data()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBUI_create_method()\fR returns a \s-1UI_METHOD\s0 pointer on success, \s-1NULL\s0 on error. .PP \&\fBUI_method_set_opener()\fR, \fBUI_method_set_writer()\fR, \&\fBUI_method_set_flusher()\fR, \fBUI_method_set_reader()\fR, \&\fBUI_method_set_closer()\fR, \fBUI_method_set_data_duplicator()\fR and \&\fBUI_method_set_prompt_constructor()\fR return 0 on success, \-1 if the given \fBmethod\fR is \s-1NULL.\s0 .PP \&\fBUI_method_set_ex_data()\fR returns 1 on success and 0 on error (because \&\fBCRYPTO_set_ex_data()\fR does so). .PP \&\fBUI_method_get_opener()\fR, \fBUI_method_get_writer()\fR, \&\fBUI_method_get_flusher()\fR, \fBUI_method_get_reader()\fR, \&\fBUI_method_get_closer()\fR, \fBUI_method_get_data_duplicator()\fR, \&\fBUI_method_get_data_destructor()\fR and \fBUI_method_get_prompt_constructor()\fR return the requested function pointer if it's set in the method, otherwise \s-1NULL.\s0 .PP \&\fBUI_method_get_ex_data()\fR returns a pointer to the application specific data associated with the method. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\s-1\fBUI\s0\fR\|(3), \fBCRYPTO_get_ex_data\fR\|(3), \s-1\fBUI_STRING\s0\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBUI_method_set_data_duplicator()\fR, \fBUI_method_get_data_duplicator()\fR and \fBUI_method_get_data_destructor()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!+W&,5,5X509_LOOKUP_meth_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_LOOKUP_METH_NEW 3" .TH X509_LOOKUP_METH_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_LOOKUP_METHOD, X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown, X509_LOOKUP_meth_get_shutdown, X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl, X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject, X509_LOOKUP_meth_get_get_by_subject, X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial, X509_LOOKUP_meth_get_get_by_issuer_serial, X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, X509_LOOKUP_meth_get_get_by_fingerprint, X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, X509_LOOKUP_meth_get_get_by_alias, X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL \&\- Routines to build up X509_LOOKUP methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef x509_lookup_method_st X509_LOOKUP_METHOD; \& \& X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); \& void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); \& \& int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, \& int (*new_item) (X509_LOOKUP *ctx)); \& int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) \& (X509_LOOKUP *ctx); \& \& int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, \& void (*free) (X509_LOOKUP *ctx)); \& void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) \& (X509_LOOKUP *ctx); \& \& int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, \& int (*init) (X509_LOOKUP *ctx)); \& int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) \& (X509_LOOKUP *ctx); \& \& int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, \& int (*shutdown) (X509_LOOKUP *ctx)); \& int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) \& (X509_LOOKUP *ctx); \& \& typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, \& long argl, char **ret); \& int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, \& X509_LOOKUP_ctrl_fn ctrl_fn); \& X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); \& \& typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, \& X509_LOOKUP_TYPE type, \& X509_NAME *name, \& X509_OBJECT *ret); \& int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, \& X509_LOOKUP_get_by_subject_fn fn); \& X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( \& const X509_LOOKUP_METHOD *method); \& \& typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, \& X509_LOOKUP_TYPE type, \& X509_NAME *name, \& ASN1_INTEGER *serial, \& X509_OBJECT *ret); \& int X509_LOOKUP_meth_set_get_by_issuer_serial( \& X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn); \& X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( \& const X509_LOOKUP_METHOD *method); \& \& typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, \& X509_LOOKUP_TYPE type, \& const unsigned char* bytes, \& int len, \& X509_OBJECT *ret); \& int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, \& X509_LOOKUP_get_by_fingerprint_fn fn); \& X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( \& const X509_LOOKUP_METHOD *method); \& \& typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, \& X509_LOOKUP_TYPE type, \& const char *str, \& int len, \& X509_OBJECT *ret); \& int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, \& X509_LOOKUP_get_by_alias_fn fn); \& X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( \& const X509_LOOKUP_METHOD *method); \& \& int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); \& int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBX509_LOOKUP_METHOD\fR type is a structure used for the implementation of new X509_LOOKUP types. It provides a set of functions used by OpenSSL for the implementation of various X509 and X509_CRL lookup capabilities. One instance of an X509_LOOKUP_METHOD can be associated to many instantiations of an \&\fBX509_LOOKUP\fR structure. .PP \&\fBX509_LOOKUP_meth_new()\fR creates a new \fBX509_LOOKUP_METHOD\fR structure. It should be given a human-readable string containing a brief description of the lookup method. .PP \&\fBX509_LOOKUP_meth_free()\fR destroys a \fBX509_LOOKUP_METHOD\fR structure. .PP \&\fBX509_LOOKUP_get_new_item()\fR and \fBX509_LOOKUP_set_new_item()\fR get and set the function that is called when an \fBX509_LOOKUP\fR object is created with \&\fBX509_LOOKUP_new()\fR. If an X509_LOOKUP_METHOD requires any per\-X509_LOOKUP specific data, the supplied new_item function should allocate this data and invoke \fBX509_LOOKUP_set_method_data\fR\|(3). .PP \&\fBX509_LOOKUP_get_free()\fR and \fBX509_LOOKUP_set_free()\fR get and set the function that is used to free any method data that was allocated and set from within new_item function. .PP \&\fBX509_LOOKUP_meth_get_init()\fR and \fBX509_LOOKUP_meth_set_init()\fR get and set the function that is used to initialize the method data that was set with \&\fBX509_LOOKUP_set_method_data\fR\|(3) as part of the new_item routine. .PP \&\fBX509_LOOKUP_meth_get_shutdown()\fR and \fBX509_LOOKUP_meth_set_shutdown()\fR get and set the function that is used to shut down the method data whose state was previously initialized in the init function. .PP \&\fBX509_LOOKUP_meth_get_ctrl()\fR and \fBX509_LOOKUP_meth_set_ctrl()\fR get and set a function to be used to handle arbitrary control commands issued by \&\fBX509_LOOKUP_ctrl()\fR. The control function is given the X509_LOOKUP \&\fBctx\fR, along with the arguments passed by X509_LOOKUP_ctrl. \fBcmd\fR is an arbitrary integer that defines some operation. \fBargc\fR is a pointer to an array of characters. \fBargl\fR is an integer. \fBret\fR, if set, points to a location where any return data should be written to. How \&\fBargc\fR and \fBargl\fR are used depends entirely on the control function. .PP \&\fBX509_LOOKUP_set_get_by_subject()\fR, \fBX509_LOOKUP_set_get_by_issuer_serial()\fR, \&\fBX509_LOOKUP_set_get_by_fingerprint()\fR, \fBX509_LOOKUP_set_get_by_alias()\fR set the functions used to retrieve an X509 or X509_CRL object by the object's subject, issuer, fingerprint, and alias respectively. These functions are given the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters related to the lookup, and an X509_OBJECT that will receive the requested object. .PP Implementations must add objects they find to the \fBX509_STORE\fR object using \fBX509_STORE_add_cert()\fR or \fBX509_STORE_add_crl()\fR. This increments its reference count. However, the \fBX509_STORE_CTX_get_by_subject()\fR function also increases the reference count which leads to one too many references being held. Therefore, applications should additionally call \fBX509_free()\fR or \fBX509_CRL_free()\fR to decrement the reference count again. .PP Implementations should also use either \fBX509_OBJECT_set1_X509()\fR or \&\fBX509_OBJECT_set1_X509_CRL()\fR to set the result. Note that this also increments the result's reference count. .PP Any method data that was created as a result of the new_item function set by \fBX509_LOOKUP_meth_set_new_item()\fR can be accessed with \&\fBX509_LOOKUP_get_method_data\fR\|(3). The \fBX509_STORE\fR object that owns the X509_LOOKUP may be accessed with \fBX509_LOOKUP_get_store\fR\|(3). Successful lookups should return 1, and unsuccessful lookups should return 0. .PP \&\fBX509_LOOKUP_get_get_by_subject()\fR, \fBX509_LOOKUP_get_get_by_issuer_serial()\fR, \&\fBX509_LOOKUP_get_get_by_fingerprint()\fR, \fBX509_LOOKUP_get_get_by_alias()\fR retrieve the function set by the corresponding setter. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The \fBX509_LOOKUP_meth_set\fR functions return 1 on success or 0 on error. .PP The \fBX509_LOOKUP_meth_get\fR functions return the corresponding function pointers. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_STORE_new\fR\|(3), \fBSSL_CTX_set_cert_store\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0i. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2018\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!_vvSSL_get_current_cipher.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_CURRENT_CIPHER 3" .TH SSL_GET_CURRENT_CIPHER 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, SSL_get_pending_cipher \- get SSL_CIPHER of a connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); \& const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl); \& \& const char *SSL_get_cipher_name(const SSL *s); \& const char *SSL_get_cipher(const SSL *s); \& int SSL_get_cipher_bits(const SSL *s, int *np); \& const char *SSL_get_cipher_version(const SSL *s); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing the description of the actually used cipher of a connection established with the \fBssl\fR object. See \fBSSL_CIPHER_get_name\fR\|(3) for more details. .PP \&\fBSSL_get_cipher_name()\fR obtains the name of the currently used cipher. \&\fBSSL_get_cipher()\fR is identical to \fBSSL_get_cipher_name()\fR. \&\fBSSL_get_cipher_bits()\fR is a macro to obtain the number of secret/algorithm bits used and \&\fBSSL_get_cipher_version()\fR returns the protocol name. .PP \&\fBSSL_get_pending_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing the description of the cipher (if any) that has been negotiated for future use on the connection established with the \fBssl\fR object, but is not yet in use. This may be the case during handshake processing, when control flow can be returned to the application via any of several callback methods. The internal sequencing of handshake processing and callback invocation is not guaranteed to be stable from release to release, and at present only the callback set by \fBSSL_CTX_set_alpn_select_cb()\fR is guaranteed to have a non-NULL return value. Other callbacks may be added to this list over time. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_get_current_cipher()\fR returns the cipher actually used, or \s-1NULL\s0 if no session has been established. .PP \&\fBSSL_get_pending_cipher()\fR returns the cipher to be used at the next change of cipher suite, or \s-1NULL\s0 if no such cipher is known. .SH "NOTES" .IX Header "NOTES" SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, and SSL_get_cipher_name are implemented as macros. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CIPHER_get_name\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!~M BN_rand.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_RAND 3" .TH BN_RAND 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_rand, BN_priv_rand, BN_pseudo_rand, BN_rand_range, BN_priv_rand_range, BN_pseudo_rand_range \&\- generate pseudo\-random number .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); \& \& int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); \& \& int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); \& \& int BN_rand_range(BIGNUM *rnd, BIGNUM *range); \& \& int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range); \& \& int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBN_rand()\fR generates a cryptographically strong pseudo-random number of \&\fBbits\fR in length and stores it in \fBrnd\fR. If \fBbits\fR is less than zero, or too small to accommodate the requirements specified by the \fBtop\fR and \fBbottom\fR parameters, an error is returned. The \fBtop\fR parameters specifies requirements on the most significant bit of the generated number. If it is \fB\s-1BN_RAND_TOP_ANY\s0\fR, there is no constraint. If it is \fB\s-1BN_RAND_TOP_ONE\s0\fR, the top bit must be one. If it is \fB\s-1BN_RAND_TOP_TWO\s0\fR, the two most significant bits of the number will be set to 1, so that the product of two such random numbers will always have 2*\fBbits\fR length. If \fBbottom\fR is \fB\s-1BN_RAND_BOTTOM_ODD\s0\fR, the number will be odd; if it is \fB\s-1BN_RAND_BOTTOM_ANY\s0\fR it can be odd or even. If \fBbits\fR is 1 then \fBtop\fR cannot also be \fB\s-1BN_RAND_TOP_TWO\s0\fR. .PP \&\fBBN_rand_range()\fR generates a cryptographically strong pseudo-random number \fBrnd\fR in the range 0 <= \fBrnd\fR < \fBrange\fR. .PP \&\fBBN_priv_rand()\fR and \fBBN_priv_rand_range()\fR have the same semantics as \&\fBBN_rand()\fR and \fBBN_rand_range()\fR respectively. They are intended to be used for generating values that should remain private, and mirror the same difference between \fBRAND_bytes\fR\|(3) and \fBRAND_priv_bytes\fR\|(3). .SH "NOTES" .IX Header "NOTES" Always check the error return value of these functions and do not take randomness for granted: an error occurs if the \s-1CSPRNG\s0 has not been seeded with enough randomness to ensure an unpredictable byte sequence. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The functions return 1 on success, 0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \&\fBRAND_add\fR\|(3), \&\fBRAND_bytes\fR\|(3), \&\fBRAND_priv_bytes\fR\|(3), \&\s-1\fBRAND\s0\fR\|(7), \&\s-1\fBRAND_DRBG\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" .IP "\(bu" 2 Starting with OpenSSL release 1.1.0, \fBBN_pseudo_rand()\fR has been identical to \fBBN_rand()\fR and \fBBN_pseudo_rand_range()\fR has been identical to \&\fBBN_rand_range()\fR. The \*(L"pseudo\*(R" functions should not be used and may be deprecated in a future release. .IP "\(bu" 2 The \&\fBBN_priv_rand()\fR and \fBBN_priv_rand_range()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!h!! SSL_CTX_set1_verify_cert_store.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET1_VERIFY_CERT_STORE 3" .TH SSL_CTX_SET1_VERIFY_CERT_STORE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, SSL_set0_chain_cert_store, SSL_set1_chain_cert_store, SSL_CTX_get0_verify_cert_store, SSL_CTX_get0_chain_cert_store, SSL_get0_verify_cert_store, SSL_get0_chain_cert_store \- set certificate verification or chain store .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); \& int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); \& int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); \& int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); \& int SSL_CTX_get0_verify_cert_store(SSL_CTX *ctx, X509_STORE **st); \& int SSL_CTX_get0_chain_cert_store(SSL_CTX *ctx, X509_STORE **st); \& \& int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); \& int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); \& int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); \& int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); \& int SSL_get0_verify_cert_store(SSL *ctx, X509_STORE **st); \& int SSL_get0_chain_cert_store(SSL *ctx, X509_STORE **st); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set0_verify_cert_store()\fR and \fBSSL_CTX_set1_verify_cert_store()\fR set the certificate store used for certificate verification to \fBst\fR. .PP \&\fBSSL_CTX_set0_chain_cert_store()\fR and \fBSSL_CTX_set1_chain_cert_store()\fR set the certificate store used for certificate chain building to \fBst\fR. .PP \&\fBSSL_set0_verify_cert_store()\fR, \fBSSL_set1_verify_cert_store()\fR, \&\fBSSL_set0_chain_cert_store()\fR and \fBSSL_set1_chain_cert_store()\fR are similar except they apply to \s-1SSL\s0 structure \fBssl\fR. .PP \&\fBSSL_CTX_get0_verify_chain_store()\fR, \fBSSL_get0_verify_chain_store()\fR, \&\fBSSL_CTX_get0_chain_cert_store()\fR and \fBSSL_get0_chain_cert_store()\fR retrieve the objects previously set via the above calls. A pointer to the object (or \s-1NULL\s0 if no such object has been set) is written to \fB*st\fR. .PP All these functions are implemented as macros. Those containing a \fB1\fR increment the reference count of the supplied store so it must be freed at some point after the operation. Those containing a \fB0\fR do not increment reference counts and the supplied store \fB\s-1MUST NOT\s0\fR be freed after the operation. .SH "NOTES" .IX Header "NOTES" The stores pointers associated with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 structures when \fBSSL_new()\fR is called. As a result \s-1SSL\s0 structures will not be affected if the parent \s-1SSL_CTX\s0 store pointer is set to a new value. .PP The verification store is used to verify the certificate chain sent by the peer: that is an \s-1SSL/TLS\s0 client will use the verification store to verify the server's certificate chain and a \s-1SSL/TLS\s0 server will use it to verify any client certificate chain. .PP The chain store is used to build the certificate chain. .PP If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set or a certificate chain is configured already (for example using the functions such as \&\fBSSL_CTX_add1_chain_cert\fR\|(3) or \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3)) then automatic chain building is disabled. .PP If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set then automatic chain building is disabled. .PP If the chain or the verification store is not set then the store associated with the parent \s-1SSL_CTX\s0 is used instead to retain compatibility with previous versions of OpenSSL. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All these functions return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) \&\fBSSL_CTX_set0_chain\fR\|(3) \&\fBSSL_CTX_set1_chain\fR\|(3) \&\fBSSL_CTX_add0_chain_cert\fR\|(3) \&\fBSSL_CTX_add1_chain_cert\fR\|(3) \&\fBSSL_set0_chain\fR\|(3) \&\fBSSL_set1_chain\fR\|(3) \&\fBSSL_add0_chain_cert\fR\|(3) \&\fBSSL_add1_chain_cert\fR\|(3) \&\fBSSL_CTX_build_cert_chain\fR\|(3) \&\fBSSL_build_cert_chain\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!77OPENSSL_LH_COMPFUNC.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OPENSSL_LH_COMPFUNC 3" .TH OPENSSL_LH_COMPFUNC 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" LHASH, DECLARE_LHASH_OF, OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC, LHASH_DOALL_ARG_FN_TYPE, IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN, lh_TYPE_new, lh_TYPE_free, lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve, lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error \- dynamic hash table .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& DECLARE_LHASH_OF(TYPE); \& \& LHASH *lh_TYPE_new(OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC compare); \& void lh_TYPE_free(LHASH_OF(TYPE) *table); \& \& TYPE *lh_TYPE_insert(LHASH_OF(TYPE) *table, TYPE *data); \& TYPE *lh_TYPE_delete(LHASH_OF(TYPE) *table, TYPE *data); \& TYPE *lh_TYPE_retrieve(LHASH_OF(TYPE) *table, TYPE *data); \& \& void lh_TYPE_doall(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNC func); \& void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func, \& TYPE *arg); \& \& int lh_TYPE_error(LHASH_OF(TYPE) *table); \& \& typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *); \& typedef unsigned long (*OPENSSL_LH_HASHFUNC)(const void *); \& typedef void (*OPENSSL_LH_DOALL_FUNC)(const void *); \& typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This library implements type-checked dynamic hash tables. The hash table entries can be arbitrary structures. Usually they consist of key and value fields. In the description here, \fI\s-1TYPE\s0\fR is used a placeholder for any of the OpenSSL datatypes, such as \fI\s-1SSL_SESSION\s0\fR. .PP \&\fBlh_TYPE_new()\fR creates a new \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure to store arbitrary data entries, and specifies the 'hash' and 'compare' callbacks to be used in organising the table's entries. The \fBhash\fR callback takes a pointer to a table entry as its argument and returns an unsigned long hash value for its key field. The hash value is normally truncated to a power of 2, so make sure that your hash function returns well mixed low order bits. The \fBcompare\fR callback takes two arguments (pointers to two hash table entries), and returns 0 if their keys are equal, nonzero otherwise. .PP If your hash table will contain items of some particular type and the \fBhash\fR and \&\fBcompare\fR callbacks hash/compare these types, then the \&\fB\s-1IMPLEMENT_LHASH_HASH_FN\s0\fR and \fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be used to create callback wrappers of the prototypes required by \&\fBlh_TYPE_new()\fR as shown in this example: .PP .Vb 11 \& /* \& * Implement the hash and compare functions; "stuff" can be any word. \& */ \& static unsigned long stuff_hash(const TYPE *a) \& { \& ... \& } \& static int stuff_cmp(const TYPE *a, const TYPE *b) \& { \& ... \& } \& \& /* \& * Implement the wrapper functions. \& */ \& static IMPLEMENT_LHASH_HASH_FN(stuff, TYPE) \& static IMPLEMENT_LHASH_COMP_FN(stuff, TYPE) .Ve .PP If the type is going to be used in several places, the following macros can be used in a common header file to declare the function wrappers: .PP .Vb 2 \& DECLARE_LHASH_HASH_FN(stuff, TYPE) \& DECLARE_LHASH_COMP_FN(stuff, TYPE) .Ve .PP Then a hash table of \s-1TYPE\s0 objects can be created using this: .PP .Vb 1 \& LHASH_OF(TYPE) *htable; \& \& htable = lh_TYPE_new(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff)); .Ve .PP \&\fBlh_TYPE_free()\fR frees the \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure \&\fBtable\fR. Allocated hash table entries will not be freed; consider using \fBlh_TYPE_doall()\fR to deallocate any remaining entries in the hash table (see below). .PP \&\fBlh_TYPE_insert()\fR inserts the structure pointed to by \fBdata\fR into \&\fBtable\fR. If there already is an entry with the same key, the old value is replaced. Note that \fBlh_TYPE_insert()\fR stores pointers, the data are not copied. .PP \&\fBlh_TYPE_delete()\fR deletes an entry from \fBtable\fR. .PP \&\fBlh_TYPE_retrieve()\fR looks up an entry in \fBtable\fR. Normally, \fBdata\fR is a structure with the key field(s) set; the function will return a pointer to a fully populated structure. .PP \&\fBlh_TYPE_doall()\fR will, for every entry in the hash table, call \&\fBfunc\fR with the data item as its parameter. For example: .PP .Vb 2 \& /* Cleans up resources belonging to \*(Aqa\*(Aq (this is implemented elsewhere) */ \& void TYPE_cleanup_doall(TYPE *a); \& \& /* Implement a prototype\-compatible wrapper for "TYPE_cleanup" */ \& IMPLEMENT_LHASH_DOALL_FN(TYPE_cleanup, TYPE) \& \& /* Call "TYPE_cleanup" against all items in a hash table. */ \& lh_TYPE_doall(hashtable, LHASH_DOALL_FN(TYPE_cleanup)); \& \& /* Then the hash table itself can be deallocated */ \& lh_TYPE_free(hashtable); .Ve .PP When doing this, be careful if you delete entries from the hash table in your callbacks: the table may decrease in size, moving the item that you are currently on down lower in the hash table \- this could cause some entries to be skipped during the iteration. The second best solution to this problem is to set hash\->down_load=0 before you start (which will stop the hash table ever decreasing in size). The best solution is probably to avoid deleting items from the hash table inside a \*(L"doall\*(R" callback! .PP \&\fBlh_TYPE_doall_arg()\fR is the same as \fBlh_TYPE_doall()\fR except that \&\fBfunc\fR will be called with \fBarg\fR as the second argument and \fBfunc\fR should be of type \fB\s-1LHASH_DOALL_ARG_FN_TYPE\s0\fR (a callback prototype that is passed both the table entry and an extra argument). As with \&\fBlh_doall()\fR, you can instead choose to declare your callback with a prototype matching the types you are dealing with and use the declare/implement macros to create compatible wrappers that cast variables before calling your type-specific callbacks. An example of this is demonstrated here (printing all hash table entries to a \s-1BIO\s0 that is provided by the caller): .PP .Vb 2 \& /* Prints item \*(Aqa\*(Aq to \*(Aqoutput_bio\*(Aq (this is implemented elsewhere) */ \& void TYPE_print_doall_arg(const TYPE *a, BIO *output_bio); \& \& /* Implement a prototype\-compatible wrapper for "TYPE_print" */ \& static IMPLEMENT_LHASH_DOALL_ARG_FN(TYPE, const TYPE, BIO) \& \& /* Print out the entire hashtable to a particular BIO */ \& lh_TYPE_doall_arg(hashtable, LHASH_DOALL_ARG_FN(TYPE_print), BIO, \& logging_bio); .Ve .PP \&\fBlh_TYPE_error()\fR can be used to determine if an error occurred in the last operation. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBlh_TYPE_new()\fR returns \fB\s-1NULL\s0\fR on error, otherwise a pointer to the new \&\fB\s-1LHASH\s0\fR structure. .PP When a hash table entry is replaced, \fBlh_TYPE_insert()\fR returns the value being replaced. \fB\s-1NULL\s0\fR is returned on normal operation and on error. .PP \&\fBlh_TYPE_delete()\fR returns the entry being deleted. \fB\s-1NULL\s0\fR is returned if there is no such value in the hash table. .PP \&\fBlh_TYPE_retrieve()\fR returns the hash table entry if it has been found, \&\fB\s-1NULL\s0\fR otherwise. .PP \&\fBlh_TYPE_error()\fR returns 1 if an error occurred in the last operation, 0 otherwise. It's meaningful only after non-retrieve operations. .PP \&\fBlh_TYPE_free()\fR, \fBlh_TYPE_doall()\fR and \fBlh_TYPE_doall_arg()\fR return no values. .SH "NOTE" .IX Header "NOTE" The \s-1LHASH\s0 code is not thread safe. All updating operations, as well as lh_TYPE_error call must be performed under a write lock. All retrieve operations should be performed under a read lock, \fIunless\fR accurate usage statistics are desired. In which case, a write lock should be used for retrieve operations as well. For output of the usage statistics, using the functions from \fBOPENSSL_LH_stats\fR\|(3), a read lock suffices. .PP The \s-1LHASH\s0 code regards table entries as constant data. As such, it internally represents \fBlh_insert()\fR'd items with a \*(L"const void *\*(R" pointer type. This is why callbacks such as those used by \fBlh_doall()\fR and \fBlh_doall_arg()\fR declare their prototypes with \*(L"const\*(R", even for the parameters that pass back the table items' data pointers \- for consistency, user-provided data is \*(L"const\*(R" at all times as far as the \&\s-1LHASH\s0 code is concerned. However, as callers are themselves providing these pointers, they can choose whether they too should be treating all such parameters as constant. .PP As an example, a hash table may be maintained by code that, for reasons of encapsulation, has only \*(L"const\*(R" access to the data being indexed in the hash table (i.e. it is returned as \*(L"const\*(R" from elsewhere in their code) \- in this case the \s-1LHASH\s0 prototypes are appropriate as-is. Conversely, if the caller is responsible for the life-time of the data in question, then they may well wish to make modifications to table item passed back in the \fBlh_doall()\fR or \&\fBlh_doall_arg()\fR callbacks (see the \*(L"TYPE_cleanup\*(R" example above). If so, the caller can either cast the \*(L"const\*(R" away (if they're providing the raw callbacks themselves) or use the macros to declare/implement the wrapper functions without \*(L"const\*(R" types. .PP Callers that only have \*(L"const\*(R" access to data they're indexing in a table, yet declare callbacks without constant types (or cast the \&\*(L"const\*(R" away themselves), are therefore creating their own risks/bugs without being encouraged to do so by the \s-1API.\s0 On a related note, those auditing code should pay special attention to any instances of DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types without any \*(L"const\*(R" qualifiers. .SH "BUGS" .IX Header "BUGS" \&\fBlh_TYPE_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOPENSSL_LH_stats\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" In OpenSSL 1.0.0, the lhash interface was revamped for better type checking. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!7nX509_get0_notBefore.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_GET0_NOTBEFORE 3" .TH X509_GET0_NOTBEFORE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter, X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter, X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate, X509_CRL_set1_nextUpdate \- get or set certificate or CRL dates .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const ASN1_TIME *X509_get0_notBefore(const X509 *x); \& const ASN1_TIME *X509_get0_notAfter(const X509 *x); \& \& ASN1_TIME *X509_getm_notBefore(const X509 *x); \& ASN1_TIME *X509_getm_notAfter(const X509 *x); \& \& int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); \& int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); \& \& const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); \& const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); \& \& int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); \& int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_get0_notBefore()\fR and \fBX509_get0_notAfter()\fR return the \fBnotBefore\fR and \fBnotAfter\fR fields of certificate \fBx\fR respectively. The value returned is an internal pointer which must not be freed up after the call. .PP \&\fBX509_getm_notBefore()\fR and \fBX509_getm_notAfter()\fR are similar to \&\fBX509_get0_notBefore()\fR and \fBX509_get0_notAfter()\fR except they return non-constant mutable references to the associated date field of the certificate. .PP \&\fBX509_set1_notBefore()\fR and \fBX509_set1_notAfter()\fR set the \fBnotBefore\fR and \fBnotAfter\fR fields of \fBx\fR to \fBtm\fR. Ownership of the passed parameter \fBtm\fR is not transferred by these functions so it must be freed up after the call. .PP \&\fBX509_CRL_get0_lastUpdate()\fR and \fBX509_CRL_get0_nextUpdate()\fR return the \&\fBlastUpdate\fR and \fBnextUpdate\fR fields of \fBcrl\fR. The value returned is an internal pointer which must not be freed up after the call. If the \fBnextUpdate\fR field is absent from \fBcrl\fR then \&\fB\s-1NULL\s0\fR is returned. .PP \&\fBX509_CRL_set1_lastUpdate()\fR and \fBX509_CRL_set1_nextUpdate()\fR set the \fBlastUpdate\fR and \fBnextUpdate\fR fields of \fBcrl\fR to \fBtm\fR. Ownership of the passed parameter \&\fBtm\fR is not transferred by these functions so it must be freed up after the call. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_get0_notBefore()\fR, \fBX509_get0_notAfter()\fR and \fBX509_CRL_get0_lastUpdate()\fR return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure. .PP \&\fBX509_CRL_get0_lastUpdate()\fR return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure or \s-1NULL\s0 if the \fBlastUpdate\fR field is absent. .PP \&\fBX509_set1_notBefore()\fR, \fBX509_set1_notAfter()\fR, \fBX509_CRL_set1_lastUpdate()\fR and \&\fBX509_CRL_set1_nextUpdate()\fR return 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), \&\fBERR_get_error\fR\|(3), \&\fBX509_CRL_get0_by_serial\fR\|(3), \&\fBX509_get0_signature\fR\|(3), \&\fBX509_get_ext_d2i\fR\|(3), \&\fBX509_get_extension_flags\fR\|(3), \&\fBX509_get_pubkey\fR\|(3), \&\fBX509_get_subject_name\fR\|(3), \&\fBX509_NAME_add_entry_by_txt\fR\|(3), \&\fBX509_NAME_ENTRY_get_object\fR\|(3), \&\fBX509_NAME_get_index_by_NID\fR\|(3), \&\fBX509_NAME_print_ex\fR\|(3), \&\fBX509_new\fR\|(3), \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions are available in all versions of OpenSSL. .PP \&\fBX509_get_notBefore()\fR and \fBX509_get_notAfter()\fR were deprecated in OpenSSL 1.1.0 .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!LP} X509_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_NEW 3" .TH X509_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_chain_up_ref, X509_new, X509_free, X509_up_ref \- X509 certificate ASN1 allocation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& X509 *X509_new(void); \& void X509_free(X509 *a); \& int X509_up_ref(X509 *a); \& STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The X509 \s-1ASN1\s0 allocation routines, allocate and free an X509 structure, which represents an X509 certificate. .PP \&\fBX509_new()\fR allocates and initializes a X509 structure with reference count \&\fB1\fR. .PP \&\fBX509_free()\fR decrements the reference count of \fBX509\fR structure \fBa\fR and frees it up if the reference count is zero. If \fBa\fR is \s-1NULL\s0 nothing is done. .PP \&\fBX509_up_ref()\fR increments the reference count of \fBa\fR. .PP \&\fBX509_chain_up_ref()\fR increases the reference count of all certificates in chain \fBx\fR and returns a copy of the stack. .SH "NOTES" .IX Header "NOTES" The function \fBX509_up_ref()\fR if useful if a certificate structure is being used by several different operations each of which will free it up after use: this avoids the need to duplicate the entire certificate structure. .PP The function \fBX509_chain_up_ref()\fR doesn't just up the reference count of each certificate it also returns a copy of the stack, using \fBsk_X509_dup()\fR, but it serves a similar purpose: the returned chain persists after the original has been freed. .SH "RETURN VALUES" .IX Header "RETURN VALUES" If the allocation fails, \fBX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP \&\fBX509_up_ref()\fR returns 1 for success and 0 for failure. .PP \&\fBX509_chain_up_ref()\fR returns a copy of the stack or \fB\s-1NULL\s0\fR if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), \&\fBERR_get_error\fR\|(3), \&\fBX509_CRL_get0_by_serial\fR\|(3), \&\fBX509_get0_signature\fR\|(3), \&\fBX509_get_ext_d2i\fR\|(3), \&\fBX509_get_extension_flags\fR\|(3), \&\fBX509_get_pubkey\fR\|(3), \&\fBX509_get_subject_name\fR\|(3), \&\fBX509_get_version\fR\|(3), \&\fBX509_NAME_add_entry_by_txt\fR\|(3), \&\fBX509_NAME_ENTRY_get_object\fR\|(3), \&\fBX509_NAME_get_index_by_NID\fR\|(3), \&\fBX509_NAME_print_ex\fR\|(3), \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!Uw ENGINE_add.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ENGINE_ADD 3" .TH ENGINE_ADD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ENGINE_get_DH, ENGINE_get_DSA, ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_get_default_DH, ENGINE_get_default_DSA, ENGINE_get_default_RAND, ENGINE_get_default_RSA, ENGINE_get_digest_engine, ENGINE_get_first, ENGINE_get_last, ENGINE_get_next, ENGINE_get_prev, ENGINE_new, ENGINE_get_ciphers, ENGINE_get_ctrl_function, ENGINE_get_digests, ENGINE_get_destroy_function, ENGINE_get_finish_function, ENGINE_get_init_function, ENGINE_get_load_privkey_function, ENGINE_get_load_pubkey_function, ENGINE_load_private_key, ENGINE_load_public_key, ENGINE_get_RAND, ENGINE_get_RSA, ENGINE_get_id, ENGINE_get_name, ENGINE_get_cmd_defns, ENGINE_get_cipher, ENGINE_get_digest, ENGINE_add, ENGINE_cmd_is_executable, ENGINE_ctrl, ENGINE_ctrl_cmd, ENGINE_ctrl_cmd_string, ENGINE_finish, ENGINE_free, ENGINE_get_flags, ENGINE_init, ENGINE_register_DH, ENGINE_register_DSA, ENGINE_register_RAND, ENGINE_register_RSA, ENGINE_register_all_complete, ENGINE_register_ciphers, ENGINE_register_complete, ENGINE_register_digests, ENGINE_remove, ENGINE_set_DH, ENGINE_set_DSA, ENGINE_set_RAND, ENGINE_set_RSA, ENGINE_set_ciphers, ENGINE_set_cmd_defns, ENGINE_set_ctrl_function, ENGINE_set_default, ENGINE_set_default_DH, ENGINE_set_default_DSA, ENGINE_set_default_RAND, ENGINE_set_default_RSA, ENGINE_set_default_ciphers, ENGINE_set_default_digests, ENGINE_set_default_string, ENGINE_set_destroy_function, ENGINE_set_digests, ENGINE_set_finish_function, ENGINE_set_flags, ENGINE_set_id, ENGINE_set_init_function, ENGINE_set_load_privkey_function, ENGINE_set_load_pubkey_function, ENGINE_set_name, ENGINE_up_ref, ENGINE_get_table_flags, ENGINE_cleanup, ENGINE_load_builtin_engines, ENGINE_register_all_DH, ENGINE_register_all_DSA, ENGINE_register_all_RAND, ENGINE_register_all_RSA, ENGINE_register_all_ciphers, ENGINE_register_all_digests, ENGINE_set_table_flags, ENGINE_unregister_DH, ENGINE_unregister_DSA, ENGINE_unregister_RAND, ENGINE_unregister_RSA, ENGINE_unregister_ciphers, ENGINE_unregister_digests \&\- ENGINE cryptographic module support .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& ENGINE *ENGINE_get_first(void); \& ENGINE *ENGINE_get_last(void); \& ENGINE *ENGINE_get_next(ENGINE *e); \& ENGINE *ENGINE_get_prev(ENGINE *e); \& \& int ENGINE_add(ENGINE *e); \& int ENGINE_remove(ENGINE *e); \& \& ENGINE *ENGINE_by_id(const char *id); \& \& int ENGINE_init(ENGINE *e); \& int ENGINE_finish(ENGINE *e); \& \& void ENGINE_load_builtin_engines(void); \& \& ENGINE *ENGINE_get_default_RSA(void); \& ENGINE *ENGINE_get_default_DSA(void); \& ENGINE *ENGINE_get_default_DH(void); \& ENGINE *ENGINE_get_default_RAND(void); \& ENGINE *ENGINE_get_cipher_engine(int nid); \& ENGINE *ENGINE_get_digest_engine(int nid); \& \& int ENGINE_set_default_RSA(ENGINE *e); \& int ENGINE_set_default_DSA(ENGINE *e); \& int ENGINE_set_default_DH(ENGINE *e); \& int ENGINE_set_default_RAND(ENGINE *e); \& int ENGINE_set_default_ciphers(ENGINE *e); \& int ENGINE_set_default_digests(ENGINE *e); \& int ENGINE_set_default_string(ENGINE *e, const char *list); \& \& int ENGINE_set_default(ENGINE *e, unsigned int flags); \& \& unsigned int ENGINE_get_table_flags(void); \& void ENGINE_set_table_flags(unsigned int flags); \& \& int ENGINE_register_RSA(ENGINE *e); \& void ENGINE_unregister_RSA(ENGINE *e); \& void ENGINE_register_all_RSA(void); \& int ENGINE_register_DSA(ENGINE *e); \& void ENGINE_unregister_DSA(ENGINE *e); \& void ENGINE_register_all_DSA(void); \& int ENGINE_register_DH(ENGINE *e); \& void ENGINE_unregister_DH(ENGINE *e); \& void ENGINE_register_all_DH(void); \& int ENGINE_register_RAND(ENGINE *e); \& void ENGINE_unregister_RAND(ENGINE *e); \& void ENGINE_register_all_RAND(void); \& int ENGINE_register_ciphers(ENGINE *e); \& void ENGINE_unregister_ciphers(ENGINE *e); \& void ENGINE_register_all_ciphers(void); \& int ENGINE_register_digests(ENGINE *e); \& void ENGINE_unregister_digests(ENGINE *e); \& void ENGINE_register_all_digests(void); \& int ENGINE_register_complete(ENGINE *e); \& int ENGINE_register_all_complete(void); \& \& int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); \& int ENGINE_cmd_is_executable(ENGINE *e, int cmd); \& int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, \& long i, void *p, void (*f)(void), int cmd_optional); \& int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, \& int cmd_optional); \& \& ENGINE *ENGINE_new(void); \& int ENGINE_free(ENGINE *e); \& int ENGINE_up_ref(ENGINE *e); \& \& int ENGINE_set_id(ENGINE *e, const char *id); \& int ENGINE_set_name(ENGINE *e, const char *name); \& int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); \& int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); \& int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); \& int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); \& int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); \& int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); \& int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); \& int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); \& int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); \& int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); \& int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); \& int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); \& int ENGINE_set_flags(ENGINE *e, int flags); \& int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); \& \& const char *ENGINE_get_id(const ENGINE *e); \& const char *ENGINE_get_name(const ENGINE *e); \& const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); \& const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); \& const DH_METHOD *ENGINE_get_DH(const ENGINE *e); \& const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); \& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); \& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); \& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); \& ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); \& ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); \& ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); \& ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); \& ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); \& const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); \& const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); \& int ENGINE_get_flags(const ENGINE *e); \& const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); \& \& EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, \& UI_METHOD *ui_method, void *callback_data); \& EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, \& UI_METHOD *ui_method, void *callback_data); .Ve .PP Deprecated: .PP .Vb 3 \& #if OPENSSL_API_COMPAT < 0x10100000L \& void ENGINE_cleanup(void) \& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions create, manipulate, and use cryptographic modules in the form of \fB\s-1ENGINE\s0\fR objects. These objects act as containers for implementations of cryptographic algorithms, and support a reference-counted mechanism to allow them to be dynamically loaded in and out of the running application. .PP The cryptographic functionality that can be provided by an \fB\s-1ENGINE\s0\fR implementation includes the following abstractions; .PP .Vb 6 \& RSA_METHOD \- for providing alternative RSA implementations \& DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD, \& \- similarly for other OpenSSL APIs \& EVP_CIPHER \- potentially multiple cipher algorithms (indexed by \*(Aqnid\*(Aq) \& EVP_DIGEST \- potentially multiple hash algorithms (indexed by \*(Aqnid\*(Aq) \& key\-loading \- loading public and/or private EVP_PKEY keys .Ve .SS "Reference counting and handles" .IX Subsection "Reference counting and handles" Due to the modular nature of the \s-1ENGINE API,\s0 pointers to ENGINEs need to be treated as handles \- i.e. not only as pointers, but also as references to the underlying \s-1ENGINE\s0 object. Ie. one should obtain a new reference when making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and released) independently. .PP \&\s-1ENGINE\s0 objects have two levels of reference-counting to match the way in which the objects are used. At the most basic level, each \s-1ENGINE\s0 pointer is inherently a \fBstructural\fR reference \- a structural reference is required to use the pointer value at all, as this kind of reference is a guarantee that the structure can not be deallocated until the reference is released. .PP However, a structural reference provides no guarantee that the \s-1ENGINE\s0 is initialised and able to use any of its cryptographic implementations. Indeed it's quite possible that most ENGINEs will not initialise at all in typical environments, as ENGINEs are typically used to support specialised hardware. To use an \s-1ENGINE\s0's functionality, you need a \&\fBfunctional\fR reference. This kind of reference can be considered a specialised form of structural reference, because each functional reference implicitly contains a structural reference as well \- however to avoid difficult-to-find programming bugs, it is recommended to treat the two kinds of reference independently. If you have a functional reference to an \&\s-1ENGINE,\s0 you have a guarantee that the \s-1ENGINE\s0 has been initialised and is ready to perform cryptographic operations, and will remain initialised until after you have released your reference. .PP \&\fIStructural references\fR .PP This basic type of reference is used for instantiating new ENGINEs, iterating across OpenSSL's internal linked-list of loaded ENGINEs, reading information about an \s-1ENGINE,\s0 etc. Essentially a structural reference is sufficient if you only need to query or manipulate the data of an \s-1ENGINE\s0 implementation rather than use its functionality. .PP The \fBENGINE_new()\fR function returns a structural reference to a new (empty) \&\s-1ENGINE\s0 object. There are other \s-1ENGINE API\s0 functions that return structural references such as; \fBENGINE_by_id()\fR, \fBENGINE_get_first()\fR, \fBENGINE_get_last()\fR, \&\fBENGINE_get_next()\fR, \fBENGINE_get_prev()\fR. All structural references should be released by a corresponding to call to the \fBENGINE_free()\fR function \- the \&\s-1ENGINE\s0 object itself will only actually be cleaned up and deallocated when the last structural reference is released. .PP It should also be noted that many \s-1ENGINE API\s0 function calls that accept a structural reference will internally obtain another reference \- typically this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to OpenSSL's internal list is \fBENGINE_add()\fR \- if this function returns success, then OpenSSL will have stored a new structural reference internally so the caller is still responsible for freeing their own reference with \&\fBENGINE_free()\fR when they are finished with it. In a similar way, some functions will automatically release the structural reference passed to it if part of the function's job is to do so. Eg. the \fBENGINE_get_next()\fR and \&\fBENGINE_get_prev()\fR functions are used for iterating across the internal \&\s-1ENGINE\s0 list \- they will return a new structural reference to the next (or previous) \s-1ENGINE\s0 in the list or \s-1NULL\s0 if at the end (or beginning) of the list, but in either case the structural reference passed to the function is released on behalf of the caller. .PP To clarify a particular function's handling of references, one should always consult that function's documentation \*(L"man\*(R" page, or failing that the openssl/engine.h header file includes some hints. .PP \&\fIFunctional references\fR .PP As mentioned, functional references exist when the cryptographic functionality of an \s-1ENGINE\s0 is required to be available. A functional reference can be obtained in one of two ways; from an existing structural reference to the required \s-1ENGINE,\s0 or by asking OpenSSL for the default operational \s-1ENGINE\s0 for a given cryptographic purpose. .PP To obtain a functional reference from an existing structural reference, call the \fBENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not already operational and couldn't be successfully initialised (e.g. lack of system drivers, no special hardware attached, etc), otherwise it will return nonzero to indicate that the \s-1ENGINE\s0 is now operational and will have allocated a new \fBfunctional\fR reference to the \s-1ENGINE.\s0 All functional references are released by calling \fBENGINE_finish()\fR (which removes the implicit structural reference as well). .PP The second way to get a functional reference is by asking OpenSSL for a default implementation for a given task, e.g. by \fBENGINE_get_default_RSA()\fR, \&\fBENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next section, though they are not usually required by application programmers as they are used automatically when creating and using the relevant algorithm-specific types in OpenSSL, such as \s-1RSA, DSA, EVP_CIPHER_CTX,\s0 etc. .SS "Default implementations" .IX Subsection "Default implementations" For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table of state to control which implementations are available for a given abstraction and which should be used by default. These implementations are registered in the tables and indexed by an 'nid' value, because abstractions like \s-1EVP_CIPHER\s0 and \s-1EVP_DIGEST\s0 support many distinct algorithms and modes, and ENGINEs can support arbitrarily many of them. In the case of other abstractions like \s-1RSA, DSA,\s0 etc, there is only one \&\*(L"algorithm\*(R" so all implementations implicitly register using the same 'nid' index. .PP When a default \s-1ENGINE\s0 is requested for a given abstraction/algorithm/mode, (e.g. when calling RSA_new_method(\s-1NULL\s0)), a \*(L"get_default\*(R" call will be made to the \&\s-1ENGINE\s0 subsystem to process the corresponding state table and return a functional reference to an initialised \s-1ENGINE\s0 whose implementation should be used. If no \s-1ENGINE\s0 should (or can) be used, it will return \s-1NULL\s0 and the caller will operate with a \s-1NULL ENGINE\s0 handle \- this usually equates to using the conventional software implementation. In the latter case, OpenSSL will from then on behave the way it used to before the \s-1ENGINE API\s0 existed. .PP Each state table has a flag to note whether it has processed this \&\*(L"get_default\*(R" query since the table was last modified, because to process this question it must iterate across all the registered ENGINEs in the table trying to initialise each of them in turn, in case one of them is operational. If it returns a functional reference to an \s-1ENGINE,\s0 it will also cache another reference to speed up processing future queries (without needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0 response if no \s-1ENGINE\s0 was available so that future queries won't repeat the same iteration unless the state table changes. This behaviour can also be changed; if the \s-1ENGINE_TABLE_FLAG_NOINIT\s0 flag is set (using \&\fBENGINE_set_table_flags()\fR), no attempted initialisations will take place, instead the only way for the state table to return a non-NULL \s-1ENGINE\s0 to the \&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg. \&\fBENGINE_set_default_RSA()\fR does the same job as \fBENGINE_register_RSA()\fR except that it also sets the state table's cached response for the \*(L"get_default\*(R" query. In the case of abstractions like \s-1EVP_CIPHER,\s0 where implementations are indexed by 'nid', these flags and cached-responses are distinct for each 'nid' value. .SS "Application requirements" .IX Subsection "Application requirements" This section will explain the basic things an application programmer should support to make the most useful elements of the \s-1ENGINE\s0 functionality available to the user. The first thing to consider is whether the programmer wishes to make alternative \s-1ENGINE\s0 modules available to the application and user. OpenSSL maintains an internal linked list of \&\*(L"visible\*(R" ENGINEs from which it has to operate \- at start-up, this list is empty and in fact if an application does not call any \s-1ENGINE API\s0 calls and it uses static linking against openssl, then the resulting application binary will not contain any alternative \s-1ENGINE\s0 code at all. So the first consideration is whether any/all available \s-1ENGINE\s0 implementations should be made visible to OpenSSL \- this is controlled by calling the various \*(L"load\*(R" functions. .PP The fact that ENGINEs are made visible to OpenSSL (and thus are linked into the program and loaded into memory at run-time) does not mean they are \&\*(L"registered\*(R" or called into use by OpenSSL automatically \- that behaviour is something for the application to control. Some applications will want to allow the user to specify exactly which \s-1ENGINE\s0 they want used if any is to be used at all. Others may prefer to load all support and have OpenSSL automatically use at run-time any \s-1ENGINE\s0 that is able to successfully initialise \- i.e. to assume that this corresponds to acceleration hardware attached to the machine or some such thing. There are probably numerous other ways in which applications may prefer to handle things, so we will simply illustrate the consequences as they apply to a couple of simple cases and leave developers to consider these and the source code to openssl's builtin utilities as guides. .PP If no \s-1ENGINE API\s0 functions are called within an application, then OpenSSL will not allocate any internal resources. Prior to OpenSSL 1.1.0, however, if any ENGINEs are loaded, even if not registered or used, it was necessary to call \fBENGINE_cleanup()\fR before the program exits. .PP \&\fIUsing a specific \s-1ENGINE\s0 implementation\fR .PP Here we'll assume an application has been configured by its user or admin to want to use the \*(L"\s-1ACME\*(R" ENGINE\s0 if it is available in the version of OpenSSL the application was compiled with. If it is available, it should be used by default for all \s-1RSA, DSA,\s0 and symmetric cipher operations, otherwise OpenSSL should use its builtin software as per usual. The following code illustrates how to approach this; .PP .Vb 10 \& ENGINE *e; \& const char *engine_id = "ACME"; \& ENGINE_load_builtin_engines(); \& e = ENGINE_by_id(engine_id); \& if (!e) \& /* the engine isn\*(Aqt available */ \& return; \& if (!ENGINE_init(e)) { \& /* the engine couldn\*(Aqt initialise, release \*(Aqe\*(Aq */ \& ENGINE_free(e); \& return; \& } \& if (!ENGINE_set_default_RSA(e)) \& /* \& * This should only happen when \*(Aqe\*(Aq can\*(Aqt initialise, but the previous \& * statement suggests it did. \& */ \& abort(); \& ENGINE_set_default_DSA(e); \& ENGINE_set_default_ciphers(e); \& /* Release the functional reference from ENGINE_init() */ \& ENGINE_finish(e); \& /* Release the structural reference from ENGINE_by_id() */ \& ENGINE_free(e); .Ve .PP \&\fIAutomatically using builtin \s-1ENGINE\s0 implementations\fR .PP Here we'll assume we want to load and register all \s-1ENGINE\s0 implementations bundled with OpenSSL, such that for any cryptographic algorithm required by OpenSSL \- if there is an \s-1ENGINE\s0 that implements it and can be initialised, it should be used. The following code illustrates how this can work; .PP .Vb 4 \& /* Load all bundled ENGINEs into memory and make them visible */ \& ENGINE_load_builtin_engines(); \& /* Register all of them for every algorithm they collectively implement */ \& ENGINE_register_all_complete(); .Ve .PP That's all that's required. Eg. the next time OpenSSL tries to set up an \&\s-1RSA\s0 key, any bundled ENGINEs that implement \s-1RSA_METHOD\s0 will be passed to \&\fBENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the default for \s-1RSA\s0 use from then on. .SS "Advanced configuration support" .IX Subsection "Advanced configuration support" There is a mechanism supported by the \s-1ENGINE\s0 framework that allows each \&\s-1ENGINE\s0 implementation to define an arbitrary set of configuration \&\*(L"commands\*(R" and expose them to OpenSSL and any applications based on OpenSSL. This mechanism is entirely based on the use of name-value pairs and assumes \s-1ASCII\s0 input (no unicode or \s-1UTF\s0 for now!), so it is ideal if applications want to provide a transparent way for users to provide arbitrary configuration \*(L"directives\*(R" directly to such ENGINEs. It is also possible for the application to dynamically interrogate the loaded \s-1ENGINE\s0 implementations for the names, descriptions, and input flags of their available \*(L"control commands\*(R", providing a more flexible configuration scheme. However, if the user is expected to know which \s-1ENGINE\s0 device he/she is using (in the case of specialised hardware, this goes without saying) then applications may not need to concern themselves with discovering the supported control commands and simply prefer to pass settings into ENGINEs exactly as they are provided by the user. .PP Before illustrating how control commands work, it is worth mentioning what they are typically used for. Broadly speaking there are two uses for control commands; the first is to provide the necessary details to the implementation (which may know nothing at all specific to the host system) so that it can be initialised for use. This could include the path to any driver or config files it needs to load, required network addresses, smart-card identifiers, passwords to initialise protected devices, logging information, etc etc. This class of commands typically needs to be passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, i.e. before calling \fBENGINE_init()\fR. The other class of commands consist of settings or operations that tweak certain behaviour or cause certain operations to take place, and these commands may work either before or after \fBENGINE_init()\fR, or in some cases both. \s-1ENGINE\s0 implementations should provide indications of this in the descriptions attached to builtin control commands and/or in external product documentation. .PP \&\fIIssuing control commands to an \s-1ENGINE\s0\fR .PP Let's illustrate by example; a function for which the caller supplies the name of the \s-1ENGINE\s0 it wishes to use, a table of string-pairs for use before initialisation, and another table for use after initialisation. Note that the string-pairs used for control commands consist of a command \*(L"name\*(R" followed by the command \*(L"parameter\*(R" \- the parameter could be \s-1NULL\s0 in some cases but the name can not. This function should initialise the \s-1ENGINE\s0 (issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards) and set it as the default for everything except \s-1RAND\s0 and then return a boolean success or failure. .PP .Vb 10 \& int generic_load_engine_fn(const char *engine_id, \& const char **pre_cmds, int pre_num, \& const char **post_cmds, int post_num) \& { \& ENGINE *e = ENGINE_by_id(engine_id); \& if (!e) return 0; \& while (pre_num\-\-) { \& if (!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) { \& fprintf(stderr, "Failed command (%s \- %s:%s)\en", engine_id, \& pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)"); \& ENGINE_free(e); \& return 0; \& } \& pre_cmds += 2; \& } \& if (!ENGINE_init(e)) { \& fprintf(stderr, "Failed initialisation\en"); \& ENGINE_free(e); \& return 0; \& } \& /* \& * ENGINE_init() returned a functional reference, so free the structural \& * reference from ENGINE_by_id(). \& */ \& ENGINE_free(e); \& while (post_num\-\-) { \& if (!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) { \& fprintf(stderr, "Failed command (%s \- %s:%s)\en", engine_id, \& post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)"); \& ENGINE_finish(e); \& return 0; \& } \& post_cmds += 2; \& } \& ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND); \& /* Success */ \& return 1; \& } .Ve .PP Note that \fBENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can relax the semantics of the function \- if set nonzero it will only return failure if the \s-1ENGINE\s0 supported the given command name but failed while executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply return success without doing anything. In this case we assume the user is only supplying commands specific to the given \s-1ENGINE\s0 so we set this to \&\s-1FALSE.\s0 .PP \&\fIDiscovering supported control commands\fR .PP It is possible to discover at run-time the names, numerical-ids, descriptions and input parameters of the control commands supported by an \s-1ENGINE\s0 using a structural reference. Note that some control commands are defined by OpenSSL itself and it will intercept and handle these control commands on behalf of the \&\s-1ENGINE,\s0 i.e. the \s-1ENGINE\s0's \fBctrl()\fR handler is not used for the control command. openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE,\s0 that all control commands implemented by ENGINEs should be numbered from. Any command value lower than this symbol is considered a \*(L"generic\*(R" command is handled directly by the OpenSSL core routines. .PP It is using these \*(L"core\*(R" control commands that one can discover the control commands implemented by a given \s-1ENGINE,\s0 specifically the commands: .PP .Vb 9 \& ENGINE_HAS_CTRL_FUNCTION \& ENGINE_CTRL_GET_FIRST_CMD_TYPE \& ENGINE_CTRL_GET_NEXT_CMD_TYPE \& ENGINE_CTRL_GET_CMD_FROM_NAME \& ENGINE_CTRL_GET_NAME_LEN_FROM_CMD \& ENGINE_CTRL_GET_NAME_FROM_CMD \& ENGINE_CTRL_GET_DESC_LEN_FROM_CMD \& ENGINE_CTRL_GET_DESC_FROM_CMD \& ENGINE_CTRL_GET_CMD_FLAGS .Ve .PP Whilst these commands are automatically processed by the OpenSSL framework code, they use various properties exposed by each \s-1ENGINE\s0 to process these queries. An \s-1ENGINE\s0 has 3 properties it exposes that can affect how this behaves; it can supply a \fBctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in the \s-1ENGINE\s0's flags, and it can expose an array of control command descriptions. If an \s-1ENGINE\s0 specifies the \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 flag, then it will simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fBctrl()\fR handler (and thus, it must have supplied one), so it is up to the \s-1ENGINE\s0 to reply to these \*(L"discovery\*(R" commands itself. If that flag is not set, then the OpenSSL framework code will work with the following rules: .PP .Vb 9 \& if no ctrl() handler supplied; \& ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero), \& all other commands fail. \& if a ctrl() handler was supplied but no array of control commands; \& ENGINE_HAS_CTRL_FUNCTION returns TRUE, \& all other commands fail. \& if a ctrl() handler and array of control commands was supplied; \& ENGINE_HAS_CTRL_FUNCTION returns TRUE, \& all other commands proceed processing ... .Ve .PP If the \s-1ENGINE\s0's array of control commands is empty then all other commands will fail, otherwise; \s-1ENGINE_CTRL_GET_FIRST_CMD_TYPE\s0 returns the identifier of the first command supported by the \s-1ENGINE, ENGINE_GET_NEXT_CMD_TYPE\s0 takes the identifier of a command supported by the \s-1ENGINE\s0 and returns the next command identifier or fails if there are no more, \s-1ENGINE_CMD_FROM_NAME\s0 takes a string name for a command and returns the corresponding identifier or fails if no such command name exists, and the remaining commands take a command identifier and return properties of the corresponding commands. All except \&\s-1ENGINE_CTRL_GET_FLAGS\s0 return the string length of a command name or description, or populate a supplied character buffer with a copy of the command name or description. \s-1ENGINE_CTRL_GET_FLAGS\s0 returns a bitwise-OR'd mask of the following possible values: .PP .Vb 4 \& ENGINE_CMD_FLAG_NUMERIC \& ENGINE_CMD_FLAG_STRING \& ENGINE_CMD_FLAG_NO_INPUT \& ENGINE_CMD_FLAG_INTERNAL .Ve .PP If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely informational to the caller \- this flag will prevent the command being usable for any higher-level \s-1ENGINE\s0 functions such as \fBENGINE_ctrl_cmd_string()\fR. \&\*(L"\s-1INTERNAL\*(R"\s0 commands are not intended to be exposed to text-based configuration by applications, administrations, users, etc. These can support arbitrary operations via \fBENGINE_ctrl()\fR, including passing to and/or from the control commands data of any arbitrary type. These commands are supported in the discovery mechanisms simply to allow applications to determine if an \s-1ENGINE\s0 supports certain specific commands it might want to use (e.g. application \*(L"foo\*(R" might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\*(R"\s0 \- and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific extension). .SH "ENVIRONMENT" .IX Header "ENVIRONMENT" .IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 .IX Item "OPENSSL_ENGINES" The path to the engines directory. Ignored in set-user-ID and set-group-ID programs. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBENGINE_get_first()\fR, \fBENGINE_get_last()\fR, \fBENGINE_get_next()\fR and \fBENGINE_get_prev()\fR return a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. .PP \&\fBENGINE_add()\fR and \fBENGINE_remove()\fR return 1 on success or 0 on error. .PP \&\fBENGINE_by_id()\fR returns a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. .PP \&\fBENGINE_init()\fR and \fBENGINE_finish()\fR return 1 on success or 0 on error. .PP All \fBENGINE_get_default_TYPE()\fR functions, \fBENGINE_get_cipher_engine()\fR and \&\fBENGINE_get_digest_engine()\fR return a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 if an error occurred. .PP All \fBENGINE_set_default_TYPE()\fR functions return 1 on success or 0 on error. .PP \&\fBENGINE_set_default()\fR returns 1 on success or 0 on error. .PP \&\fBENGINE_get_table_flags()\fR returns an unsigned integer value representing the global table flags which are used to control the registration behaviour of \&\fB\s-1ENGINE\s0\fR implementations. .PP All \fBENGINE_register_TYPE()\fR functions return 1 on success or 0 on error. .PP \&\fBENGINE_register_complete()\fR and \fBENGINE_register_all_complete()\fR always return 1. .PP \&\fBENGINE_ctrl()\fR returns a positive value on success or others on error. .PP \&\fBENGINE_cmd_is_executable()\fR returns 1 if \fBcmd\fR is executable or 0 otherwise. .PP \&\fBENGINE_ctrl_cmd()\fR and \fBENGINE_ctrl_cmd_string()\fR return 1 on success or 0 on error. .PP \&\fBENGINE_new()\fR returns a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 if an error occurred. .PP \&\fBENGINE_free()\fR always returns 1. .PP \&\fBENGINE_up_ref()\fR returns 1 on success or 0 on error. .PP \&\fBENGINE_set_id()\fR and \fBENGINE_set_name()\fR return 1 on success or 0 on error. .PP All other \fBENGINE_set_*\fR functions return 1 on success or 0 on error. .PP \&\fBENGINE_get_id()\fR and \fBENGINE_get_name()\fR return a string representing the identifier and the name of the \s-1ENGINE\s0 \fBe\fR respectively. .PP \&\fBENGINE_get_RSA()\fR, \fBENGINE_get_DSA()\fR, \fBENGINE_get_DH()\fR and \fBENGINE_get_RAND()\fR return corresponding method structures for each algorithms. .PP \&\fBENGINE_get_destroy_function()\fR, \fBENGINE_get_init_function()\fR, \&\fBENGINE_get_finish_function()\fR, \fBENGINE_get_ctrl_function()\fR, \&\fBENGINE_get_load_privkey_function()\fR, \fBENGINE_get_load_pubkey_function()\fR, \&\fBENGINE_get_ciphers()\fR and \fBENGINE_get_digests()\fR return corresponding function pointers of the callbacks. .PP \&\fBENGINE_get_cipher()\fR returns a valid \fB\s-1EVP_CIPHER\s0\fR structure on success or \s-1NULL\s0 if an error occurred. .PP \&\fBENGINE_get_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure on success or \s-1NULL\s0 if an error occurred. .PP \&\fBENGINE_get_flags()\fR returns an integer representing the \s-1ENGINE\s0 flags which are used to control various behaviours of an \s-1ENGINE.\s0 .PP \&\fBENGINE_get_cmd_defns()\fR returns an \fB\s-1ENGINE_CMD_DEFN\s0\fR structure or \s-1NULL\s0 if it's not set. .PP \&\fBENGINE_load_private_key()\fR and \fBENGINE_load_public_key()\fR return a valid \fB\s-1EVP_PKEY\s0\fR structure on success or \s-1NULL\s0 if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOPENSSL_init_crypto\fR\|(3), \fBRSA_new_method\fR\|(3), \fBDSA_new\fR\|(3), \fBDH_new\fR\|(3), \&\fBRAND_bytes\fR\|(3), \fBconfig\fR\|(5) .SH "HISTORY" .IX Header "HISTORY" \&\fBENGINE_cleanup()\fR was deprecated in OpenSSL 1.1.0 by the automatic cleanup done by \fBOPENSSL_cleanup()\fR and should not be used. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! & &BN_add.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_ADD 3" .TH BN_ADD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); \& \& int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); \& \& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); \& \& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); \& \& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, \& BN_CTX *ctx); \& \& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); \& \& int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); \& \& int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, \& BN_CTX *ctx); \& \& int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, \& BN_CTX *ctx); \& \& int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, \& BN_CTX *ctx); \& \& int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); \& \& BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); \& \& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); \& \& int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, \& const BIGNUM *m, BN_CTX *ctx); \& \& int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR). \&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. .PP \&\fBBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). \&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. .PP \&\fBBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR). \&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For multiplication by powers of 2, use \fBBN_lshift\fR\|(3). .PP \&\fBBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a^2\*(C'\fR). \fIr\fR and \fIa\fR may be the same \fB\s-1BIGNUM\s0\fR. This function is faster than BN_mul(r,a,a). .PP \&\fBBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the remainder in \fIrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fIdv\fR and \fIrem\fR may be \fB\s-1NULL\s0\fR, in which case the respective value is not returned. The result is rounded towards zero; thus if \fIa\fR is negative, the remainder will be zero or negative. For division by powers of 2, use \fBBN_rshift\fR\|(3). .PP \&\fBBN_mod()\fR corresponds to \fBBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR. .PP \&\fBBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the nonnegative remainder in \fIr\fR. .PP \&\fBBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the nonnegative result in \fIr\fR. .PP \&\fBBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the nonnegative result in \fIr\fR. .PP \&\fBBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the nonnegative remainder respective to modulus \fIm\fR (\f(CW\*(C`r=(a*b) mod m\*(C'\fR). \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for repeated computations using the same modulus, see \&\fBBN_mod_mul_montgomery\fR\|(3) and \&\fBBN_mod_mul_reciprocal\fR\|(3). .PP \&\fBBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the result in \fIr\fR. .PP \&\fBBN_mod_sqrt()\fR returns the modular square root of \fIa\fR such that \&\f(CW\*(C`in^2 = a (mod p)\*(C'\fR. The modulus \fIp\fR must be a prime, otherwise an error or an incorrect \*(L"result\*(R" will be returned. The result is stored into \fIin\fR which can be \s-1NULL.\s0 The result will be newly allocated in that case. .PP \&\fBBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR (\f(CW\*(C`r=a^p\*(C'\fR). This function is faster than repeated applications of \&\fBBN_mul()\fR. .PP \&\fBBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p % m\*(C'\fR). This function uses less time and space than \fBBN_exp()\fR. Do not call this function when \fBm\fR is even and any of the parameters have the \&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set. .PP \&\fBBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and places the result in \fIr\fR. \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \&\fIb\fR. .PP For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables; see \fBBN_CTX_new\fR\|(3). .PP Unless noted otherwise, the result \fB\s-1BIGNUM\s0\fR must be different from the arguments. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The \fBBN_mod_sqrt()\fR returns the result (possibly incorrect if \fIp\fR is not a prime), or \s-1NULL.\s0 .PP For all remaining functions, 1 is returned for success, 0 on error. The return value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*(C'\fR). The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBBN_CTX_new\fR\|(3), \&\fBBN_add_word\fR\|(3), \fBBN_set_bit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!'Z[Z[X509_VERIFY_PARAM_set_flags.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_VERIFY_PARAM_SET_FLAGS 3" .TH X509_VERIFY_PARAM_SET_FLAGS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_get_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get_hostflags, X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc \&\- X509 verification parameters .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, \& unsigned long flags); \& int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, \& unsigned long flags); \& unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); \& \& int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, \& uint32_t flags); \& uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); \& \& int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); \& int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); \& \& void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); \& time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); \& \& int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, \& ASN1_OBJECT *policy); \& int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, \& STACK_OF(ASN1_OBJECT) *policies); \& \& void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); \& int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); \& \& void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, \& int auth_level); \& int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); \& \& int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, \& const char *name, size_t namelen); \& int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, \& const char *name, size_t namelen); \& void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, \& unsigned int flags); \& unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); \& char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); \& int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, \& const char *email, size_t emaillen); \& int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, \& const unsigned char *ip, size_t iplen); \& int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions manipulate the \fBX509_VERIFY_PARAM\fR structure associated with a certificate verification operation. .PP The \fBX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring it with \fBflags\fR. See the \fB\s-1VERIFICATION FLAGS\s0\fR section for a complete description of values the \fBflags\fR parameter can take. .PP \&\fBX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR. .PP \&\fBX509_VERIFY_PARAM_get_inh_flags()\fR returns the inheritance flags in \fBparam\fR which specifies how verification flags are copied from one structure to another. \fBX509_VERIFY_PARAM_set_inh_flags()\fR sets the inheritance flags. See the \fB\s-1INHERITANCE FLAGS\s0\fR section for a description of these bits. .PP \&\fBX509_VERIFY_PARAM_clear_flags()\fR clears the flags \fBflags\fR in \fBparam\fR. .PP \&\fBX509_VERIFY_PARAM_set_purpose()\fR sets the verification purpose in \fBparam\fR to \fBpurpose\fR. This determines the acceptable purpose of the certificate chain, for example \s-1SSL\s0 client or \s-1SSL\s0 server. .PP \&\fBX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to \&\fBtrust\fR. .PP \&\fBX509_VERIFY_PARAM_set_time()\fR sets the verification time in \fBparam\fR to \&\fBt\fR. Normally the current time is used. .PP \&\fBX509_VERIFY_PARAM_add0_policy()\fR adds \fBpolicy\fR to the acceptable policy set. Contrary to preexisting documentation of this function it does not enable policy checking. .PP \&\fBX509_VERIFY_PARAM_set1_policies()\fR enables policy checking (it is disabled by default) and sets the acceptable policy set to \fBpolicies\fR. Any existing policy set is cleared. The \fBpolicies\fR parameter can be \fB\s-1NULL\s0\fR to clear an existing policy set. .PP \&\fBX509_VERIFY_PARAM_set_depth()\fR sets the maximum verification depth to \fBdepth\fR. That is the maximum number of intermediate \s-1CA\s0 certificates that can appear in a chain. A maximal depth chain contains 2 more certificates than the limit, since neither the end-entity certificate nor the trust-anchor count against this limit. Thus a \fBdepth\fR limit of 0 only allows the end-entity certificate to be signed directly by the trust-anchor, while with a \fBdepth\fR limit of 1 there can be one intermediate \s-1CA\s0 certificate between the trust-anchor and the end-entity certificate. .PP \&\fBX509_VERIFY_PARAM_set_auth_level()\fR sets the authentication security level to \&\fBauth_level\fR. The authentication security level determines the acceptable signature and public key strength when verifying certificate chains. For a certificate chain to validate, the public keys of all the certificates must meet the specified security level. The signature algorithm security level is not enforced for the chain's \fItrust anchor\fR certificate, which is either directly trusted or validated by means other than its signature. See \fBSSL_CTX_set_security_level\fR\|(3) for the definitions of the available levels. The default security level is \-1, or \*(L"not set\*(R". At security level 0 or lower all algorithms are acceptable. Security level 1 requires at least 80\-bit\-equivalent security and is broadly interoperable, though it will, for example, reject \s-1MD5\s0 signatures or \s-1RSA\s0 keys shorter than 1024 bits. .PP \&\fBX509_VERIFY_PARAM_set1_host()\fR sets the expected \s-1DNS\s0 hostname to \&\fBname\fR clearing any previously specified hostname or names. If \&\fBname\fR is \s-1NULL,\s0 or empty the list of hostnames is cleared, and name checks are not performed on the peer certificate. If \fBname\fR is NUL-terminated, \fBnamelen\fR may be zero, otherwise \fBnamelen\fR must be set to the length of \fBname\fR. .PP When a hostname is specified, certificate verification automatically invokes \fBX509_check_host\fR\|(3) with flags equal to the \fBflags\fR argument given to \&\fBX509_VERIFY_PARAM_set_hostflags()\fR (default zero). Applications are strongly advised to use this interface in preference to explicitly calling \fBX509_check_host\fR\|(3), hostname checks may be out of scope with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, and the internal check will be suppressed as appropriate when \s-1DANE\s0 verification is enabled. .PP When the subject CommonName will not be ignored, whether as a result of the \&\fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR host flag, or because no \s-1DNS\s0 subject alternative names are present in the certificate, any \s-1DNS\s0 name constraints in issuer certificates apply to the subject CommonName as well as the subject alternative name extension. .PP When the subject CommonName will be ignored, whether as a result of the \&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR host flag, or because some \s-1DNS\s0 subject alternative names are present in the certificate, \s-1DNS\s0 name constraints in issuer certificates will not be applied to the subject \s-1DN.\s0 As described in \fBX509_check_host\fR\|(3) the \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR flag takes precedence over the \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR flag. .PP \&\fBX509_VERIFY_PARAM_get_hostflags()\fR returns any host flags previously set via a call to \fBX509_VERIFY_PARAM_set_hostflags()\fR. .PP \&\fBX509_VERIFY_PARAM_add1_host()\fR adds \fBname\fR as an additional reference identifier that can match the peer's certificate. Any previous names set via \fBX509_VERIFY_PARAM_set1_host()\fR or \fBX509_VERIFY_PARAM_add1_host()\fR are retained, no change is made if \fBname\fR is \s-1NULL\s0 or empty. When multiple names are configured, the peer is considered verified when any name matches. .PP \&\fBX509_VERIFY_PARAM_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject CommonName from the peer certificate that matched one of the reference identifiers. When wildcard matching is not disabled, or when a reference identifier specifies a parent domain (starts with \*(L".\*(R") rather than a hostname, the peer name may be a wildcard name or a sub-domain of the reference identifier respectively. The return string is allocated by the library and is no longer valid once the associated \fBparam\fR argument is freed. Applications must not free the return value. .PP \&\fBX509_VERIFY_PARAM_set1_email()\fR sets the expected \s-1RFC822\s0 email address to \&\fBemail\fR. If \fBemail\fR is NUL-terminated, \fBemaillen\fR may be zero, otherwise \&\fBemaillen\fR must be set to the length of \fBemail\fR. When an email address is specified, certificate verification automatically invokes \&\fBX509_check_email\fR\|(3). .PP \&\fBX509_VERIFY_PARAM_set1_ip()\fR sets the expected \s-1IP\s0 address to \fBip\fR. The \fBip\fR argument is in binary format, in network byte-order and \&\fBiplen\fR must be set to 4 for IPv4 and 16 for IPv6. When an \s-1IP\s0 address is specified, certificate verification automatically invokes \&\fBX509_check_ip\fR\|(3). .PP \&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR sets the expected \s-1IP\s0 address to \&\fBipasc\fR. The \fBipasc\fR argument is a NUL-terminal \s-1ASCII\s0 string: dotted decimal quad for IPv4 and colon-separated hexadecimal for IPv6. The condensed \*(L"::\*(R" notation is supported for IPv6 addresses. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_VERIFY_PARAM_set_flags()\fR, \fBX509_VERIFY_PARAM_clear_flags()\fR, \&\fBX509_VERIFY_PARAM_set_inh_flags()\fR, \&\fBX509_VERIFY_PARAM_set_purpose()\fR, \fBX509_VERIFY_PARAM_set_trust()\fR, \&\fBX509_VERIFY_PARAM_add0_policy()\fR \fBX509_VERIFY_PARAM_set1_policies()\fR, \&\fBX509_VERIFY_PARAM_set1_host()\fR, \fBX509_VERIFY_PARAM_add1_host()\fR, \&\fBX509_VERIFY_PARAM_set1_email()\fR, \fBX509_VERIFY_PARAM_set1_ip()\fR and \&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR return 1 for success and 0 for failure. .PP \&\fBX509_VERIFY_PARAM_get_flags()\fR returns the current verification flags. .PP \&\fBX509_VERIFY_PARAM_get_hostflags()\fR returns any current host flags. .PP \&\fBX509_VERIFY_PARAM_get_inh_flags()\fR returns the current inheritance flags. .PP \&\fBX509_VERIFY_PARAM_set_time()\fR and \fBX509_VERIFY_PARAM_set_depth()\fR do not return values. .PP \&\fBX509_VERIFY_PARAM_get_depth()\fR returns the current verification depth. .PP \&\fBX509_VERIFY_PARAM_get_auth_level()\fR returns the current authentication security level. .SH "VERIFICATION FLAGS" .IX Header "VERIFICATION FLAGS" The verification flags consists of zero or more of the following flags ored together. .PP \&\fBX509_V_FLAG_CRL_CHECK\fR enables \s-1CRL\s0 checking for the certificate chain leaf certificate. An error occurs if a suitable \s-1CRL\s0 cannot be found. .PP \&\fBX509_V_FLAG_CRL_CHECK_ALL\fR enables \s-1CRL\s0 checking for the entire certificate chain. .PP \&\fBX509_V_FLAG_IGNORE_CRITICAL\fR disabled critical extension checking. By default any unhandled critical extensions in certificates or (if checked) CRLs results in a fatal error. If this flag is set unhandled critical extensions are ignored. \fB\s-1WARNING\s0\fR setting this option for anything other than debugging purposes can be a security risk. Finer control over which extensions are supported can be performed in the verification callback. .PP The \fBX509_V_FLAG_X509_STRICT\fR flag disables workarounds for some broken certificates and makes the verification strictly apply \fBX509\fR rules. .PP \&\fBX509_V_FLAG_ALLOW_PROXY_CERTS\fR enables proxy certificate verification. .PP \&\fBX509_V_FLAG_POLICY_CHECK\fR enables certificate policy checking, by default no policy checking is performed. Additional information is sent to the verification callback relating to policy checking. .PP \&\fBX509_V_FLAG_EXPLICIT_POLICY\fR, \fBX509_V_FLAG_INHIBIT_ANY\fR and \&\fBX509_V_FLAG_INHIBIT_MAP\fR set the \fBrequire explicit policy\fR, \fBinhibit any policy\fR and \fBinhibit policy mapping\fR flags respectively as defined in \&\fB\s-1RFC3280\s0\fR. Policy checking is automatically enabled if any of these flags are set. .PP If \fBX509_V_FLAG_NOTIFY_POLICY\fR is set and the policy checking is successful a special status code is set to the verification callback. This permits it to examine the valid policy tree and perform additional checks or simply log it for debugging purposes. .PP By default some additional features such as indirect CRLs and CRLs signed by different keys are disabled. If \fBX509_V_FLAG_EXTENDED_CRL_SUPPORT\fR is set they are enabled. .PP If \fBX509_V_FLAG_USE_DELTAS\fR is set delta CRLs (if present) are used to determine certificate status. If not set deltas are ignored. .PP \&\fBX509_V_FLAG_CHECK_SS_SIGNATURE\fR requests checking the signature of the last certificate in a chain if the certificate is supposedly self-signed. This is prohibited and will result in an error if it is a non-conforming \s-1CA\s0 certificate with key usage restrictions not including the keyCertSign bit. By default this check is disabled because it doesn't add any additional security but in some cases applications might want to check the signature anyway. A side effect of not checking the self-signature of such a certificate is that disabled or unsupported message digests used for the signature are not treated as fatal errors. .PP When \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, construction of the certificate chain in \fBX509_verify_cert\fR\|(3) will search the trust store for issuer certificates before searching the provided untrusted certificates. Local issuer certificates are often more likely to satisfy local security requirements and lead to a locally trusted root. This is especially important when some certificates in the trust store have explicit trust settings (see \*(L"\s-1TRUST SETTINGS\*(R"\s0 in \fBx509\fR\|(1)). As of OpenSSL 1.1.0 this option is on by default. .PP The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag suppresses checking for alternative chains. By default, unless \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, when building a certificate chain, if the first certificate chain found is not trusted, then OpenSSL will attempt to replace untrusted certificates supplied by the peer with certificates from the trust store to see if an alternative chain can be found that is trusted. As of OpenSSL 1.1.0, with \fBX509_V_FLAG_TRUSTED_FIRST\fR always set, this option has no effect. .PP The \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag causes intermediate certificates in the trust store to be treated as trust-anchors, in the same way as the self-signed root \s-1CA\s0 certificates. This makes it possible to trust certificates issued by an intermediate \s-1CA\s0 without having to trust its ancestor root \s-1CA.\s0 With OpenSSL 1.1.0 and later and set, chain construction stops as soon as the first certificate from the trust store is added to the chain, whether that certificate is a self-signed \*(L"root\*(R" certificate or a not self-signed intermediate certificate. Thus, when an intermediate certificate is found in the trust store, the verified chain passed to callbacks may be shorter than it otherwise would be without the \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag. .PP The \fBX509_V_FLAG_NO_CHECK_TIME\fR flag suppresses checking the validity period of certificates and CRLs against the current time. If \fBX509_VERIFY_PARAM_set_time()\fR is used to specify a verification time, the check is not suppressed. .SH "INHERITANCE FLAGS" .IX Header "INHERITANCE FLAGS" These flags specify how parameters are \*(L"inherited\*(R" from one structure to another. .PP If \fBX509_VP_FLAG_ONCE\fR is set then the current setting is zeroed after the next call. .PP If \fBX509_VP_FLAG_LOCKED\fR is set then no values are copied. This overrides all of the following flags. .PP If \fBX509_VP_FLAG_DEFAULT\fR is set then anything set in the source is copied to the destination. Effectively the values in \*(L"to\*(R" become default values which will be used only if nothing new is set in \*(L"from\*(R". This is the default. .PP If \fBX509_VP_FLAG_OVERWRITE\fR is set then all value are copied across whether they are set or not. Flags is still Ored though. .PP If \fBX509_VP_FLAG_RESET_FLAGS\fR is set then the flags value is copied instead of ORed. .SH "NOTES" .IX Header "NOTES" The above functions should be used to manipulate verification parameters instead of functions which work in specific structures such as \&\fBX509_STORE_CTX_set_flags()\fR which are likely to be deprecated in a future release. .SH "BUGS" .IX Header "BUGS" Delta \s-1CRL\s0 checking is currently primitive. Only a single delta can be used and (partly due to limitations of \fBX509_STORE\fR) constructed CRLs are not maintained. .PP If CRLs checking is enable CRLs are expected to be available in the corresponding \fBX509_STORE\fR structure. No attempt is made to download CRLs from the \s-1CRL\s0 distribution points extension. .SH "EXAMPLES" .IX Header "EXAMPLES" Enable \s-1CRL\s0 checking when performing certificate verification during \s-1SSL\s0 connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR: .PP .Vb 1 \& X509_VERIFY_PARAM *param; \& \& param = X509_VERIFY_PARAM_new(); \& X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); \& SSL_CTX_set1_param(ctx, param); \& X509_VERIFY_PARAM_free(param); .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_verify_cert\fR\|(3), \&\fBX509_check_host\fR\|(3), \&\fBX509_check_email\fR\|(3), \&\fBX509_check_ip\fR\|(3), \&\fBx509\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag was added in OpenSSL 1.1.0. The flag \fBX509_V_FLAG_CB_ISSUER_CHECK\fR was deprecated in OpenSSL 1.1.0 and has no effect. .PP The \fBX509_VERIFY_PARAM_get_hostflags()\fR function was added in OpenSSL 1.1.0i. .PP The function \fBX509_VERIFY_PARAM_add0_policy()\fR was historically documented as enabling policy checking however the implementation has never done this. The documentation was changed to align with the implementation. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2009\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!. ׅ MDC2_Init.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "MDC2_INIT 3" .TH MDC2_INIT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 hash function .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& unsigned char *MDC2(const unsigned char *d, unsigned long n, \& unsigned char *md); \& \& int MDC2_Init(MDC2_CTX *c); \& int MDC2_Update(MDC2_CTX *c, const unsigned char *data, \& unsigned long len); \& int MDC2_Final(unsigned char *md, MDC2_CTX *c); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1MDC2\s0 is a method to construct hash functions with 128 bit output from block ciphers. These functions are an implementation of \s-1MDC2\s0 with \&\s-1DES.\s0 .PP \&\s-1\fBMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR bytes at \fBd\fR and places it in \fBmd\fR (which must have space for \&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. .PP The following functions may be used if the message is not completely stored in memory: .PP \&\fBMDC2_Init()\fR initializes a \fB\s-1MDC2_CTX\s0\fR structure. .PP \&\fBMDC2_Update()\fR can be called repeatedly with chunks of the message to be hashed (\fBlen\fR bytes at \fBdata\fR). .PP \&\fBMDC2_Final()\fR places the message digest in \fBmd\fR, which must have space for \s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MDC2_CTX\s0\fR. .PP Applications should use the higher level functions \&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the hash functions directly. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\s-1\fBMDC2\s0()\fR returns a pointer to the hash value. .PP \&\fBMDC2_Init()\fR, \fBMDC2_Update()\fR and \fBMDC2_Final()\fR return 1 for success, 0 otherwise. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1ISO/IEC 10118\-2:2000\s0 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ERR_put_error.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ERR_PUT_ERROR 3" .TH ERR_PUT_ERROR 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ERR_put_error, ERR_add_error_data, ERR_add_error_vdata \- record an error .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void ERR_put_error(int lib, int func, int reason, const char *file, int line); \& \& void ERR_add_error_data(int num, ...); \& void ERR_add_error_vdata(int num, va_list arg); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBERR_put_error()\fR adds an error code to the thread's error queue. It signals that the error of reason code \fBreason\fR occurred in function \&\fBfunc\fR of library \fBlib\fR, in line number \fBline\fR of \fBfile\fR. This function is usually called by a macro. .PP \&\fBERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string arguments with the error code added last. \&\fBERR_add_error_vdata()\fR is similar except the argument is a \fBva_list\fR. .PP \&\fBERR_load_strings\fR\|(3) can be used to register error strings so that the application can a generate human-readable error messages for the error code. .SS "Reporting errors" .IX Subsection "Reporting errors" Each sub-library has a specific macro \fBXXXerr()\fR that is used to report errors. Its first argument is a function code \fB\s-1XXX_F_...\s0\fR, the second argument is a reason code \fB\s-1XXX_R_...\s0\fR. Function codes are derived from the function names; reason codes consist of textual error descriptions. For example, the function \fBssl3_read_bytes()\fR reports a \&\*(L"handshake failure\*(R" as follows: .PP .Vb 1 \& SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); .Ve .PP Function and reason codes should consist of uppercase characters, numbers and underscores only. The error file generation script translates function codes into function names by looking in the header files for an appropriate function name, if none is found it just uses the capitalized form such as \*(L"\s-1SSL3_READ_BYTES\*(R"\s0 in the above example. .PP The trailing section of a reason code (after the \*(L"_R_\*(R") is translated into lowercase and underscores changed to spaces. .PP Although a library will normally report errors using its own specific XXXerr macro, another library's macro can be used. This is normally only done when a library wants to include \s-1ASN1\s0 code which must use the \fBASN1err()\fR macro. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBERR_put_error()\fR and \fBERR_add_error_data()\fR return no values. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_load_strings\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!)i2d_re_X509_tbs.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "I2D_RE_X509_TBS 3" .TH I2D_RE_X509_TBS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" d2i_X509_AUX, i2d_X509_AUX, i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs \&\- X509 encode and decode functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len); \& int i2d_X509_AUX(X509 *x, unsigned char **out); \& int i2d_re_X509_tbs(X509 *x, unsigned char **out); \& int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp); \& int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The X509 encode and decode routines encode and parse an \&\fBX509\fR structure, which represents an X509 certificate. .PP \&\fBd2i_X509_AUX()\fR is similar to \fBd2i_X509\fR\|(3) but the input is expected to consist of an X509 certificate followed by auxiliary trust information. This is used by the \s-1PEM\s0 routines to read \*(L"\s-1TRUSTED CERTIFICATE\*(R"\s0 objects. This function should not be called on untrusted input. .PP \&\fBi2d_X509_AUX()\fR is similar to \fBi2d_X509\fR\|(3), but the encoded output contains both the certificate and any auxiliary trust information. This is used by the \s-1PEM\s0 routines to write \*(L"\s-1TRUSTED CERTIFICATE\*(R"\s0 objects. Note that this is a non-standard OpenSSL-specific data format. .PP \&\fBi2d_re_X509_tbs()\fR is similar to \fBi2d_X509\fR\|(3) except it encodes only the TBSCertificate portion of the certificate. \fBi2d_re_X509_CRL_tbs()\fR and \fBi2d_re_X509_REQ_tbs()\fR are analogous for \s-1CRL\s0 and certificate request, respectively. The \*(L"re\*(R" in \fBi2d_re_X509_tbs\fR stands for \*(L"re-encode\*(R", and ensures that a fresh encoding is generated in case the object has been modified after creation (see the \s-1BUGS\s0 section). .PP The encoding of the TBSCertificate portion of a certificate is cached in the \fBX509\fR structure internally to improve encoding performance and to ensure certificate signatures are verified correctly in some certificates with broken (non-DER) encodings. .PP If, after modification, the \fBX509\fR object is re-signed with \fBX509_sign()\fR, the encoding is automatically renewed. Otherwise, the encoding of the TBSCertificate portion of the \fBX509\fR can be manually renewed by calling \&\fBi2d_re_X509_tbs()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBd2i_X509_AUX()\fR returns a valid \fBX509\fR structure or \s-1NULL\s0 if an error occurred. .PP \&\fBi2d_X509_AUX()\fR returns the length of encoded data or \-1 on error. .PP \&\fBi2d_re_X509_tbs()\fR, \fBi2d_re_X509_CRL_tbs()\fR and \fBi2d_re_X509_REQ_tbs()\fR return the length of encoded data or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) \&\fBX509_CRL_get0_by_serial\fR\|(3), \&\fBX509_get0_signature\fR\|(3), \&\fBX509_get_ext_d2i\fR\|(3), \&\fBX509_get_extension_flags\fR\|(3), \&\fBX509_get_pubkey\fR\|(3), \&\fBX509_get_subject_name\fR\|(3), \&\fBX509_get_version\fR\|(3), \&\fBX509_NAME_add_entry_by_txt\fR\|(3), \&\fBX509_NAME_ENTRY_get_object\fR\|(3), \&\fBX509_NAME_get_index_by_NID\fR\|(3), \&\fBX509_NAME_print_ex\fR\|(3), \&\fBX509_new\fR\|(3), \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!n#%#%DSA_get0_pqg.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DSA_GET0_PQG 3" .TH DSA_GET0_PQG 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, DSA_get0_p, DSA_get0_q, DSA_get0_g, DSA_get0_pub_key, DSA_get0_priv_key, DSA_clear_flags, DSA_test_flags, DSA_set_flags, DSA_get0_engine \- Routines for getting and setting data in a DSA object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void DSA_get0_pqg(const DSA *d, \& const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); \& int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); \& void DSA_get0_key(const DSA *d, \& const BIGNUM **pub_key, const BIGNUM **priv_key); \& int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); \& const BIGNUM *DSA_get0_p(const DSA *d); \& const BIGNUM *DSA_get0_q(const DSA *d); \& const BIGNUM *DSA_get0_g(const DSA *d); \& const BIGNUM *DSA_get0_pub_key(const DSA *d); \& const BIGNUM *DSA_get0_priv_key(const DSA *d); \& void DSA_clear_flags(DSA *d, int flags); \& int DSA_test_flags(const DSA *d, int flags); \& void DSA_set_flags(DSA *d, int flags); \& ENGINE *DSA_get0_engine(DSA *d); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A \s-1DSA\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. It also contains a public key (\fBpub_key\fR) and (optionally) a private key (\fBpriv_key\fR). .PP The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fBDSA_get0_pqg()\fR. If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set to \s-1NULL.\s0 Otherwise they are set to pointers to their respective values. These point directly to the internal representations of the values and therefore should not be freed directly. .PP The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fBDSA_set0_pqg()\fR and passing the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling this function transfers the memory management of the values to the \s-1DSA\s0 object, and therefore the values that have been passed in should not be freed directly after this function has been called. .PP To get the public and private key values use the \fBDSA_get0_key()\fR function. A pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not been set yet, although if the private key has been set then the public key must be. The values point to the internal representation of the public key and private key values. This memory should not be freed directly. .PP The public and private key values can be set using \fBDSA_set0_key()\fR. The public key must be non-NULL the first time this function is called on a given \s-1DSA\s0 object. The private key may be \s-1NULL.\s0 On subsequent calls, either may be \s-1NULL,\s0 which means the corresponding \s-1DSA\s0 field is left untouched. As for \fBDSA_set0_pqg()\fR this function transfers the memory management of the key values to the \s-1DSA\s0 object, and therefore they should not be freed directly after this function has been called. .PP Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be retrieved separately by the corresponding function \fBDSA_get0_p()\fR, \fBDSA_get0_q()\fR, \&\fBDSA_get0_g()\fR, \fBDSA_get0_priv_key()\fR, and \fBDSA_get0_pub_key()\fR, respectively. .PP \&\fBDSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DSA\s0 object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. \fBDSA_test_flags()\fR tests to see whether the flags passed in the \fBflags\fR parameter are currently set in the \s-1DSA\s0 object. Multiple flags can be tested in one go. All flags that are currently set are returned, or zero if none of the flags are set. \fBDSA_clear_flags()\fR clears the specified flags within the \s-1DSA\s0 object. .PP \&\fBDSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DSA\s0 object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. .SH "NOTES" .IX Header "NOTES" Values retrieved with \fBDSA_get0_key()\fR are owned by the \s-1DSA\s0 object used in the call and may therefore \fInot\fR be passed to \fBDSA_set0_key()\fR. If needed, duplicate the received value using \fBBN_dup()\fR and pass the duplicate. The same applies to \fBDSA_get0_pqg()\fR and \fBDSA_set0_pqg()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDSA_set0_pqg()\fR and \fBDSA_set0_key()\fR return 1 on success or 0 on failure. .PP \&\fBDSA_test_flags()\fR returns the current state of the flags in the \s-1DSA\s0 object. .PP \&\fBDSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DSA\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 has been set. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \fBDSA_generate_key\fR\|(3), \&\fBDSA_dup_DH\fR\|(3), \fBDSA_do_sign\fR\|(3), \fBDSA_set_method\fR\|(3), \fBDSA_SIG_new\fR\|(3), \&\fBDSA_sign\fR\|(3), \fBDSA_size\fR\|(3), \fBDSA_meth_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!% 7CONF_modules_free.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CONF_MODULES_FREE 3" .TH CONF_MODULES_FREE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CONF_modules_free, CONF_modules_finish, CONF_modules_unload \- OpenSSL configuration cleanup functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void CONF_modules_finish(void); \& void CONF_modules_unload(int all); .Ve .PP Deprecated: .PP .Vb 3 \& #if OPENSSL_API_COMPAT < 0x10100000L \& void CONF_modules_free(void) \& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBCONF_modules_free()\fR closes down and frees up all memory allocated by all configuration modules. Normally, in versions of OpenSSL prior to 1.1.0, applications called \&\fBCONF_modules_free()\fR at exit to tidy up any configuration performed. .PP \&\fBCONF_modules_finish()\fR calls each configuration modules \fBfinish\fR handler to free up any configuration that module may have performed. .PP \&\fBCONF_modules_unload()\fR finishes and unloads configuration modules. If \&\fBall\fR is set to \fB0\fR only modules loaded from DSOs will be unloads. If \&\fBall\fR is \fB1\fR all modules, including builtin modules will be unloaded. .SH "RETURN VALUES" .IX Header "RETURN VALUES" None of the functions return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3), \&\fBCONF_modules_load_file\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBCONF_modules_free()\fR was deprecated in OpenSSL 1.1.0; do not use it. For more information see \fBOPENSSL_init_crypto\fR\|(3). .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! EVP_des.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_DES 3" .TH EVP_DES 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_des_cbc, EVP_des_cfb, EVP_des_cfb1, EVP_des_cfb8, EVP_des_cfb64, EVP_des_ecb, EVP_des_ofb, EVP_des_ede, EVP_des_ede_cbc, EVP_des_ede_cfb, EVP_des_ede_cfb64, EVP_des_ede_ecb, EVP_des_ede_ofb, EVP_des_ede3, EVP_des_ede3_cbc, EVP_des_ede3_cfb, EVP_des_ede3_cfb1, EVP_des_ede3_cfb8, EVP_des_ede3_cfb64, EVP_des_ede3_ecb, EVP_des_ede3_ofb, EVP_des_ede3_wrap \&\- EVP DES cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_CIPHER *EVP_ciphername(void) .Ve .PP \&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher functions, such as \fIEVP_des_cbc\fR. .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1DES\s0 encryption algorithm for \s-1EVP.\s0 .IP "\fBEVP_des_cbc()\fR, \fBEVP_des_ecb()\fR, \fBEVP_des_cfb()\fR, \fBEVP_des_cfb1()\fR, \fBEVP_des_cfb8()\fR, \fBEVP_des_cfb64()\fR, \fBEVP_des_ofb()\fR" 4 .IX Item "EVP_des_cbc(), EVP_des_ecb(), EVP_des_cfb(), EVP_des_cfb1(), EVP_des_cfb8(), EVP_des_cfb64(), EVP_des_ofb()" \&\s-1DES\s0 in \s-1CBC, ECB, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift and \s-1OFB\s0 modes. .IP "\fBEVP_des_ede()\fR, \fBEVP_des_ede_cbc()\fR, \fBEVP_des_ede_cfb()\fR, \fBEVP_des_ede_cfb64()\fR, \fBEVP_des_ede_ecb()\fR, \fBEVP_des_ede_ofb()\fR" 4 .IX Item "EVP_des_ede(), EVP_des_ede_cbc(), EVP_des_ede_cfb(), EVP_des_ede_cfb64(), EVP_des_ede_ecb(), EVP_des_ede_ofb()" Two key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift and \s-1OFB\s0 modes. .IP "\fBEVP_des_ede3()\fR, \fBEVP_des_ede3_cbc()\fR, \fBEVP_des_ede3_cfb()\fR, \fBEVP_des_ede3_cfb1()\fR, \fBEVP_des_ede3_cfb8()\fR, \fBEVP_des_ede3_cfb64()\fR, \fBEVP_des_ede3_ecb()\fR, \fBEVP_des_ede3_ofb()\fR" 4 .IX Item "EVP_des_ede3(), EVP_des_ede3_cbc(), EVP_des_ede3_cfb(), EVP_des_ede3_cfb1(), EVP_des_ede3_cfb8(), EVP_des_ede3_cfb64(), EVP_des_ede3_ecb(), EVP_des_ede3_ofb()" Three-key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, \&\s-1CFB\s0 with 8\-bit shift and \s-1OFB\s0 modes. .IP "\fBEVP_des_ede3_wrap()\fR" 4 .IX Item "EVP_des_ede3_wrap()" Triple-DES key wrap according to \s-1RFC 3217\s0 Section 3. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! ʋMD5.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "MD5 3" .TH MD5 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, MD4_Final, MD5_Init, MD5_Update, MD5_Final \- MD2, MD4, and MD5 hash functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md); \& \& int MD2_Init(MD2_CTX *c); \& int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len); \& int MD2_Final(unsigned char *md, MD2_CTX *c); \& \& \& #include \& \& unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); \& \& int MD4_Init(MD4_CTX *c); \& int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); \& int MD4_Final(unsigned char *md, MD4_CTX *c); \& \& \& #include \& \& unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md); \& \& int MD5_Init(MD5_CTX *c); \& int MD5_Update(MD5_CTX *c, const void *data, unsigned long len); \& int MD5_Final(unsigned char *md, MD5_CTX *c); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output. .PP \&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR compute the \s-1MD2, MD4,\s0 and \s-1MD5\s0 message digest of the \fBn\fR bytes at \fBd\fR and place it in \fBmd\fR (which must have space for \s-1MD2_DIGEST_LENGTH\s0 == \s-1MD4_DIGEST_LENGTH\s0 == \s-1MD5_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. .PP The following functions may be used if the message is not completely stored in memory: .PP \&\fBMD2_Init()\fR initializes a \fB\s-1MD2_CTX\s0\fR structure. .PP \&\fBMD2_Update()\fR can be called repeatedly with chunks of the message to be hashed (\fBlen\fR bytes at \fBdata\fR). .PP \&\fBMD2_Final()\fR places the message digest in \fBmd\fR, which must have space for \s-1MD2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MD2_CTX\s0\fR. .PP \&\fBMD4_Init()\fR, \fBMD4_Update()\fR, \fBMD4_Final()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, and \&\fBMD5_Final()\fR are analogous using an \fB\s-1MD4_CTX\s0\fR and \fB\s-1MD5_CTX\s0\fR structure. .PP Applications should use the higher level functions \&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the hash functions directly. .SH "NOTE" .IX Header "NOTE" \&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are recommended only for compatibility with existing applications. In new applications, \s-1SHA\-1\s0 or \s-1RIPEMD\-160\s0 should be preferred. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR return pointers to the hash value. .PP \&\fBMD2_Init()\fR, \fBMD2_Update()\fR, \fBMD2_Final()\fR, \fBMD4_Init()\fR, \fBMD4_Update()\fR, \&\fBMD4_Final()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, and \fBMD5_Final()\fR return 1 for success, 0 otherwise. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1RFC 1319, RFC 1320, RFC 1321\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!eNOOUI_UTIL_read_pw.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "UI_UTIL_READ_PW 3" .TH UI_UTIL_READ_PW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" UI_UTIL_read_pw_string, UI_UTIL_read_pw, UI_UTIL_wrap_read_pem_callback \- user interface utilities .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, \& int verify); \& int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, \& int verify); \& UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBUI_UTIL_read_pw_string()\fR asks for a passphrase, using \fBprompt\fR as a prompt, and stores it in \fBbuf\fR. The maximum allowed size is given with \fBlength\fR, including the terminating \s-1NUL\s0 byte. If \fBverify\fR is nonzero, the password will be verified as well. .PP \&\fBUI_UTIL_read_pw()\fR does the same as \fBUI_UTIL_read_pw_string()\fR, the difference is that you can give it an external buffer \fBbuff\fR for the verification passphrase. .PP \&\fBUI_UTIL_wrap_read_pem_callback()\fR can be used to create a temporary \&\fB\s-1UI_METHOD\s0\fR that wraps a given \s-1PEM\s0 password callback \fBcb\fR. \&\fBrwflag\fR is used to specify if this method will be used for passphrase entry without (0) or with (1) verification. When not used any more, the returned method should be freed with \&\fBUI_destroy_method()\fR. .SH "NOTES" .IX Header "NOTES" \&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR use default \&\fB\s-1UI_METHOD\s0\fR. See \fBUI_get_default_method\fR\|(3) and friends for more information. .PP The result from the \fB\s-1UI_METHOD\s0\fR created by \&\fBUI_UTIL_wrap_read_pem_callback()\fR will generate password strings in the encoding that the given password callback generates. The default password prompting functions (apart from \&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR, there is \&\fBPEM_def_callback()\fR, \fBEVP_read_pw_string()\fR and \fBEVP_read_pw_string_min()\fR) all use the default \fB\s-1UI_METHOD\s0\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR return 0 on success or a negative value on error. .PP \&\fBUI_UTIL_wrap_read_pem_callback()\fR returns a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBUI_get_default_method\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!)<>>OPENSSL_malloc.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OPENSSL_MALLOC 3" .TH OPENSSL_MALLOC 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OPENSSL_malloc_init, OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free, OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse, CRYPTO_malloc, CRYPTO_zalloc, CRYPTO_realloc, CRYPTO_free, OPENSSL_strdup, OPENSSL_strndup, OPENSSL_memdup, OPENSSL_strlcpy, OPENSSL_strlcat, OPENSSL_hexstr2buf, OPENSSL_buf2hexstr, OPENSSL_hexchar2int, CRYPTO_strdup, CRYPTO_strndup, OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop, CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop, CRYPTO_clear_realloc, CRYPTO_clear_free, CRYPTO_get_mem_functions, CRYPTO_set_mem_functions, CRYPTO_get_alloc_counts, CRYPTO_set_mem_debug, CRYPTO_mem_ctrl, CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp, CRYPTO_mem_leaks_cb, OPENSSL_MALLOC_FAILURES, OPENSSL_MALLOC_FD \&\- Memory allocation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int OPENSSL_malloc_init(void) \& \& void *OPENSSL_malloc(size_t num) \& void *OPENSSL_zalloc(size_t num) \& void *OPENSSL_realloc(void *addr, size_t num) \& void OPENSSL_free(void *addr) \& char *OPENSSL_strdup(const char *str) \& char *OPENSSL_strndup(const char *str, size_t s) \& size_t OPENSSL_strlcat(char *dst, const char *src, size_t size); \& size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size); \& void *OPENSSL_memdup(void *data, size_t s) \& void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num) \& void OPENSSL_clear_free(void *str, size_t num) \& void OPENSSL_cleanse(void *ptr, size_t len); \& \& unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); \& char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len); \& int OPENSSL_hexchar2int(unsigned char c); \& \& void *CRYPTO_malloc(size_t num, const char *file, int line) \& void *CRYPTO_zalloc(size_t num, const char *file, int line) \& void *CRYPTO_realloc(void *p, size_t num, const char *file, int line) \& void CRYPTO_free(void *str, const char *, int) \& char *CRYPTO_strdup(const char *p, const char *file, int line) \& char *CRYPTO_strndup(const char *p, size_t num, const char *file, int line) \& void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num, \& const char *file, int line) \& void CRYPTO_clear_free(void *str, size_t num, const char *, int) \& \& void CRYPTO_get_mem_functions( \& void *(**m)(size_t, const char *, int), \& void *(**r)(void *, size_t, const char *, int), \& void (**f)(void *, const char *, int)) \& int CRYPTO_set_mem_functions( \& void *(*m)(size_t, const char *, int), \& void *(*r)(void *, size_t, const char *, int), \& void (*f)(void *, const char *, int)) \& \& void CRYPTO_get_alloc_counts(int *m, int *r, int *f) \& \& int CRYPTO_set_mem_debug(int onoff) \& \& env OPENSSL_MALLOC_FAILURES=... \& env OPENSSL_MALLOC_FD=... \& \& int CRYPTO_mem_ctrl(int mode); \& \& int OPENSSL_mem_debug_push(const char *info) \& int OPENSSL_mem_debug_pop(void); \& \& int CRYPTO_mem_debug_push(const char *info, const char *file, int line); \& int CRYPTO_mem_debug_pop(void); \& \& int CRYPTO_mem_leaks(BIO *b); \& int CRYPTO_mem_leaks_fp(FILE *fp); \& int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), \& void *u); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" OpenSSL memory allocation is handled by the \fBOPENSSL_xxx\fR \s-1API.\s0 These are generally macro's that add the standard C \fB_\|_FILE_\|_\fR and \fB_\|_LINE_\|_\fR parameters and call a lower-level \fBCRYPTO_xxx\fR \s-1API.\s0 Some functions do not add those parameters, but exist for consistency. .PP \&\fBOPENSSL_malloc_init()\fR does nothing and does not need to be called. It is included for compatibility with older versions of OpenSSL. .PP \&\fBOPENSSL_malloc()\fR, \fBOPENSSL_realloc()\fR, and \fBOPENSSL_free()\fR are like the C \fBmalloc()\fR, \fBrealloc()\fR, and \fBfree()\fR functions. \&\fBOPENSSL_zalloc()\fR calls \fBmemset()\fR to zero the memory before returning. .PP \&\fBOPENSSL_clear_realloc()\fR and \fBOPENSSL_clear_free()\fR should be used when the buffer at \fBaddr\fR holds sensitive information. The old buffer is filled with zero's by calling \fBOPENSSL_cleanse()\fR before ultimately calling \fBOPENSSL_free()\fR. .PP \&\fBOPENSSL_cleanse()\fR fills \fBptr\fR of size \fBlen\fR with a string of 0's. Use \fBOPENSSL_cleanse()\fR with care if the memory is a mapping of a file. If the storage controller uses write compression, then it's possible that sensitive tail bytes will survive zeroization because the block of zeros will be compressed. If the storage controller uses wear leveling, then the old sensitive data will not be overwritten; rather, a block of 0's will be written at a new physical location. .PP \&\fBOPENSSL_strdup()\fR, \fBOPENSSL_strndup()\fR and \fBOPENSSL_memdup()\fR are like the equivalent C functions, except that memory is allocated by calling the \&\fBOPENSSL_malloc()\fR and should be released by calling \fBOPENSSL_free()\fR. .PP \&\fBOPENSSL_strlcpy()\fR, \&\fBOPENSSL_strlcat()\fR and \fBOPENSSL_strnlen()\fR are equivalents of the common C library functions and are provided for portability. .PP \&\fBOPENSSL_hexstr2buf()\fR parses \fBstr\fR as a hex string and returns a pointer to the parsed value. The memory is allocated by calling \&\fBOPENSSL_malloc()\fR and should be released by calling \fBOPENSSL_free()\fR. If \fBlen\fR is not \s-1NULL,\s0 it is filled in with the output length. Colons between two-character hex \*(L"bytes\*(R" are ignored. An odd number of hex digits is an error. .PP \&\fBOPENSSL_buf2hexstr()\fR takes the specified buffer and length, and returns a hex string for value, or \s-1NULL\s0 on error. \&\fBBuffer\fR cannot be \s-1NULL\s0; if \fBlen\fR is 0 an empty string is returned. .PP \&\fBOPENSSL_hexchar2int()\fR converts a character to the hexadecimal equivalent, or returns \-1 on error. .PP If no allocations have been done, it is possible to \*(L"swap out\*(R" the default implementations for \fBOPENSSL_malloc()\fR, OPENSSL_realloc and \fBOPENSSL_free()\fR and replace them with alternate versions (hooks). \&\fBCRYPTO_get_mem_functions()\fR function fills in the given arguments with the function pointers for the current implementations. With \fBCRYPTO_set_mem_functions()\fR, you can specify a different set of functions. If any of \fBm\fR, \fBr\fR, or \fBf\fR are \s-1NULL,\s0 then the function is not changed. .PP The default implementation can include some debugging capability (if enabled at build-time). This adds some overhead by keeping a list of all memory allocations, and removes items from the list when they are free'd. This is most useful for identifying memory leaks. \&\fBCRYPTO_set_mem_debug()\fR turns this tracking on and off. In order to have any effect, is must be called before any of the allocation functions (e.g., \fBCRYPTO_malloc()\fR) are called, and is therefore normally one of the first lines of \fBmain()\fR in an application. \&\fBCRYPTO_mem_ctrl()\fR provides fine-grained control of memory leak tracking. To enable tracking call \fBCRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of the \fB\s-1CRYPTO_MEM_CHECK_ON\s0\fR. To disable tracking call \fBCRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of the \fB\s-1CRYPTO_MEM_CHECK_OFF\s0\fR. .PP While checking memory, it can be useful to store additional context about what is being done. For example, identifying the field names when parsing a complicated data structure. \&\fBOPENSSL_mem_debug_push()\fR (which calls \fBCRYPTO_mem_debug_push()\fR) attaches an identifying string to the allocation stack. This must be a global or other static string; it is not copied. \&\fBOPENSSL_mem_debug_pop()\fR removes identifying state from the stack. .PP At the end of the program, calling \fBCRYPTO_mem_leaks()\fR or \&\fBCRYPTO_mem_leaks_fp()\fR will report all \*(L"leaked\*(R" memory, writing it to the specified \s-1BIO\s0 \fBb\fR or \s-1FILE\s0 \fBfp\fR. These functions return 1 if there are no leaks, 0 if there are leaks and \-1 if an error occurred. .PP \&\fBCRYPTO_mem_leaks_cb()\fR does the same as \fBCRYPTO_mem_leaks()\fR, but instead of writing to a given \s-1BIO,\s0 the callback function is called for each output string with the string, length, and userdata \fBu\fR as the callback parameters. .PP If the library is built with the \f(CW\*(C`crypto\-mdebug\*(C'\fR option, then one function, \fBCRYPTO_get_alloc_counts()\fR, and two additional environment variables, \fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR and \fB\s-1OPENSSL_MALLOC_FD\s0\fR, are available. .PP The function \fBCRYPTO_get_alloc_counts()\fR fills in the number of times each of \fBCRYPTO_malloc()\fR, \fBCRYPTO_realloc()\fR, and \fBCRYPTO_free()\fR have been called, into the values pointed to by \fBmcount\fR, \fBrcount\fR, and \fBfcount\fR, respectively. If a pointer is \s-1NULL,\s0 then the corresponding count is not stored. .PP The variable \&\fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR controls how often allocations should fail. It is a set of fields separated by semicolons, which each field is a count (defaulting to zero) and an optional atsign and percentage (defaulting to 100). If the count is zero, then it lasts forever. For example, \&\f(CW\*(C`100;@25\*(C'\fR or \f(CW\*(C`100@0;0@25\*(C'\fR means the first 100 allocations pass, then all other allocations (until the program exits or crashes) have a 25% chance of failing. .PP If the variable \fB\s-1OPENSSL_MALLOC_FD\s0\fR is parsed as a positive integer, then it is taken as an open file descriptor, and a record of all allocations is written to that descriptor. If an allocation will fail, and the platform supports it, then a backtrace will be written to the descriptor. This can be useful because a malloc may fail but not be checked, and problems will only occur later. The following example in classic shell syntax shows how to use this (will not work on all platforms): .PP .Vb 5 \& OPENSSL_MALLOC_FAILURES=\*(Aq200;@10\*(Aq \& export OPENSSL_MALLOC_FAILURES \& OPENSSL_MALLOC_FD=3 \& export OPENSSL_MALLOC_FD \& ...app invocation... 3>/tmp/log$$ .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOPENSSL_malloc_init()\fR, \fBOPENSSL_free()\fR, \fBOPENSSL_clear_free()\fR \&\fBCRYPTO_free()\fR, \fBCRYPTO_clear_free()\fR and \fBCRYPTO_get_mem_functions()\fR return no value. .PP \&\fBCRYPTO_mem_leaks()\fR, \fBCRYPTO_mem_leaks_fp()\fR and \fBCRYPTO_mem_leaks_cb()\fR return 1 if there are no leaks, 0 if there are leaks and \-1 if an error occurred. .PP \&\fBOPENSSL_malloc()\fR, \fBOPENSSL_zalloc()\fR, \fBOPENSSL_realloc()\fR, \&\fBOPENSSL_clear_realloc()\fR, \&\fBCRYPTO_malloc()\fR, \fBCRYPTO_zalloc()\fR, \fBCRYPTO_realloc()\fR, \&\fBCRYPTO_clear_realloc()\fR, \&\fBOPENSSL_buf2hexstr()\fR, \fBOPENSSL_hexstr2buf()\fR, \&\fBOPENSSL_strdup()\fR, and \fBOPENSSL_strndup()\fR return a pointer to allocated memory or \s-1NULL\s0 on error. .PP \&\fBCRYPTO_set_mem_functions()\fR and \fBCRYPTO_set_mem_debug()\fR return 1 on success or 0 on failure (almost always because allocations have already happened). .PP \&\fBCRYPTO_mem_ctrl()\fR returns \-1 if an error occurred, otherwise the previous value of the mode. .PP \&\fBOPENSSL_mem_debug_push()\fR and \fBOPENSSL_mem_debug_pop()\fR return 1 on success or 0 on failure. .SH "NOTES" .IX Header "NOTES" While it's permitted to swap out only a few and not all the functions with \fBCRYPTO_set_mem_functions()\fR, it's recommended to swap them all out at once. \fIThis applies specially if OpenSSL was built with the configuration option\fR \f(CW\*(C`crypto\-mdebug\*(C'\fR \fIenabled. In case, swapping out only, say, the \f(BImalloc()\fI implementation is outright dangerous.\fR .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!͖`TTPEM_read_CMS.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PEM_READ_CMS 3" .TH PEM_READ_CMS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DECLARE_PEM_rw, PEM_read_CMS, PEM_read_bio_CMS, PEM_write_CMS, PEM_write_bio_CMS, PEM_write_DHxparams, PEM_write_bio_DHxparams, PEM_read_ECPKParameters, PEM_read_bio_ECPKParameters, PEM_write_ECPKParameters, PEM_write_bio_ECPKParameters, PEM_read_ECPrivateKey, PEM_write_ECPrivateKey, PEM_write_bio_ECPrivateKey, PEM_read_EC_PUBKEY, PEM_read_bio_EC_PUBKEY, PEM_write_EC_PUBKEY, PEM_write_bio_EC_PUBKEY, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_PKCS8, PEM_read_bio_PKCS8, PEM_write_PKCS8, PEM_write_bio_PKCS8, PEM_write_PKCS8_PRIV_KEY_INFO, PEM_read_bio_PKCS8_PRIV_KEY_INFO, PEM_read_PKCS8_PRIV_KEY_INFO, PEM_write_bio_PKCS8_PRIV_KEY_INFO, PEM_read_SSL_SESSION, PEM_read_bio_SSL_SESSION, PEM_write_SSL_SESSION, PEM_write_bio_SSL_SESSION \&\- PEM object encoding routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& DECLARE_PEM_rw(name, TYPE) \& \& TYPE *PEM_read_TYPE(FILE *fp, TYPE **a, pem_password_cb *cb, void *u); \& TYPE *PEM_read_bio_TYPE(BIO *bp, TYPE **a, pem_password_cb *cb, void *u); \& int PEM_write_TYPE(FILE *fp, const TYPE *a); \& int PEM_write_bio_TYPE(BIO *bp, const TYPE *a); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" In the description below, \fI\s-1TYPE\s0\fR is used as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. The macro \fBDECLARE_PEM_rw\fR expands to the set of declarations shown in the next four lines of the synopsis. .PP These routines convert between local instances of \s-1ASN1\s0 datatypes and the \s-1PEM\s0 encoding. For more information on the templates, see \&\s-1\fBASN1_ITEM\s0\fR\|(3). For more information on the lower-level routines used by the functions here, see \fBPEM_read\fR\|(3). .PP \&\fBPEM_read_TYPE()\fR reads a PEM-encoded object of \fI\s-1TYPE\s0\fR from the file \fBfp\fR and returns it. The \fBcb\fR and \fBu\fR parameters are as described in \&\fBpem_password_cb\fR\|(3). .PP \&\fBPEM_read_bio_TYPE()\fR is similar to \fBPEM_read_TYPE()\fR but reads from the \s-1BIO\s0 \fBbp\fR. .PP \&\fBPEM_write_TYPE()\fR writes the \s-1PEM\s0 encoding of the object \fBa\fR to the file \fBfp\fR. .PP \&\fBPEM_write_bio_TYPE()\fR similarly writes to the \s-1BIO\s0 \fBbp\fR. .SH "NOTES" .IX Header "NOTES" These functions make no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPEM_read_TYPE()\fR and \fBPEM_read_bio_TYPE()\fR return a pointer to an allocated object, which should be released by calling \fBTYPE_free()\fR, or \s-1NULL\s0 on error. .PP \&\fBPEM_write_TYPE()\fR and \fBPEM_write_bio_TYPE()\fR return the number of bytes written or zero on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPEM_read\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!yS}OSSL_STORE_expect.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OSSL_STORE_EXPECT 3" .TH OSSL_STORE_EXPECT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OSSL_STORE_expect, OSSL_STORE_supports_search, OSSL_STORE_find \&\- Specify what object type is expected .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); \& \& int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int criterion_type); \& \& int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBOSSL_STORE_expect()\fR helps applications filter what \fBOSSL_STORE_load()\fR returns by specifying a \fB\s-1OSSL_STORE_INFO\s0\fR type. For example, if \f(CW\*(C`file:/foo/bar/store.pem\*(C'\fR contains several different objects and only the certificates are interesting, the application can simply say that it expects the type \fB\s-1OSSL_STORE_INFO_CERT\s0\fR. All known object types (see \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3)) except for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR are supported. .PP \&\fBOSSL_STORE_find()\fR helps applications specify a criterion for a more fine grained search of objects. .PP \&\fBOSSL_STORE_supports_search()\fR checks if the loader of the given \s-1OSSL_STORE\s0 context supports the given search type. See \*(L"\s-1SUPPORTED CRITERION TYPES\*(R"\s0 in \s-1OSSL_STORE_SEARCH\s0 for information on the supported search criterion types. .PP \&\fBOSSL_STORE_expect()\fR and OSSL_STORE_find \fImust\fR be called before the first \&\fBOSSL_STORE_load()\fR of a given session, or they will fail. .SH "NOTES" .IX Header "NOTES" If a more elaborate filter is required by the application, a better choice would be to use a post-processing function. See \fBOSSL_STORE_open\fR\|(3) for more information. .PP However, some loaders may take advantage of the knowledge of an expected type to make object retrieval more efficient, so if a single type is expected, this method is usually preferable. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_STORE_expect()\fR returns 1 on success, or 0 on failure. .PP \&\fBOSSL_STORE_supports_search()\fR returns 1 if the criterion is supported, or 0 otherwise. .PP \&\fBOSSL_STORE_find()\fR returns 1 on success, or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBossl_store\fR\|(7), \s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \s-1\fBOSSL_STORE_SEARCH\s0\fR\|(3), \&\fBOSSL_STORE_load\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBOSSL_STORE_expect()\fR, \fBOSSL_STORE_supports_search()\fR and \fBOSSL_STORE_find()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!Ih.h.BIO_set_callback.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_SET_CALLBACK 3" .TH BIO_SET_CALLBACK 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg, BIO_debug_callback, BIO_callback_fn_ex, BIO_callback_fn \&\- BIO callback functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, \& size_t len, int argi, \& long argl, int ret, size_t *processed); \& typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, \& long argl, long ret); \& \& void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); \& BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); \& \& void BIO_set_callback(BIO *b, BIO_callback_fn cb); \& BIO_callback_fn BIO_get_callback(BIO *b); \& void BIO_set_callback_arg(BIO *b, char *arg); \& char *BIO_get_callback_arg(const BIO *b); \& \& long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, \& long argl, long ret); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_set_callback_ex()\fR and \fBBIO_get_callback_ex()\fR set and retrieve the \s-1BIO\s0 callback. The callback is called during most high-level \s-1BIO\s0 operations. It can be used for debugging purposes to trace operations on a \s-1BIO\s0 or to modify its operation. .PP \&\fBBIO_set_callback()\fR and \fBBIO_get_callback()\fR set and retrieve the old format \s-1BIO\s0 callback. New code should not use these functions, but they are retained for backwards compatibility. Any callback set via \fBBIO_set_callback_ex()\fR will get called in preference to any set by \fBBIO_set_callback()\fR. .PP \&\fBBIO_set_callback_arg()\fR and \fBBIO_get_callback_arg()\fR are macros which can be used to set and retrieve an argument for use in the callback. .PP \&\fBBIO_debug_callback()\fR is a standard debugging callback which prints out information relating to each \s-1BIO\s0 operation. If the callback argument is set it is interpreted as a \s-1BIO\s0 to send the information to, otherwise stderr is used. .PP \&\fBBIO_callback_fn_ex()\fR is the type of the callback function and \fBBIO_callback_fn()\fR is the type of the old format callback function. The meaning of each argument is described below: .IP "\fBb\fR" 4 .IX Item "b" The \s-1BIO\s0 the callback is attached to is passed in \fBb\fR. .IP "\fBoper\fR" 4 .IX Item "oper" \&\fBoper\fR is set to the operation being performed. For some operations the callback is called twice, once before and once after the actual operation, the latter case has \fBoper\fR or'ed with \s-1BIO_CB_RETURN.\s0 .IP "\fBlen\fR" 4 .IX Item "len" The length of the data requested to be read or written. This is only useful if \&\fBoper\fR is \s-1BIO_CB_READ, BIO_CB_WRITE\s0 or \s-1BIO_CB_GETS.\s0 .IP "\fBargp\fR \fBargi\fR \fBargl\fR" 4 .IX Item "argp argi argl" The meaning of the arguments \fBargp\fR, \fBargi\fR and \fBargl\fR depends on the value of \fBoper\fR, that is the operation being performed. .IP "\fBprocessed\fR" 4 .IX Item "processed" \&\fBprocessed\fR is a pointer to a location which will be updated with the amount of data that was actually read or written. Only used for \s-1BIO_CB_READ, BIO_CB_WRITE, BIO_CB_GETS\s0 and \s-1BIO_CB_PUTS.\s0 .IP "\fBret\fR" 4 .IX Item "ret" \&\fBret\fR is the return value that would be returned to the application if no callback were present. The actual value returned is the return value of the callback itself. In the case of callbacks called before the actual \s-1BIO\s0 operation 1 is placed in \fBret\fR, if the return value is not positive it will be immediately returned to the application and the \s-1BIO\s0 operation will not be performed. .PP The callback should normally simply return \fBret\fR when it has finished processing, unless it specifically wishes to modify the value returned to the application. .SH "CALLBACK OPERATIONS" .IX Header "CALLBACK OPERATIONS" In the notes below, \fBcallback\fR defers to the actual callback function that is called. .IP "\fBBIO_free(b)\fR" 4 .IX Item "BIO_free(b)" .Vb 1 \& callback_ex(b, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL) .Ve .Sp or .Sp .Vb 1 \& callback(b, BIO_CB_FREE, NULL, 0L, 0L, 1L) .Ve .Sp is called before the free operation. .IP "\fBBIO_read_ex(b, data, dlen, readbytes)\fR" 4 .IX Item "BIO_read_ex(b, data, dlen, readbytes)" .Vb 1 \& callback_ex(b, BIO_CB_READ, data, dlen, 0, 0L, 1L, NULL) .Ve .Sp or .Sp .Vb 1 \& callback(b, BIO_CB_READ, data, dlen, 0L, 1L) .Ve .Sp is called before the read and .Sp .Vb 2 \& callback_ex(b, BIO_CB_READ | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, \& &readbytes) .Ve .Sp or .Sp .Vb 1 \& callback(b, BIO_CB_READ|BIO_CB_RETURN, data, dlen, 0L, retvalue) .Ve .Sp after. .IP "\fBBIO_write(b, data, dlen, written)\fR" 4 .IX Item "BIO_write(b, data, dlen, written)" .Vb 1 \& callback_ex(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L, NULL) .Ve .Sp or .Sp .Vb 1 \& callback(b, BIO_CB_WRITE, datat, dlen, 0L, 1L) .Ve .Sp is called before the write and .Sp .Vb 2 \& callback_ex(b, BIO_CB_WRITE | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, \& &written) .Ve .Sp or .Sp .Vb 1 \& callback(b, BIO_CB_WRITE|BIO_CB_RETURN, data, dlen, 0L, retvalue) .Ve .Sp after. .IP "\fBBIO_gets(b, buf, size)\fR" 4 .IX Item "BIO_gets(b, buf, size)" .Vb 1 \& callback_ex(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL, NULL) .Ve .Sp or .Sp .Vb 1 \& callback(b, BIO_CB_GETS, buf, size, 0L, 1L) .Ve .Sp is called before the operation and .Sp .Vb 2 \& callback_ex(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size, 0, 0L, retvalue, \& &readbytes) .Ve .Sp or .Sp .Vb 1 \& callback(b, BIO_CB_GETS|BIO_CB_RETURN, buf, size, 0L, retvalue) .Ve .Sp after. .IP "\fBBIO_puts(b, buf)\fR" 4 .IX Item "BIO_puts(b, buf)" .Vb 1 \& callback_ex(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL); .Ve .Sp or .Sp .Vb 1 \& callback(b, BIO_CB_PUTS, buf, 0, 0L, 1L) .Ve .Sp is called before the operation and .Sp .Vb 1 \& callback_ex(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0, 0L, retvalue, &written) .Ve .Sp or .Sp .Vb 1 \& callback(b, BIO_CB_PUTS|BIO_CB_RETURN, buf, 0, 0L, retvalue) .Ve .Sp after. .IP "\fBBIO_ctrl(\s-1BIO\s0 *b, int cmd, long larg, void *parg)\fR" 4 .IX Item "BIO_ctrl(BIO *b, int cmd, long larg, void *parg)" .Vb 1 \& callback_ex(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL) .Ve .Sp or .Sp .Vb 1 \& callback(b, BIO_CB_CTRL, parg, cmd, larg, 1L) .Ve .Sp is called before the call and .Sp .Vb 1 \& callback_ex(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd, larg, ret, NULL) .Ve .Sp or .Sp .Vb 1 \& callback(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret) .Ve .Sp after. .Sp Note: \fBcmd\fR == \fB\s-1BIO_CTRL_SET_CALLBACK\s0\fR is special, because \fBparg\fR is not the argument of type \fBBIO_info_cb\fR itself. In this case \fBparg\fR is a pointer to the actual call parameter, see \fBBIO_callback_ctrl\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_get_callback_ex()\fR and \fBBIO_get_callback()\fR return the callback function previously set by a call to \fBBIO_set_callback_ex()\fR and \fBBIO_set_callback()\fR respectively. .PP \&\fBBIO_get_callback_arg()\fR returns a \fBchar\fR pointer to the value previously set via a call to \fBBIO_set_callback_arg()\fR. .PP \&\fBBIO_debug_callback()\fR returns 1 or \fBret\fR if it's called after specific \s-1BIO\s0 operations. .SH "EXAMPLES" .IX Header "EXAMPLES" The \fBBIO_debug_callback()\fR function is a good example, its source is in crypto/bio/bio_cb.c .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!x-- OBJ_nid2obj.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OBJ_NID2OBJ 3" .TH OBJ_NID2OBJ 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" i2t_ASN1_OBJECT, OBJ_length, OBJ_get0_data, OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup \&\- ASN1 object utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& ASN1_OBJECT *OBJ_nid2obj(int n); \& const char *OBJ_nid2ln(int n); \& const char *OBJ_nid2sn(int n); \& \& int OBJ_obj2nid(const ASN1_OBJECT *o); \& int OBJ_ln2nid(const char *ln); \& int OBJ_sn2nid(const char *sn); \& \& int OBJ_txt2nid(const char *s); \& \& ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name); \& int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); \& \& int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); \& \& int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); \& ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o); \& \& int OBJ_create(const char *oid, const char *sn, const char *ln); \& \& size_t OBJ_length(const ASN1_OBJECT *obj); \& const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); .Ve .PP Deprecated: .PP .Vb 3 \& #if OPENSSL_API_COMPAT < 0x10100000L \& void OBJ_cleanup(void) \& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are a representation of the \s-1ASN1 OBJECT IDENTIFIER\s0 (\s-1OID\s0) type. For convenience, OIDs are usually represented in source code as numeric identifiers, or \fI\s-1NID\s0\fRs. OpenSSL has an internal table of OIDs that are generated when the library is built, and their corresponding NIDs are available as defined constants. For the functions below, application code should treat all returned values \*(-- OIDs, NIDs, or names \*(-- as constants. .PP \&\fBOBJ_nid2obj()\fR, \fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR convert the \s-1NID\s0 \fIn\fR to an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively, or \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR return the corresponding \s-1NID\s0 for the object \fIo\fR, the long name or the short name respectively or NID_undef if an error occurred. .PP \&\fBOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string \fIs\fR. \fIs\fR can be a long name, a short name or the numerical representation of an object. .PP \&\fBOBJ_txt2obj()\fR converts the text string \fIs\fR into an \s-1ASN1_OBJECT\s0 structure. If \fIno_name\fR is 0 then long names and short names will be interpreted as well as numerical forms. If \fIno_name\fR is 1 only the numerical form is acceptable. .PP \&\fBOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fIa\fR into a textual representation. Unless \fIbuf\fR is \s-1NULL,\s0 the representation is written as a NUL-terminated string to \fIbuf\fR, where at most \fIbuf_len\fR bytes are written, truncating the result if necessary. In any case it returns the total string length, excluding the \s-1NUL\s0 character, required for non-truncated representation, or \-1 on error. If \fIno_name\fR is 0 then if the object has a long or short name then that will be used, otherwise the numerical form will be used. If \fIno_name\fR is 1 then the numerical form will always be used. .PP \&\fBi2t_ASN1_OBJECT()\fR is the same as \fBOBJ_obj2txt()\fR with the \fIno_name\fR set to zero. .PP \&\fBOBJ_cmp()\fR compares \fIa\fR to \fIb\fR. If the two are identical 0 is returned. .PP \&\fBOBJ_dup()\fR returns a copy of \fIo\fR. .PP \&\fBOBJ_create()\fR adds a new object to the internal table. \fIoid\fR is the numerical form of the object, \fIsn\fR the short name and \fIln\fR the long name. A new \s-1NID\s0 is returned for the created object in case of success and NID_undef in case of failure. .PP \&\fBOBJ_length()\fR returns the size of the content octets of \fIobj\fR. .PP \&\fBOBJ_get0_data()\fR returns a pointer to the content octets of \fIobj\fR. The returned pointer is an internal pointer which \fBmust not\fR be freed. .PP \&\fBOBJ_cleanup()\fR releases any resources allocated by creating new objects. .SH "NOTES" .IX Header "NOTES" Objects in OpenSSL can have a short name, a long name and a numerical identifier (\s-1NID\s0) associated with them. A standard set of objects is represented in an internal table. The appropriate values are defined in the header file \fBobjects.h\fR. .PP For example the \s-1OID\s0 for commonName has the following definitions: .PP .Vb 3 \& #define SN_commonName "CN" \& #define LN_commonName "commonName" \& #define NID_commonName 13 .Ve .PP New objects can be added by calling \fBOBJ_create()\fR. .PP Table objects have certain advantages over other objects: for example their NIDs can be used in a C language switch statement. They are also static constant structures which are shared: that is there is only a single constant structure for each table object. .PP Objects which are not in the table have the \s-1NID\s0 value NID_undef. .PP Objects do not need to be in the internal tables to be processed, the functions \fBOBJ_txt2obj()\fR and \fBOBJ_obj2txt()\fR can process the numerical form of an \s-1OID.\s0 .PP Some objects are used to represent algorithms which do not have a corresponding \s-1ASN.1 OBJECT IDENTIFIER\s0 encoding (for example no \s-1OID\s0 currently exists for a particular algorithm). As a result they \fBcannot\fR be encoded or decoded as part of \s-1ASN.1\s0 structures. Applications can determine if there is a corresponding \s-1OBJECT IDENTIFIER\s0 by checking \fBOBJ_length()\fR is not zero. .PP These functions cannot return \fBconst\fR because an \fB\s-1ASN1_OBJECT\s0\fR can represent both an internal, constant, \s-1OID\s0 and a dynamically-created one. The latter cannot be constant because it needs to be freed after use. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an error occurred. .PP \&\fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR on error. .PP \&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR and \fBOBJ_txt2nid()\fR return a \s-1NID\s0 or \fBNID_undef\fR on error. .PP \&\fBOBJ_add_sigid()\fR returns 1 on success or 0 on error. .PP \&\fBi2t_ASN1_OBJECT()\fR an \fBOBJ_obj2txt()\fR return \-1 on error. On success, they return the length of the string written to \fIbuf\fR if \fIbuf\fR is not \s-1NULL\s0 and \fIbuf_len\fR is big enough, otherwise the total string length. Note that this does not count the trailing \s-1NUL\s0 character. .SH "EXAMPLES" .IX Header "EXAMPLES" Create an object for \fBcommonName\fR: .PP .Vb 1 \& ASN1_OBJECT *o = OBJ_nid2obj(NID_commonName); .Ve .PP Check if an object is \fBcommonName\fR .PP .Vb 2 \& if (OBJ_obj2nid(obj) == NID_commonName) \& /* Do something */ .Ve .PP Create a new \s-1NID\s0 and initialize an object from it: .PP .Vb 2 \& int new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier"); \& ASN1_OBJECT *obj = OBJ_nid2obj(new_nid); .Ve .PP Create a new object directly: .PP .Vb 1 \& obj = OBJ_txt2obj("1.2.3.4", 1); .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBOBJ_cleanup()\fR was deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto\fR\|(3) and should not be used. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!#EVP_sha3_224.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_SHA3_224 3" .TH EVP_SHA3_224 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_sha3_224, EVP_sha3_256, EVP_sha3_384, EVP_sha3_512, EVP_shake128, EVP_shake256 \&\- SHA\-3 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_MD *EVP_sha3_224(void); \& const EVP_MD *EVP_sha3_256(void); \& const EVP_MD *EVP_sha3_384(void); \& const EVP_MD *EVP_sha3_512(void); \& \& const EVP_MD *EVP_shake128(void); \& const EVP_MD *EVP_shake256(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1SHA\-3\s0 (Secure Hash Algorithm 3) is a family of cryptographic hash functions standardized in \s-1NIST FIPS 202,\s0 first published in 2015. It is based on the Keccak algorithm. .IP "\fBEVP_sha3_224()\fR, \fBEVP_sha3_256()\fR, \fBEVP_sha3_384()\fR, \fBEVP_sha3_512()\fR" 4 .IX Item "EVP_sha3_224(), EVP_sha3_256(), EVP_sha3_384(), EVP_sha3_512()" The \s-1SHA\-3 SHA\-3\-224, SHA\-3\-256, SHA\-3\-384,\s0 and \s-1SHA\-3\-512\s0 algorithms respectively. They produce 224, 256, 384 and 512 bits of output from a given input. .IP "\fBEVP_shake128()\fR, \fBEVP_shake256()\fR" 4 .IX Item "EVP_shake128(), EVP_shake256()" The \s-1SHAKE\-128\s0 and \s-1SHAKE\-256\s0 Extendable Output Functions (\s-1XOF\s0) that can generate a variable hash length. .Sp Specifically, \fBEVP_shake128\fR provides an overall security of 128 bits, while \&\fBEVP_shake256\fR provides that of 256 bits. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1NIST FIPS 202.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!2e@e@X509_STORE_set_verify_cb_func.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_STORE_SET_VERIFY_CB_FUNC 3" .TH X509_STORE_SET_VERIFY_CB_FUNC 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_STORE_set_lookup_crls_cb, X509_STORE_set_verify_func, X509_STORE_get_cleanup, X509_STORE_set_cleanup, X509_STORE_get_lookup_crls, X509_STORE_set_lookup_crls, X509_STORE_get_lookup_certs, X509_STORE_set_lookup_certs, X509_STORE_get_check_policy, X509_STORE_set_check_policy, X509_STORE_get_cert_crl, X509_STORE_set_cert_crl, X509_STORE_get_check_crl, X509_STORE_set_check_crl, X509_STORE_get_get_crl, X509_STORE_set_get_crl, X509_STORE_get_check_revocation, X509_STORE_set_check_revocation, X509_STORE_get_check_issued, X509_STORE_set_check_issued, X509_STORE_get_get_issuer, X509_STORE_set_get_issuer, X509_STORE_CTX_get_verify, X509_STORE_set_verify, X509_STORE_get_verify_cb, X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb, X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn, X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn, X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn, X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn, X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn \&\- set verification callback .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, \& X509_STORE_CTX *ctx, X509 *x); \& typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, \& X509 *x, X509 *issuer); \& typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); \& typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, \& X509_CRL **crl, X509 *x); \& typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); \& typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, \& X509_CRL *crl, X509 *x); \& typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); \& typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, \& X509_NAME *nm); \& typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, \& X509_NAME *nm); \& typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); \& \& void X509_STORE_set_verify_cb(X509_STORE *ctx, \& X509_STORE_CTX_verify_cb verify_cb); \& X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx); \& \& void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); \& X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); \& \& void X509_STORE_set_get_issuer(X509_STORE *ctx, \& X509_STORE_CTX_get_issuer_fn get_issuer); \& X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx); \& \& void X509_STORE_set_check_issued(X509_STORE *ctx, \& X509_STORE_CTX_check_issued_fn check_issued); \& X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx); \& \& void X509_STORE_set_check_revocation(X509_STORE *ctx, \& X509_STORE_CTX_check_revocation_fn check_revocation); \& X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx); \& \& void X509_STORE_set_get_crl(X509_STORE *ctx, \& X509_STORE_CTX_get_crl_fn get_crl); \& X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx); \& \& void X509_STORE_set_check_crl(X509_STORE *ctx, \& X509_STORE_CTX_check_crl_fn check_crl); \& X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx); \& \& void X509_STORE_set_cert_crl(X509_STORE *ctx, \& X509_STORE_CTX_cert_crl_fn cert_crl); \& X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx); \& \& void X509_STORE_set_check_policy(X509_STORE *ctx, \& X509_STORE_CTX_check_policy_fn check_policy); \& X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx); \& \& void X509_STORE_set_lookup_certs(X509_STORE *ctx, \& X509_STORE_CTX_lookup_certs_fn lookup_certs); \& X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx); \& \& void X509_STORE_set_lookup_crls(X509_STORE *ctx, \& X509_STORE_CTX_lookup_crls_fn lookup_crls); \& X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx); \& \& void X509_STORE_set_cleanup(X509_STORE *ctx, \& X509_STORE_CTX_cleanup_fn cleanup); \& X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx); \& \& /* Aliases */ \& void X509_STORE_set_verify_cb_func(X509_STORE *st, \& X509_STORE_CTX_verify_cb verify_cb); \& void X509_STORE_set_verify_func(X509_STORE *ctx, \& X509_STORE_CTX_verify_fn verify); \& void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx, \& X509_STORE_CTX_lookup_crls_fn lookup_crls); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_STORE_set_verify_cb()\fR sets the verification callback of \fBctx\fR to \&\fBverify_cb\fR overwriting the previous callback. The callback assigned with this function becomes a default for the one that can be assigned directly to the corresponding \fBX509_STORE_CTX\fR, please see \fBX509_STORE_CTX_set_verify_cb\fR\|(3) for further information. .PP \&\fBX509_STORE_set_verify()\fR sets the final chain verification function for \&\fBctx\fR to \fBverify\fR. Its purpose is to go through the chain of certificates and check that all signatures are valid and that the current time is within the limits of each certificate's first and last validity time. The final chain verification functions must return 0 on failure and 1 on success. \&\fIIf no chain verification function is provided, the internal default function will be used instead.\fR .PP \&\fBX509_STORE_set_get_issuer()\fR sets the function to get the issuer certificate that verifies the given certificate \fBx\fR. When found, the issuer certificate must be assigned to \fB*issuer\fR. This function must return 0 on failure and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP \&\fBX509_STORE_set_check_issued()\fR sets the function to check that a given certificate \fBx\fR is issued by the issuer certificate \fBissuer\fR. This function must return 0 on failure (among others if \fBx\fR hasn't been issued with \fBissuer\fR) and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP \&\fBX509_STORE_set_check_revocation()\fR sets the revocation checking function. Its purpose is to look through the final chain and check the revocation status for each certificate. It must return 0 on failure and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP \&\fBX509_STORE_set_get_crl()\fR sets the function to get the crl for a given certificate \fBx\fR. When found, the crl must be assigned to \fB*crl\fR. This function must return 0 on failure and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP \&\fBX509_STORE_set_check_crl()\fR sets the function to check the validity of the given \fBcrl\fR. This function must return 0 on failure and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP \&\fBX509_STORE_set_cert_crl()\fR sets the function to check the revocation status of the given certificate \fBx\fR against the given \fBcrl\fR. This function must return 0 on failure and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP \&\fBX509_STORE_set_check_policy()\fR sets the function to check the policies of all the certificates in the final chain.. This function must return 0 on failure and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP \&\fBX509_STORE_set_lookup_certs()\fR and \fBX509_STORE_set_lookup_crls()\fR set the functions to look up all the certs or all the CRLs that match the given name \fBnm\fR. These functions return \s-1NULL\s0 on failure and a pointer to a stack of certificates (\fBX509\fR) or to a stack of CRLs (\fBX509_CRL\fR) on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP \&\fBX509_STORE_set_cleanup()\fR sets the final cleanup function, which is called when the context (\fBX509_STORE_CTX\fR) is being torn down. This function doesn't return any value. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP \&\fBX509_STORE_get_verify_cb()\fR, \fBX509_STORE_CTX_get_verify()\fR, \&\fBX509_STORE_get_get_issuer()\fR, \fBX509_STORE_get_check_issued()\fR, \&\fBX509_STORE_get_check_revocation()\fR, \fBX509_STORE_get_get_crl()\fR, \&\fBX509_STORE_get_check_crl()\fR, \fBX509_STORE_set_verify()\fR, \&\fBX509_STORE_set_get_issuer()\fR, \fBX509_STORE_get_cert_crl()\fR, \&\fBX509_STORE_get_check_policy()\fR, \fBX509_STORE_get_lookup_certs()\fR, \&\fBX509_STORE_get_lookup_crls()\fR and \fBX509_STORE_get_cleanup()\fR all return the function pointer assigned with \fBX509_STORE_set_check_issued()\fR, \&\fBX509_STORE_set_check_revocation()\fR, \fBX509_STORE_set_get_crl()\fR, \&\fBX509_STORE_set_check_crl()\fR, \fBX509_STORE_set_cert_crl()\fR, \&\fBX509_STORE_set_check_policy()\fR, \fBX509_STORE_set_lookup_certs()\fR, \&\fBX509_STORE_set_lookup_crls()\fR and \fBX509_STORE_set_cleanup()\fR, or \s-1NULL\s0 if no assignment has been made. .PP \&\fBX509_STORE_set_verify_cb_func()\fR, \fBX509_STORE_set_verify_func()\fR and \&\fBX509_STORE_set_lookup_crls_cb()\fR are aliases for \&\fBX509_STORE_set_verify_cb()\fR, \fBX509_STORE_set_verify()\fR and X509_STORE_set_lookup_crls, available as macros for backward compatibility. .SH "NOTES" .IX Header "NOTES" All the callbacks from a \fBX509_STORE\fR are inherited by the corresponding \fBX509_STORE_CTX\fR structure when it is initialized. See \fBX509_STORE_CTX_set_verify_cb\fR\|(3) for further details. .SH "BUGS" .IX Header "BUGS" The macro version of this function was the only one available before OpenSSL 1.0.0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The X509_STORE_set_*() functions do not return a value. .PP The X509_STORE_get_*() functions return a pointer of the appropriate function type. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_STORE_CTX_set_verify_cb\fR\|(3), \fBX509_STORE_CTX_get0_chain\fR\|(3), \&\fBX509_STORE_CTX_verify_cb\fR\|(3), \fBX509_STORE_CTX_verify_fn\fR\|(3), \&\fBCMS_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBX509_STORE_set_verify_cb()\fR function was added in OpenSSL 1.0.0. .PP The functions \&\fBX509_STORE_set_verify_cb()\fR, \fBX509_STORE_get_verify_cb()\fR, \&\fBX509_STORE_set_verify()\fR, \fBX509_STORE_CTX_get_verify()\fR, \&\fBX509_STORE_set_get_issuer()\fR, \fBX509_STORE_get_get_issuer()\fR, \&\fBX509_STORE_set_check_issued()\fR, \fBX509_STORE_get_check_issued()\fR, \&\fBX509_STORE_set_check_revocation()\fR, \fBX509_STORE_get_check_revocation()\fR, \&\fBX509_STORE_set_get_crl()\fR, \fBX509_STORE_get_get_crl()\fR, \&\fBX509_STORE_set_check_crl()\fR, \fBX509_STORE_get_check_crl()\fR, \&\fBX509_STORE_set_cert_crl()\fR, \fBX509_STORE_get_cert_crl()\fR, \&\fBX509_STORE_set_check_policy()\fR, \fBX509_STORE_get_check_policy()\fR, \&\fBX509_STORE_set_lookup_certs()\fR, \fBX509_STORE_get_lookup_certs()\fR, \&\fBX509_STORE_set_lookup_crls()\fR, \fBX509_STORE_get_lookup_crls()\fR, \&\fBX509_STORE_set_cleanup()\fR and \fBX509_STORE_get_cleanup()\fR were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2009\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!RE(E(SSL_CTX_set_mode.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MODE 3" .TH SSL_CTX_SET_MODE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate SSL engine mode .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); \& long SSL_CTX_clear_mode(SSL_CTX *ctx, long mode); \& long SSL_set_mode(SSL *ssl, long mode); \& long SSL_clear_mode(SSL *ssl, long mode); \& \& long SSL_CTX_get_mode(SSL_CTX *ctx); \& long SSL_get_mode(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_mode()\fR adds the mode set via bit mask in \fBmode\fR to \fBctx\fR. Options already set before are not cleared. \&\fBSSL_CTX_clear_mode()\fR removes the mode set via bit mask in \fBmode\fR from \fBctx\fR. .PP \&\fBSSL_set_mode()\fR adds the mode set via bit mask in \fBmode\fR to \fBssl\fR. Options already set before are not cleared. \&\fBSSL_clear_mode()\fR removes the mode set via bit mask in \fBmode\fR from \fBssl\fR. .PP \&\fBSSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR. .PP \&\fBSSL_get_mode()\fR returns the mode set for \fBssl\fR. .SH "NOTES" .IX Header "NOTES" The following mode changes are available: .IP "\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0" 4 .IX Item "SSL_MODE_ENABLE_PARTIAL_WRITE" Allow SSL_write_ex(..., n, &r) to return with 0 < r < n (i.e. report success when just a single record has been written). This works in a similar way for \&\fBSSL_write()\fR. When not set (the default), \fBSSL_write_ex()\fR or \fBSSL_write()\fR will only report success once the complete chunk was written. Once \fBSSL_write_ex()\fR or \&\fBSSL_write()\fR returns successful, \fBr\fR bytes have been written and the next call to \fBSSL_write_ex()\fR or \fBSSL_write()\fR must only send the n\-r bytes left, imitating the behaviour of \fBwrite()\fR. .IP "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4 .IX Item "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER" Make it possible to retry \fBSSL_write_ex()\fR or \fBSSL_write()\fR with changed buffer location (the buffer contents must stay the same). This is not the default to avoid the misconception that nonblocking \fBSSL_write()\fR behaves like nonblocking \fBwrite()\fR. .IP "\s-1SSL_MODE_AUTO_RETRY\s0" 4 .IX Item "SSL_MODE_AUTO_RETRY" During normal operations, non-application data records might need to be sent or received that the application is not aware of. If a non-application data record was processed, \&\fBSSL_read_ex\fR\|(3) and \fBSSL_read\fR\|(3) can return with a failure and indicate the need to retry with \fB\s-1SSL_ERROR_WANT_READ\s0\fR. If such a non-application data record was processed, the flag \&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR causes it to try to process the next record instead of returning. .Sp In a nonblocking environment applications must be prepared to handle incomplete read/write operations. Setting \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR for a nonblocking \fB\s-1BIO\s0\fR will process non-application data records until either no more data is available or an application data record has been processed. .Sp In a blocking environment, applications are not always prepared to deal with the functions returning intermediate reports such as retry requests, and setting the \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR flag will cause the functions to only return after successfully processing an application data record or a failure. .Sp Turning off \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR can be useful with blocking \fB\s-1BIO\s0\fRs in case they are used in combination with something like \fBselect()\fR or \fBpoll()\fR. Otherwise the call to \fBSSL_read()\fR or \fBSSL_read_ex()\fR might hang when a non-application record was sent and no application data was sent. .IP "\s-1SSL_MODE_RELEASE_BUFFERS\s0" 4 .IX Item "SSL_MODE_RELEASE_BUFFERS" When we no longer need a read buffer or a write buffer for a given \s-1SSL,\s0 then release the memory we were using to hold it. Using this flag can save around 34k per idle \s-1SSL\s0 connection. This flag has no effect on \s-1SSL\s0 v2 connections, or on \s-1DTLS\s0 connections. .IP "\s-1SSL_MODE_SEND_FALLBACK_SCSV\s0" 4 .IX Item "SSL_MODE_SEND_FALLBACK_SCSV" Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. To be set only by applications that reconnect with a downgraded protocol version; see draft\-ietf\-tls\-downgrade\-scsv\-00 for details. .Sp \&\s-1DO NOT ENABLE THIS\s0 if your application attempts a normal handshake. Only use this in explicit fallback retries, following the guidance in draft\-ietf\-tls\-downgrade\-scsv\-00. .IP "\s-1SSL_MODE_ASYNC\s0" 4 .IX Item "SSL_MODE_ASYNC" Enable asynchronous processing. \s-1TLS I/O\s0 operations may indicate a retry with \&\s-1SSL_ERROR_WANT_ASYNC\s0 with this mode set if an asynchronous capable engine is used to perform cryptographic operations. See \fBSSL_get_error\fR\|(3). .IP "\s-1SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG\s0" 4 .IX Item "SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG" Older versions of OpenSSL had a bug in the computation of the label length used for computing the endpoint-pair shared secret. The bug was that the terminating zero was included in the length of the label. Setting this option enables this behaviour to allow interoperability with such broken implementations. Please note that setting this option breaks interoperability with correct implementations. This option only applies to \s-1DTLS\s0 over \s-1SCTP.\s0 .PP All modes are off by default except for \s-1SSL_MODE_AUTO_RETRY\s0 which is on by default since 1.1.1. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_mode()\fR and \fBSSL_set_mode()\fR return the new mode bit mask after adding \fBmode\fR. .PP \&\fBSSL_CTX_get_mode()\fR and \fBSSL_get_mode()\fR return the current bit mask. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) or \&\fBSSL_write\fR\|(3), \fBSSL_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1SSL_MODE_ASYNC\s0 was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!:gBIO_s_socket.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_S_SOCKET 3" .TH BIO_S_SOCKET 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_s_socket, BIO_new_socket \- socket BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const BIO_METHOD *BIO_s_socket(void); \& \& BIO *BIO_new_socket(int sock, int close_flag); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. This is a wrapper round the platform's socket routines. .PP \&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read or write the underlying socket. \&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not. .PP If the close flag is set then the socket is shut down and closed when the \s-1BIO\s0 is freed. .PP \&\fBBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR. .SH "NOTES" .IX Header "NOTES" Socket BIOs also support any relevant functionality of file descriptor BIOs. .PP The reason for having separate file descriptor and socket BIOs is that on some platforms sockets are not file descriptors and use distinct I/O routines, Windows is one such platform. Any code mixing the two will not work on all platforms. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. .PP \&\fBBIO_new_socket()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error occurred. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!uR 2 2EVP_EncodeInit.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_ENCODEINIT 3" .TH EVP_ENCODEINIT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_copy, EVP_ENCODE_CTX_num, EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock, EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock \- EVP base 64 encode/decode routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); \& void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); \& int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx); \& int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); \& void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); \& int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, \& const unsigned char *in, int inl); \& void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); \& int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); \& \& void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); \& int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, \& const unsigned char *in, int inl); \& int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); \& int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1EVP\s0 encode routines provide a high-level interface to base 64 encoding and decoding. Base 64 encoding converts binary data into a printable form that uses the characters A\-Z, a\-z, 0\-9, \*(L"+\*(R" and \*(L"/\*(R" to represent the data. For every 3 bytes of binary data provided 4 bytes of base 64 encoded data will be produced plus some occasional newlines (see below). If the input data length is not a multiple of 3 then the output data will be padded at the end using the \*(L"=\*(R" character. .PP \&\fBEVP_ENCODE_CTX_new()\fR allocates, initializes and returns a context to be used for the encode/decode functions. .PP \&\fBEVP_ENCODE_CTX_free()\fR cleans up an encode/decode context \fBctx\fR and frees up the space allocated to it. .PP Encoding of binary data is performed in blocks of 48 input bytes (or less for the final block). For each 48 byte input block encoded 64 bytes of base 64 data is output plus an additional newline character (i.e. 65 bytes in total). The final block (which may be less than 48 bytes) will output 4 bytes for every 3 bytes of input. If the data length is not divisible by 3 then a full 4 bytes is still output for the final 1 or 2 bytes of input. Similarly a newline character will also be output. .PP \&\fBEVP_EncodeInit()\fR initialises \fBctx\fR for the start of a new encoding operation. .PP \&\fBEVP_EncodeUpdate()\fR encode \fBinl\fR bytes of data found in the buffer pointed to by \&\fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes output is stored in \fB*outl\fR. It is the caller's responsibility to ensure that the buffer at \fBout\fR is sufficiently large to accommodate the output data. Only full blocks of data (48 bytes) will be immediately processed and output by this function. Any remainder is held in the \fBctx\fR object and will be processed by a subsequent call to \fBEVP_EncodeUpdate()\fR or \fBEVP_EncodeFinal()\fR. To calculate the required size of the output buffer add together the value of \fBinl\fR with the amount of unprocessed data held in \fBctx\fR and divide the result by 48 (ignore any remainder). This gives the number of blocks of data that will be processed. Ensure the output buffer contains 65 bytes of storage for each block, plus an additional byte for a \s-1NUL\s0 terminator. \fBEVP_EncodeUpdate()\fR may be called repeatedly to process large amounts of input data. In the event of an error \&\fBEVP_EncodeUpdate()\fR will set \fB*outl\fR to 0 and return 0. On success 1 will be returned. .PP \&\fBEVP_EncodeFinal()\fR must be called at the end of an encoding operation. It will process any partial block of data remaining in the \fBctx\fR object. The output data will be stored in \fBout\fR and the length of the data written will be stored in \fB*outl\fR. It is the caller's responsibility to ensure that \fBout\fR is sufficiently large to accommodate the output data which will never be more than 65 bytes plus an additional \s-1NUL\s0 terminator (i.e. 66 bytes in total). .PP \&\fBEVP_ENCODE_CTX_copy()\fR can be used to copy a context \fBsctx\fR to a context \&\fBdctx\fR. \fBdctx\fR must be initialized before calling this function. .PP \&\fBEVP_ENCODE_CTX_num()\fR will return the number of as yet unprocessed bytes still to be encoded or decoded that are pending in the \fBctx\fR object. .PP \&\fBEVP_EncodeBlock()\fR encodes a full block of input data in \fBf\fR and of length \&\fBn\fR and stores it in \fBt\fR. For every 3 bytes of input provided 4 bytes of output data will be produced. If \fBn\fR is not divisible by 3 then the block is encoded as a final block of data and the output is padded such that it is always divisible by 4. Additionally a \s-1NUL\s0 terminator character will be added. For example if 16 bytes of input data is provided then 24 bytes of encoded data is created plus 1 byte for a \s-1NUL\s0 terminator (i.e. 25 bytes in total). The length of the data generated \fIwithout\fR the \s-1NUL\s0 terminator is returned from the function. .PP \&\fBEVP_DecodeInit()\fR initialises \fBctx\fR for the start of a new decoding operation. .PP \&\fBEVP_DecodeUpdate()\fR decodes \fBinl\fR characters of data found in the buffer pointed to by \fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes output is stored in \fB*outl\fR. It is the caller's responsibility to ensure that the buffer at \fBout\fR is sufficiently large to accommodate the output data. This function will attempt to decode as much data as possible in 4 byte chunks. Any whitespace, newline or carriage return characters are ignored. Any partial chunk of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in the \fBctx\fR object and processed by a subsequent call to \fBEVP_DecodeUpdate()\fR. If any illegal base 64 characters are encountered or if the base 64 padding character \*(L"=\*(R" is encountered in the middle of the data then the function returns \&\-1 to indicate an error. A return value of 0 or 1 indicates successful processing of the data. A return value of 0 additionally indicates that the last input data characters processed included the base 64 padding character \*(L"=\*(R" and therefore no more non-padding character data is expected to be processed. For every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and line feeds), 3 bytes of binary output data will be produced (or less at the end of the data where the padding character \*(L"=\*(R" has been used). .PP \&\fBEVP_DecodeFinal()\fR must be called at the end of a decoding operation. If there is any unprocessed data still in \fBctx\fR then the input data must not have been a multiple of 4 and therefore an error has occurred. The function will return \-1 in this case. Otherwise the function returns 1 on success. .PP \&\fBEVP_DecodeBlock()\fR will decode the block of \fBn\fR characters of base 64 data contained in \fBf\fR and store the result in \fBt\fR. Any leading whitespace will be trimmed as will any trailing whitespace, newlines, carriage returns or \s-1EOF\s0 characters. After such trimming the length of the data in \fBf\fR must be divisible by 4. For every 4 input bytes exactly 3 output bytes will be produced. The output will be padded with 0 bits if necessary to ensure that the output is always 3 bytes for every 4 input bytes. This function will return the length of the data decoded or \-1 on error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_ENCODE_CTX_new()\fR returns a pointer to the newly allocated \s-1EVP_ENCODE_CTX\s0 object or \s-1NULL\s0 on error. .PP \&\fBEVP_ENCODE_CTX_num()\fR returns the number of bytes pending encoding or decoding in \&\fBctx\fR. .PP \&\fBEVP_EncodeUpdate()\fR returns 0 on error or 1 on success. .PP \&\fBEVP_EncodeBlock()\fR returns the number of bytes encoded excluding the \s-1NUL\s0 terminator. .PP \&\fBEVP_DecodeUpdate()\fR returns \-1 on error and 0 or 1 on success. If 0 is returned then no more non-padding base 64 characters are expected. .PP \&\fBEVP_DecodeFinal()\fR returns \-1 on error or 1 on success. .PP \&\fBEVP_DecodeBlock()\fR returns the length of the data decoded or \-1 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!DH_get_1024_160.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DH_GET_1024_160 3" .TH DH_GET_1024_160 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DH_get_1024_160, DH_get_2048_224, DH_get_2048_256, BN_get0_nist_prime_192, BN_get0_nist_prime_224, BN_get0_nist_prime_256, BN_get0_nist_prime_384, BN_get0_nist_prime_521, BN_get_rfc2409_prime_768, BN_get_rfc2409_prime_1024, BN_get_rfc3526_prime_1536, BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096, BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192 \&\- Create standardized public primes or DH pairs .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 4 \& #include \& DH *DH_get_1024_160(void) \& DH *DH_get_2048_224(void) \& DH *DH_get_2048_256(void) \& \& const BIGNUM *BN_get0_nist_prime_192(void) \& const BIGNUM *BN_get0_nist_prime_224(void) \& const BIGNUM *BN_get0_nist_prime_256(void) \& const BIGNUM *BN_get0_nist_prime_384(void) \& const BIGNUM *BN_get0_nist_prime_521(void) \& \& BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn) \& BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn) \& BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn) \& BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn) \& BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn) \& BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn) \& BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn) \& BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBDH_get_1024_160()\fR, \fBDH_get_2048_224()\fR, and \fBDH_get_2048_256()\fR each return a \s-1DH\s0 object for the \s-1IETF RFC 5114\s0 value. .PP \&\fBBN_get0_nist_prime_192()\fR, \fBBN_get0_nist_prime_224()\fR, \fBBN_get0_nist_prime_256()\fR, \&\fBBN_get0_nist_prime_384()\fR, and \fBBN_get0_nist_prime_521()\fR functions return a \s-1BIGNUM\s0 for the specific \s-1NIST\s0 prime curve (e.g., P\-256). .PP \&\fBBN_get_rfc2409_prime_768()\fR, \fBBN_get_rfc2409_prime_1024()\fR, \&\fBBN_get_rfc3526_prime_1536()\fR, \fBBN_get_rfc3526_prime_2048()\fR, \&\fBBN_get_rfc3526_prime_3072()\fR, \fBBN_get_rfc3526_prime_4096()\fR, \&\fBBN_get_rfc3526_prime_6144()\fR, and \fBBN_get_rfc3526_prime_8192()\fR functions return a \s-1BIGNUM\s0 for the specified size from \s-1IETF RFC 2409.\s0 If \fBbn\fR is not \s-1NULL,\s0 the \s-1BIGNUM\s0 will be set into that location as well. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Defined above. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!EpqpqEVP_PKEY_CTX_ctrl.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_CTRL 3" .TH EVP_PKEY_CTX_CTRL 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, EVP_PKEY_CTX_md, EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_get_signature_md, EVP_PKEY_CTX_set_mac_key, EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_CTX_get_rsa_padding, EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_get_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_keygen_bits, EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_rsa_keygen_primes, EVP_PKEY_CTX_set_rsa_mgf1_md, EVP_PKEY_CTX_get_rsa_mgf1_md, EVP_PKEY_CTX_set_rsa_oaep_md, EVP_PKEY_CTX_get_rsa_oaep_md, EVP_PKEY_CTX_set0_rsa_oaep_label, EVP_PKEY_CTX_get0_rsa_oaep_label, EVP_PKEY_CTX_set_dsa_paramgen_bits, EVP_PKEY_CTX_set_dsa_paramgen_q_bits, EVP_PKEY_CTX_set_dsa_paramgen_md, EVP_PKEY_CTX_set_dh_paramgen_prime_len, EVP_PKEY_CTX_set_dh_paramgen_subprime_len, EVP_PKEY_CTX_set_dh_paramgen_generator, EVP_PKEY_CTX_set_dh_paramgen_type, EVP_PKEY_CTX_set_dh_rfc5114, EVP_PKEY_CTX_set_dhx_rfc5114, EVP_PKEY_CTX_set_dh_pad, EVP_PKEY_CTX_set_dh_nid, EVP_PKEY_CTX_set_dh_kdf_type, EVP_PKEY_CTX_get_dh_kdf_type, EVP_PKEY_CTX_set0_dh_kdf_oid, EVP_PKEY_CTX_get0_dh_kdf_oid, EVP_PKEY_CTX_set_dh_kdf_md, EVP_PKEY_CTX_get_dh_kdf_md, EVP_PKEY_CTX_set_dh_kdf_outlen, EVP_PKEY_CTX_get_dh_kdf_outlen, EVP_PKEY_CTX_set0_dh_kdf_ukm, EVP_PKEY_CTX_get0_dh_kdf_ukm, EVP_PKEY_CTX_set_ec_paramgen_curve_nid, EVP_PKEY_CTX_set_ec_param_enc, EVP_PKEY_CTX_set_ecdh_cofactor_mode, EVP_PKEY_CTX_get_ecdh_cofactor_mode, EVP_PKEY_CTX_set_ecdh_kdf_type, EVP_PKEY_CTX_get_ecdh_kdf_type, EVP_PKEY_CTX_set_ecdh_kdf_md, EVP_PKEY_CTX_get_ecdh_kdf_md, EVP_PKEY_CTX_set_ecdh_kdf_outlen, EVP_PKEY_CTX_get_ecdh_kdf_outlen, EVP_PKEY_CTX_set0_ecdh_kdf_ukm, EVP_PKEY_CTX_get0_ecdh_kdf_ukm, EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len \&\- algorithm specific control operations .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, \& int cmd, int p1, void *p2); \& int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, \& int cmd, uint64_t value); \& int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, \& const char *value); \& \& int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); \& \& int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); \& int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd); \& \& int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, unsigned char *key, int len); \& \& #include \& \& int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad); \& int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad); \& int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len); \& int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *len); \& int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits); \& int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); \& int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes); \& int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); \& int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); \& int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); \& int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); \& int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len); \& int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); \& \& #include \& \& int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); \& int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits); \& int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); \& \& #include \& \& int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len); \& int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int len); \& int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen); \& int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int type); \& int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad); \& int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid); \& int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); \& int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); \& int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); \& int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx); \& int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid); \& int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid); \& int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); \& int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); \& int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); \& int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); \& int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); \& int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); \& \& #include \& \& int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); \& int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc); \& int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode); \& int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx); \& int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); \& int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx); \& int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); \& int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); \& int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); \& int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); \& int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); \& int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); \& \& int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len); \& int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id); \& int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The function \fBEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context \&\fBctx\fR. The key type used must match \fBkeytype\fR if it is not \-1. The parameter \&\fBoptype\fR is a mask indicating which operations the control can be applied to. The control command is indicated in \fBcmd\fR and any additional arguments in \&\fBp1\fR and \fBp2\fR. .PP For \fBcmd\fR = \fB\s-1EVP_PKEY_CTRL_SET_MAC_KEY\s0\fR, \fBp1\fR is the length of the \s-1MAC\s0 key, and \fBp2\fR is \s-1MAC\s0 key. This is used by Poly1305, SipHash, \s-1HMAC\s0 and \s-1CMAC.\s0 .PP Applications will not normally call \fBEVP_PKEY_CTX_ctrl()\fR directly but will instead call one of the algorithm specific macros below. .PP The function \fBEVP_PKEY_CTX_ctrl_uint64()\fR is a wrapper that directly passes a uint64 value as \fBp2\fR to \fBEVP_PKEY_CTX_ctrl()\fR. .PP The function \fBEVP_PKEY_CTX_ctrl_str()\fR allows an application to send an algorithm specific control operation to a context \fBctx\fR in string form. This is intended to be used for options specified on the command line or in text files. The commands supported are documented in the openssl utility command line pages for the option \fB\-pkeyopt\fR which is supported by the \&\fBpkeyutl\fR, \fBgenpkey\fR and \fBreq\fR commands. .PP The function \fBEVP_PKEY_CTX_md()\fR sends a message digest control operation to the context \fBctx\fR. The message digest is specified by its name \fBmd\fR. .PP All the remaining \*(L"functions\*(R" are implemented as macros. .PP The \fBEVP_PKEY_CTX_set_signature_md()\fR macro sets the message digest type used in a signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms. .PP The \fBEVP_PKEY_CTX_get_signature_md()\fR macro gets the message digest type used in a signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms. .PP Key generation typically involves setting up parameters to be used and generating the private and public key data. Some algorithm implementations allow private key data to be set explicitly using the \fBEVP_PKEY_CTX_set_mac_key()\fR macro. In this case key generation is simply the process of setting up the parameters for the key and then setting the raw key data to the value explicitly provided by that macro. Normally applications would call \&\fBEVP_PKEY_new_raw_private_key\fR\|(3) or similar functions instead of this macro. .PP The \fBEVP_PKEY_CTX_set_mac_key()\fR macro can be used with any of the algorithms supported by the \fBEVP_PKEY_new_raw_private_key\fR\|(3) function. .SS "\s-1RSA\s0 parameters" .IX Subsection "RSA parameters" The \fBEVP_PKEY_CTX_set_rsa_padding()\fR macro sets the \s-1RSA\s0 padding mode for \fBctx\fR. The \fBpad\fR parameter can take the value \fB\s-1RSA_PKCS1_PADDING\s0\fR for PKCS#1 padding, \fB\s-1RSA_SSLV23_PADDING\s0\fR for SSLv23 padding, \fB\s-1RSA_NO_PADDING\s0\fR for no padding, \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR for \s-1OAEP\s0 padding (encrypt and decrypt only), \fB\s-1RSA_X931_PADDING\s0\fR for X9.31 padding (signature operations only) and \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR (sign and verify only). .PP Two \s-1RSA\s0 padding modes behave differently if \fBEVP_PKEY_CTX_set_signature_md()\fR is used. If this macro is called for PKCS#1 padding the plaintext buffer is an actual digest value and is encapsulated in a DigestInfo structure according to PKCS#1 when signing and this structure is expected (and stripped off) when verifying. If this control is not used with \s-1RSA\s0 and PKCS#1 padding then the supplied data is used directly and not encapsulated. In the case of X9.31 padding for \s-1RSA\s0 the algorithm identifier byte is added or checked and removed if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte. .PP The \fBEVP_PKEY_CTX_get_rsa_padding()\fR macro gets the \s-1RSA\s0 padding mode for \fBctx\fR. .PP The \fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA PSS\s0 salt length to \&\fBlen\fR. As its name implies it is only supported for \s-1PSS\s0 padding. Three special values are supported: \fB\s-1RSA_PSS_SALTLEN_DIGEST\s0\fR sets the salt length to the digest length, \fB\s-1RSA_PSS_SALTLEN_MAX\s0\fR sets the salt length to the maximum permissible value. When verifying \fB\s-1RSA_PSS_SALTLEN_AUTO\s0\fR causes the salt length to be automatically determined based on the \fB\s-1PSS\s0\fR block structure. If this macro is not called maximum salt length is used when signing and auto detection when verifying is used by default. .PP The \fBEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR macro gets the \s-1RSA PSS\s0 salt length for \fBctx\fR. The padding mode must have been set to \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. .PP The \fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for \&\s-1RSA\s0 key generation to \fBbits\fR. If not specified 1024 bits is used. .PP The \fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value for \s-1RSA\s0 key generation to \fBpubexp\fR. Currently it should be an odd integer. The \&\fBpubexp\fR pointer is used internally by this function so it should not be modified or freed after the call. If not specified 65537 is used. .PP The \fBEVP_PKEY_CTX_set_rsa_keygen_primes()\fR macro sets the number of primes for \&\s-1RSA\s0 key generation to \fBprimes\fR. If not specified 2 is used. .PP The \fBEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macro sets the \s-1MGF1\s0 digest for \s-1RSA\s0 padding schemes to \fBmd\fR. If not explicitly set the signing digest is used. The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. .PP The \fBEVP_PKEY_CTX_get_rsa_mgf1_md()\fR macro gets the \s-1MGF1\s0 digest for \fBctx\fR. If not explicitly set the signing digest is used. The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. .PP The \fBEVP_PKEY_CTX_set_rsa_oaep_md()\fR macro sets the message digest type used in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to \&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. .PP The \fBEVP_PKEY_CTX_get_rsa_oaep_md()\fR macro gets the message digest type used in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to \&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. .PP The \fBEVP_PKEY_CTX_set0_rsa_oaep_label()\fR macro sets the \s-1RSA OAEP\s0 label to \&\fBlabel\fR and its length to \fBlen\fR. If \fBlabel\fR is \s-1NULL\s0 or \fBlen\fR is 0, the label is cleared. The library takes ownership of the label so the caller should not free the original memory pointed to by \fBlabel\fR. The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. .PP The \fBEVP_PKEY_CTX_get0_rsa_oaep_label()\fR macro gets the \s-1RSA OAEP\s0 label to \&\fBlabel\fR. The return value is the label length. The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. The resulting pointer is owned by the library and should not be freed by the caller. .SS "\s-1DSA\s0 parameters" .IX Subsection "DSA parameters" The \fBEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR macro sets the number of bits used for \s-1DSA\s0 parameter generation to \fBnbits\fR. If not specified, 1024 is used. .PP The \fBEVP_PKEY_CTX_set_dsa_paramgen_q_bits()\fR macro sets the number of bits in the subprime parameter \fBq\fR for \s-1DSA\s0 parameter generation to \fBqbits\fR. If not specified, 160 is used. If a digest function is specified below, this parameter is ignored and instead, the number of bits in \fBq\fR matches the size of the digest. .PP The \fBEVP_PKEY_CTX_set_dsa_paramgen_md()\fR macro sets the digest function used for \&\s-1DSA\s0 parameter generation to \fBmd\fR. If not specified, one of \s-1SHA\-1, SHA\-224,\s0 or \&\s-1SHA\-256\s0 is selected to match the bit length of \fBq\fR above. .SS "\s-1DH\s0 parameters" .IX Subsection "DH parameters" The \fBEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR macro sets the length of the \s-1DH\s0 prime parameter \fBp\fR for \s-1DH\s0 parameter generation. If this macro is not called then 1024 is used. Only accepts lengths greater than or equal to 256. .PP The \fBEVP_PKEY_CTX_set_dh_paramgen_subprime_len()\fR macro sets the length of the \s-1DH\s0 optional subprime parameter \fBq\fR for \s-1DH\s0 parameter generation. The default is 256 if the prime is at least 2048 bits long or 160 otherwise. The \s-1DH\s0 paramgen type must have been set to x9.42. .PP The \fBEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fBgen\fR for \s-1DH\s0 parameter generation. If not specified 2 is used. .PP The \fBEVP_PKEY_CTX_set_dh_paramgen_type()\fR macro sets the key type for \s-1DH\s0 parameter generation. Use 0 for PKCS#3 \s-1DH\s0 and 1 for X9.42 \s-1DH.\s0 The default is 0. .PP The \fBEVP_PKEY_CTX_set_dh_pad()\fR macro sets the \s-1DH\s0 padding mode. If \fBpad\fR is 1 the shared secret is padded with zeros up to the size of the \s-1DH\s0 prime \fBp\fR. If \fBpad\fR is zero (the default) then no padding is performed. .PP \&\fBEVP_PKEY_CTX_set_dh_nid()\fR sets the \s-1DH\s0 parameters to values corresponding to \&\fBnid\fR as defined in \s-1RFC7919.\s0 The \fBnid\fR parameter must be \fBNID_ffdhe2048\fR, \&\fBNID_ffdhe3072\fR, \fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR, \fBNID_ffdhe8192\fR or \fBNID_undef\fR to clear the stored value. This macro can be called during parameter or key generation. The nid parameter and the rfc5114 parameter are mutually exclusive. .PP The \fBEVP_PKEY_CTX_set_dh_rfc5114()\fR and \fBEVP_PKEY_CTX_set_dhx_rfc5114()\fR macros are synonymous. They set the \s-1DH\s0 parameters to the values defined in \s-1RFC5114.\s0 The \&\fBrfc5114\fR parameter must be 1, 2 or 3 corresponding to \s-1RFC5114\s0 sections 2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called during parameter generation. The \fBctx\fR must have a key type of \&\fB\s-1EVP_PKEY_DHX\s0\fR. The rfc5114 parameter and the nid parameter are mutually exclusive. .SS "\s-1DH\s0 key derivation function parameters" .IX Subsection "DH key derivation function parameters" Note that all of the following functions require that the \fBctx\fR parameter has a private key type of \fB\s-1EVP_PKEY_DHX\s0\fR. When using key derivation, the output of \&\fBEVP_PKEY_derive()\fR is the output of the \s-1KDF\s0 instead of the \s-1DH\s0 shared secret. The \s-1KDF\s0 output is typically used as a Key Encryption Key (\s-1KEK\s0) that in turn encrypts a Content Encryption Key (\s-1CEK\s0). .PP The \fBEVP_PKEY_CTX_set_dh_kdf_type()\fR macro sets the key derivation function type to \fBkdf\fR for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR which uses the key derivation specified in \s-1RFC2631\s0 (based on the keying algorithm described in X9.42). When using key derivation, the \fBkdf_oid\fR, \fBkdf_md\fR and \fBkdf_outlen\fR parameters must also be specified. .PP The \fBEVP_PKEY_CTX_get_dh_kdf_type()\fR macro gets the key derivation function type for \fBctx\fR used for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR. .PP The \fBEVP_PKEY_CTX_set0_dh_kdf_oid()\fR macro sets the key derivation function object identifier to \fBoid\fR for \s-1DH\s0 key derivation. This \s-1OID\s0 should identify the algorithm to be used with the Content Encryption Key. The library takes ownership of the object identifier so the caller should not free the original memory pointed to by \fBoid\fR. .PP The \fBEVP_PKEY_CTX_get0_dh_kdf_oid()\fR macro gets the key derivation function oid for \fBctx\fR used for \s-1DH\s0 key derivation. The resulting pointer is owned by the library and should not be freed by the caller. .PP The \fBEVP_PKEY_CTX_set_dh_kdf_md()\fR macro sets the key derivation function message digest to \fBmd\fR for \s-1DH\s0 key derivation. Note that \s-1RFC2631\s0 specifies that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. .PP The \fBEVP_PKEY_CTX_get_dh_kdf_md()\fR macro gets the key derivation function message digest for \fBctx\fR used for \s-1DH\s0 key derivation. .PP The \fBEVP_PKEY_CTX_set_dh_kdf_outlen()\fR macro sets the key derivation function output length to \fBlen\fR for \s-1DH\s0 key derivation. .PP The \fBEVP_PKEY_CTX_get_dh_kdf_outlen()\fR macro gets the key derivation function output length for \fBctx\fR used for \s-1DH\s0 key derivation. .PP The \fBEVP_PKEY_CTX_set0_dh_kdf_ukm()\fR macro sets the user key material to \&\fBukm\fR and its length to \fBlen\fR for \s-1DH\s0 key derivation. This parameter is optional and corresponds to the partyAInfo field in \s-1RFC2631\s0 terms. The specification requires that it is 512 bits long but this is not enforced by OpenSSL. The library takes ownership of the user key material so the caller should not free the original memory pointed to by \fBukm\fR. .PP The \fBEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR. The return value is the user key material length. The resulting pointer is owned by the library and should not be freed by the caller. .SS "\s-1EC\s0 parameters" .IX Subsection "EC parameters" The \fBEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter generation to \fBnid\fR. For \s-1EC\s0 parameter generation this macro must be called or an error occurs because there is no default curve. This function can also be called to set the curve explicitly when generating an \s-1EC\s0 key. .PP The \fBEVP_PKEY_CTX_set_ec_param_enc()\fR macro sets the \s-1EC\s0 parameter encoding to \&\fBparam_enc\fR when generating \s-1EC\s0 parameters or an \s-1EC\s0 key. The encoding can be \&\fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR for explicit parameters (the default in versions of OpenSSL before 1.1.0) or \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR to use named curve form. For maximum compatibility the named curve form should be used. Note: the \&\fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR value was added in OpenSSL 1.1.0; previous versions should use 0 instead. .SS "\s-1ECDH\s0 parameters" .IX Subsection "ECDH parameters" The \fBEVP_PKEY_CTX_set_ecdh_cofactor_mode()\fR macro sets the cofactor mode to \&\fBcofactor_mode\fR for \s-1ECDH\s0 key derivation. Possible values are 1 to enable cofactor key derivation, 0 to disable it and \-1 to clear the stored cofactor mode and fallback to the private key cofactor mode. .PP The \fBEVP_PKEY_CTX_get_ecdh_cofactor_mode()\fR macro returns the cofactor mode for \&\fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are 1 when cofactor key derivation is enabled and 0 otherwise. .SS "\s-1ECDH\s0 key derivation function parameters" .IX Subsection "ECDH key derivation function parameters" The \fBEVP_PKEY_CTX_set_ecdh_kdf_type()\fR macro sets the key derivation function type to \fBkdf\fR for \s-1ECDH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR which uses the key derivation specified in X9.63. When using key derivation, the \fBkdf_md\fR and \fBkdf_outlen\fR parameters must also be specified. .PP The \fBEVP_PKEY_CTX_get_ecdh_kdf_type()\fR macro returns the key derivation function type for \fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are \&\fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR. .PP The \fBEVP_PKEY_CTX_set_ecdh_kdf_md()\fR macro sets the key derivation function message digest to \fBmd\fR for \s-1ECDH\s0 key derivation. Note that X9.63 specifies that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. .PP The \fBEVP_PKEY_CTX_get_ecdh_kdf_md()\fR macro gets the key derivation function message digest for \fBctx\fR used for \s-1ECDH\s0 key derivation. .PP The \fBEVP_PKEY_CTX_set_ecdh_kdf_outlen()\fR macro sets the key derivation function output length to \fBlen\fR for \s-1ECDH\s0 key derivation. .PP The \fBEVP_PKEY_CTX_get_ecdh_kdf_outlen()\fR macro gets the key derivation function output length for \fBctx\fR used for \s-1ECDH\s0 key derivation. .PP The \fBEVP_PKEY_CTX_set0_ecdh_kdf_ukm()\fR macro sets the user key material to \fBukm\fR for \s-1ECDH\s0 key derivation. This parameter is optional and corresponds to the shared info in X9.63 terms. The library takes ownership of the user key material so the caller should not free the original memory pointed to by \fBukm\fR. .PP The \fBEVP_PKEY_CTX_get0_ecdh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR. The return value is the user key material length. The resulting pointer is owned by the library and should not be freed by the caller. .SS "Other parameters" .IX Subsection "Other parameters" The \fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and \fBEVP_PKEY_CTX_get1_id_len()\fR macros are used to manipulate the special identifier field for specific signature algorithms such as \s-1SM2.\s0 The \fBEVP_PKEY_CTX_set1_id()\fR sets an \s-1ID\s0 pointed by \fBid\fR with the length \fBid_len\fR to the library. The library takes a copy of the id so that the caller can safely free the original memory pointed to by \fBid\fR. The \&\fBEVP_PKEY_CTX_get1_id_len()\fR macro returns the length of the \s-1ID\s0 set via a previous call to \fBEVP_PKEY_CTX_set1_id()\fR. The length is usually used to allocate adequate memory for further calls to \fBEVP_PKEY_CTX_get1_id()\fR. The \fBEVP_PKEY_CTX_get1_id()\fR macro returns the previously set \s-1ID\s0 value to caller in \fBid\fR. The caller should allocate adequate memory space for the \fBid\fR before calling \fBEVP_PKEY_CTX_get1_id()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_CTX_ctrl()\fR and its macros return a positive value for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_encrypt\fR\|(3), \&\fBEVP_PKEY_decrypt\fR\|(3), \&\fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_verify\fR\|(3), \&\fBEVP_PKEY_verify_recover\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3), \&\fBEVP_PKEY_keygen\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \&\fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and \fBEVP_PKEY_CTX_get1_id_len()\fR macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ٮ)) UI_STRING.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "UI_STRING 3" .TH UI_STRING 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" UI_STRING, UI_string_types, UI_get_string_type, UI_get_input_flags, UI_get0_output_string, UI_get0_action_string, UI_get0_result_string, UI_get_result_string_length, UI_get0_test_string, UI_get_result_minsize, UI_get_result_maxsize, UI_set_result, UI_set_result_ex \&\- User interface string parsing .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef struct ui_string_st UI_STRING; \& \& enum UI_string_types { \& UIT_NONE = 0, \& UIT_PROMPT, /* Prompt for a string */ \& UIT_VERIFY, /* Prompt for a string and verify */ \& UIT_BOOLEAN, /* Prompt for a yes/no response */ \& UIT_INFO, /* Send info to the user */ \& UIT_ERROR /* Send an error message to the user */ \& }; \& \& enum UI_string_types UI_get_string_type(UI_STRING *uis); \& int UI_get_input_flags(UI_STRING *uis); \& const char *UI_get0_output_string(UI_STRING *uis); \& const char *UI_get0_action_string(UI_STRING *uis); \& const char *UI_get0_result_string(UI_STRING *uis); \& int UI_get_result_string_length(UI_STRING *uis); \& const char *UI_get0_test_string(UI_STRING *uis); \& int UI_get_result_minsize(UI_STRING *uis); \& int UI_get_result_maxsize(UI_STRING *uis); \& int UI_set_result(UI *ui, UI_STRING *uis, const char *result); \& int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fB\s-1UI_STRING\s0\fR gets created internally and added to a \fB\s-1UI\s0\fR whenever one of the functions \fBUI_add_input_string()\fR, \fBUI_dup_input_string()\fR, \&\fBUI_add_verify_string()\fR, \fBUI_dup_verify_string()\fR, \&\fBUI_add_input_boolean()\fR, \fBUI_dup_input_boolean()\fR, \fBUI_add_info_string()\fR, \&\fBUI_dup_info_string()\fR, \fBUI_add_error_string()\fR or \fBUI_dup_error_string()\fR is called. For a \fB\s-1UI_METHOD\s0\fR user, there's no need to know more. For a \fB\s-1UI_METHOD\s0\fR creator, it is of interest to fetch text from these \&\fB\s-1UI_STRING\s0\fR objects as well as adding results to some of them. .PP \&\fBUI_get_string_type()\fR is used to retrieve the type of the given \&\fB\s-1UI_STRING\s0\fR. .PP \&\fBUI_get_input_flags()\fR is used to retrieve the flags associated with the given \fB\s-1UI_STRING\s0\fR. .PP \&\fBUI_get0_output_string()\fR is used to retrieve the actual string to output (prompt, info, error, ...). .PP \&\fBUI_get0_action_string()\fR is used to retrieve the action description associated with a \fB\s-1UIT_BOOLEAN\s0\fR type \fB\s-1UI_STRING\s0\fR. For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned. See \fBUI_add_input_boolean\fR\|(3). .PP \&\fBUI_get0_result_string()\fR and \fBUI_get_result_string_length()\fR are used to retrieve the result of a prompt and its length. This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings. For all other \fB\s-1UI_STRING\s0\fR types, \fBUI_get0_result_string()\fR returns \s-1NULL\s0 and \fBUI_get_result_string_length()\fR returns \-1. .PP \&\fBUI_get0_test_string()\fR is used to retrieve the string to compare the prompt result with. This is only useful for \fB\s-1UIT_VERIFY\s0\fR type strings. For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned. .PP \&\fBUI_get_result_minsize()\fR and \fBUI_get_result_maxsize()\fR are used to retrieve the minimum and maximum required size of the result. This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings. For all other \fB\s-1UI_STRING\s0\fR types, \-1 is returned. .PP \&\fBUI_set_result_ex()\fR is used to set the result value of a prompt and its length. For \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, this sets the result retrievable with \fBUI_get0_result_string()\fR by copying the contents of \fBresult\fR if its length fits the minimum and maximum size requirements. For \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, this sets the first character of the result retrievable with \fBUI_get0_result_string()\fR to the first \&\fBok_char\fR given with \fBUI_add_input_boolean()\fR or \fBUI_dup_input_boolean()\fR if the \fBresult\fR matched any of them, or the first of the \&\fBcancel_chars\fR if the \fBresult\fR matched any of them, otherwise it's set to the \s-1NUL\s0 char \f(CW\*(C`\e0\*(C'\fR. See \fBUI_add_input_boolean\fR\|(3) for more information on \fBok_chars\fR and \&\fBcancel_chars\fR. .PP \&\fBUI_set_result()\fR does the same thing as \fBUI_set_result_ex()\fR, but calculates its length internally. It expects the string to be terminated with a \s-1NUL\s0 byte, and is therefore only useful with normal C strings. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBUI_get_string_type()\fR returns the \s-1UI\s0 string type. .PP \&\fBUI_get_input_flags()\fR returns the \s-1UI\s0 string flags. .PP \&\fBUI_get0_output_string()\fR returns the \s-1UI\s0 string output string. .PP \&\fBUI_get0_action_string()\fR returns the \s-1UI\s0 string action description string for \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. .PP \&\fBUI_get0_result_string()\fR returns the \s-1UI\s0 string result buffer for \&\fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. .PP \&\fBUI_get_result_string_length()\fR returns the \s-1UI\s0 string result buffer's content length for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \&\-1 for any other type. .PP \&\fBUI_get0_test_string()\fR returns the \s-1UI\s0 string action description string for \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. .PP \&\fBUI_get_result_minsize()\fR returns the minimum allowed result size for the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings, \&\-1 for any other type. .PP \&\fBUI_get_result_maxsize()\fR returns the minimum allowed result size for the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings, \&\-1 for any other type. .PP \&\fBUI_set_result()\fR returns 0 on success or when the \s-1UI\s0 string is of any type other than \fB\s-1UIT_PROMPT\s0\fR, \fB\s-1UIT_VERIFY\s0\fR or \fB\s-1UIT_BOOLEAN\s0\fR, \-1 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\s-1\fBUI\s0\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!lT - -CRYPTO_get_ex_new_index.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CRYPTO_GET_EX_NEW_INDEX 3" .TH CRYPTO_GET_EX_NEW_INDEX 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CRYPTO_EX_new, CRYPTO_EX_free, CRYPTO_EX_dup, CRYPTO_free_ex_index, CRYPTO_get_ex_new_index, CRYPTO_set_ex_data, CRYPTO_get_ex_data, CRYPTO_free_ex_data, CRYPTO_new_ex_data \&\- functions supporting application\-specific data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int CRYPTO_get_ex_new_index(int class_index, \& long argl, void *argp, \& CRYPTO_EX_new *new_func, \& CRYPTO_EX_dup *dup_func, \& CRYPTO_EX_free *free_func); \& \& typedef void CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, \& int idx, long argl, void *argp); \& typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, \& int idx, long argl, void *argp); \& typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, \& void *from_d, int idx, long argl, void *argp); \& \& int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) \& \& int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg); \& \& void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx); \& \& void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *r); \& \& int CRYPTO_free_ex_index(int class_index, int idx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" Several OpenSSL structures can have application-specific data attached to them, known as \*(L"exdata.\*(R" The specific structures are: .PP .Vb 10 \& APP \& BIO \& DH \& DRBG \& DSA \& EC_KEY \& ENGINE \& RSA \& SSL \& SSL_CTX \& SSL_SESSION \& UI \& UI_METHOD \& X509 \& X509_STORE \& X509_STORE_CTX .Ve .PP Each is identified by an \fBCRYPTO_EX_INDEX_xxx\fR define in the \fBcrypto.h\fR header file. In addition, \fB\s-1CRYPTO_EX_INDEX_APP\s0\fR is reserved for applications to use this facility for their own structures. .PP The \s-1API\s0 described here is used by OpenSSL to manipulate exdata for specific structures. Since the application data can be anything at all it is passed and retrieved as a \fBvoid *\fR type. .PP The \fB\s-1CRYPTO_EX_DATA\s0\fR type is opaque. To initialize the exdata part of a structure, call \fBCRYPTO_new_ex_data()\fR. This is only necessary for \&\fB\s-1CRYPTO_EX_INDEX_APP\s0\fR objects. .PP Exdata types are identified by an \fBindex\fR, an integer guaranteed to be unique within structures for the lifetime of the program. Applications using exdata typically call \fBCRYPTO_get_ex_new_index\fR at startup, and store the result in a global variable, or write a wrapper function to provide lazy evaluation. The \fBclass_index\fR should be one of the \&\fBCRYPTO_EX_INDEX_xxx\fR values. The \fBargl\fR and \fBargp\fR parameters are saved to be passed to the callbacks but are otherwise not used. In order to transparently manipulate exdata, three callbacks must be provided. The semantics of those callbacks are described below. .PP When copying or releasing objects with exdata, the callback functions are called in increasing order of their \fBindex\fR value. .PP If a dynamic library can be unloaded, it should call \fBCRYPTO_free_ex_index()\fR when this is done. This will replace the callbacks with no-ops so that applications don't crash. Any existing exdata will be leaked. .PP To set or get the exdata on an object, the appropriate type-specific routine must be used. This is because the containing structure is opaque and the \fB\s-1CRYPTO_EX_DATA\s0\fR field is not accessible. In both \s-1API\s0's, the \&\fBidx\fR parameter should be an already-created index value. .PP When setting exdata, the pointer specified with a particular index is saved, and returned on a subsequent \*(L"get\*(R" call. If the application is going to release the data, it must make sure to set a \fB\s-1NULL\s0\fR value at the index, to avoid likely double-free crashes. .PP The function \fBCRYPTO_free_ex_data\fR is used to free all exdata attached to a structure. The appropriate type-specific routine must be used. The \fBclass_index\fR identifies the structure type, the \fBobj\fR is a pointer to the actual structure, and \fBr\fR is a pointer to the structure's exdata field. .SS "Callback Functions" .IX Subsection "Callback Functions" This section describes how the callback functions are used. Applications that are defining their own exdata using \fB\s-1CYPRTO_EX_INDEX_APP\s0\fR must call them as described here. .PP When a structure is initially allocated (such as \fBRSA_new()\fR) then the \&\fBnew_func()\fR is called for every defined index. There is no requirement that the entire parent, or containing, structure has been set up. The \fBnew_func()\fR is typically used only to allocate memory to store the exdata, and perhaps an \*(L"initialized\*(R" flag within that memory. The exdata value should be set by calling \fBCRYPTO_set_ex_data()\fR. .PP When a structure is free'd (such as \fBSSL_CTX_free()\fR) then the \&\fBfree_func()\fR is called for every defined index. Again, the state of the parent structure is not guaranteed. The \fBfree_func()\fR may be called with a \&\s-1NULL\s0 pointer. .PP Both \fBnew_func()\fR and \fBfree_func()\fR take the same parameters. The \fBparent\fR is the pointer to the structure that contains the exdata. The \fBptr\fR is the current exdata item; for \fBnew_func()\fR this will typically be \s-1NULL.\s0 The \fBr\fR parameter is a pointer to the exdata field of the object. The \fBidx\fR is the index and is the value returned when the callbacks were initially registered via \fBCRYPTO_get_ex_new_index()\fR and can be used if the same callback handles different types of exdata. .PP \&\fBdup_func()\fR is called when a structure is being copied. This is only done for \fB\s-1SSL\s0\fR, \fB\s-1SSL_SESSION\s0\fR, \fB\s-1EC_KEY\s0\fR objects and \fB\s-1BIO\s0\fR chains via \&\fBBIO_dup_chain()\fR. The \fBto\fR and \fBfrom\fR parameters are pointers to the destination and source \fB\s-1CRYPTO_EX_DATA\s0\fR structures, respectively. The \fBfrom_d\fR parameter needs to be cast to a \fBvoid **pptr\fR as the \s-1API\s0 has currently the wrong signature; that will be changed in a future version. The \fB*pptr\fR is a pointer to the source exdata. When the \fBdup_func()\fR returns, the value in \fB*pptr\fR is copied to the destination ex_data. If the pointer contained in \fB*pptr\fR is not modified by the \fBdup_func()\fR, then both \fBto\fR and \fBfrom\fR will point to the same data. The \fBidx\fR, \fBargl\fR and \fBargp\fR parameters are as described for the other two callbacks. If the \fBdup_func()\fR returns \fB0\fR the whole \fBCRYPTO_dup_ex_data()\fR will fail. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCRYPTO_get_ex_new_index()\fR returns a new index or \-1 on failure. .PP \&\fBCRYPTO_free_ex_index()\fR and \&\fBCRYPTO_set_ex_data()\fR return 1 on success or 0 on failure. .PP \&\fBCRYPTO_get_ex_data()\fR returns the application data or \s-1NULL\s0 on failure; note that \s-1NULL\s0 may be a valid value. .PP \&\fBdup_func()\fR should return 0 for failure and 1 for success. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!hi EVP_aria.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_ARIA 3" .TH EVP_ARIA 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_aria_128_cbc, EVP_aria_192_cbc, EVP_aria_256_cbc, EVP_aria_128_cfb, EVP_aria_192_cfb, EVP_aria_256_cfb, EVP_aria_128_cfb1, EVP_aria_192_cfb1, EVP_aria_256_cfb1, EVP_aria_128_cfb8, EVP_aria_192_cfb8, EVP_aria_256_cfb8, EVP_aria_128_cfb128, EVP_aria_192_cfb128, EVP_aria_256_cfb128, EVP_aria_128_ctr, EVP_aria_192_ctr, EVP_aria_256_ctr, EVP_aria_128_ecb, EVP_aria_192_ecb, EVP_aria_256_ecb, EVP_aria_128_ofb, EVP_aria_192_ofb, EVP_aria_256_ofb, EVP_aria_128_ccm, EVP_aria_192_ccm, EVP_aria_256_ccm, EVP_aria_128_gcm, EVP_aria_192_gcm, EVP_aria_256_gcm, \&\- EVP ARIA cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_CIPHER *EVP_ciphername(void) .Ve .PP \&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher functions, such as \fIEVP_aria_128_cbc\fR. .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1ARIA\s0 encryption algorithm for \s-1EVP.\s0 .IP "\fBEVP_aria_128_cbc()\fR, \fBEVP_aria_192_cbc()\fR, \fBEVP_aria_256_cbc()\fR, \fBEVP_aria_128_cfb()\fR, \fBEVP_aria_192_cfb()\fR, \fBEVP_aria_256_cfb()\fR, \fBEVP_aria_128_cfb1()\fR, \fBEVP_aria_192_cfb1()\fR, \fBEVP_aria_256_cfb1()\fR, \fBEVP_aria_128_cfb8()\fR, \fBEVP_aria_192_cfb8()\fR, \fBEVP_aria_256_cfb8()\fR, \fBEVP_aria_128_cfb128()\fR, \fBEVP_aria_192_cfb128()\fR, \fBEVP_aria_256_cfb128()\fR, \fBEVP_aria_128_ctr()\fR, \fBEVP_aria_192_ctr()\fR, \fBEVP_aria_256_ctr()\fR, \fBEVP_aria_128_ecb()\fR, \fBEVP_aria_192_ecb()\fR, \fBEVP_aria_256_ecb()\fR, \fBEVP_aria_128_ofb()\fR, \fBEVP_aria_192_ofb()\fR, \fBEVP_aria_256_ofb()\fR" 4 .IX Item "EVP_aria_128_cbc(), EVP_aria_192_cbc(), EVP_aria_256_cbc(), EVP_aria_128_cfb(), EVP_aria_192_cfb(), EVP_aria_256_cfb(), EVP_aria_128_cfb1(), EVP_aria_192_cfb1(), EVP_aria_256_cfb1(), EVP_aria_128_cfb8(), EVP_aria_192_cfb8(), EVP_aria_256_cfb8(), EVP_aria_128_cfb128(), EVP_aria_192_cfb128(), EVP_aria_256_cfb128(), EVP_aria_128_ctr(), EVP_aria_192_ctr(), EVP_aria_256_ctr(), EVP_aria_128_ecb(), EVP_aria_192_ecb(), EVP_aria_256_ecb(), EVP_aria_128_ofb(), EVP_aria_192_ofb(), EVP_aria_256_ofb()" \&\s-1ARIA\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with 128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0 .IP "\fBEVP_aria_128_ccm()\fR, \fBEVP_aria_192_ccm()\fR, \fBEVP_aria_256_ccm()\fR, \fBEVP_aria_128_gcm()\fR, \fBEVP_aria_192_gcm()\fR, \fBEVP_aria_256_gcm()\fR," 4 .IX Item "EVP_aria_128_ccm(), EVP_aria_192_ccm(), EVP_aria_256_ccm(), EVP_aria_128_gcm(), EVP_aria_192_gcm(), EVP_aria_256_gcm()," \&\s-1ARIA\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0) and Galois Counter Mode (\s-1GCM\s0). These ciphers require additional control operations to function correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for details. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!AAEC_GROUP_copy.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EC_GROUP_COPY 3" .TH EC_GROUP_COPY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor, EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp, EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, EC_GROUP_get_pentanomial_basis \&\- Functions for manipulating EC_GROUP objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); \& EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); \& \& const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); \& \& int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, \& const BIGNUM *order, const BIGNUM *cofactor); \& const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); \& \& int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); \& const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); \& int EC_GROUP_order_bits(const EC_GROUP *group); \& int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx); \& const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); \& \& void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); \& int EC_GROUP_get_curve_name(const EC_GROUP *group); \& \& void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); \& int EC_GROUP_get_asn1_flag(const EC_GROUP *group); \& \& void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form); \& point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group); \& \& unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); \& size_t EC_GROUP_get_seed_len(const EC_GROUP *); \& size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); \& \& int EC_GROUP_get_degree(const EC_GROUP *group); \& \& int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); \& \& int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); \& \& int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); \& \& int EC_GROUP_get_basis_type(const EC_GROUP *); \& int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); \& int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, \& unsigned int *k2, unsigned int *k3); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBEC_GROUP_copy()\fR copies the curve \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR must use the same \s-1EC_METHOD.\s0 .PP \&\fBEC_GROUP_dup()\fR creates a new \s-1EC_GROUP\s0 object and copies the content from \fBsrc\fR to the newly created \&\s-1EC_GROUP\s0 object. .PP \&\fBEC_GROUP_method_of()\fR obtains the \s-1EC_METHOD\s0 of \fBgroup\fR. .PP \&\fBEC_GROUP_set_generator()\fR sets curve parameters that must be agreed by all participants using the curve. These parameters include the \fBgenerator\fR, the \fBorder\fR and the \fBcofactor\fR. The \fBgenerator\fR is a well defined point on the curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and n\-1 where n is the \fBorder\fR. The \fBorder\fR multiplied by the \fBcofactor\fR gives the number of points on the curve. .PP \&\fBEC_GROUP_get0_generator()\fR returns the generator for the identified \fBgroup\fR. .PP \&\fBEC_GROUP_get_order()\fR retrieves the order of \fBgroup\fR and copies its value into \&\fBorder\fR. It fails in case \fBgroup\fR is not fully initialized (i.e., its order is not set or set to zero). .PP \&\fBEC_GROUP_get_cofactor()\fR retrieves the cofactor of \fBgroup\fR and copies its value into \fBcofactor\fR. It fails in case \fBgroup\fR is not fully initialized or if the cofactor is not set (or set to zero). .PP The functions \fBEC_GROUP_set_curve_name()\fR and \fBEC_GROUP_get_curve_name()\fR, set and get the \s-1NID\s0 for the curve respectively (see \fBEC_GROUP_new\fR\|(3)). If a curve does not have a \s-1NID\s0 associated with it, then EC_GROUP_get_curve_name will return NID_undef. .PP The asn1_flag value is used to determine whether the curve encoding uses explicit parameters or a named curve using an \s-1ASN1 OID:\s0 many applications only support the latter form. If asn1_flag is \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR then the named curve form is used and the parameters must have a corresponding named curve \s-1NID\s0 set. If asn1_flags is \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR the parameters are explicitly encoded. The functions \fBEC_GROUP_get_asn1_flag()\fR and \&\fBEC_GROUP_set_asn1_flag()\fR get and set the status of the asn1_flag for the curve. Note: \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR was added in OpenSSL 1.1.0, for previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL 1.1.0 the default form was to use explicit parameters (meaning that applications would have to explicitly set the named curve form) in OpenSSL 1.1.0 and later the named curve form is the default. .PP The point_conversion_form for a curve controls how \s-1EC_POINT\s0 data is encoded as \s-1ASN1\s0 as defined in X9.62 (\s-1ECDSA\s0). point_conversion_form_t is an enum defined as follows: .PP .Vb 10 \& typedef enum { \& /** the point is encoded as z||x, where the octet z specifies \& * which solution of the quadratic equation y is */ \& POINT_CONVERSION_COMPRESSED = 2, \& /** the point is encoded as z||x||y, where z is the octet 0x04 */ \& POINT_CONVERSION_UNCOMPRESSED = 4, \& /** the point is encoded as z||x||y, where the octet z specifies \& * which solution of the quadratic equation y is */ \& POINT_CONVERSION_HYBRID = 6 \& } point_conversion_form_t; .Ve .PP For \s-1POINT_CONVERSION_UNCOMPRESSED\s0 the point is encoded as an octet signifying the \s-1UNCOMPRESSED\s0 form has been used followed by the octets for x, followed by the octets for y. .PP For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For \&\s-1POINT_CONVERSION_COMPRESSED\s0 the point is encoded as an octet signifying that the \s-1COMPRESSED\s0 form has been used \s-1AND\s0 which of the two possible solutions for y has been used, followed by the octets for x. .PP For \s-1POINT_CONVERSION_HYBRID\s0 the point is encoded as an octet signifying the \s-1HYBRID\s0 form has been used \s-1AND\s0 which of the two possible solutions for y has been used, followed by the octets for x, followed by the octets for y. .PP The functions \fBEC_GROUP_set_point_conversion_form()\fR and \fBEC_GROUP_get_point_conversion_form()\fR, set and get the point_conversion_form for the curve respectively. .PP \&\s-1ANSI X9.62\s0 (\s-1ECDSA\s0 standard) defines a method of generating the curve parameter b from a random number. This provides advantages in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it. If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL \s-1EC\s0 library does not use this seed value but does enable you to inspect it using \fBEC_GROUP_get0_seed()\fR. This returns a pointer to a memory block containing the seed that was used. The length of the memory block can be obtained using \fBEC_GROUP_get_seed_len()\fR. A number of the built-in curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using \&\fBEC_GROUP_set_seed()\fR and passing a pointer to a memory block, along with the length of the seed. Again, the \s-1EC\s0 library will not use this seed value, although it will be preserved in any \s-1ASN1\s0 based communications. .PP \&\fBEC_GROUP_get_degree()\fR gets the degree of the field. For Fp fields this will be the number of bits in p. For F2^m fields this will be the value m. .PP The function \fBEC_GROUP_check_discriminant()\fR calculates the discriminant for the curve and verifies that it is valid. For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is simply b. In either case for the curve to be valid the discriminant must be non zero. .PP The function \fBEC_GROUP_check()\fR performs a number of checks on a curve to verify that it is valid. Checks performed include verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has the correct order. .PP \&\fBEC_GROUP_cmp()\fR compares \fBa\fR and \fBb\fR to determine whether they represent the same curve or not. .PP The functions \fBEC_GROUP_get_basis_type()\fR, \fBEC_GROUP_get_trinomial_basis()\fR and \fBEC_GROUP_get_pentanomial_basis()\fR should only be called for curves defined over an F2^m field. Addition and multiplication operations within an F2^m field are performed using an irreducible polynomial function f(x). This function is either a trinomial of the form: .PP f(x) = x^m + x^k + 1 with m > k >= 1 .PP or a pentanomial of the form: .PP f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1 .PP The function \fBEC_GROUP_get_basis_type()\fR returns a \s-1NID\s0 identifying whether a trinomial or pentanomial is in use for the field. The function \fBEC_GROUP_get_trinomial_basis()\fR must only be called where f(x) is of the trinomial form, and returns the value of \fBk\fR. Similarly the function \fBEC_GROUP_get_pentanomial_basis()\fR must only be called where f(x) is of the pentanomial form, and returns the values of \fBk1\fR, \&\fBk2\fR and \fBk3\fR respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following functions return 1 on success or 0 on error: \fBEC_GROUP_copy()\fR, \fBEC_GROUP_set_generator()\fR, \fBEC_GROUP_check()\fR, \&\fBEC_GROUP_check_discriminant()\fR, \fBEC_GROUP_get_trinomial_basis()\fR and \fBEC_GROUP_get_pentanomial_basis()\fR. .PP \&\fBEC_GROUP_dup()\fR returns a pointer to the duplicated curve, or \s-1NULL\s0 on error. .PP \&\fBEC_GROUP_method_of()\fR returns the \s-1EC_METHOD\s0 implementation in use for the given curve or \s-1NULL\s0 on error. .PP \&\fBEC_GROUP_get0_generator()\fR returns the generator for the given curve or \s-1NULL\s0 on error. .PP \&\fBEC_GROUP_get_order()\fR returns 0 if the order is not set (or set to zero) for \&\fBgroup\fR or if copying into \fBorder\fR fails, 1 otherwise. .PP \&\fBEC_GROUP_get_cofactor()\fR returns 0 if the cofactor is not set (or is set to zero) for \fBgroup\fR or if copying into \fBcofactor\fR fails, 1 otherwise. .PP \&\fBEC_GROUP_get_curve_name()\fR returns the curve name (\s-1NID\s0) for \fBgroup\fR or will return NID_undef if no curve name is associated. .PP \&\fBEC_GROUP_get_asn1_flag()\fR returns the \s-1ASN1\s0 flag for the specified \fBgroup\fR . .PP \&\fBEC_GROUP_get_point_conversion_form()\fR returns the point_conversion_form for \fBgroup\fR. .PP \&\fBEC_GROUP_get_degree()\fR returns the degree for \fBgroup\fR or 0 if the operation is not supported by the underlying group implementation. .PP \&\fBEC_GROUP_get0_order()\fR returns an internal pointer to the group order. \&\fBEC_GROUP_order_bits()\fR returns the number of bits in the group order. \&\fBEC_GROUP_get0_cofactor()\fR returns an internal pointer to the group cofactor. .PP \&\fBEC_GROUP_get0_seed()\fR returns a pointer to the seed that was used to generate the parameter b, or \s-1NULL\s0 if the seed is not specified. \fBEC_GROUP_get_seed_len()\fR returns the length of the seed or 0 if the seed is not specified. .PP \&\fBEC_GROUP_set_seed()\fR returns the length of the seed that has been set. If the supplied seed is \s-1NULL,\s0 or the supplied seed length is 0, the return value will be 1. On error 0 is returned. .PP \&\fBEC_GROUP_cmp()\fR returns 0 if the curves are equal, 1 if they are not equal, or \-1 on error. .PP \&\fBEC_GROUP_get_basis_type()\fR returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in ) for a trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!lL;;!SSL_COMP_add_compression_method.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_COMP_ADD_COMPRESSION_METHOD 3" .TH SSL_COMP_ADD_COMPRESSION_METHOD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_COMP_add_compression_method, SSL_COMP_get_compression_methods, SSL_COMP_get0_name, SSL_COMP_get_id, SSL_COMP_free_compression_methods \&\- handle SSL/TLS integrated compression methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); \& STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); \& const char *SSL_COMP_get0_name(const SSL_COMP *comp); \& int SSL_COMP_get_id(const SSL_COMP *comp); .Ve .PP Deprecated: .PP .Vb 3 \& #if OPENSSL_API_COMPAT < 0x10100000L \& void SSL_COMP_free_compression_methods(void) \& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_COMP_add_compression_method()\fR adds the compression method \fBcm\fR with the identifier \fBid\fR to the list of available compression methods. This list is globally maintained for all \s-1SSL\s0 operations within this application. It cannot be set for specific \s-1SSL_CTX\s0 or \s-1SSL\s0 objects. .PP \&\fBSSL_COMP_get_compression_methods()\fR returns a stack of all of the available compression methods or \s-1NULL\s0 on error. .PP \&\fBSSL_COMP_get0_name()\fR returns the name of the compression method \fBcomp\fR. .PP \&\fBSSL_COMP_get_id()\fR returns the id of the compression method \fBcomp\fR. .PP \&\fBSSL_COMP_free_compression_methods()\fR releases any resources acquired to maintain the internal table of compression methods. .SH "NOTES" .IX Header "NOTES" The \s-1TLS\s0 standard (or SSLv3) allows the integration of compression methods into the communication. The \s-1TLS RFC\s0 does however not specify compression methods or their corresponding identifiers, so there is currently no compatible way to integrate compression with unknown peers. It is therefore currently not recommended to integrate compression into applications. Applications for non-public use may agree on certain compression methods. Using different compression methods with the same identifier will lead to connection failure. .PP An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) will unconditionally send the list of all compression methods enabled with \&\fBSSL_COMP_add_compression_method()\fR to the server during the handshake. Unlike the mechanisms to set a cipher list, there is no method available to restrict the list of compression method on a per connection basis. .PP An OpenSSL server will match the identifiers listed by a client against its own compression methods and will unconditionally activate compression when a matching identifier is found. There is no way to restrict the list of compression methods supported on a per connection basis. .PP If enabled during compilation, the OpenSSL library will have the \&\fBCOMP_zlib()\fR compression method available. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_COMP_add_compression_method()\fR may return the following values: .IP "0" 4 The operation succeeded. .IP "1" 4 .IX Item "1" The operation failed. Check the error queue to find out the reason. .PP \&\fBSSL_COMP_get_compression_methods()\fR returns the stack of compressions methods or \&\s-1NULL\s0 on error. .PP \&\fBSSL_COMP_get0_name()\fR returns the name of the compression method or \s-1NULL\s0 on error. .PP \&\fBSSL_COMP_get_id()\fR returns the name of the compression method or \-1 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_COMP_free_compression_methods()\fR function was deprecated in OpenSSL 1.1.0. The \fBSSL_COMP_get0_name()\fR and \fBSSL_comp_get_id()\fR functions were added in OpenSSL 1.1.0d. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!K?j=%=%SSL_get_ciphers.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_CIPHERS 3" .TH SSL_GET_CIPHERS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get1_supported_ciphers, SSL_get_client_ciphers, SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_bytes_to_cipher_list, SSL_get_cipher_list, SSL_get_shared_ciphers \&\- get list of available SSL_CIPHERs .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); \& STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); \& STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); \& STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl); \& int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, \& int isv2format, STACK_OF(SSL_CIPHER) **sk, \& STACK_OF(SSL_CIPHER) **scsvs); \& const char *SSL_get_cipher_list(const SSL *ssl, int priority); \& char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBssl\fR, sorted by preference. If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 is returned. .PP \&\fBSSL_CTX_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBctx\fR. .PP \&\fBSSL_get1_supported_ciphers()\fR returns the stack of enabled SSL_CIPHERs for \&\fBssl\fR as would be sent in a ClientHello (that is, sorted by preference). The list depends on settings like the cipher list, the supported protocol versions, the security level, and the enabled signature algorithms. \&\s-1SRP\s0 and \s-1PSK\s0 ciphers are only enabled if the appropriate callbacks or settings have been applied. The list of ciphers that would be sent in a ClientHello can differ from the list of ciphers that would be acceptable when acting as a server. For example, additional ciphers may be usable by a server if there is a gap in the list of supported protocols, and some ciphers may not be usable by a server if there is not a suitable certificate configured. If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 is returned. .PP \&\fBSSL_get_client_ciphers()\fR returns the stack of available SSL_CIPHERs matching the list received from the client on \fBssl\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are available, or \fBssl\fR is not operating in server mode, \s-1NULL\s0 is returned. .PP \&\fBSSL_bytes_to_cipher_list()\fR treats the supplied \fBlen\fR octets in \fBbytes\fR as a wire-protocol cipher suite specification (in the three-octet-per-cipher SSLv2 wire format if \fBisv2format\fR is nonzero; otherwise the two-octet SSLv3/TLS wire format), and parses the cipher suites supported by the library into the returned stacks of \s-1SSL_CIPHER\s0 objects sk and Signalling Cipher-Suite Values scsvs. Unsupported cipher suites are ignored. Returns 1 on success and 0 on failure. .PP \&\fBSSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0 listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0 is returned. .PP \&\fBSSL_get_shared_ciphers()\fR creates a colon separated and \s-1NUL\s0 terminated list of \&\s-1SSL_CIPHER\s0 names that are available in both the client and the server. \fBbuf\fR is the buffer that should be populated with the list of names and \fBsize\fR is the size of that buffer. A pointer to \fBbuf\fR is returned on success or \s-1NULL\s0 on error. If the supplied buffer is not large enough to contain the complete list of names then a truncated list of names will be returned. Note that just because a ciphersuite is available (i.e. it is configured in the cipher list) and shared by both the client and the server it does not mean that it is enabled (see the description of \fBSSL_get1_supported_ciphers()\fR above). This function will return available shared ciphersuites whether or not they are enabled. This is a server side function only and must only be called after the completion of the initial handshake. .SH "NOTES" .IX Header "NOTES" The details of the ciphers obtained by \fBSSL_get_ciphers()\fR, \fBSSL_CTX_get_ciphers()\fR \&\fBSSL_get1_supported_ciphers()\fR and \fBSSL_get_client_ciphers()\fR can be obtained using the \fBSSL_CIPHER_get_name\fR\|(3) family of functions. .PP Call \fBSSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the sorted list of available ciphers, until \s-1NULL\s0 is returned. .PP Note: \fBSSL_get_ciphers()\fR, \fBSSL_CTX_get_ciphers()\fR and \fBSSL_get_client_ciphers()\fR return a pointer to an internal cipher stack, which will be freed later on when the \s-1SSL\s0 or \s-1SSL_SESSION\s0 object is freed. Therefore, the calling code \fB\s-1MUST NOT\s0\fR free the return value itself. .PP The stack returned by \fBSSL_get1_supported_ciphers()\fR should be freed using \&\fBsk_SSL_CIPHER_free()\fR. .PP The stacks returned by \fBSSL_bytes_to_cipher_list()\fR should be freed using \&\fBsk_SSL_CIPHER_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" See \s-1DESCRIPTION\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3), \&\fBSSL_CIPHER_get_name\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!??UI_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "UI_NEW 3" .TH UI_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" UI, UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, UI_add_error_string, UI_dup_error_string, UI_construct_prompt, UI_add_user_data, UI_dup_user_data, UI_get0_user_data, UI_get0_result, UI_get_result_length, UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, UI_set_method, UI_OpenSSL, UI_null \- user interface .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef struct ui_st UI; \& \& UI *UI_new(void); \& UI *UI_new_method(const UI_METHOD *method); \& void UI_free(UI *ui); \& \& int UI_add_input_string(UI *ui, const char *prompt, int flags, \& char *result_buf, int minsize, int maxsize); \& int UI_dup_input_string(UI *ui, const char *prompt, int flags, \& char *result_buf, int minsize, int maxsize); \& int UI_add_verify_string(UI *ui, const char *prompt, int flags, \& char *result_buf, int minsize, int maxsize, \& const char *test_buf); \& int UI_dup_verify_string(UI *ui, const char *prompt, int flags, \& char *result_buf, int minsize, int maxsize, \& const char *test_buf); \& int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, \& const char *ok_chars, const char *cancel_chars, \& int flags, char *result_buf); \& int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, \& const char *ok_chars, const char *cancel_chars, \& int flags, char *result_buf); \& int UI_add_info_string(UI *ui, const char *text); \& int UI_dup_info_string(UI *ui, const char *text); \& int UI_add_error_string(UI *ui, const char *text); \& int UI_dup_error_string(UI *ui, const char *text); \& \& char *UI_construct_prompt(UI *ui_method, \& const char *object_desc, const char *object_name); \& \& void *UI_add_user_data(UI *ui, void *user_data); \& int UI_dup_user_data(UI *ui, void *user_data); \& void *UI_get0_user_data(UI *ui); \& \& const char *UI_get0_result(UI *ui, int i); \& int UI_get_result_length(UI *ui, int i); \& \& int UI_process(UI *ui); \& \& int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()); \& \& void UI_set_default_method(const UI_METHOD *meth); \& const UI_METHOD *UI_get_default_method(void); \& const UI_METHOD *UI_get_method(UI *ui); \& const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); \& \& UI_METHOD *UI_OpenSSL(void); \& const UI_METHOD *UI_null(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1UI\s0 stands for User Interface, and is general purpose set of routines to prompt the user for text-based information. Through user-written methods (see \fBUI_create_method\fR\|(3)), prompting can be done in any way imaginable, be it plain text prompting, through dialog boxes or from a cell phone. .PP All the functions work through a context of the type \s-1UI.\s0 This context contains all the information needed to prompt correctly as well as a reference to a \s-1UI_METHOD,\s0 which is an ordered vector of functions that carry out the actual prompting. .PP The first thing to do is to create a \s-1UI\s0 with \fBUI_new()\fR or \fBUI_new_method()\fR, then add information to it with the UI_add or UI_dup functions. Also, user-defined random data can be passed down to the underlying method through calls to \fBUI_add_user_data()\fR or \fBUI_dup_user_data()\fR. The default \&\s-1UI\s0 method doesn't care about these data, but other methods might. Finally, use \fBUI_process()\fR to actually perform the prompting and \fBUI_get0_result()\fR and \fBUI_get_result_length()\fR to find the result to the prompt and its length. .PP A \s-1UI\s0 can contain more than one prompt, which are performed in the given sequence. Each prompt gets an index number which is returned by the UI_add and UI_dup functions, and has to be used to get the corresponding result with \fBUI_get0_result()\fR and \fBUI_get_result_length()\fR. .PP \&\fBUI_process()\fR can be called more than once on the same \s-1UI,\s0 thereby allowing a \s-1UI\s0 to have a long lifetime, but can just as well have a short lifetime. .PP The functions are as follows: .PP \&\fBUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with this \s-1UI,\s0 it should be freed using \fBUI_free()\fR. .PP \&\fBUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with this \s-1UI,\s0 it should be freed using \fBUI_free()\fR. .PP \&\fBUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not necessarily the default one, since the default can be changed. See further on). This method is the most machine/OS dependent part of OpenSSL and normally generates the most problems when porting. .PP \&\fBUI_null()\fR returns a \s-1UI\s0 method that does nothing. Its use is to avoid getting internal defaults for passed \s-1UI_METHOD\s0 pointers. .PP \&\fBUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory that's connected to it, like duplicated input strings, results and others. If \fBui\fR is \s-1NULL\s0 nothing is done. .PP \&\fBUI_add_input_string()\fR and \fBUI_add_verify_string()\fR add a prompt to the \s-1UI,\s0 as well as flags and a result buffer and the desired minimum and maximum sizes of the result, not counting the final \s-1NUL\s0 character. The given information is used to prompt for information, for example a password, and to verify a password (i.e. having the user enter it twice and check that the same string was entered twice). \fBUI_add_verify_string()\fR takes and extra argument that should be a pointer to the result buffer of the input string that it's supposed to verify, or verification will fail. .PP \&\fBUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered in a boolean way, with a single character for yes and a different character for no. A set of characters that can be used to cancel the prompt is given as well. The prompt itself is divided in two, one part being the descriptive text (given through the \fIprompt\fR argument) and one describing the possible answers (given through the \fIaction_desc\fR argument). .PP \&\fBUI_add_info_string()\fR and \fBUI_add_error_string()\fR add strings that are shown at the same time as the prompt for extra information or to show an error string. The difference between the two is only conceptual. With the builtin method, there's no technical difference between them. Other methods may make a difference between them, however. .PP The flags currently supported are \fB\s-1UI_INPUT_FLAG_ECHO\s0\fR, which is relevant for \&\fBUI_add_input_string()\fR and will have the users response be echoed (when prompting for a password, this flag should obviously not be used, and \&\fB\s-1UI_INPUT_FLAG_DEFAULT_PWD\s0\fR, which means that a default password of some sort will be used (completely depending on the application and the \s-1UI\s0 method). .PP \&\fBUI_dup_input_string()\fR, \fBUI_dup_verify_string()\fR, \fBUI_dup_input_boolean()\fR, \&\fBUI_dup_info_string()\fR and \fBUI_dup_error_string()\fR are basically the same as their UI_add counterparts, except that they make their own copies of all strings. .PP \&\fBUI_construct_prompt()\fR is a helper function that can be used to create a prompt from two pieces of information: an description and a name. The default constructor (if there is none provided by the method used) creates a string "Enter \fIdescription\fR for \fIname\fR:\*(L". With the description \*(R"pass phrase\*(L" and the filename \*(R"foo.key\*(L", that becomes \&\*(R"Enter pass phrase for foo.key:". Other methods may create whatever string and may include encodings that will be processed by the other method functions. .PP \&\fBUI_add_user_data()\fR adds a user data pointer for the method to use at any time. The builtin \s-1UI\s0 method doesn't care about this info. Note that several calls to this function doesn't add data, it replaces the previous blob with the one given as argument. .PP \&\fBUI_dup_user_data()\fR duplicates the user data and works as an alternative to \fBUI_add_user_data()\fR when the user data needs to be preserved for a longer duration, perhaps even the lifetime of the application. The \s-1UI\s0 object takes ownership of this duplicate and will free it whenever it gets replaced or the \s-1UI\s0 is destroyed. \fBUI_dup_user_data()\fR returns 0 on success, or \-1 on memory allocation failure or if the method doesn't have a duplicator function. .PP \&\fBUI_get0_user_data()\fR retrieves the data that has last been given to the \&\s-1UI\s0 with \fBUI_add_user_data()\fR or UI_dup_user_data. .PP \&\fBUI_get0_result()\fR returns a pointer to the result buffer associated with the information indexed by \fIi\fR. .PP \&\fBUI_get_result_length()\fR returns the length of the result buffer associated with the information indexed by \fIi\fR. .PP \&\fBUI_process()\fR goes through the information given so far, does all the printing and prompting and returns the final status, which is \-2 on out-of-band events (Interrupt, Cancel, ...), \-1 on error and 0 on success. .PP \&\fBUI_ctrl()\fR adds extra control for the application author. For now, it understands two commands: \fB\s-1UI_CTRL_PRINT_ERRORS\s0\fR, which makes \fBUI_process()\fR print the OpenSSL error stack as part of processing the \s-1UI,\s0 and \&\fB\s-1UI_CTRL_IS_REDOABLE\s0\fR, which returns a flag saying if the used \s-1UI\s0 can be used again or not. .PP \&\fBUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given. This function is not thread-safe and should not be called at the same time as other OpenSSL functions. .PP \&\fBUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method. .PP \&\fBUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI.\s0 .PP \&\fBUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI.\s0 .SH "NOTES" .IX Header "NOTES" The resulting strings that the built in method \fBUI_OpenSSL()\fR generate are assumed to be encoded according to the current locale or (for Windows) code page. For applications having different demands, these strings need to be converted appropriately by the caller. For Windows, if the \s-1OPENSSL_WIN32_UTF8\s0 environment variable is set, the built-in method \fBUI_OpenSSL()\fR will produce \s-1UTF\-8\s0 encoded strings instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBUI_new()\fR and \fBUI_new_method()\fR return a valid \fB\s-1UI\s0\fR structure or \s-1NULL\s0 if an error occurred. .PP \&\fBUI_add_input_string()\fR, \fBUI_dup_input_string()\fR, \fBUI_add_verify_string()\fR, \&\fBUI_dup_verify_string()\fR, \fBUI_add_input_boolean()\fR, \fBUI_dup_input_boolean()\fR, \&\fBUI_add_info_string()\fR, \fBUI_dup_info_string()\fR, \fBUI_add_error_string()\fR and \fBUI_dup_error_string()\fR return a positive number on success or a value which is less than or equal to 0 otherwise. .PP \&\fBUI_construct_prompt()\fR returns a string or \s-1NULL\s0 if an error occurred. .PP \&\fBUI_dup_user_data()\fR returns 0 on success or \-1 on error. .PP \&\fBUI_get0_result()\fR returns a string or \s-1NULL\s0 on error. .PP \&\fBUI_get_result_length()\fR returns a positive integer or 0 on success; otherwise it returns \-1 on error. .PP \&\fBUI_process()\fR returns 0 on success or a negative value on error. .PP \&\fBUI_ctrl()\fR returns a mask on success or \-1 on error. .PP \&\fBUI_get_default_method()\fR, \fBUI_get_method()\fR, \fBUI_OpenSSL()\fR, \fBUI_null()\fR and \&\fBUI_set_method()\fR return either a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 respectively. .SH "HISTORY" .IX Header "HISTORY" The \fBUI_dup_user_data()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!Snx'x'ASN1_INTEGER_get_int64.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ASN1_INTEGER_GET_INT64 3" .TH ASN1_INTEGER_GET_INT64 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64, ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN \&\- ASN.1 INTEGER and ENUMERATED utilities .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); \& long ASN1_INTEGER_get(const ASN1_INTEGER *a); \& \& int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); \& int ASN1_INTEGER_set(const ASN1_INTEGER *a, long v); \& \& int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); \& int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); \& \& ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); \& BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); \& \& int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); \& long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); \& \& int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); \& int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); \& \& ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); \& BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions convert to and from \fB\s-1ASN1_INTEGER\s0\fR and \fB\s-1ASN1_ENUMERATED\s0\fR structures. .PP \&\fBASN1_INTEGER_get_int64()\fR converts an \fB\s-1ASN1_INTEGER\s0\fR into an \fBint64_t\fR type If successful it returns 1 and sets \fB*pr\fR to the value of \fBa\fR. If it fails (due to invalid type or the value being too big to fit into an \fBint64_t\fR type) it returns 0. .PP \&\fBASN1_INTEGER_get_uint64()\fR is similar to \fBASN1_INTEGER_get_int64_t()\fR except it converts to a \fBuint64_t\fR type and an error is returned if the passed integer is negative. .PP \&\fBASN1_INTEGER_get()\fR also returns the value of \fBa\fR but it returns 0 if \fBa\fR is \&\s-1NULL\s0 and \-1 on error (which is ambiguous because \-1 is a legitimate value for an \fB\s-1ASN1_INTEGER\s0\fR). New applications should use \fBASN1_INTEGER_get_int64()\fR instead. .PP \&\fBASN1_INTEGER_set_int64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the \&\fBint64_t\fR value \fBr\fR. .PP \&\fBASN1_INTEGER_set_uint64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the \&\fBuint64_t\fR value \fBr\fR. .PP \&\fBASN1_INTEGER_set()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the \fBlong\fR value \&\fBv\fR. .PP \&\fBBN_to_ASN1_INTEGER()\fR converts \fB\s-1BIGNUM\s0\fR \fBbn\fR to an \fB\s-1ASN1_INTEGER\s0\fR. If \fBai\fR is \s-1NULL\s0 a new \fB\s-1ASN1_INTEGER\s0\fR structure is returned. If \fBai\fR is not \s-1NULL\s0 then the existing structure will be used instead. .PP \&\fBASN1_INTEGER_to_BN()\fR converts \s-1ASN1_INTEGER\s0 \fBai\fR into a \fB\s-1BIGNUM\s0\fR. If \fBbn\fR is \&\s-1NULL\s0 a new \fB\s-1BIGNUM\s0\fR structure is returned. If \fBbn\fR is not \s-1NULL\s0 then the existing structure will be used instead. .PP \&\fBASN1_ENUMERATED_get_int64()\fR, \fBASN1_ENUMERATED_set_int64()\fR, \&\fBASN1_ENUMERATED_set()\fR, \fBBN_to_ASN1_ENUMERATED()\fR and \fBASN1_ENUMERATED_to_BN()\fR behave in an identical way to their \s-1ASN1_INTEGER\s0 counterparts except they operate on an \fB\s-1ASN1_ENUMERATED\s0\fR value. .PP \&\fBASN1_ENUMERATED_get()\fR returns the value of \fBa\fR in a similar way to \&\fBASN1_INTEGER_get()\fR but it returns \fB0xffffffffL\fR if the value of \fBa\fR will not fit in a long type. New applications should use \fBASN1_ENUMERATED_get_int64()\fR instead. .SH "NOTES" .IX Header "NOTES" In general an \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1ASN1_ENUMERATED\s0\fR type can contain an integer of almost arbitrary size and so cannot always be represented by a C \&\fBint64_t\fR type. However, in many cases (for example version numbers) they represent small integers which can be more easily manipulated if converted to an appropriate C integer type. .SH "BUGS" .IX Header "BUGS" The ambiguous return values of \fBASN1_INTEGER_get()\fR and \fBASN1_ENUMERATED_get()\fR mean these functions should be avoided if possible. They are retained for compatibility. Normally the ambiguous return values are not legitimate values for the fields they represent. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASN1_INTEGER_set_int64()\fR, \fBASN1_INTEGER_set()\fR, \fBASN1_ENUMERATED_set_int64()\fR and \&\fBASN1_ENUMERATED_set()\fR return 1 for success and 0 for failure. They will only fail if a memory allocation error occurs. .PP \&\fBASN1_INTEGER_get_int64()\fR and \fBASN1_ENUMERATED_get_int64()\fR return 1 for success and 0 for failure. They will fail if the passed type is incorrect (this will only happen if there is a programming error) or if the value exceeds the range of an \fBint64_t\fR type. .PP \&\fBBN_to_ASN1_INTEGER()\fR and \fBBN_to_ASN1_ENUMERATED()\fR return an \fB\s-1ASN1_INTEGER\s0\fR or \&\fB\s-1ASN1_ENUMERATED\s0\fR structure respectively or \s-1NULL\s0 if an error occurs. They will only fail due to a memory allocation error. .PP \&\fBASN1_INTEGER_to_BN()\fR and \fBASN1_ENUMERATED_to_BN()\fR return a \fB\s-1BIGNUM\s0\fR structure of \s-1NULL\s0 if an error occurs. They can fail if the passed type is incorrect (due to programming error) or due to a memory allocation failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBASN1_INTEGER_set_int64()\fR, \fBASN1_INTEGER_get_int64()\fR, \&\fBASN1_ENUMERATED_set_int64()\fR and \fBASN1_ENUMERATED_get_int64()\fR were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!qggPEM_read_bio_PrivateKey.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PEM_READ_BIO_PRIVATEKEY 3" .TH PEM_READ_BIO_PRIVATEKEY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" pem_password_cb, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters, PEM_write_bio_Parameters, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7 \- PEM routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef int pem_password_cb(char *buf, int size, int rwflag, void *u); \& \& EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, \& pem_password_cb *cb, void *u); \& EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, \& pem_password_cb *cb, void *u); \& int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, \& unsigned char *kstr, int klen, \& pem_password_cb *cb, void *u); \& int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, \& const EVP_CIPHER *enc, \& unsigned char *kstr, int klen, \& pem_password_cb *cb, void *u); \& int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, \& unsigned char *kstr, int klen, \& pem_password_cb *cb, void *u); \& \& int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, \& char *kstr, int klen, \& pem_password_cb *cb, void *u); \& int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, \& char *kstr, int klen, \& pem_password_cb *cb, void *u); \& int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, \& char *kstr, int klen, \& pem_password_cb *cb, void *u); \& int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, \& char *kstr, int klen, \& pem_password_cb *cb, void *u); \& \& EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, \& pem_password_cb *cb, void *u); \& EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, \& pem_password_cb *cb, void *u); \& int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x); \& int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x); \& \& RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x, \& pem_password_cb *cb, void *u); \& RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x, \& pem_password_cb *cb, void *u); \& int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, \& unsigned char *kstr, int klen, \& pem_password_cb *cb, void *u); \& int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, \& unsigned char *kstr, int klen, \& pem_password_cb *cb, void *u); \& \& RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x, \& pem_password_cb *cb, void *u); \& RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x, \& pem_password_cb *cb, void *u); \& int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x); \& int PEM_write_RSAPublicKey(FILE *fp, RSA *x); \& \& RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x, \& pem_password_cb *cb, void *u); \& RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x, \& pem_password_cb *cb, void *u); \& int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x); \& int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x); \& \& DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x, \& pem_password_cb *cb, void *u); \& DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x, \& pem_password_cb *cb, void *u); \& int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, \& unsigned char *kstr, int klen, \& pem_password_cb *cb, void *u); \& int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, \& unsigned char *kstr, int klen, \& pem_password_cb *cb, void *u); \& \& DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x, \& pem_password_cb *cb, void *u); \& DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x, \& pem_password_cb *cb, void *u); \& int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x); \& int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x); \& \& EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); \& int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x); \& \& DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u); \& DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u); \& int PEM_write_bio_DSAparams(BIO *bp, DSA *x); \& int PEM_write_DSAparams(FILE *fp, DSA *x); \& \& DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u); \& DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u); \& int PEM_write_bio_DHparams(BIO *bp, DH *x); \& int PEM_write_DHparams(FILE *fp, DH *x); \& \& X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u); \& X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u); \& int PEM_write_bio_X509(BIO *bp, X509 *x); \& int PEM_write_X509(FILE *fp, X509 *x); \& \& X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u); \& X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u); \& int PEM_write_bio_X509_AUX(BIO *bp, X509 *x); \& int PEM_write_X509_AUX(FILE *fp, X509 *x); \& \& X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x, \& pem_password_cb *cb, void *u); \& X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x, \& pem_password_cb *cb, void *u); \& int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x); \& int PEM_write_X509_REQ(FILE *fp, X509_REQ *x); \& int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x); \& int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x); \& \& X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x, \& pem_password_cb *cb, void *u); \& X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x, \& pem_password_cb *cb, void *u); \& int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x); \& int PEM_write_X509_CRL(FILE *fp, X509_CRL *x); \& \& PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u); \& PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u); \& int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x); \& int PEM_write_PKCS7(FILE *fp, PKCS7 *x); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1PEM\s0 functions read or write structures in \s-1PEM\s0 format. In this sense \s-1PEM\s0 format is simply base64 encoded data surrounded by header lines. .PP For more details about the meaning of arguments see the \&\fB\s-1PEM FUNCTION ARGUMENTS\s0\fR section. .PP Each operation has four functions associated with it. For brevity the term "\fB\s-1TYPE\s0\fR functions" will be used below to collectively refer to the \fBPEM_read_bio_TYPE()\fR, \fBPEM_read_TYPE()\fR, \&\fBPEM_write_bio_TYPE()\fR, and \fBPEM_write_TYPE()\fR functions. .PP The \fBPrivateKey\fR functions read or write a private key in \s-1PEM\s0 format using an \&\s-1EVP_PKEY\s0 structure. The write routines use PKCS#8 private key format and are equivalent to \fBPEM_write_bio_PKCS8PrivateKey()\fR.The read functions transparently handle traditional and PKCS#8 format encrypted and unencrypted keys. .PP \&\fBPEM_write_bio_PrivateKey_traditional()\fR writes out a private key in the \&\*(L"traditional\*(R" format with a simple private key marker and should only be used for compatibility with legacy programs. .PP \&\fBPEM_write_bio_PKCS8PrivateKey()\fR and \fBPEM_write_PKCS8PrivateKey()\fR write a private key in an \s-1EVP_PKEY\s0 structure in PKCS#8 EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption algorithms. The \fBcipher\fR argument specifies the encryption algorithm to use: unlike some other \s-1PEM\s0 routines the encryption is applied at the PKCS#8 level and not in the \s-1PEM\s0 headers. If \&\fBcipher\fR is \s-1NULL\s0 then no encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead. .PP \&\fBPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fBPEM_write_PKCS8PrivateKey_nid()\fR also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the corresponding \s-1OBJECT IDENTIFIER\s0 (see \s-1NOTES\s0 section). .PP The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0 structure. The public key is encoded as a SubjectPublicKeyInfo structure. .PP The \fBRSAPrivateKey\fR functions process an \s-1RSA\s0 private key using an \&\s-1RSA\s0 structure. The write routines uses traditional format. The read routines handles the same formats as the \fBPrivateKey\fR functions but an error occurs if the private key is not \s-1RSA.\s0 .PP The \fBRSAPublicKey\fR functions process an \s-1RSA\s0 public key using an \&\s-1RSA\s0 structure. The public key is encoded using a PKCS#1 RSAPublicKey structure. .PP The \fB\s-1RSA_PUBKEY\s0\fR functions also process an \s-1RSA\s0 public key using an \s-1RSA\s0 structure. However, the public key is encoded using a SubjectPublicKeyInfo structure and an error occurs if the public key is not \s-1RSA.\s0 .PP The \fBDSAPrivateKey\fR functions process a \s-1DSA\s0 private key using a \&\s-1DSA\s0 structure. The write routines uses traditional format. The read routines handles the same formats as the \fBPrivateKey\fR functions but an error occurs if the private key is not \s-1DSA.\s0 .PP The \fB\s-1DSA_PUBKEY\s0\fR functions process a \s-1DSA\s0 public key using a \s-1DSA\s0 structure. The public key is encoded using a SubjectPublicKeyInfo structure and an error occurs if the public key is not \s-1DSA.\s0 .PP The \fBParameters\fR functions read or write key parameters in \s-1PEM\s0 format using an \s-1EVP_PKEY\s0 structure. The encoding depends on the type of key; for \s-1DSA\s0 key parameters, it will be a Dss-Parms structure as defined in \s-1RFC2459,\s0 and for \s-1DH\s0 key parameters, it will be a PKCS#3 DHparameter structure. \fIThese functions only exist for the \f(BI\s-1BIO\s0\fI type\fR. .PP The \fBDSAparams\fR functions process \s-1DSA\s0 parameters using a \s-1DSA\s0 structure. The parameters are encoded using a Dss-Parms structure as defined in \s-1RFC2459.\s0 .PP The \fBDHparams\fR functions process \s-1DH\s0 parameters using a \s-1DH\s0 structure. The parameters are encoded using a PKCS#3 DHparameter structure. .PP The \fBX509\fR functions process an X509 certificate using an X509 structure. They will also process a trusted X509 certificate but any trust settings are discarded. .PP The \fBX509_AUX\fR functions process a trusted X509 certificate using an X509 structure. .PP The \fBX509_REQ\fR and \fBX509_REQ_NEW\fR functions process a PKCS#10 certificate request using an X509_REQ structure. The \fBX509_REQ\fR write functions use \fB\s-1CERTIFICATE REQUEST\s0\fR in the header whereas the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW CERTIFICATE REQUEST\s0\fR (as required by some CAs). The \fBX509_REQ\fR read functions will handle either form so there are no \fBX509_REQ_NEW\fR read functions. .PP The \fBX509_CRL\fR functions process an X509 \s-1CRL\s0 using an X509_CRL structure. .PP The \fB\s-1PKCS7\s0\fR functions process a PKCS#7 ContentInfo using a \s-1PKCS7\s0 structure. .SH "PEM FUNCTION ARGUMENTS" .IX Header "PEM FUNCTION ARGUMENTS" The \s-1PEM\s0 functions have many common arguments. .PP The \fBbp\fR \s-1BIO\s0 parameter (if present) specifies the \s-1BIO\s0 to read from or write to. .PP The \fBfp\fR \s-1FILE\s0 parameter (if present) specifies the \s-1FILE\s0 pointer to read from or write to. .PP The \s-1PEM\s0 read functions all take an argument \fB\s-1TYPE\s0 **x\fR and return a \fB\s-1TYPE\s0 *\fR pointer. Where \fB\s-1TYPE\s0\fR is whatever structure the function uses. If \fBx\fR is \s-1NULL\s0 then the parameter is ignored. If \fBx\fR is not \&\s-1NULL\s0 but \fB*x\fR is \s-1NULL\s0 then the structure returned will be written to \fB*x\fR. If neither \fBx\fR nor \fB*x\fR is \s-1NULL\s0 then an attempt is made to reuse the structure at \fB*x\fR (but see \s-1BUGS\s0 and \s-1EXAMPLES\s0 sections). Irrespective of the value of \fBx\fR a pointer to the structure is always returned (or \s-1NULL\s0 if an error occurred). .PP The \s-1PEM\s0 functions which write private keys take an \fBenc\fR parameter which specifies the encryption algorithm to use, encryption is done at the \s-1PEM\s0 level. If this parameter is set to \s-1NULL\s0 then the private key is written in unencrypted form. .PP The \fBcb\fR argument is the callback to use when querying for the pass phrase used for encrypted \s-1PEM\s0 structures (normally only private keys). .PP For the \s-1PEM\s0 write routines if the \fBkstr\fR parameter is not \s-1NULL\s0 then \&\fBklen\fR bytes at \fBkstr\fR are used as the passphrase and \fBcb\fR is ignored. .PP If the \fBcb\fR parameters is set to \s-1NULL\s0 and the \fBu\fR parameter is not \&\s-1NULL\s0 then the \fBu\fR parameter is interpreted as a null terminated string to use as the passphrase. If both \fBcb\fR and \fBu\fR are \s-1NULL\s0 then the default callback routine is used which will typically prompt for the passphrase on the current terminal with echoing turned off. .PP The default passphrase callback is sometimes inappropriate (for example in a \s-1GUI\s0 application) so an alternative can be supplied. The callback routine has the following form: .PP .Vb 1 \& int cb(char *buf, int size, int rwflag, void *u); .Ve .PP \&\fBbuf\fR is the buffer to write the passphrase to. \fBsize\fR is the maximum length of the passphrase (i.e. the size of buf). \fBrwflag\fR is a flag which is set to 0 when reading and 1 when writing. A typical routine will ask the user to verify the passphrase (for example by prompting for it twice) if \fBrwflag\fR is 1. The \fBu\fR parameter has the same value as the \fBu\fR parameter passed to the \s-1PEM\s0 routine. It allows arbitrary data to be passed to the callback by the application (for example a window handle in a \s-1GUI\s0 application). The callback \&\fBmust\fR return the number of characters in the passphrase or \-1 if an error occurred. .SH "NOTES" .IX Header "NOTES" The old \fBPrivateKey\fR write routines are retained for compatibility. New applications should write private keys using the \&\fBPEM_write_bio_PKCS8PrivateKey()\fR or \fBPEM_write_PKCS8PrivateKey()\fR routines because they are more secure (they use an iteration count of 2048 whereas the traditional routines use a count of 1) unless compatibility with older versions of OpenSSL is important. .PP The \fBPrivateKey\fR read routines can be used in all applications because they handle all formats transparently. .PP A frequent cause of problems is attempting to use the \s-1PEM\s0 routines like this: .PP .Vb 1 \& X509 *x; \& \& PEM_read_bio_X509(bp, &x, 0, NULL); .Ve .PP this is a bug because an attempt will be made to reuse the data at \fBx\fR which is an uninitialised pointer. .PP These functions make no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence. .SH "PEM ENCRYPTION FORMAT" .IX Header "PEM ENCRYPTION FORMAT" These old \fBPrivateKey\fR routines use a non standard technique for encryption. .PP The private key (or other data) takes the following form: .PP .Vb 3 \& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\- \& Proc\-Type: 4,ENCRYPTED \& DEK\-Info: DES\-EDE3\-CBC,3F17F5316E2BAC89 \& \& ...base64 encoded data... \& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\- .Ve .PP The line beginning with \fIProc-Type\fR contains the version and the protection on the encapsulated data. The line beginning \fIDEK-Info\fR contains two comma separated values: the encryption algorithm name as used by \fBEVP_get_cipherbyname()\fR and an initialization vector used by the cipher encoded as a set of hexadecimal digits. After those two lines is the base64\-encoded encrypted data. .PP The encryption key is derived using \fBEVP_BytesToKey()\fR. The cipher's initialization vector is passed to \fBEVP_BytesToKey()\fR as the \fBsalt\fR parameter. Internally, \fB\s-1PKCS5_SALT_LEN\s0\fR bytes of the salt are used (regardless of the size of the initialization vector). The user's password is passed to \fBEVP_BytesToKey()\fR using the \fBdata\fR and \fBdatal\fR parameters. Finally, the library uses an iteration count of 1 for \&\fBEVP_BytesToKey()\fR. .PP The \fBkey\fR derived by \fBEVP_BytesToKey()\fR along with the original initialization vector is then used to decrypt the encrypted data. The \fBiv\fR produced by \&\fBEVP_BytesToKey()\fR is not utilized or needed, and \s-1NULL\s0 should be passed to the function. .PP The pseudo code to derive the key would look similar to: .PP .Vb 2 \& EVP_CIPHER* cipher = EVP_des_ede3_cbc(); \& EVP_MD* md = EVP_md5(); \& \& unsigned int nkey = EVP_CIPHER_key_length(cipher); \& unsigned int niv = EVP_CIPHER_iv_length(cipher); \& unsigned char key[nkey]; \& unsigned char iv[niv]; \& \& memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv); \& rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/); \& if (rc != nkey) \& /* Error */ \& \& /* On success, use key and iv to initialize the cipher */ .Ve .SH "BUGS" .IX Header "BUGS" The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse an existing structure. Therefore, the following: .PP .Vb 1 \& PEM_read_bio_X509(bp, &x, 0, NULL); .Ve .PP where \fBx\fR already contains a valid certificate, may not work, whereas: .PP .Vb 2 \& X509_free(x); \& x = PEM_read_bio_X509(bp, NULL, 0, NULL); .Ve .PP is guaranteed to work. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The read routines return either a pointer to the structure read or \s-1NULL\s0 if an error occurred. .PP The write routines return 1 for success or 0 for failure. .SH "EXAMPLES" .IX Header "EXAMPLES" Although the \s-1PEM\s0 routines take several arguments in almost all applications most of them are set to 0 or \s-1NULL.\s0 .PP Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0 .PP .Vb 1 \& X509 *x; \& \& x = PEM_read_bio_X509(bp, NULL, 0, NULL); \& if (x == NULL) \& /* Error */ .Ve .PP Alternative method: .PP .Vb 1 \& X509 *x = NULL; \& \& if (!PEM_read_bio_X509(bp, &x, 0, NULL)) \& /* Error */ .Ve .PP Write a certificate to a \s-1BIO:\s0 .PP .Vb 2 \& if (!PEM_write_bio_X509(bp, x)) \& /* Error */ .Ve .PP Write a private key (using traditional format) to a \s-1BIO\s0 using triple \s-1DES\s0 encryption, the pass phrase is prompted for: .PP .Vb 2 \& if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) \& /* Error */ .Ve .PP Write a private key (using PKCS#8 format) to a \s-1BIO\s0 using triple \&\s-1DES\s0 encryption, using the pass phrase \*(L"hello\*(R": .PP .Vb 3 \& if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), \& NULL, 0, 0, "hello")) \& /* Error */ .Ve .PP Read a private key from a \s-1BIO\s0 using a pass phrase callback: .PP .Vb 3 \& key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key"); \& if (key == NULL) \& /* Error */ .Ve .PP Skeleton pass phrase callback: .PP .Vb 2 \& int pass_cb(char *buf, int size, int rwflag, void *u) \& { \& \& /* We\*(Aqd probably do something else if \*(Aqrwflag\*(Aq is 1 */ \& printf("Enter pass phrase for \e"%s\e"\en", (char *)u); \& \& /* get pass phrase, length \*(Aqlen\*(Aq into \*(Aqtmp\*(Aq */ \& char *tmp = "hello"; \& if (tmp == NULL) /* An error occurred */ \& return \-1; \& \& size_t len = strlen(tmp); \& \& if (len > size) \& len = size; \& memcpy(buf, tmp, len); \& return len; \& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_EncryptInit\fR\|(3), \fBEVP_BytesToKey\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The old Netscape certificate sequences were no longer documented in OpenSSL 1.1.0; applications should use the \s-1PKCS7\s0 standard instead as they will be formally deprecated in a future releases. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! EVP_PKEY_CTX_set_scrypt_N.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_SCRYPT_N 3" .TH EVP_PKEY_CTX_SET_SCRYPT_N 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_CTX_set1_scrypt_salt, EVP_PKEY_CTX_set_scrypt_N, EVP_PKEY_CTX_set_scrypt_r, EVP_PKEY_CTX_set_scrypt_p, EVP_PKEY_CTX_set_scrypt_maxmem_bytes \&\- EVP_PKEY scrypt KDF support functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *pctx, unsigned char *salt, \& int saltlen); \& \& int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *pctx, uint64_t N); \& \& int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *pctx, uint64_t r); \& \& int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *pctx, uint64_t p); \& \& int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *pctx, \& uint64_t maxmem); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions are used to set up the necessary data to use the scrypt \s-1KDF.\s0 For more information on scrypt, see \fBscrypt\fR\|(7). .PP \&\fBEVP_PKEY_CTX_set1_scrypt_salt()\fR sets the \fBsaltlen\fR bytes long salt value. .PP \&\fBEVP_PKEY_CTX_set_scrypt_N()\fR, \fBEVP_PKEY_CTX_set_scrypt_r()\fR and \&\fBEVP_PKEY_CTX_set_scrypt_p()\fR configure the work factors N, r and p. .PP \&\fBEVP_PKEY_CTX_set_scrypt_maxmem_bytes()\fR sets how much \s-1RAM\s0 key derivation may maximally use, given in bytes. If \s-1RAM\s0 is exceeded because the load factors are chosen too high, the key derivation will fail. .SH "STRING CTRLS" .IX Header "STRING CTRLS" scrypt also supports string based control operations via \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). Similarly, the \fBsalt\fR can either be specified using the \fBtype\fR parameter \*(L"salt\*(R" or in hex encoding by using the \*(L"hexsalt\*(R" parameter. The work factors \fBN\fR, \fBr\fR and \fBp\fR as well as \fBmaxmem_bytes\fR can be set by using the parameters \*(L"N\*(R", \*(L"r\*(R", \*(L"p\*(R" and \*(L"maxmem_bytes\*(R", respectively. .SH "NOTES" .IX Header "NOTES" The scrypt \s-1KDF\s0 also uses \fBEVP_PKEY_CTX_set1_pbe_pass()\fR as well as the value from the string controls \*(L"pass\*(R" and \*(L"hexpass\*(R". See \fBEVP_PKEY_CTX_set1_pbe_pass\fR\|(3). .PP All the functions described here are implemented as macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All these functions return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBscrypt\fR\|(7), \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!74f'f'BN_BLINDING_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_BLINDING_NEW 3" .TH BN_BLINDING_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, BN_BLINDING_is_current_thread, BN_BLINDING_set_current_thread, BN_BLINDING_lock, BN_BLINDING_unlock, BN_BLINDING_get_flags, BN_BLINDING_set_flags, BN_BLINDING_create_param \- blinding related BIGNUM functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, \& BIGNUM *mod); \& void BN_BLINDING_free(BN_BLINDING *b); \& int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); \& int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); \& int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); \& int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, \& BN_CTX *ctx); \& int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, \& BN_CTX *ctx); \& int BN_BLINDING_is_current_thread(BN_BLINDING *b); \& void BN_BLINDING_set_current_thread(BN_BLINDING *b); \& int BN_BLINDING_lock(BN_BLINDING *b); \& int BN_BLINDING_unlock(BN_BLINDING *b); \& unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); \& void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); \& BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, \& const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, \& int (*bn_mod_exp)(BIGNUM *r, \& const BIGNUM *a, \& const BIGNUM *p, \& const BIGNUM *m, \& BN_CTX *ctx, \& BN_MONT_CTX *m_ctx), \& BN_MONT_CTX *m_ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBN_BLINDING_new()\fR allocates a new \fB\s-1BN_BLINDING\s0\fR structure and copies the \fBA\fR and \fBAi\fR values into the newly created \fB\s-1BN_BLINDING\s0\fR object. .PP \&\fBBN_BLINDING_free()\fR frees the \fB\s-1BN_BLINDING\s0\fR structure. If \fBb\fR is \s-1NULL,\s0 nothing is done. .PP \&\fBBN_BLINDING_update()\fR updates the \fB\s-1BN_BLINDING\s0\fR parameters by squaring the \fBA\fR and \fBAi\fR or, after specific number of uses and if the necessary parameters are set, by re-creating the blinding parameters. .PP \&\fBBN_BLINDING_convert_ex()\fR multiplies \fBn\fR with the blinding factor \fBA\fR. If \fBr\fR is not \s-1NULL\s0 a copy the inverse blinding factor \fBAi\fR will be returned in \fBr\fR (this is useful if a \fB\s-1RSA\s0\fR object is shared among several threads). \fBBN_BLINDING_invert_ex()\fR multiplies \fBn\fR with the inverse blinding factor \fBAi\fR. If \fBr\fR is not \s-1NULL\s0 it will be used as the inverse blinding. .PP \&\fBBN_BLINDING_convert()\fR and \fBBN_BLINDING_invert()\fR are wrapper functions for \fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR with \fBr\fR set to \s-1NULL.\s0 .PP \&\fBBN_BLINDING_is_current_thread()\fR returns whether the \fB\s-1BN_BLINDING\s0\fR structure is owned by the current thread. This is to help users provide proper locking if needed for multi-threaded use. .PP \&\fBBN_BLINDING_set_current_thread()\fR sets the current thread as the owner of the \fB\s-1BN_BLINDING\s0\fR structure. .PP \&\fBBN_BLINDING_lock()\fR locks the \fB\s-1BN_BLINDING\s0\fR structure. .PP \&\fBBN_BLINDING_unlock()\fR unlocks the \fB\s-1BN_BLINDING\s0\fR structure. .PP \&\fBBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently there are two supported flags: \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR and \&\fB\s-1BN_BLINDING_NO_RECREATE\s0\fR. \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR inhibits the automatic update of the \fB\s-1BN_BLINDING\s0\fR parameters after each use and \fB\s-1BN_BLINDING_NO_RECREATE\s0\fR inhibits the automatic re-creation of the \fB\s-1BN_BLINDING\s0\fR parameters after a fixed number of uses (currently 32). In newly allocated \fB\s-1BN_BLINDING\s0\fR objects no flags are set. \&\fBBN_BLINDING_set_flags()\fR sets the \fB\s-1BN_BLINDING\s0\fR parameters flags. .PP \&\fBBN_BLINDING_create_param()\fR creates new \fB\s-1BN_BLINDING\s0\fR parameters using the exponent \fBe\fR and the modulus \fBm\fR. \fBbn_mod_exp\fR and \&\fBm_ctx\fR can be used to pass special functions for exponentiation (normally \fBBN_mod_exp_mont()\fR and \fB\s-1BN_MONT_CTX\s0\fR). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBN_BLINDING_new()\fR returns the newly allocated \fB\s-1BN_BLINDING\s0\fR structure or \s-1NULL\s0 in case of an error. .PP \&\fBBN_BLINDING_update()\fR, \fBBN_BLINDING_convert()\fR, \fBBN_BLINDING_invert()\fR, \&\fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR return 1 on success and 0 if an error occurred. .PP \&\fBBN_BLINDING_is_current_thread()\fR returns 1 if the current thread owns the \fB\s-1BN_BLINDING\s0\fR object, 0 otherwise. .PP \&\fBBN_BLINDING_set_current_thread()\fR doesn't return anything. .PP \&\fBBN_BLINDING_lock()\fR, \fBBN_BLINDING_unlock()\fR return 1 if the operation succeeded or 0 on error. .PP \&\fBBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags (a \fBunsigned long\fR value). .PP \&\fBBN_BLINDING_create_param()\fR returns the newly created \fB\s-1BN_BLINDING\s0\fR parameters or \s-1NULL\s0 on error. .SH "HISTORY" .IX Header "HISTORY" \&\fBBN_BLINDING_thread_id()\fR was first introduced in OpenSSL 1.0.0, and it deprecates \fBBN_BLINDING_set_thread_id()\fR and \fBBN_BLINDING_get_thread_id()\fR. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2005\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!aBIO_get_ex_new_index.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_GET_EX_NEW_INDEX 3" .TH BIO_GET_EX_NEW_INDEX 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data, ENGINE_get_ex_new_index, ENGINE_set_ex_data, ENGINE_get_ex_data, UI_get_ex_new_index, UI_set_ex_data, UI_get_ex_data, X509_get_ex_new_index, X509_set_ex_data, X509_get_ex_data, X509_STORE_get_ex_new_index, X509_STORE_set_ex_data, X509_STORE_get_ex_data, X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data, DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data, DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data, ECDH_get_ex_new_index, ECDH_set_ex_data, ECDH_get_ex_data, EC_KEY_get_ex_new_index, EC_KEY_set_ex_data, EC_KEY_get_ex_data, RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \&\- application\-specific data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int TYPE_get_ex_new_index(long argl, void *argp, \& CRYPTO_EX_new *new_func, \& CRYPTO_EX_dup *dup_func, \& CRYPTO_EX_free *free_func); \& \& int TYPE_set_ex_data(TYPE *d, int idx, void *arg); \& \& void *TYPE_get_ex_data(TYPE *d, int idx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" In the description here, \fI\s-1TYPE\s0\fR is used a placeholder for any of the OpenSSL datatypes listed in \&\fBCRYPTO_get_ex_new_index\fR\|(3). .PP These functions handle application-specific data for OpenSSL data structures. .PP \&\fBTYPE_get_ex_new_index()\fR is a macro that calls \fBCRYPTO_get_ex_new_index()\fR with the correct \fBindex\fR value. .PP \&\fBTYPE_set_ex_data()\fR is a function that calls \fBCRYPTO_set_ex_data()\fR with an offset into the opaque exdata part of the \s-1TYPE\s0 object. .PP \&\fBTYPE_get_ex_data()\fR is a function that calls \fBCRYPTO_get_ex_data()\fR with an offset into the opaque exdata part of the \s-1TYPE\s0 object. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBTYPE_get_ex_new_index()\fR returns a new index on success or \-1 on error. .PP \&\fBTYPE_set_ex_data()\fR returns 1 on success or 0 on error. .PP \&\fBTYPE_get_ex_data()\fR returns the application data or \s-1NULL\s0 if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBCRYPTO_get_ex_new_index\fR\|(3). .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!WVV EVP_CIPHER_CTX_get_cipher_data.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_CIPHER_CTX_GET_CIPHER_DATA 3" .TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_CIPHER_CTX_get_cipher_data, EVP_CIPHER_CTX_set_cipher_data \- Routines to inspect and modify EVP_CIPHER_CTX objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); \& void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the cipher data relevant to \s-1EVP_CIPHER_CTX.\s0 The contents of this data is specific to the particular implementation of the cipher. For example this data can be used by engines to store engine specific information. The data is automatically allocated and freed by OpenSSL, so applications and engines should not normally free this directly (but see below). .PP The \fBEVP_CIPHER_CTX_set_cipher_data()\fR function allows an application or engine to replace the cipher data with new data. A pointer to any existing cipher data is returned from this function. If the old data is no longer required then it should be freed through a call to \fBOPENSSL_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The \fBEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the current cipher data for the \s-1EVP_CIPHER_CTX.\s0 .PP The \fBEVP_CIPHER_CTX_set_cipher_data()\fR function returns a pointer to the old cipher data for the \s-1EVP_CIPHER_CTX.\s0 .SH "HISTORY" .IX Header "HISTORY" The \fBEVP_CIPHER_CTX_get_cipher_data()\fR and \fBEVP_CIPHER_CTX_set_cipher_data()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!0O-i+i+X509v3_get_ext_by_NID.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509V3_GET_EXT_BY_NID 3" .TH X509V3_GET_EXT_BY_NID 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID, X509v3_get_ext_by_OBJ, X509v3_get_ext_by_critical, X509v3_delete_ext, X509v3_add_ext, X509_get_ext_count, X509_get_ext, X509_get_ext_by_NID, X509_get_ext_by_OBJ, X509_get_ext_by_critical, X509_delete_ext, X509_add_ext, X509_CRL_get_ext_count, X509_CRL_get_ext, X509_CRL_get_ext_by_NID, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext_by_critical, X509_CRL_delete_ext, X509_CRL_add_ext, X509_REVOKED_get_ext_count, X509_REVOKED_get_ext, X509_REVOKED_get_ext_by_NID, X509_REVOKED_get_ext_by_OBJ, X509_REVOKED_get_ext_by_critical, X509_REVOKED_delete_ext, X509_REVOKED_add_ext \- extension stack utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); \& X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); \& \& int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, \& int nid, int lastpos); \& int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, \& const ASN1_OBJECT *obj, int lastpos); \& int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, \& int crit, int lastpos); \& X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); \& STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, \& X509_EXTENSION *ex, int loc); \& \& int X509_get_ext_count(const X509 *x); \& X509_EXTENSION *X509_get_ext(const X509 *x, int loc); \& int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); \& int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); \& int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); \& X509_EXTENSION *X509_delete_ext(X509 *x, int loc); \& int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); \& \& int X509_CRL_get_ext_count(const X509_CRL *x); \& X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); \& int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); \& int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos); \& int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); \& X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); \& int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); \& \& int X509_REVOKED_get_ext_count(const X509_REVOKED *x); \& X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); \& int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); \& int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, \& int lastpos); \& int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos); \& X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); \& int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509v3_get_ext_count()\fR retrieves the number of extensions in \fBx\fR. .PP \&\fBX509v3_get_ext()\fR retrieves extension \fBloc\fR from \fBx\fR. The index \fBloc\fR can take any value from \fB0\fR to X509_get_ext_count(x) \- 1. The returned extension is an internal pointer which \fBmust not\fR be freed up by the application. .PP \&\fBX509v3_get_ext_by_NID()\fR and \fBX509v3_get_ext_by_OBJ()\fR look for an extension with \fBnid\fR or \fBobj\fR from extension stack \fBx\fR. The search starts from the extension after \fBlastpos\fR or from the beginning if is \fB\-1\fR. If the extension is found its index is returned otherwise \fB\-1\fR is returned. .PP \&\fBX509v3_get_ext_by_critical()\fR is similar to \fBX509v3_get_ext_by_NID()\fR except it looks for an extension of criticality \fBcrit\fR. A zero value for \fBcrit\fR looks for a non-critical extension a nonzero value looks for a critical extension. .PP \&\fBX509v3_delete_ext()\fR deletes the extension with index \fBloc\fR from \fBx\fR. The deleted extension is returned and must be freed by the caller. If \fBloc\fR is in invalid index value \fB\s-1NULL\s0\fR is returned. .PP \&\fBX509v3_add_ext()\fR adds extension \fBex\fR to stack \fB*x\fR at position \fBloc\fR. If \&\fBloc\fR is \fB\-1\fR the new extension is added to the end. If \fB*x\fR is \fB\s-1NULL\s0\fR a new stack will be allocated. The passed extension \fBex\fR is duplicated internally so it must be freed after use. .PP \&\fBX509_get_ext_count()\fR, \fBX509_get_ext()\fR, \fBX509_get_ext_by_NID()\fR, \&\fBX509_get_ext_by_OBJ()\fR, \fBX509_get_ext_by_critical()\fR, \fBX509_delete_ext()\fR and \fBX509_add_ext()\fR operate on the extensions of certificate \fBx\fR they are otherwise identical to the X509v3 functions. .PP \&\fBX509_CRL_get_ext_count()\fR, \fBX509_CRL_get_ext()\fR, \fBX509_CRL_get_ext_by_NID()\fR, \&\fBX509_CRL_get_ext_by_OBJ()\fR, \fBX509_CRL_get_ext_by_critical()\fR, \&\fBX509_CRL_delete_ext()\fR and \fBX509_CRL_add_ext()\fR operate on the extensions of \&\s-1CRL\s0 \fBx\fR they are otherwise identical to the X509v3 functions. .PP \&\fBX509_REVOKED_get_ext_count()\fR, \fBX509_REVOKED_get_ext()\fR, \&\fBX509_REVOKED_get_ext_by_NID()\fR, \fBX509_REVOKED_get_ext_by_OBJ()\fR, \&\fBX509_REVOKED_get_ext_by_critical()\fR, \fBX509_REVOKED_delete_ext()\fR and \&\fBX509_REVOKED_add_ext()\fR operate on the extensions of \s-1CRL\s0 entry \fBx\fR they are otherwise identical to the X509v3 functions. .SH "NOTES" .IX Header "NOTES" These functions are used to examine stacks of extensions directly. Many applications will want to parse or encode and add an extension: they should use the extension encode and decode functions instead such as \&\fBX509_add1_ext_i2d()\fR and \fBX509_get_ext_d2i()\fR. .PP Extension indices start from zero, so a zero index return value is \fBnot\fR an error. These search functions start from the extension \fBafter\fR the \fBlastpos\fR parameter so it should initially be set to \fB\-1\fR, if it is set to zero the initial extension will not be checked. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509v3_get_ext_count()\fR returns the extension count. .PP \&\fBX509v3_get_ext()\fR, \fBX509v3_delete_ext()\fR and \fBX509_delete_ext()\fR return an \&\fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs. .PP \&\fBX509v3_get_ext_by_NID()\fR \fBX509v3_get_ext_by_OBJ()\fR and \&\fBX509v3_get_ext_by_critical()\fR return the an extension index or \fB\-1\fR if an error occurs. .PP \&\fBX509v3_add_ext()\fR returns a stack of extensions or \fB\s-1NULL\s0\fR on error. .PP \&\fBX509_add_ext()\fR returns 1 on success and 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509V3_get_d2i\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!!--EVP_PKEY_keygen.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_KEYGEN 3" .TH EVP_PKEY_KEYGEN 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data, EVP_PKEY_gen_cb, EVP_PKEY_check, EVP_PKEY_public_check, EVP_PKEY_param_check \&\- key and parameter generation and check functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); \& int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); \& int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); \& int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); \& \& typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); \& \& void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); \& EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); \& \& int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); \& \& void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); \& void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); \& \& int EVP_PKEY_check(EVP_PKEY_CTX *ctx); \& int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); \& int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBEVP_PKEY_keygen_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for a key generation operation. .PP The \fBEVP_PKEY_keygen()\fR function performs a key generation operation, the generated key is written to \fBppkey\fR. .PP The functions \fBEVP_PKEY_paramgen_init()\fR and \fBEVP_PKEY_paramgen()\fR are similar except parameters are generated. .PP The function \fBEVP_PKEY_set_cb()\fR sets the key or parameter generation callback to \fBcb\fR. The function \fBEVP_PKEY_CTX_get_cb()\fR returns the key or parameter generation callback. .PP The function \fBEVP_PKEY_CTX_get_keygen_info()\fR returns parameters associated with the generation operation. If \fBidx\fR is \-1 the total number of parameters available is returned. Any non negative value returns the value of that parameter. \fBEVP_PKEY_CTX_gen_keygen_info()\fR with a nonnegative value for \&\fBidx\fR should only be called within the generation callback. .PP If the callback returns 0 then the key generation operation is aborted and an error occurs. This might occur during a time consuming operation where a user clicks on a \*(L"cancel\*(R" button. .PP The functions \fBEVP_PKEY_CTX_set_app_data()\fR and \fBEVP_PKEY_CTX_get_app_data()\fR set and retrieve an opaque pointer. This can be used to set some application defined value which can be retrieved in the callback: for example a handle which is used to update a \*(L"progress dialog\*(R". .PP \&\fBEVP_PKEY_check()\fR validates the key-pair given by \fBctx\fR. This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. .PP \&\fBEVP_PKEY_public_check()\fR validates the public component of the key-pair given by \fBctx\fR. This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. .PP \&\fBEVP_PKEY_param_check()\fR validates the algorithm parameters of the key-pair given by \fBctx\fR. This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. .SH "NOTES" .IX Header "NOTES" After the call to \fBEVP_PKEY_keygen_init()\fR or \fBEVP_PKEY_paramgen_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation. .PP The functions \fBEVP_PKEY_keygen()\fR and \fBEVP_PKEY_paramgen()\fR can be called more than once on the same context if several operations are performed using the same parameters. .PP The meaning of the parameters passed to the callback will depend on the algorithm and the specific implementation of the algorithm. Some might not give any useful information at all during key or parameter generation. Others might not even call the callback. .PP The operation performed by key or parameter generation depends on the algorithm used. In some cases (e.g. \s-1EC\s0 with a supplied named curve) the \*(L"generation\*(R" option merely sets the appropriate fields in an \s-1EVP_PKEY\s0 structure. .PP In OpenSSL an \s-1EVP_PKEY\s0 structure containing a private key also contains the public key components and parameters (if any). An OpenSSL private key is equivalent to what some libraries call a \*(L"key pair\*(R". A private key can be used in functions which require the use of a public key or parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_keygen_init()\fR, \fBEVP_PKEY_paramgen_init()\fR, \fBEVP_PKEY_keygen()\fR and \&\fBEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .PP \&\fBEVP_PKEY_check()\fR, \fBEVP_PKEY_public_check()\fR and \fBEVP_PKEY_param_check()\fR return 1 for success or others for failure. They return \-2 if the operation is not supported for the specific algorithm. .SH "EXAMPLES" .IX Header "EXAMPLES" Generate a 2048 bit \s-1RSA\s0 key: .PP .Vb 2 \& #include \& #include \& \& EVP_PKEY_CTX *ctx; \& EVP_PKEY *pkey = NULL; \& \& ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); \& if (!ctx) \& /* Error occurred */ \& if (EVP_PKEY_keygen_init(ctx) <= 0) \& /* Error */ \& if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) \& /* Error */ \& \& /* Generate key */ \& if (EVP_PKEY_keygen(ctx, &pkey) <= 0) \& /* Error */ .Ve .PP Generate a key from a set of parameters: .PP .Vb 2 \& #include \& #include \& \& EVP_PKEY_CTX *ctx; \& ENGINE *eng; \& EVP_PKEY *pkey = NULL, *param; \& \& /* Assumed param, eng are set up already */ \& ctx = EVP_PKEY_CTX_new(param, eng); \& if (!ctx) \& /* Error occurred */ \& if (EVP_PKEY_keygen_init(ctx) <= 0) \& /* Error */ \& \& /* Generate key */ \& if (EVP_PKEY_keygen(ctx, &pkey) <= 0) \& /* Error */ .Ve .PP Example of generation callback for OpenSSL public key implementations: .PP .Vb 1 \& /* Application data is a BIO to output status to */ \& \& EVP_PKEY_CTX_set_app_data(ctx, status_bio); \& \& static int genpkey_cb(EVP_PKEY_CTX *ctx) \& { \& char c = \*(Aq*\*(Aq; \& BIO *b = EVP_PKEY_CTX_get_app_data(ctx); \& int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); \& \& if (p == 0) \& c = \*(Aq.\*(Aq; \& if (p == 1) \& c = \*(Aq+\*(Aq; \& if (p == 2) \& c = \*(Aq*\*(Aq; \& if (p == 3) \& c = \*(Aq\en\*(Aq; \& BIO_write(b, &c, 1); \& (void)BIO_flush(b); \& return 1; \& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_encrypt\fR\|(3), \&\fBEVP_PKEY_decrypt\fR\|(3), \&\fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_verify\fR\|(3), \&\fBEVP_PKEY_verify_recover\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.0. .PP \&\fBEVP_PKEY_check()\fR, \fBEVP_PKEY_public_check()\fR and \fBEVP_PKEY_param_check()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!H !>> SSL_set_fd.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SET_FD 3" .TH SSL_SET_FD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_set_fd, SSL_set_rfd, SSL_set_wfd \- connect the SSL object with a file descriptor .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_set_fd(SSL *ssl, int fd); \& int SSL_set_rfd(SSL *ssl, int fd); \& int SSL_set_wfd(SSL *ssl, int fd); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the socket file descriptor of a network connection. .PP When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to interface between the \fBssl\fR and \fBfd\fR. The \s-1BIO\s0 and hence the \s-1SSL\s0 engine inherit the behaviour of \fBfd\fR. If \fBfd\fR is nonblocking, the \fBssl\fR will also have nonblocking behaviour. .PP If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fBBIO_free()\fR will be called (for both the reading and writing side, if different). .PP \&\fBSSL_set_rfd()\fR and \fBSSL_set_wfd()\fR perform the respective action, but only for the read channel or the write channel, which can be set independently. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "0" 4 The operation failed. Check the error stack to find out why. .IP "1" 4 .IX Item "1" The operation succeeded. .SH "NOTES" .IX Header "NOTES" On Windows, a socket handle is a 64\-bit data type (\s-1UINT_PTR\s0), which leads to a compiler warning (conversion from '\s-1SOCKET\s0' to 'int', possible loss of data) when passing the socket handle to SSL_set_*\fBfd()\fR. For the time being, this warning can safely be ignored, because although the Microsoft documentation claims that the upper limit is \s-1INVALID_SOCKET\-1\s0 (2^64 \- 2), in practice the current \fBsocket()\fR implementation returns an index into the kernel handle table, the size of which is limited to 2^24. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_get_fd\fR\|(3), \fBSSL_set_bio\fR\|(3), \&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), \&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!4߬SSEVP_DigestInit.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_DIGESTINIT 3" .TH EVP_DIGESTINIT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, EVP_MD_CTX_md, EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, EVP_md_null, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx \- EVP digest routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& EVP_MD_CTX *EVP_MD_CTX_new(void); \& int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); \& void EVP_MD_CTX_free(EVP_MD_CTX *ctx); \& void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2); \& void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); \& void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); \& int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); \& \& int EVP_Digest(const void *data, size_t count, unsigned char *md, \& unsigned int *size, const EVP_MD *type, ENGINE *impl); \& int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); \& int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); \& int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); \& int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len); \& \& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); \& \& int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); \& int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); \& \& int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in); \& \& int EVP_MD_type(const EVP_MD *md); \& int EVP_MD_pkey_type(const EVP_MD *md); \& int EVP_MD_size(const EVP_MD *md); \& int EVP_MD_block_size(const EVP_MD *md); \& unsigned long EVP_MD_flags(const EVP_MD *md); \& \& const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); \& int EVP_MD_CTX_size(const EVP_MD_CTX *ctx); \& int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx); \& int EVP_MD_CTX_type(const EVP_MD_CTX *ctx); \& void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); \& int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, \& const void *data, size_t count); \& void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, \& int (*update)(EVP_MD_CTX *ctx, \& const void *data, size_t count)); \& \& const EVP_MD *EVP_md_null(void); \& \& const EVP_MD *EVP_get_digestbyname(const char *name); \& const EVP_MD *EVP_get_digestbynid(int type); \& const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o); \& \& EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); \& void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1EVP\s0 digest routines are a high-level interface to message digests, and should be used instead of the cipher-specific functions. .IP "\fBEVP_MD_CTX_new()\fR" 4 .IX Item "EVP_MD_CTX_new()" Allocates and returns a digest context. .IP "\fBEVP_MD_CTX_reset()\fR" 4 .IX Item "EVP_MD_CTX_reset()" Resets the digest context \fBctx\fR. This can be used to reuse an already existing context. .IP "\fBEVP_MD_CTX_free()\fR" 4 .IX Item "EVP_MD_CTX_free()" Cleans up digest context \fBctx\fR and frees up the space allocated to it. .IP "\fBEVP_MD_CTX_ctrl()\fR" 4 .IX Item "EVP_MD_CTX_ctrl()" Performs digest-specific control actions on context \fBctx\fR. The control command is indicated in \fBcmd\fR and any additional arguments in \fBp1\fR and \fBp2\fR. \&\fBEVP_MD_CTX_ctrl()\fR must be called after \fBEVP_DigestInit_ex()\fR. Other restrictions may apply depending on the control type and digest implementation. See \*(L"\s-1CONTROLS\*(R"\s0 below for more information. .IP "\fBEVP_MD_CTX_set_flags()\fR, \fBEVP_MD_CTX_clear_flags()\fR, \fBEVP_MD_CTX_test_flags()\fR" 4 .IX Item "EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()" Sets, clears and tests \fBctx\fR flags. See \*(L"\s-1FLAGS\*(R"\s0 below for more information. .IP "\fBEVP_Digest()\fR" 4 .IX Item "EVP_Digest()" A wrapper around the Digest Init_ex, Update and Final_ex functions. Hashes \fBcount\fR bytes of data at \fBdata\fR using a digest \fBtype\fR from \s-1ENGINE\s0 \&\fBimpl\fR. The digest value is placed in \fBmd\fR and its length is written at \fBsize\fR if the pointer is not \s-1NULL.\s0 At most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. If \fBimpl\fR is \s-1NULL\s0 the default implementation of digest \fBtype\fR is used. .IP "\fBEVP_DigestInit_ex()\fR" 4 .IX Item "EVP_DigestInit_ex()" Sets up digest context \fBctx\fR to use a digest \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \&\fBtype\fR will typically be supplied by a function such as \fBEVP_sha1()\fR. If \&\fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used. .IP "\fBEVP_DigestUpdate()\fR" 4 .IX Item "EVP_DigestUpdate()" Hashes \fBcnt\fR bytes of data at \fBd\fR into the digest context \fBctx\fR. This function can be called several times on the same \fBctx\fR to hash additional data. .IP "\fBEVP_DigestFinal_ex()\fR" 4 .IX Item "EVP_DigestFinal_ex()" Retrieves the digest value from \fBctx\fR and places it in \fBmd\fR. If the \fBs\fR parameter is not \s-1NULL\s0 then the number of bytes of data written (i.e. the length of the digest) will be written to the integer at \fBs\fR, at most \&\fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. After calling \fBEVP_DigestFinal_ex()\fR no additional calls to \fBEVP_DigestUpdate()\fR can be made, but \&\fBEVP_DigestInit_ex()\fR can be called to initialize a new digest operation. .IP "\fBEVP_DigestFinalXOF()\fR" 4 .IX Item "EVP_DigestFinalXOF()" Interfaces to extendable-output functions, XOFs, such as \s-1SHAKE128\s0 and \s-1SHAKE256.\s0 It retrieves the digest value from \fBctx\fR and places it in \fBlen\fR\-sized md. After calling this function no additional calls to \fBEVP_DigestUpdate()\fR can be made, but \fBEVP_DigestInit_ex()\fR can be called to initialize a new operation. .IP "\fBEVP_MD_CTX_copy_ex()\fR" 4 .IX Item "EVP_MD_CTX_copy_ex()" Can be used to copy the message digest state from \fBin\fR to \fBout\fR. This is useful if large amounts of data are to be hashed which only differ in the last few bytes. .IP "\fBEVP_DigestInit()\fR" 4 .IX Item "EVP_DigestInit()" Behaves in the same way as \fBEVP_DigestInit_ex()\fR except it always uses the default digest implementation and calls \fBEVP_MD_CTX_reset()\fR. .IP "\fBEVP_DigestFinal()\fR" 4 .IX Item "EVP_DigestFinal()" Similar to \fBEVP_DigestFinal_ex()\fR except the digest context \fBctx\fR is automatically cleaned up. .IP "\fBEVP_MD_CTX_copy()\fR" 4 .IX Item "EVP_MD_CTX_copy()" Similar to \fBEVP_MD_CTX_copy_ex()\fR except the destination \fBout\fR does not have to be initialized. .IP "\fBEVP_MD_size()\fR, \fBEVP_MD_CTX_size()\fR" 4 .IX Item "EVP_MD_size(), EVP_MD_CTX_size()" Return the size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an \&\fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the hash. .IP "\fBEVP_MD_block_size()\fR, \fBEVP_MD_CTX_block_size()\fR" 4 .IX Item "EVP_MD_block_size(), EVP_MD_CTX_block_size()" Return the block size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an \&\fB\s-1EVP_MD_CTX\s0\fR structure. .IP "\fBEVP_MD_type()\fR, \fBEVP_MD_CTX_type()\fR" 4 .IX Item "EVP_MD_type(), EVP_MD_CTX_type()" Return the \s-1NID\s0 of the \s-1OBJECT IDENTIFIER\s0 representing the given message digest when passed an \fB\s-1EVP_MD\s0\fR structure. For example, \f(CW\*(C`EVP_MD_type(EVP_sha1())\*(C'\fR returns \fBNID_sha1\fR. This function is normally used when setting \s-1ASN1\s0 OIDs. .IP "\fBEVP_MD_CTX_md_data()\fR" 4 .IX Item "EVP_MD_CTX_md_data()" Return the digest method private data for the passed \fB\s-1EVP_MD_CTX\s0\fR. The space is allocated by OpenSSL and has the size originally set with \&\fBEVP_MD_meth_set_app_datasize()\fR. .IP "\fBEVP_MD_CTX_md()\fR" 4 .IX Item "EVP_MD_CTX_md()" Returns the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed \fB\s-1EVP_MD_CTX\s0\fR. .IP "\fBEVP_MD_CTX_set_update_fn()\fR" 4 .IX Item "EVP_MD_CTX_set_update_fn()" Sets the update function for \fBctx\fR to \fBupdate\fR. This is the function that is called by EVP_DigestUpdate. If not set, the update function from the \fB\s-1EVP_MD\s0\fR type specified at initialization is used. .IP "\fBEVP_MD_CTX_update_fn()\fR" 4 .IX Item "EVP_MD_CTX_update_fn()" Returns the update function for \fBctx\fR. .IP "\fBEVP_MD_flags()\fR" 4 .IX Item "EVP_MD_flags()" Returns the \fBmd\fR flags. Note that these are different from the \fB\s-1EVP_MD_CTX\s0\fR ones. See \fBEVP_MD_meth_set_flags\fR\|(3) for more information. .IP "\fBEVP_MD_pkey_type()\fR" 4 .IX Item "EVP_MD_pkey_type()" Returns the \s-1NID\s0 of the public key signing algorithm associated with this digest. For example \fBEVP_sha1()\fR is associated with \s-1RSA\s0 so this will return \&\fBNID_sha1WithRSAEncryption\fR. Since digests and signature algorithms are no longer linked this function is only retained for compatibility reasons. .IP "\fBEVP_md_null()\fR" 4 .IX Item "EVP_md_null()" A \*(L"null\*(R" message digest that does nothing: i.e. the hash it returns is of zero length. .IP "\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR, \fBEVP_get_digestbyobj()\fR" 4 .IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" Returns an \fB\s-1EVP_MD\s0\fR structure when passed a digest name, a digest \fB\s-1NID\s0\fR or an \&\fB\s-1ASN1_OBJECT\s0\fR structure respectively. .IP "\fBEVP_MD_CTX_pkey_ctx()\fR" 4 .IX Item "EVP_MD_CTX_pkey_ctx()" Returns the \fB\s-1EVP_PKEY_CTX\s0\fR assigned to \fBctx\fR. The returned pointer should not be freed by the caller. .IP "\fBEVP_MD_CTX_set_pkey_ctx()\fR" 4 .IX Item "EVP_MD_CTX_set_pkey_ctx()" Assigns an \fB\s-1EVP_PKEY_CTX\s0\fR to \fB\s-1EVP_MD_CTX\s0\fR. This is usually used to provide a customized \fB\s-1EVP_PKEY_CTX\s0\fR to \fBEVP_DigestSignInit\fR\|(3) or \&\fBEVP_DigestVerifyInit\fR\|(3). The \fBpctx\fR passed to this function should be freed by the caller. A \s-1NULL\s0 \fBpctx\fR pointer is also allowed to clear the \fB\s-1EVP_PKEY_CTX\s0\fR assigned to \fBctx\fR. In such case, freeing the cleared \fB\s-1EVP_PKEY_CTX\s0\fR or not depends on how the \fB\s-1EVP_PKEY_CTX\s0\fR is created. .SH "CONTROLS" .IX Header "CONTROLS" \&\fBEVP_MD_CTX_ctrl()\fR can be used to send the following standard controls: .IP "\s-1EVP_MD_CTRL_MICALG\s0" 4 .IX Item "EVP_MD_CTRL_MICALG" Gets the digest Message Integrity Check algorithm string. This is used when creating S/MIME multipart/signed messages, as specified in \s-1RFC 3851.\s0 The string value is written to \fBp2\fR. .IP "\s-1EVP_MD_CTRL_XOF_LEN\s0" 4 .IX Item "EVP_MD_CTRL_XOF_LEN" This control sets the digest length for extendable output functions to \fBp1\fR. Sending this control directly should not be necessary, the use of \&\f(CW\*(C`EVP_DigestFinalXOF()\*(C'\fR is preferred. Currently used by \s-1SHAKE.\s0 .SH "FLAGS" .IX Header "FLAGS" \&\fBEVP_MD_CTX_set_flags()\fR, \fBEVP_MD_CTX_clear_flags()\fR and \fBEVP_MD_CTX_test_flags()\fR can be used the manipulate and test these \fB\s-1EVP_MD_CTX\s0\fR flags: .IP "\s-1EVP_MD_CTX_FLAG_ONESHOT\s0" 4 .IX Item "EVP_MD_CTX_FLAG_ONESHOT" This flag instructs the digest to optimize for one update only, if possible. .IP "\s-1EVP_MD_CTX_FLAG_NO_INIT\s0" 4 .IX Item "EVP_MD_CTX_FLAG_NO_INIT" This flag instructs \fBEVP_DigestInit()\fR and similar not to initialise the implementation specific data. .IP "\s-1EVP_MD_CTX_FLAG_FINALISE\s0" 4 .IX Item "EVP_MD_CTX_FLAG_FINALISE" Some functions such as EVP_DigestSign only finalise copies of internal contexts so additional data can be included after the finalisation call. This is inefficient if this functionality is not required, and can be disabled with this flag. .SH "RETURN VALUES" .IX Header "RETURN VALUES" .IP "\fBEVP_DigestInit_ex()\fR, \fBEVP_DigestUpdate()\fR, \fBEVP_DigestFinal_ex()\fR" 4 .IX Item "EVP_DigestInit_ex(), EVP_DigestUpdate(), EVP_DigestFinal_ex()" Returns 1 for success and 0 for failure. .IP "\fBEVP_MD_CTX_ctrl()\fR" 4 .IX Item "EVP_MD_CTX_ctrl()" Returns 1 if successful or 0 for failure. .IP "\fBEVP_MD_CTX_copy_ex()\fR" 4 .IX Item "EVP_MD_CTX_copy_ex()" Returns 1 if successful or 0 for failure. .IP "\fBEVP_MD_type()\fR, \fBEVP_MD_pkey_type()\fR" 4 .IX Item "EVP_MD_type(), EVP_MD_pkey_type()" Returns the \s-1NID\s0 of the corresponding \s-1OBJECT IDENTIFIER\s0 or NID_undef if none exists. .IP "\fBEVP_MD_size()\fR, \fBEVP_MD_block_size()\fR, \fBEVP_MD_CTX_size()\fR, \fBEVP_MD_CTX_block_size()\fR" 4 .IX Item "EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size()" Returns the digest or block size in bytes. .IP "\fBEVP_md_null()\fR" 4 .IX Item "EVP_md_null()" Returns a pointer to the \fB\s-1EVP_MD\s0\fR structure of the \*(L"null\*(R" message digest. .IP "\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR, \fBEVP_get_digestbyobj()\fR" 4 .IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" Returns either an \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occurs. .IP "\fBEVP_MD_CTX_set_pkey_ctx()\fR" 4 .IX Item "EVP_MD_CTX_set_pkey_ctx()" This function has no return value. .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to message digests should almost always be used in preference to the low-level interfaces. This is because the code then becomes transparent to the digest used and much more flexible. .PP New applications should use the \s-1SHA\-2\s0 (such as \fBEVP_sha256\fR\|(3)) or the \s-1SHA\-3\s0 digest algorithms (such as \fBEVP_sha3_512\fR\|(3)). The other digest algorithms are still in common use. .PP For most applications the \fBimpl\fR parameter to \fBEVP_DigestInit_ex()\fR will be set to \s-1NULL\s0 to use the default digest implementation. .PP The functions \fBEVP_DigestInit()\fR, \fBEVP_DigestFinal()\fR and \fBEVP_MD_CTX_copy()\fR are obsolete but are retained to maintain compatibility with existing code. New applications should use \fBEVP_DigestInit_ex()\fR, \fBEVP_DigestFinal_ex()\fR and \&\fBEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context instead of initializing and cleaning it up on each call and allow non default implementations of digests to be specified. .PP If digest contexts are not cleaned up after use, memory leaks will occur. .PP \&\fBEVP_MD_CTX_size()\fR, \fBEVP_MD_CTX_block_size()\fR, \fBEVP_MD_CTX_type()\fR, \&\fBEVP_get_digestbynid()\fR and \fBEVP_get_digestbyobj()\fR are defined as macros. .PP \&\fBEVP_MD_CTX_ctrl()\fR sends commands to message digests for additional configuration or control. .SH "EXAMPLES" .IX Header "EXAMPLES" This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the digest name passed on the command line. .PP .Vb 3 \& #include \& #include \& #include \& \& int main(int argc, char *argv[]) \& { \& EVP_MD_CTX *mdctx; \& const EVP_MD *md; \& char mess1[] = "Test Message\en"; \& char mess2[] = "Hello World\en"; \& unsigned char md_value[EVP_MAX_MD_SIZE]; \& unsigned int md_len, i; \& \& if (argv[1] == NULL) { \& printf("Usage: mdtest digestname\en"); \& exit(1); \& } \& \& md = EVP_get_digestbyname(argv[1]); \& if (md == NULL) { \& printf("Unknown message digest %s\en", argv[1]); \& exit(1); \& } \& \& mdctx = EVP_MD_CTX_new(); \& EVP_DigestInit_ex(mdctx, md, NULL); \& EVP_DigestUpdate(mdctx, mess1, strlen(mess1)); \& EVP_DigestUpdate(mdctx, mess2, strlen(mess2)); \& EVP_DigestFinal_ex(mdctx, md_value, &md_len); \& EVP_MD_CTX_free(mdctx); \& \& printf("Digest is: "); \& for (i = 0; i < md_len; i++) \& printf("%02x", md_value[i]); \& printf("\en"); \& \& exit(0); \& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_MD_meth_new\fR\|(3), \&\fBdgst\fR\|(1), \&\fBevp\fR\|(7) .PP The full list of digest algorithms are provided below. .PP \&\fBEVP_blake2b512\fR\|(3), \&\fBEVP_md2\fR\|(3), \&\fBEVP_md4\fR\|(3), \&\fBEVP_md5\fR\|(3), \&\fBEVP_mdc2\fR\|(3), \&\fBEVP_ripemd160\fR\|(3), \&\fBEVP_sha1\fR\|(3), \&\fBEVP_sha224\fR\|(3), \&\fBEVP_sha3_224\fR\|(3), \&\fBEVP_sm3\fR\|(3), \&\fBEVP_whirlpool\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBEVP_MD_CTX_create()\fR and \fBEVP_MD_CTX_destroy()\fR functions were renamed to \&\fBEVP_MD_CTX_new()\fR and \fBEVP_MD_CTX_free()\fR in OpenSSL 1.1.0, respectively. .PP The link between digests and signing algorithms was fixed in OpenSSL 1.0 and later, so now \fBEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA.\s0 .PP The \fBEVP_dss1()\fR function was removed in OpenSSL 1.1.0. .PP The \fBEVP_MD_CTX_set_pkey_ctx()\fR function was added in 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!e|SSL_CTX_sess_number.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SESS_NUMBER 3" .TH SSL_CTX_SESS_NUMBER 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_CTX_sess_number(SSL_CTX *ctx); \& long SSL_CTX_sess_connect(SSL_CTX *ctx); \& long SSL_CTX_sess_connect_good(SSL_CTX *ctx); \& long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx); \& long SSL_CTX_sess_accept(SSL_CTX *ctx); \& long SSL_CTX_sess_accept_good(SSL_CTX *ctx); \& long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx); \& long SSL_CTX_sess_hits(SSL_CTX *ctx); \& long SSL_CTX_sess_cb_hits(SSL_CTX *ctx); \& long SSL_CTX_sess_misses(SSL_CTX *ctx); \& long SSL_CTX_sess_timeouts(SSL_CTX *ctx); \& long SSL_CTX_sess_cache_full(SSL_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_sess_number()\fR returns the current number of sessions in the internal session cache. .PP \&\fBSSL_CTX_sess_connect()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in client mode. .PP \&\fBSSL_CTX_sess_connect_good()\fR returns the number of successfully established \&\s-1SSL/TLS\s0 sessions in client mode. .PP \&\fBSSL_CTX_sess_connect_renegotiate()\fR returns the number of started renegotiations in client mode. .PP \&\fBSSL_CTX_sess_accept()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in server mode. .PP \&\fBSSL_CTX_sess_accept_good()\fR returns the number of successfully established \&\s-1SSL/TLS\s0 sessions in server mode. .PP \&\fBSSL_CTX_sess_accept_renegotiate()\fR returns the number of started renegotiations in server mode. .PP \&\fBSSL_CTX_sess_hits()\fR returns the number of successfully reused sessions. In client mode a session set with \fBSSL_set_session\fR\|(3) successfully reused is counted as a hit. In server mode a session successfully retrieved from internal or external cache is counted as a hit. .PP \&\fBSSL_CTX_sess_cb_hits()\fR returns the number of successfully retrieved sessions from the external session cache in server mode. .PP \&\fBSSL_CTX_sess_misses()\fR returns the number of sessions proposed by clients that were not found in the internal session cache in server mode. .PP \&\fBSSL_CTX_sess_timeouts()\fR returns the number of sessions proposed by clients and either found in the internal or external session cache in server mode, but that were invalid due to timeout. These sessions are not included in the \fBSSL_CTX_sess_hits()\fR count. .PP \&\fBSSL_CTX_sess_cache_full()\fR returns the number of sessions that were removed because the maximum session cache size was exceeded. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The functions return the values indicated in the \s-1DESCRIPTION\s0 section. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), \&\fBSSL_CTX_set_session_cache_mode\fR\|(3) \&\fBSSL_CTX_sess_set_cache_size\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!nϺ44SSL_CTX_set_alpn_select_cb.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_ALPN_SELECT_CB 3" .TH SSL_CTX_SET_ALPN_SELECT_CB 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb, SSL_CTX_set_next_proto_select_cb, SSL_CTX_set_next_protos_advertised_cb, SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated \&\- handle application layer protocol negotiation (ALPN) .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, \& unsigned int protos_len); \& int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, \& unsigned int protos_len); \& void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, \& int (*cb) (SSL *ssl, \& const unsigned char **out, \& unsigned char *outlen, \& const unsigned char *in, \& unsigned int inlen, \& void *arg), void *arg); \& void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, \& unsigned int *len); \& \& void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, \& int (*cb)(SSL *ssl, \& const unsigned char **out, \& unsigned int *outlen, \& void *arg), \& void *arg); \& void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, \& int (*cb)(SSL *s, \& unsigned char **out, \& unsigned char *outlen, \& const unsigned char *in, \& unsigned int inlen, \& void *arg), \& void *arg); \& int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, \& const unsigned char *server, \& unsigned int server_len, \& const unsigned char *client, \& unsigned int client_len) \& void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, \& unsigned *len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_alpn_protos()\fR and \fBSSL_set_alpn_protos()\fR are used by the client to set the list of protocols available to be negotiated. The \fBprotos\fR must be in protocol-list format, described below. The length of \fBprotos\fR is specified in \&\fBprotos_len\fR. .PP \&\fBSSL_CTX_set_alpn_select_cb()\fR sets the application callback \fBcb\fR used by a server to select which protocol to use for the incoming connection. When \fBcb\fR is \s-1NULL, ALPN\s0 is not used. The \fBarg\fR value is a pointer which is passed to the application callback. .PP \&\fBcb\fR is the application defined callback. The \fBin\fR, \fBinlen\fR parameters are a vector in protocol-list format. The value of the \fBout\fR, \fBoutlen\fR vector should be set to the value of a single protocol selected from the \fBin\fR, \&\fBinlen\fR vector. The \fBout\fR buffer may point directly into \fBin\fR, or to a buffer that outlives the handshake. The \fBarg\fR parameter is the pointer set via \&\fBSSL_CTX_set_alpn_select_cb()\fR. .PP \&\fBSSL_select_next_proto()\fR is a helper function used to select protocols. It implements the standard protocol selection. It is expected that this function is called from the application callback \fBcb\fR. The protocol data in \fBserver\fR, \&\fBserver_len\fR and \fBclient\fR, \fBclient_len\fR must be in the protocol-list format described below. The first item in the \fBserver\fR, \fBserver_len\fR list that matches an item in the \fBclient\fR, \fBclient_len\fR list is selected, and returned in \fBout\fR, \fBoutlen\fR. The \fBout\fR value will point into either \fBserver\fR or \&\fBclient\fR, so it should be copied immediately. If no match is found, the first item in \fBclient\fR, \fBclient_len\fR is returned in \fBout\fR, \fBoutlen\fR. This function can also be used in the \s-1NPN\s0 callback. .PP \&\fBSSL_CTX_set_next_proto_select_cb()\fR sets a callback \fBcb\fR that is called when a client needs to select a protocol from the server's provided list, and a user-defined pointer argument \fBarg\fR which will be passed to this callback. For the callback itself, \fBout\fR must be set to point to the selected protocol (which may be within \fBin\fR). The length of the protocol name must be written into \fBoutlen\fR. The server's advertised protocols are provided in \fBin\fR and \fBinlen\fR. The callback can assume that \fBin\fR is syntactically valid. The client must select a protocol. It is fatal to the connection if this callback returns a value other than \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR. The \fBarg\fR parameter is the pointer set via \fBSSL_CTX_set_next_proto_select_cb()\fR. .PP \&\fBSSL_CTX_set_next_protos_advertised_cb()\fR sets a callback \fBcb\fR that is called when a \s-1TLS\s0 server needs a list of supported protocols for Next Protocol Negotiation. The returned list must be in protocol-list format, described below. The list is returned by setting \fBout\fR to point to it and \fBoutlen\fR to its length. This memory will not be modified, but the \fB\s-1SSL\s0\fR does keep a reference to it. The callback should return \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it wishes to advertise. Otherwise, no such extension will be included in the ServerHello. .PP \&\fBSSL_get0_alpn_selected()\fR returns a pointer to the selected protocol in \fBdata\fR with length \fBlen\fR. It is not NUL-terminated. \fBdata\fR is set to \s-1NULL\s0 and \fBlen\fR is set to 0 if no protocol has been selected. \fBdata\fR must not be freed. .PP \&\fBSSL_get0_next_proto_negotiated()\fR sets \fBdata\fR and \fBlen\fR to point to the client's requested protocol for this connection. If the client did not request any protocol or \s-1NPN\s0 is not enabled, then \fBdata\fR is set to \s-1NULL\s0 and \&\fBlen\fR to 0. Note that the client can request any protocol it chooses. The value returned from this function need not be a member of the list of supported protocols provided by the callback. .SH "NOTES" .IX Header "NOTES" The protocol-lists must be in wire-format, which is defined as a vector of nonempty, 8\-bit length-prefixed, byte strings. The length-prefix byte is not included in the length. Each string is limited to 255 bytes. A byte-string length of 0 is invalid. A truncated byte-string is invalid. The length of the vector is not in the vector itself, but in a separate variable. .PP Example: .PP .Vb 5 \& unsigned char vector[] = { \& 6, \*(Aqs\*(Aq, \*(Aqp\*(Aq, \*(Aqd\*(Aq, \*(Aqy\*(Aq, \*(Aq/\*(Aq, \*(Aq1\*(Aq, \& 8, \*(Aqh\*(Aq, \*(Aqt\*(Aq, \*(Aqt\*(Aq, \*(Aqp\*(Aq, \*(Aq/\*(Aq, \*(Aq1\*(Aq, \*(Aq.\*(Aq, \*(Aq1\*(Aq \& }; \& unsigned int length = sizeof(vector); .Ve .PP The \s-1ALPN\s0 callback is executed after the servername callback; as that servername callback may update the \s-1SSL_CTX,\s0 and subsequently, the \s-1ALPN\s0 callback. .PP If there is no \s-1ALPN\s0 proposed in the ClientHello, the \s-1ALPN\s0 callback is not invoked. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_alpn_protos()\fR and \fBSSL_set_alpn_protos()\fR return 0 on success, and non\-0 on failure. \s-1WARNING:\s0 these functions reverse the return value convention. .PP \&\fBSSL_select_next_proto()\fR returns one of the following: .IP "\s-1OPENSSL_NPN_NEGOTIATED\s0" 4 .IX Item "OPENSSL_NPN_NEGOTIATED" A match was found and is returned in \fBout\fR, \fBoutlen\fR. .IP "\s-1OPENSSL_NPN_NO_OVERLAP\s0" 4 .IX Item "OPENSSL_NPN_NO_OVERLAP" No match was found. The first item in \fBclient\fR, \fBclient_len\fR is returned in \&\fBout\fR, \fBoutlen\fR. .PP The \s-1ALPN\s0 select callback \fBcb\fR, must return one of the following: .IP "\s-1SSL_TLSEXT_ERR_OK\s0" 4 .IX Item "SSL_TLSEXT_ERR_OK" \&\s-1ALPN\s0 protocol selected. .IP "\s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0" 4 .IX Item "SSL_TLSEXT_ERR_ALERT_FATAL" There was no overlap between the client's supplied list and the server configuration. .IP "\s-1SSL_TLSEXT_ERR_NOACK\s0" 4 .IX Item "SSL_TLSEXT_ERR_NOACK" \&\s-1ALPN\s0 protocol not selected, e.g., because no \s-1ALPN\s0 protocols are configured for this connection. .PP The callback set using \fBSSL_CTX_set_next_proto_select_cb()\fR should return \&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if successful. Any other value is fatal to the connection. .PP The callback set using \fBSSL_CTX_set_next_protos_advertised_cb()\fR should return \&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it wishes to advertise. Otherwise, no such extension will be included in the ServerHello. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_servername_callback\fR\|(3), \&\fBSSL_CTX_set_tlsext_servername_arg\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!0S.S. X509_LOOKUP.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_LOOKUP 3" .TH X509_LOOKUP 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_LOOKUP, X509_LOOKUP_TYPE, X509_LOOKUP_new, X509_LOOKUP_free, X509_LOOKUP_init, X509_LOOKUP_shutdown, X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, X509_LOOKUP_ctrl, X509_LOOKUP_load_file, X509_LOOKUP_add_dir, X509_LOOKUP_get_store, X509_LOOKUP_by_subject, X509_LOOKUP_by_issuer_serial, X509_LOOKUP_by_fingerprint, X509_LOOKUP_by_alias \&\- OpenSSL certificate lookup mechanisms .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef x509_lookup_st X509_LOOKUP; \& \& typedef enum X509_LOOKUP_TYPE; \& \& X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); \& int X509_LOOKUP_init(X509_LOOKUP *ctx); \& int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); \& void X509_LOOKUP_free(X509_LOOKUP *ctx); \& \& int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); \& void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); \& \& int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, \& long argl, char **ret); \& int X509_LOOKUP_load_file(X509_LOOKUP *ctx, char *name, long type); \& int X509_LOOKUP_add_dir(X509_LOOKUP *ctx, char *name, long type); \& \& X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); \& \& int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, \& X509_NAME *name, X509_OBJECT *ret); \& int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, \& X509_NAME *name, ASN1_INTEGER *serial, \& X509_OBJECT *ret); \& int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, \& const unsigned char *bytes, int len, \& X509_OBJECT *ret); \& int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, \& const char *str, int len, X509_OBJECT *ret); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBX509_LOOKUP\fR structure holds the information needed to look up certificates and CRLs according to an associated \fBX509_LOOKUP_METHOD\fR\|(3). Multiple \fBX509_LOOKUP\fR instances can be added to an \fBX509_STORE\fR\|(3) to enable lookup in that store. .PP \&\fBX509_LOOKUP_new()\fR creates a new \fBX509_LOOKUP\fR using the given lookup \&\fImethod\fR. It can also be created by calling \fBX509_STORE_add_lookup\fR\|(3), which will associate an \fBX509_STORE\fR with the lookup mechanism. .PP \&\fBX509_LOOKUP_init()\fR initializes the internal state and resources as needed by the given \fBX509_LOOKUP\fR to do its work. .PP \&\fBX509_LOOKUP_shutdown()\fR tears down the internal state and resources of the given \fBX509_LOOKUP\fR. .PP \&\fBX509_LOOKUP_free()\fR destructs the given \fBX509_LOOKUP\fR. .PP \&\fBX509_LOOKUP_set_method_data()\fR associates a pointer to application data to the given \fBX509_LOOKUP\fR. .PP \&\fBX509_LOOKUP_get_method_data()\fR retrieves a pointer to application data from the given \fBX509_LOOKUP\fR. .PP \&\fBX509_LOOKUP_ctrl()\fR is used to set or get additional data to or from an \&\fBX509_LOOKUP\fR structure or its associated \fBX509_LOOKUP_METHOD\fR\|(3). The arguments of the control command are passed via \fIargc\fR and \fIargl\fR, its return value via \fI*ret\fR. The meaning of the arguments depends on the \fIcmd\fR number of the control command. In general, this function is not called directly, but wrapped by a macro call, see below. The control \fIcmd\fRs known to OpenSSL are discussed in more depth in \*(L"Control Commands\*(R". .PP \&\fBX509_LOOKUP_load_file()\fR passes a filename to be loaded immediately into the associated \fBX509_STORE\fR. \&\fItype\fR indicates what type of object is expected. This can only be used with a lookup using the implementation \&\fBX509_LOOKUP_file\fR\|(3). .PP \&\fBX509_LOOKUP_add_dir()\fR passes a directory specification from which certificates and CRLs are loaded on demand into the associated \&\fBX509_STORE\fR. \&\fItype\fR indicates what type of object is expected. This can only be used with a lookup using the implementation \&\fBX509_LOOKUP_hash_dir\fR\|(3). .PP \&\fBX509_LOOKUP_load_file()\fR, \fBX509_LOOKUP_add_dir()\fR, \&\fBX509_LOOKUP_add_store()\fR, and \fBX509_LOOKUP_load_store()\fR are implemented as macros that use \fBX509_LOOKUP_ctrl()\fR. .PP \&\fBX509_LOOKUP_by_subject()\fR, \fBX509_LOOKUP_by_issuer_serial()\fR, \&\fBX509_LOOKUP_by_fingerprint()\fR, and \fBX509_LOOKUP_by_alias()\fR look up certificates and CRLs in the \fBX509_STORE\fR\|(3) associated with the \&\fBX509_LOOKUP\fR using different criteria, where the looked up object is stored in \fIret\fR. Some of the underlying \fBX509_LOOKUP_METHOD\fRs will also cache objects matching the criteria in the associated \fBX509_STORE\fR, which makes it possible to handle cases where the criteria have more than one hit. .SS "File Types" .IX Subsection "File Types" \&\fBX509_LOOKUP_load_file()\fR and \fBX509_LOOKUP_add_dir()\fR take a \fItype\fR, which can be one of the following: .IP "\fBX509_FILETYPE_PEM\fR" 4 .IX Item "X509_FILETYPE_PEM" The file or files that are loaded are expected to be in \s-1PEM\s0 format. .IP "\fBX509_FILETYPE_ASN1\fR" 4 .IX Item "X509_FILETYPE_ASN1" The file or files that are loaded are expected to be in raw \s-1DER\s0 format. .IP "\fBX509_FILETYPE_DEFAULT\fR" 4 .IX Item "X509_FILETYPE_DEFAULT" The default certificate file or directory is used. In this case, \&\fIname\fR is ignored. .SS "Control Commands" .IX Subsection "Control Commands" The \fBX509_LOOKUP_METHOD\fRs built into OpenSSL recognise the following \&\fBX509_LOOKUP_ctrl()\fR \fIcmd\fRs: .IP "\fBX509_L_FILE_LOAD\fR" 4 .IX Item "X509_L_FILE_LOAD" This is the command that \fBX509_LOOKUP_load_file()\fR uses. The filename is passed in \fIargc\fR, and the type in \fIargl\fR. .IP "\fBX509_L_ADD_DIR\fR" 4 .IX Item "X509_L_ADD_DIR" This is the command that \fBX509_LOOKUP_add_dir()\fR uses. The directory specification is passed in \fIargc\fR, and the type in \&\fIargl\fR. .IP "\fBX509_L_ADD_STORE\fR" 4 .IX Item "X509_L_ADD_STORE" This is the command that \fBX509_LOOKUP_add_store()\fR uses. The \s-1URI\s0 is passed in \fIargc\fR. .IP "\fBX509_L_LOAD_STORE\fR" 4 .IX Item "X509_L_LOAD_STORE" This is the command that \fBX509_LOOKUP_load_store()\fR uses. The \s-1URI\s0 is passed in \fIargc\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_LOOKUP_new()\fR returns an \fBX509_LOOKUP\fR pointer when successful, or \s-1NULL\s0 on error. .PP \&\fBX509_LOOKUP_init()\fR and \fBX509_LOOKUP_shutdown()\fR return 1 on success, or 0 on error. .PP \&\fBX509_LOOKUP_ctrl()\fR returns \-1 if the \fBX509_LOOKUP\fR doesn't have an associated \fBX509_LOOKUP_METHOD\fR, or 1 if the doesn't have a control function. Otherwise, it returns what the control function in the \&\fBX509_LOOKUP_METHOD\fR returns, which is usually 1 on success and 0 in error. .IX Xref "509_LOOKUP_METHOD" .PP \&\fBX509_LOOKUP_get_store()\fR returns an \fBX509_STORE\fR pointer if there is one, otherwise \s-1NULL.\s0 .PP \&\fBX509_LOOKUP_by_subject()\fR, \fBX509_LOOKUP_by_issuer_serial()\fR, \&\fBX509_LOOKUP_by_fingerprint()\fR, and \fBX509_LOOKUP_by_alias()\fR all return 0 if there is no \fBX509_LOOKUP_METHOD\fR or that method doesn't implement the corresponding function. Otherwise, it returns what the corresponding function in the \&\fBX509_LOOKUP_METHOD\fR returns, which is usually 1 on success and 0 in error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_LOOKUP_METHOD\fR\|(3), \fBX509_STORE\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!~D~DRSA_meth_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RSA_METH_NEW 3" .TH RSA_METH_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RSA_meth_get0_app_data, RSA_meth_set0_app_data, RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name, RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags, RSA_meth_get_pub_enc, RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec, RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec, RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp, RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init, RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish, RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify, RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen \&\- Routines to build up RSA methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& RSA_METHOD *RSA_meth_new(const char *name, int flags); \& void RSA_meth_free(RSA_METHOD *meth); \& \& RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); \& \& const char *RSA_meth_get0_name(const RSA_METHOD *meth); \& int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); \& \& int RSA_meth_get_flags(const RSA_METHOD *meth); \& int RSA_meth_set_flags(RSA_METHOD *meth, int flags); \& \& void *RSA_meth_get0_app_data(const RSA_METHOD *meth); \& int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); \& \& int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); \& int RSA_meth_set_pub_enc(RSA_METHOD *rsa, \& int (*pub_enc)(int flen, const unsigned char *from, \& unsigned char *to, RSA *rsa, \& int padding)); \& \& int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) \& (int flen, const unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); \& int RSA_meth_set_pub_dec(RSA_METHOD *rsa, \& int (*pub_dec)(int flen, const unsigned char *from, \& unsigned char *to, RSA *rsa, \& int padding)); \& \& int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from, \& unsigned char *to, RSA *rsa, \& int padding); \& int RSA_meth_set_priv_enc(RSA_METHOD *rsa, \& int (*priv_enc)(int flen, const unsigned char *from, \& unsigned char *to, RSA *rsa, int padding)); \& \& int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen, const unsigned char *from, \& unsigned char *to, RSA *rsa, \& int padding); \& int RSA_meth_set_priv_dec(RSA_METHOD *rsa, \& int (*priv_dec)(int flen, const unsigned char *from, \& unsigned char *to, RSA *rsa, int padding)); \& \& /* Can be null */ \& int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i, \& RSA *rsa, BN_CTX *ctx); \& int RSA_meth_set_mod_exp(RSA_METHOD *rsa, \& int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa, \& BN_CTX *ctx)); \& \& /* Can be null */ \& int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r, const BIGNUM *a, \& const BIGNUM *p, const BIGNUM *m, \& BN_CTX *ctx, BN_MONT_CTX *m_ctx); \& int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, \& int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, \& const BIGNUM *p, const BIGNUM *m, \& BN_CTX *ctx, BN_MONT_CTX *m_ctx)); \& \& /* called at new */ \& int (*RSA_meth_get_init(const RSA_METHOD *meth) (RSA *rsa); \& int RSA_meth_set_init(RSA_METHOD *rsa, int (*init (RSA *rsa)); \& \& /* called at free */ \& int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); \& int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish)(RSA *rsa)); \& \& int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type, const unsigned char *m, \& unsigned int m_length, \& unsigned char *sigret, \& unsigned int *siglen, const RSA *rsa); \& int RSA_meth_set_sign(RSA_METHOD *rsa, \& int (*sign)(int type, const unsigned char *m, \& unsigned int m_length, unsigned char *sigret, \& unsigned int *siglen, const RSA *rsa)); \& \& int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype, const unsigned char *m, \& unsigned int m_length, \& const unsigned char *sigbuf, \& unsigned int siglen, const RSA *rsa); \& int RSA_meth_set_verify(RSA_METHOD *rsa, \& int (*verify)(int dtype, const unsigned char *m, \& unsigned int m_length, \& const unsigned char *sigbuf, \& unsigned int siglen, const RSA *rsa)); \& \& int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e, \& BN_GENCB *cb); \& int RSA_meth_set_keygen(RSA_METHOD *rsa, \& int (*keygen)(RSA *rsa, int bits, BIGNUM *e, \& BN_GENCB *cb)); \& \& int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, \& int primes, BIGNUM *e, \& BN_GENCB *cb); \& \& int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, \& int (*keygen) (RSA *rsa, int bits, \& int primes, BIGNUM *e, \& BN_GENCB *cb)); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fB\s-1RSA_METHOD\s0\fR type is a structure used for the provision of custom \&\s-1RSA\s0 implementations. It provides a set of functions used by OpenSSL for the implementation of the various \s-1RSA\s0 capabilities. See the rsa page for more information. .PP \&\fBRSA_meth_new()\fR creates a new \fB\s-1RSA_METHOD\s0\fR structure. It should be given a unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \&\s-1NULL\s0 terminated string, which will be duplicated and stored in the \&\fB\s-1RSA_METHOD\s0\fR object. It is the callers responsibility to free the original string. The flags will be used during the construction of a new \fB\s-1RSA\s0\fR object based on this \fB\s-1RSA_METHOD\s0\fR. Any new \fB\s-1RSA\s0\fR object will have those flags set by default. .PP \&\fBRSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1RSA_METHOD\s0\fR object passed as a parameter. This might be useful for creating a new \&\fB\s-1RSA_METHOD\s0\fR based on an existing one, but with some differences. .PP \&\fBRSA_meth_free()\fR destroys an \fB\s-1RSA_METHOD\s0\fR structure and frees up any memory associated with it. .PP \&\fBRSA_meth_get0_name()\fR will return a pointer to the name of this \&\s-1RSA_METHOD.\s0 This is a pointer to the internal name string and so should not be freed by the caller. \fBRSA_meth_set1_name()\fR sets the name of the \s-1RSA_METHOD\s0 to \fBname\fR. The string is duplicated and the copy is stored in the \s-1RSA_METHOD\s0 structure, so the caller remains responsible for freeing the memory associated with the name. .PP \&\fBRSA_meth_get_flags()\fR returns the current value of the flags associated with this \s-1RSA_METHOD.\s0 \fBRSA_meth_set_flags()\fR provides the ability to set these flags. .PP The functions \fBRSA_meth_get0_app_data()\fR and \fBRSA_meth_set0_app_data()\fR provide the ability to associate implementation specific data with the \&\s-1RSA_METHOD.\s0 It is the application's responsibility to free this data before the \s-1RSA_METHOD\s0 is freed via a call to \fBRSA_meth_free()\fR. .PP \&\fBRSA_meth_get_sign()\fR and \fBRSA_meth_set_sign()\fR get and set the function used for creating an \s-1RSA\s0 signature respectively. This function will be called in response to the application calling \fBRSA_sign()\fR. The parameters for the function have the same meaning as for \fBRSA_sign()\fR. .PP \&\fBRSA_meth_get_verify()\fR and \fBRSA_meth_set_verify()\fR get and set the function used for verifying an \s-1RSA\s0 signature respectively. This function will be called in response to the application calling \&\fBRSA_verify()\fR. The parameters for the function have the same meaning as for \fBRSA_verify()\fR. .PP \&\fBRSA_meth_get_mod_exp()\fR and \fBRSA_meth_set_mod_exp()\fR get and set the function used for \s-1CRT\s0 computations. .PP \&\fBRSA_meth_get_bn_mod_exp()\fR and \fBRSA_meth_set_bn_mod_exp()\fR get and set the function used for \s-1CRT\s0 computations, specifically the following value: .PP .Vb 1 \& r = a ^ p mod m .Ve .PP Both the \fBmod_exp()\fR and \fBbn_mod_exp()\fR functions are called by the default OpenSSL method during encryption, decryption, signing and verification. .PP \&\fBRSA_meth_get_init()\fR and \fBRSA_meth_set_init()\fR get and set the function used for creating a new \s-1RSA\s0 instance respectively. This function will be called in response to the application calling \fBRSA_new()\fR (if the current default \s-1RSA_METHOD\s0 is this one) or \fBRSA_new_method()\fR. The \&\fBRSA_new()\fR and \fBRSA_new_method()\fR functions will allocate the memory for the new \s-1RSA\s0 object, and a pointer to this newly allocated structure will be passed as a parameter to the function. This function may be \&\s-1NULL.\s0 .PP \&\fBRSA_meth_get_finish()\fR and \fBRSA_meth_set_finish()\fR get and set the function used for destroying an instance of an \s-1RSA\s0 object respectively. This function will be called in response to the application calling \&\fBRSA_free()\fR. A pointer to the \s-1RSA\s0 to be destroyed is passed as a parameter. The destroy function should be used for \s-1RSA\s0 implementation specific clean up. The memory for the \s-1RSA\s0 itself should not be freed by this function. This function may be \s-1NULL.\s0 .PP \&\fBRSA_meth_get_keygen()\fR and \fBRSA_meth_set_keygen()\fR get and set the function used for generating a new \s-1RSA\s0 key pair respectively. This function will be called in response to the application calling \&\fBRSA_generate_key_ex()\fR. The parameter for the function has the same meaning as for \fBRSA_generate_key_ex()\fR. .PP \&\fBRSA_meth_get_multi_prime_keygen()\fR and \fBRSA_meth_set_multi_prime_keygen()\fR get and set the function used for generating a new multi-prime \s-1RSA\s0 key pair respectively. This function will be called in response to the application calling \&\fBRSA_generate_multi_prime_key()\fR. The parameter for the function has the same meaning as for \fBRSA_generate_multi_prime_key()\fR. .PP \&\fBRSA_meth_get_pub_enc()\fR, \fBRSA_meth_set_pub_enc()\fR, \&\fBRSA_meth_get_pub_dec()\fR, \fBRSA_meth_set_pub_dec()\fR, \&\fBRSA_meth_get_priv_enc()\fR, \fBRSA_meth_set_priv_enc()\fR, \&\fBRSA_meth_get_priv_dec()\fR, \fBRSA_meth_set_priv_dec()\fR get and set the functions used for public and private key encryption and decryption. These functions will be called in response to the application calling \&\fBRSA_public_encrypt()\fR, \fBRSA_private_decrypt()\fR, \fBRSA_private_encrypt()\fR and \&\fBRSA_public_decrypt()\fR and take the same parameters as those. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRSA_meth_new()\fR and \fBRSA_meth_dup()\fR return the newly allocated \&\s-1RSA_METHOD\s0 object or \s-1NULL\s0 on failure. .PP \&\fBRSA_meth_get0_name()\fR and \fBRSA_meth_get_flags()\fR return the name and flags associated with the \s-1RSA_METHOD\s0 respectively. .PP All other RSA_meth_get_*() functions return the appropriate function pointer that has been set in the \s-1RSA_METHOD,\s0 or \s-1NULL\s0 if no such pointer has yet been set. .PP RSA_meth_set1_name and all RSA_meth_set_*() functions return 1 on success or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRSA_new\fR\|(3), \fBRSA_generate_key_ex\fR\|(3), \fBRSA_sign\fR\|(3), \&\fBRSA_set_method\fR\|(3), \fBRSA_size\fR\|(3), \fBRSA_get0_key\fR\|(3), \&\fBRSA_generate_multi_prime_key\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBRSA_meth_get_multi_prime_keygen()\fR and \fBRSA_meth_set_multi_prime_keygen()\fR were added in OpenSSL 1.1.1. .PP Other functions described here were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!?޺OCSP_cert_to_id.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OCSP_CERT_TO_ID 3" .TH OCSP_CERT_TO_ID 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp, OCSP_id_cmp, OCSP_id_get0_info \- OCSP certificate ID utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, \& X509 *subject, X509 *issuer); \& \& OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, \& X509_NAME *issuerName, \& ASN1_BIT_STRING *issuerKey, \& ASN1_INTEGER *serialNumber); \& \& void OCSP_CERTID_free(OCSP_CERTID *id); \& \& int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); \& int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); \& \& int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, \& ASN1_OCTET_STRING **pikeyHash, \& ASN1_INTEGER **pserial, OCSP_CERTID *cid); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBOCSP_cert_to_id()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR structure using message digest \fBdgst\fR for certificate \fBsubject\fR with issuer \fBissuer\fR. If \&\fBdgst\fR is \fB\s-1NULL\s0\fR then \s-1SHA1\s0 is used. .PP \&\fBOCSP_cert_id_new()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR using \fBdgst\fR and issuer name \fBissuerName\fR, issuer key hash \fBissuerKey\fR and serial number \&\fBserialNumber\fR. .PP \&\fBOCSP_CERTID_free()\fR frees up \fBid\fR. .PP \&\fBOCSP_id_cmp()\fR compares \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. .PP \&\fBOCSP_id_issuer_cmp()\fR compares only the issuer name of \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. .PP \&\fBOCSP_id_get0_info()\fR returns the issuer name hash, hash \s-1OID,\s0 issuer key hash and serial number contained in \fBcid\fR. If any of the values are not required the corresponding parameter can be set to \fB\s-1NULL\s0\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOCSP_cert_to_id()\fR and \fBOCSP_cert_id_new()\fR return either a pointer to a valid \&\fB\s-1OCSP_CERTID\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBOCSP_id_cmp()\fR and \fBOCSP_id_issuer_cmp()\fR returns zero for a match and nonzero otherwise. .PP \&\fBOCSP_CERTID_free()\fR does not return a value. .PP \&\fBOCSP_id_get0_info()\fR returns 1 for success and 0 for failure. .SH "NOTES" .IX Header "NOTES" \&\s-1OCSP\s0 clients will typically only use \fBOCSP_cert_to_id()\fR or \fBOCSP_cert_id_new()\fR: the other functions are used by responder applications. .PP The values returned by \fBOCSP_id_get0_info()\fR are internal pointers and \fB\s-1MUST NOT\s0\fR be freed up by an application: they will be freed when the corresponding \&\fB\s-1OCSP_CERTID\s0\fR structure is freed. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \&\fBOCSP_request_add1_nonce\fR\|(3), \&\fBOCSP_REQUEST_new\fR\|(3), \&\fBOCSP_resp_find_status\fR\|(3), \&\fBOCSP_response_status\fR\|(3), \&\fBOCSP_sendreq_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!]]OPENSSL_VERSION_NUMBER.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OPENSSL_VERSION_NUMBER 3" .TH OPENSSL_VERSION_NUMBER 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, OpenSSL_version, OpenSSL_version_num \- get OpenSSL version number .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 3 \& #include \& #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL \& #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx" \& \& #include \& \& unsigned long OpenSSL_version_num(); \& const char *OpenSSL_version(int t); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1OPENSSL_VERSION_NUMBER\s0 is a numeric release version identifier: .PP .Vb 1 \& MNNFFPPS: major minor fix patch status .Ve .PP The status nibble has one of the values 0 for development, 1 to e for betas 1 to 14, and f for release. .PP for example .PP .Vb 3 \& 0x000906000 == 0.9.6 dev \& 0x000906023 == 0.9.6b beta 3 \& 0x00090605f == 0.9.6e release .Ve .PP Versions prior to 0.9.3 have identifiers < 0x0930. Versions between 0.9.3 and 0.9.5 had a version identifier with this interpretation: .PP .Vb 1 \& MMNNFFRBB major minor fix final beta/patch .Ve .PP for example .PP .Vb 2 \& 0x000904100 == 0.9.4 release \& 0x000905000 == 0.9.5 dev .Ve .PP Version 0.9.5a had an interim interpretation that is like the current one, except the patch level got the highest bit set, to keep continuity. The number was therefore 0x0090581f. .PP \&\s-1OPENSSL_VERSION_TEXT\s0 is the text variant of the version number and the release date. For example, \&\*(L"OpenSSL 1.0.1a 15 Oct 2015\*(R". .PP \&\fBOpenSSL_version_num()\fR returns the version number. .PP \&\fBOpenSSL_version()\fR returns different strings depending on \fBt\fR: .IP "\s-1OPENSSL_VERSION\s0" 4 .IX Item "OPENSSL_VERSION" The text variant of the version number and the release date. For example, \&\*(L"OpenSSL 1.0.1a 15 Oct 2015\*(R". .IP "\s-1OPENSSL_CFLAGS\s0" 4 .IX Item "OPENSSL_CFLAGS" The compiler flags set for the compilation process in the form \&\*(L"compiler: ...\*(R" if available or \*(L"compiler: information not available\*(R" otherwise. .IP "\s-1OPENSSL_BUILT_ON\s0" 4 .IX Item "OPENSSL_BUILT_ON" The date of the build process in the form \*(L"built on: ...\*(R" if available or \*(L"built on: date not available\*(R" otherwise. .IP "\s-1OPENSSL_PLATFORM\s0" 4 .IX Item "OPENSSL_PLATFORM" The \*(L"Configure\*(R" target of the library build in the form \*(L"platform: ...\*(R" if available or \*(L"platform: information not available\*(R" otherwise. .IP "\s-1OPENSSL_DIR\s0" 4 .IX Item "OPENSSL_DIR" The \*(L"\s-1OPENSSLDIR\*(R"\s0 setting of the library build in the form \*(L"\s-1OPENSSLDIR: \*(R"..."\*(L"\s0 if available or \*(R"\s-1OPENSSLDIR: N/A"\s0 otherwise. .IP "\s-1OPENSSL_ENGINES_DIR\s0" 4 .IX Item "OPENSSL_ENGINES_DIR" The \*(L"\s-1ENGINESDIR\*(R"\s0 setting of the library build in the form \*(L"\s-1ENGINESDIR: \*(R"..."\*(L"\s0 if available or \*(R"\s-1ENGINESDIR: N/A"\s0 otherwise. .PP For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOpenSSL_version_num()\fR returns the version number. .PP \&\fBOpenSSL_version()\fR returns requested version strings. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!٢00OSSL_STORE_SEARCH.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OSSL_STORE_SEARCH 3" .TH OSSL_STORE_SEARCH 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OSSL_STORE_SEARCH, OSSL_STORE_SEARCH_by_name, OSSL_STORE_SEARCH_by_issuer_serial, OSSL_STORE_SEARCH_by_key_fingerprint, OSSL_STORE_SEARCH_by_alias, OSSL_STORE_SEARCH_free, OSSL_STORE_SEARCH_get_type, OSSL_STORE_SEARCH_get0_name, OSSL_STORE_SEARCH_get0_serial, OSSL_STORE_SEARCH_get0_bytes, OSSL_STORE_SEARCH_get0_string, OSSL_STORE_SEARCH_get0_digest \&\- Type and functions to create OSSL_STORE search criteria .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef struct ossl_store_search_st OSSL_STORE_SEARCH; \& \& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); \& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, \& const ASN1_INTEGER \& *serial); \& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, \& const unsigned char \& *bytes, int len); \& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); \& \& void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search); \& \& int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); \& X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion); \& const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH \& *criterion); \& const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH \& *criterion, size_t *length); \& const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); \& const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH \& *criterion); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions are used to specify search criteria to help search for specific objects through other names than just the \s-1URI\s0 that's given to \fBOSSL_STORE_open()\fR. For example, this can be useful for an application that has received a \s-1URI\s0 and then wants to add on search criteria in a uniform and supported manner. .SS "Types" .IX Subsection "Types" \&\fB\s-1OSSL_STORE_SEARCH\s0\fR is an opaque type that holds the constructed search criterion, and that can be given to an \s-1OSSL_STORE\s0 context with \&\fBOSSL_STORE_find()\fR. .PP The calling application owns the allocation of an \fB\s-1OSSL_STORE_SEARCH\s0\fR at all times, and should therefore be careful not to deallocate it before \&\fBOSSL_STORE_close()\fR has been called for the \s-1OSSL_STORE\s0 context it was given to. .SS "Application Functions" .IX Subsection "Application Functions" \&\fBOSSL_STORE_SEARCH_by_name()\fR, \&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, \&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, and \fBOSSL_STORE_SEARCH_by_alias()\fR are used to create an \fB\s-1OSSL_STORE_SEARCH\s0\fR from a subject name, an issuer name and serial number pair, a key fingerprint, and an alias (for example a friendly name). The parameters that are provided are not copied, only referred to in a criterion, so they must have at least the same life time as the created \&\fB\s-1OSSL_STORE_SEARCH\s0\fR. .PP \&\fBOSSL_STORE_SEARCH_free()\fR is used to free the \fB\s-1OSSL_STORE_SEARCH\s0\fR. .SS "Loader Functions" .IX Subsection "Loader Functions" \&\fBOSSL_STORE_SEARCH_get_type()\fR returns the criterion type for the given \&\fB\s-1OSSL_STORE_SEARCH\s0\fR. .PP \&\fBOSSL_STORE_SEARCH_get0_name()\fR, \fBOSSL_STORE_SEARCH_get0_serial()\fR, \&\fBOSSL_STORE_SEARCH_get0_bytes()\fR, \fBOSSL_STORE_SEARCH_get0_string()\fR, and \fBOSSL_STORE_SEARCH_get0_digest()\fR are used to retrieve different data from a \fB\s-1OSSL_STORE_SEARCH\s0\fR, as available for each type. For more information, see \*(L"\s-1SUPPORTED CRITERION TYPES\*(R"\s0 below. .SH "SUPPORTED CRITERION TYPES" .IX Header "SUPPORTED CRITERION TYPES" Currently supported criterion types are: .IP "\s-1OSSL_STORE_SEARCH_BY_NAME\s0" 4 .IX Item "OSSL_STORE_SEARCH_BY_NAME" This criterion supports a search by exact match of subject name. The subject name itself is a \fBX509_NAME\fR pointer. A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_name()\fR, and the actual subject name is retrieved with \fBOSSL_STORE_SEARCH_get0_name()\fR. .IP "\s-1OSSL_STORE_SEARCH_BY_ISSUER_SERIAL\s0" 4 .IX Item "OSSL_STORE_SEARCH_BY_ISSUER_SERIAL" This criterion supports a search by exact match of both issuer name and serial number. The issuer name itself is a \fBX509_NAME\fR pointer, and the serial number is a \fB\s-1ASN1_INTEGER\s0\fR pointer. A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_issuer_serial()\fR and the actual issuer name and serial number are retrieved with \&\fBOSSL_STORE_SEARCH_get0_name()\fR and \fBOSSL_STORE_SEARCH_get0_serial()\fR. .IP "\s-1OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT\s0" 4 .IX Item "OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT" This criterion supports a search by exact match of key fingerprint. The key fingerprint in itself is a string of bytes and its length, as well as the algorithm that was used to compute the fingerprint. The digest may be left unspecified (\s-1NULL\s0), and in that case, the loader has to decide on a default digest and compare fingerprints accordingly. A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR and the actual fingerprint and its length can be retrieved with \&\fBOSSL_STORE_SEARCH_get0_bytes()\fR. The digest can be retrieved with \fBOSSL_STORE_SEARCH_get0_digest()\fR. .IP "\s-1OSSL_STORE_SEARCH_BY_ALIAS\s0" 4 .IX Item "OSSL_STORE_SEARCH_BY_ALIAS" This criterion supports a search by match of an alias of some kind. The alias in itself is a simple C string. A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_alias()\fR and the actual alias is retrieved with \fBOSSL_STORE_SEARCH_get0_string()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_STORE_SEARCH_by_name()\fR, \&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, \&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, and \fBOSSL_STORE_SEARCH_by_alias()\fR return a \fB\s-1OSSL_STORE_SEARCH\s0\fR pointer on success, or \fB\s-1NULL\s0\fR on failure. .PP \&\fBOSSL_STORE_SEARCH_get_type()\fR returns the criterion type of the given \&\fB\s-1OSSL_STORE_SEARCH\s0\fR. There is no error value. .PP \&\fBOSSL_STORE_SEARCH_get0_name()\fR returns a \fBX509_NAME\fR pointer on success, or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. .PP \&\fBOSSL_STORE_SEARCH_get0_serial()\fR returns a \fB\s-1ASN1_INTEGER\s0\fR pointer on success, or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. .PP \&\fBOSSL_STORE_SEARCH_get0_bytes()\fR returns a \fBconst unsigned char\fR pointer and sets \fB*length\fR to the strings length on success, or \fB\s-1NULL\s0\fR when the given \&\fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. .PP \&\fBOSSL_STORE_SEARCH_get0_string()\fR returns a \fBconst char\fR pointer on success, or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. .PP \&\fBOSSL_STORE_SEARCH_get0_digest()\fR returns a \fBconst \s-1EVP_MD\s0\fR pointer. \&\fB\s-1NULL\s0\fR is a valid value and means that the store loader default will be used when applicable. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBossl_store\fR\|(7), \fBOSSL_STORE_supports_search\fR\|(3), \fBOSSL_STORE_find\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fB\s-1OSSL_STORE_SEARCH\s0\fR, \&\fBOSSL_STORE_SEARCH_by_name()\fR, \&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, \&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, \&\fBOSSL_STORE_SEARCH_by_alias()\fR, \&\fBOSSL_STORE_SEARCH_free()\fR, \&\fBOSSL_STORE_SEARCH_get_type()\fR, \&\fBOSSL_STORE_SEARCH_get0_name()\fR, \&\fBOSSL_STORE_SEARCH_get0_serial()\fR, \&\fBOSSL_STORE_SEARCH_get0_bytes()\fR, and \fBOSSL_STORE_SEARCH_get0_string()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!F55 SSL_CTX_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_NEW 3" .TH SSL_CTX_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, SSL_CTX_new, SSL_CTX_up_ref, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method, DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method, DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method \&\- create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); \& int SSL_CTX_up_ref(SSL_CTX *ctx); \& \& const SSL_METHOD *TLS_method(void); \& const SSL_METHOD *TLS_server_method(void); \& const SSL_METHOD *TLS_client_method(void); \& \& const SSL_METHOD *SSLv23_method(void); \& const SSL_METHOD *SSLv23_server_method(void); \& const SSL_METHOD *SSLv23_client_method(void); \& \& #ifndef OPENSSL_NO_SSL3_METHOD \& const SSL_METHOD *SSLv3_method(void); \& const SSL_METHOD *SSLv3_server_method(void); \& const SSL_METHOD *SSLv3_client_method(void); \& #endif \& \& #ifndef OPENSSL_NO_TLS1_METHOD \& const SSL_METHOD *TLSv1_method(void); \& const SSL_METHOD *TLSv1_server_method(void); \& const SSL_METHOD *TLSv1_client_method(void); \& #endif \& \& #ifndef OPENSSL_NO_TLS1_1_METHOD \& const SSL_METHOD *TLSv1_1_method(void); \& const SSL_METHOD *TLSv1_1_server_method(void); \& const SSL_METHOD *TLSv1_1_client_method(void); \& #endif \& \& #ifndef OPENSSL_NO_TLS1_2_METHOD \& const SSL_METHOD *TLSv1_2_method(void); \& const SSL_METHOD *TLSv1_2_server_method(void); \& const SSL_METHOD *TLSv1_2_client_method(void); \& #endif \& \& const SSL_METHOD *DTLS_method(void); \& const SSL_METHOD *DTLS_server_method(void); \& const SSL_METHOD *DTLS_client_method(void); \& \& #ifndef OPENSSL_NO_DTLS1_METHOD \& const SSL_METHOD *DTLSv1_method(void); \& const SSL_METHOD *DTLSv1_server_method(void); \& const SSL_METHOD *DTLSv1_client_method(void); \& #endif \& \& #ifndef OPENSSL_NO_DTLS1_2_METHOD \& const SSL_METHOD *DTLSv1_2_method(void); \& const SSL_METHOD *DTLSv1_2_server_method(void); \& const SSL_METHOD *DTLSv1_2_client_method(void); \& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to establish \s-1TLS/SSL\s0 or \s-1DTLS\s0 enabled connections. An \fB\s-1SSL_CTX\s0\fR object is reference counted. Creating an \fB\s-1SSL_CTX\s0\fR object for the first time increments the reference count. Freeing it (using SSL_CTX_free) decrements it. When the reference count drops to zero, any memory or resources allocated to the \&\fB\s-1SSL_CTX\s0\fR object are freed. \fBSSL_CTX_up_ref()\fR increments the reference count for an existing \fB\s-1SSL_CTX\s0\fR structure. .SH "NOTES" .IX Header "NOTES" The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method. The methods exist in a generic type (for client and server use), a server only type, and a client only type. \&\fBmethod\fR can be of the following types: .IP "\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR" 4 .IX Item "TLS_method(), TLS_server_method(), TLS_client_method()" These are the general-purpose \fIversion-flexible\fR \s-1SSL/TLS\s0 methods. The actual protocol version used will be negotiated to the highest version mutually supported by the client and the server. The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. Applications should use these methods, and avoid the version-specific methods described below, which are deprecated. .IP "\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR, \fBSSLv23_client_method()\fR" 4 .IX Item "SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()" These functions do not exist anymore, they have been renamed to \&\fBTLS_method()\fR, \fBTLS_server_method()\fR and \fBTLS_client_method()\fR respectively. Currently, the old function calls are renamed to the corresponding new ones by preprocessor macros, to ensure that existing code which uses the old function names still compiles. However, using the old function names is deprecated and new code should call the new functions instead. .IP "\fBTLSv1_2_method()\fR, \fBTLSv1_2_server_method()\fR, \fBTLSv1_2_client_method()\fR" 4 .IX Item "TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()" A \s-1TLS/SSL\s0 connection established with these methods will only understand the TLSv1.2 protocol. These methods are deprecated. .IP "\fBTLSv1_1_method()\fR, \fBTLSv1_1_server_method()\fR, \fBTLSv1_1_client_method()\fR" 4 .IX Item "TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()" A \s-1TLS/SSL\s0 connection established with these methods will only understand the TLSv1.1 protocol. These methods are deprecated. .IP "\fBTLSv1_method()\fR, \fBTLSv1_server_method()\fR, \fBTLSv1_client_method()\fR" 4 .IX Item "TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()" A \s-1TLS/SSL\s0 connection established with these methods will only understand the TLSv1 protocol. These methods are deprecated. .IP "\fBSSLv3_method()\fR, \fBSSLv3_server_method()\fR, \fBSSLv3_client_method()\fR" 4 .IX Item "SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()" A \s-1TLS/SSL\s0 connection established with these methods will only understand the SSLv3 protocol. The SSLv3 protocol is deprecated and should not be used. .IP "\fBDTLS_method()\fR, \fBDTLS_server_method()\fR, \fBDTLS_client_method()\fR" 4 .IX Item "DTLS_method(), DTLS_server_method(), DTLS_client_method()" These are the version-flexible \s-1DTLS\s0 methods. Currently supported protocols are \s-1DTLS 1.0\s0 and \s-1DTLS 1.2.\s0 .IP "\fBDTLSv1_2_method()\fR, \fBDTLSv1_2_server_method()\fR, \fBDTLSv1_2_client_method()\fR" 4 .IX Item "DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()" These are the version-specific methods for DTLSv1.2. These methods are deprecated. .IP "\fBDTLSv1_method()\fR, \fBDTLSv1_server_method()\fR, \fBDTLSv1_client_method()\fR" 4 .IX Item "DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()" These are the version-specific methods for DTLSv1. These methods are deprecated. .PP \&\fBSSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, the callbacks, the keys and certificates and the options to their default values. .PP \&\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR, \fBDTLS_method()\fR, \&\fBDTLS_server_method()\fR and \fBDTLS_client_method()\fR are the \fIversion-flexible\fR methods. All other methods only support one specific protocol version. Use the \fIversion-flexible\fR methods instead of the version specific methods. .PP If you want to limit the supported protocols for the version flexible methods you can use \fBSSL_CTX_set_min_proto_version\fR\|(3), \&\fBSSL_set_min_proto_version\fR\|(3), \fBSSL_CTX_set_max_proto_version\fR\|(3) and \&\fBSSL_set_max_proto_version\fR\|(3) functions. Using these functions it is possible to choose e.g. \fBTLS_server_method()\fR and be able to negotiate with all possible clients, but to only allow newer protocols like \s-1TLS 1.0, TLS 1.1, TLS 1.2\s0 or \s-1TLS 1.3.\s0 .PP The list of protocols available can also be limited using the \&\fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, \fBSSL_OP_NO_TLSv1_1\fR, \&\fBSSL_OP_NO_TLSv1_3\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR options of the \&\fBSSL_CTX_set_options\fR\|(3) or \fBSSL_set_options\fR\|(3) functions, but this approach is not recommended. Clients should avoid creating \*(L"holes\*(R" in the set of protocols they support. When disabling a protocol, make sure that you also disable either all previous or all subsequent protocol versions. In clients, when a protocol version is disabled without disabling \fIall\fR previous protocol versions, the effect is to also disable all subsequent protocol versions. .PP The SSLv3 protocol is deprecated and should generally not be used. Applications should typically use \fBSSL_CTX_set_min_proto_version\fR\|(3) to set the minimum protocol to at least \fB\s-1TLS1_VERSION\s0\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "\s-1NULL\s0" 4 .IX Item "NULL" The creation of a new \s-1SSL_CTX\s0 object failed. Check the error stack to find out the reason. .IP "Pointer to an \s-1SSL_CTX\s0 object" 4 .IX Item "Pointer to an SSL_CTX object" The return value points to an allocated \s-1SSL_CTX\s0 object. .Sp \&\fBSSL_CTX_up_ref()\fR returns 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CTX_free\fR\|(3), \fBSSL_accept\fR\|(3), \&\fBSSL_CTX_set_min_proto_version\fR\|(3), \fBssl\fR\|(7), \fBSSL_set_connect_state\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" Support for SSLv2 and the corresponding \fBSSLv2_method()\fR, \&\fBSSLv2_server_method()\fR and \fBSSLv2_client_method()\fR functions where removed in OpenSSL 1.1.0. .PP \&\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR and \fBSSLv23_client_method()\fR were deprecated and the preferred \fBTLS_method()\fR, \fBTLS_server_method()\fR and \fBTLS_client_method()\fR functions were added in OpenSSL 1.1.0. .PP All version-specific methods were deprecated in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!f&""SSL_CTX_set_default_passwd_cb.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_DEFAULT_PASSWD_CB 3" .TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata, SSL_CTX_get_default_passwd_cb, SSL_CTX_get_default_passwd_cb_userdata, SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata, SSL_get_default_passwd_cb, SSL_get_default_passwd_cb_userdata \- set or get passwd callback for encrypted PEM file handling .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); \& void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); \& pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); \& void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); \& \& void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); \& void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); \& pem_password_cb *SSL_get_default_passwd_cb(SSL *s); \& void *SSL_get_default_passwd_cb_userdata(SSL *s); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_default_passwd_cb()\fR sets the default password callback called when loading/storing a \s-1PEM\s0 certificate with encryption. .PP \&\fBSSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to userdata, \fBu\fR, which will be provided to the password callback on invocation. .PP \&\fBSSL_CTX_get_default_passwd_cb()\fR returns a function pointer to the password callback currently set in \fBctx\fR. If no callback was explicitly set, the \&\s-1NULL\s0 pointer is returned. .PP \&\fBSSL_CTX_get_default_passwd_cb_userdata()\fR returns a pointer to the userdata currently set in \fBctx\fR. If no userdata was explicitly set, the \s-1NULL\s0 pointer is returned. .PP \&\fBSSL_set_default_passwd_cb()\fR, \fBSSL_set_default_passwd_cb_userdata()\fR, \&\fBSSL_get_default_passwd_cb()\fR and \fBSSL_get_default_passwd_cb_userdata()\fR perform the same function as their \s-1SSL_CTX\s0 counterparts, but using an \s-1SSL\s0 object. .PP The password callback, which must be provided by the application, hands back the password to be used during decryption. On invocation a pointer to userdata is provided. The function must store the password into the provided buffer \&\fBbuf\fR which is of size \fBsize\fR. The actual length of the password must be returned to the calling function. \fBrwflag\fR indicates whether the callback is used for reading/decryption (rwflag=0) or writing/encryption (rwflag=1). For more details, see \fBpem_password_cb\fR\|(3). .SH "NOTES" .IX Header "NOTES" When loading or storing private keys, a password might be supplied to protect the private key. The way this password can be supplied may depend on the application. If only one private key is handled, it can be practical to have the callback handle the password dialog interactively. If several keys have to be handled, it can be practical to ask for the password once, then keep it in memory and use it several times. In the last case, the password could be stored into the userdata storage and the callback only returns the password already stored. .PP When asking for the password interactively, the callback can use \&\fBrwflag\fR to check, whether an item shall be encrypted (rwflag=1). In this case the password dialog may ask for the same password twice for comparison in order to catch typos, that would make decryption impossible. .PP Other items in \s-1PEM\s0 formatting (certificates) can also be encrypted, it is however not usual, as certificate information is considered public. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions do not provide diagnostic information. .SH "EXAMPLES" .IX Header "EXAMPLES" The following example returns the password provided as userdata to the calling function. The password is considered to be a '\e0' terminated string. If the password does not fit into the buffer, the password is truncated. .PP .Vb 6 \& int my_cb(char *buf, int size, int rwflag, void *u) \& { \& strncpy(buf, (char *)u, size); \& buf[size \- 1] = \*(Aq\e0\*(Aq; \& return strlen(buf); \& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_use_certificate\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBSSL_CTX_get_default_passwd_cb()\fR, \fBSSL_CTX_get_default_passwd_cb_userdata()\fR, \&\fBSSL_set_default_passwd_cb()\fR and \fBSSL_set_default_passwd_cb_userdata()\fR were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!= BN_copy.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_COPY 3" .TH BN_COPY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_copy, BN_dup, BN_with_flags \- copy BIGNUMs .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from); \& \& BIGNUM *BN_dup(const BIGNUM *from); \& \& void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fBBN_dup()\fR creates a new \fB\s-1BIGNUM\s0\fR containing the value \fBfrom\fR. .PP BN_with_flags creates a \fBtemporary\fR shallow copy of \fBb\fR in \fBdest\fR. It places significant restrictions on the copied data. Applications that do no adhere to these restrictions may encounter unexpected side effects or crashes. For that reason use of this function is discouraged. Any flags provided in \fBflags\fR will be set in \fBdest\fR in addition to any flags already set in \fBb\fR. For example this might commonly be used to create a temporary copy of a \s-1BIGNUM\s0 with the \&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set for constant time operations. The temporary copy in \&\fBdest\fR will share some internal state with \fBb\fR. For this reason the following restrictions apply to the use of \fBdest\fR: .IP "\(bu" 2 \&\fBdest\fR should be a newly allocated \s-1BIGNUM\s0 obtained via a call to \fBBN_new()\fR. It should not have been used for other purposes or initialised in any way. .IP "\(bu" 2 \&\fBdest\fR must only be used in \*(L"read-only\*(R" operations, i.e. typically those functions where the relevant parameter is declared \*(L"const\*(R". .IP "\(bu" 2 \&\fBdest\fR must be used and freed before any further subsequent use of \fBb\fR .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBN_copy()\fR returns \fBto\fR on success, \s-1NULL\s0 on error. \fBBN_dup()\fR returns the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!v !!BIO_ADDRINFO.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_ADDRINFO 3" .TH BIO_ADDRINFO 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_lookup_type, BIO_ADDRINFO, BIO_ADDRINFO_next, BIO_ADDRINFO_free, BIO_ADDRINFO_family, BIO_ADDRINFO_socktype, BIO_ADDRINFO_protocol, BIO_ADDRINFO_address, BIO_lookup_ex, BIO_lookup \&\- BIO_ADDRINFO type and routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 \& #include \& #include \& \& typedef union bio_addrinfo_st BIO_ADDRINFO; \& \& enum BIO_lookup_type { \& BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER \& }; \& \& int BIO_lookup_ex(const char *host, const char *service, int lookup_type, \& int family, int socktype, int protocol, BIO_ADDRINFO **res); \& int BIO_lookup(const char *node, const char *service, \& enum BIO_lookup_type lookup_type, \& int family, int socktype, BIO_ADDRINFO **res); \& \& const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai); \& int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai); \& int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai); \& int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai); \& const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); \& void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fB\s-1BIO_ADDRINFO\s0\fR type is a wrapper for address information types provided on your platform. .PP \&\fB\s-1BIO_ADDRINFO\s0\fR normally forms a chain of several that can be picked at one by one. .PP \&\fBBIO_lookup_ex()\fR looks up a specified \fBhost\fR and \fBservice\fR, and uses \fBlookup_type\fR to determine what the default address should be if \fBhost\fR is \fB\s-1NULL\s0\fR. \fBfamily\fR, \fBsocktype\fR and \fBprotocol\fR are used to determine what protocol family, socket type and protocol should be used for the lookup. \fBfamily\fR can be any of \s-1AF_INET, AF_INET6, AF_UNIX\s0 and \&\s-1AF_UNSPEC.\s0 \fBsocktype\fR can be \s-1SOCK_STREAM, SOCK_DGRAM\s0 or 0. Specifying 0 indicates that any type can be used. \fBprotocol\fR specifies a protocol such as \&\s-1IPPROTO_TCP, IPPROTO_UDP\s0 or \s-1IPPORTO_SCTP.\s0 If set to 0 than any protocol can be used. \fBres\fR points at a pointer to hold the start of a \fB\s-1BIO_ADDRINFO\s0\fR chain. .PP For the family \fB\s-1AF_UNIX\s0\fR, \fBBIO_lookup_ex()\fR will ignore the \fBservice\fR parameter and expects the \fBnode\fR parameter to hold the path to the socket file. .PP \&\fBBIO_lookup()\fR does the same as \fBBIO_lookup_ex()\fR but does not provide the ability to select based on the protocol (any protocol may be returned). .PP \&\fBBIO_ADDRINFO_family()\fR returns the family of the given \&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants \&\s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX.\s0 .PP \&\fBBIO_ADDRINFO_socktype()\fR returns the socket type of the given \&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants \&\s-1SOCK_STREAM\s0 and \s-1SOCK_DGRAM.\s0 .PP \&\fBBIO_ADDRINFO_protocol()\fR returns the protocol id of the given \&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants \&\s-1IPPROTO_TCP\s0 and \s-1IPPROTO_UDP.\s0 .PP \&\fBBIO_ADDRINFO_address()\fR returns the underlying \fB\s-1BIO_ADDR\s0\fR of the given \fB\s-1BIO_ADDRINFO\s0\fR. .PP \&\fBBIO_ADDRINFO_next()\fR returns the next \fB\s-1BIO_ADDRINFO\s0\fR in the chain from the given one. .PP \&\fBBIO_ADDRINFO_free()\fR frees the chain of \fB\s-1BIO_ADDRINFO\s0\fR starting with the given one. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_lookup_ex()\fR and \fBBIO_lookup()\fR return 1 on success and 0 when an error occurred, and will leave an error indication on the OpenSSL error stack in that case. .PP All other functions described here return 0 or \fB\s-1NULL\s0\fR when the information they should return isn't available. .SH "NOTES" .IX Header "NOTES" The \fBBIO_lookup_ex()\fR implementation uses the platform provided \fBgetaddrinfo()\fR function. On Linux it is known that specifying 0 for the protocol will not return any \s-1SCTP\s0 based addresses when calling \fBgetaddrinfo()\fR. Therefore, if an \s-1SCTP\s0 address is required then the \fBprotocol\fR parameter to \fBBIO_lookup_ex()\fR should be explicitly set to \s-1IPPROTO_SCTP.\s0 The same may be true on other platforms. .SH "HISTORY" .IX Header "HISTORY" The \fBBIO_lookup_ex()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!,"&&OCSP_sendreq_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OCSP_SENDREQ_NEW 3" .TH OCSP_SENDREQ_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header, OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio, OCSP_REQ_CTX_i2d \&\- OCSP responder query functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, \& int maxline); \& \& int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); \& \& void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); \& \& void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); \& \& int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, \& const char *name, const char *value); \& \& int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); \& \& OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req); \& \& int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const char *content_type, \& const ASN1_ITEM *it, ASN1_VALUE *req); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The function \fBOCSP_sendreq_new()\fR returns an \fB\s-1OCSP_CTX\s0\fR structure using the responder \fBio\fR, the \s-1URL\s0 path \fBpath\fR, the \s-1OCSP\s0 request \fBreq\fR and with a response header maximum line length of \fBmaxline\fR. If \fBmaxline\fR is zero a default value of 4k is used. The \s-1OCSP\s0 request \fBreq\fR may be set to \fB\s-1NULL\s0\fR and provided later if required. .PP \&\fBOCSP_sendreq_nbio()\fR performs nonblocking I/O on the \s-1OCSP\s0 request context \&\fBrctx\fR. When the operation is complete it returns the response in \fB*presp\fR. .PP \&\fBOCSP_REQ_CTX_free()\fR frees up the \s-1OCSP\s0 context \fBrctx\fR. .PP \&\fBOCSP_set_max_response_length()\fR sets the maximum response length for \fBrctx\fR to \fBlen\fR. If the response exceeds this length an error occurs. If not set a default value of 100k is used. .PP \&\fBOCSP_REQ_CTX_add1_header()\fR adds header \fBname\fR with value \fBvalue\fR to the context \fBrctx\fR. It can be called more than once to add multiple headers. It \fB\s-1MUST\s0\fR be called before any calls to \fBOCSP_sendreq_nbio()\fR. The \fBreq\fR parameter in the initial to \fBOCSP_sendreq_new()\fR call \s-1MUST\s0 be set to \fB\s-1NULL\s0\fR if additional headers are set. .PP \&\fBOCSP_REQ_CTX_set1_req()\fR sets the \s-1OCSP\s0 request in \fBrctx\fR to \fBreq\fR. This function should be called after any calls to \fBOCSP_REQ_CTX_add1_header()\fR. OCSP_REQ_CTX_set1_req(rctx, req) is equivalent to the following: .PP .Vb 2 \& OCSP_REQ_CTX_i2d(rctx, "application/ocsp\-request", \& ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req) .Ve .PP \&\fBOCSP_REQ_CTX_i2d()\fR sets the request context \fBrctx\fR to have the request \&\fBreq\fR, which has the \s-1ASN.1\s0 type \fBit\fR. The \fBcontent_type\fR, if not \s-1NULL,\s0 will be included in the \s-1HTTP\s0 request. The function should be called after all other headers have already been added. .PP \&\fBOCSP_sendreq_bio()\fR performs an \s-1OCSP\s0 request using the responder \fBio\fR, the \s-1URL\s0 path \fBpath\fR, and the \s-1OCSP\s0 request \fBreq\fR with a response header maximum line length 4k. It waits indefinitely on a response. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOCSP_sendreq_new()\fR returns a valid \fB\s-1OCSP_REQ_CTX\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBOCSP_sendreq_nbio()\fR returns \fB1\fR if the operation was completed successfully, \&\fB\-1\fR if the operation should be retried and \fB0\fR if an error occurred. .PP \&\fBOCSP_REQ_CTX_add1_header()\fR, \fBOCSP_REQ_CTX_set1_req()\fR, and \fBOCSP_REQ_CTX_i2d()\fR return \fB1\fR for success and \fB0\fR for failure. .PP \&\fBOCSP_sendreq_bio()\fR returns the \fB\s-1OCSP_RESPONSE\s0\fR structure sent by the responder or \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBOCSP_REQ_CTX_free()\fR and \fBOCSP_set_max_response_length()\fR do not return values. .SH "NOTES" .IX Header "NOTES" These functions only perform a minimal \s-1HTTP\s0 query to a responder. If an application wishes to support more advanced features it should use an alternative more complete \s-1HTTP\s0 library. .PP Currently only \s-1HTTP POST\s0 queries to responders are supported. .PP The arguments to \fBOCSP_sendreq_new()\fR correspond to the components of the \s-1URL.\s0 For example if the responder \s-1URL\s0 is \fBhttp://ocsp.com/ocspreq\fR the \s-1BIO\s0 \&\fBio\fR should be connected to host \fBocsp.com\fR on port 80 and \fBpath\fR should be set to \fB\*(L"/ocspreq\*(R"\fR .PP The headers added with \fBOCSP_REQ_CTX_add1_header()\fR are of the form "\fBname\fR: \fBvalue\fR\*(L" or just \*(R"\fBname\fR" if \fBvalue\fR is \fB\s-1NULL\s0\fR. So to add a Host header for \fBocsp.com\fR you would call: .PP .Vb 1 \& OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com"); .Ve .PP If \fBOCSP_sendreq_nbio()\fR indicates an operation should be retried the corresponding \s-1BIO\s0 can be examined to determine which operation (read or write) should be retried and appropriate action taken (for example a \fBselect()\fR call on the underlying socket). .PP \&\fBOCSP_sendreq_bio()\fR does not support retries and so cannot handle nonblocking I/O efficiently. It is retained for compatibility and its use in new applications is not recommended. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \&\fBOCSP_cert_to_id\fR\|(3), \&\fBOCSP_request_add1_nonce\fR\|(3), \&\fBOCSP_REQUEST_new\fR\|(3), \&\fBOCSP_resp_find_status\fR\|(3), \&\fBOCSP_response_status\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ү$d2i_PrivateKey.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "D2I_PRIVATEKEY 3" .TH D2I_PRIVATEKEY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" d2i_PrivateKey, d2i_PublicKey, d2i_AutoPrivateKey, i2d_PrivateKey, i2d_PublicKey, d2i_PrivateKey_bio, d2i_PrivateKey_fp \&\- decode and encode functions for reading and saving EVP_PKEY structures .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, \& long length); \& EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, \& long length); \& EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, \& long length); \& int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); \& int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); \& \& EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); \& EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBd2i_PrivateKey()\fR decodes a private key using algorithm \fBtype\fR. It attempts to use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The \&\fBtype\fR parameter should be a public key algorithm constant such as \&\fB\s-1EVP_PKEY_RSA\s0\fR. An error occurs if the decoded key does not match \fBtype\fR. \&\fBd2i_PublicKey()\fR does the same for public keys. .PP \&\fBd2i_AutoPrivateKey()\fR is similar to \fBd2i_PrivateKey()\fR except it attempts to automatically detect the private key format. .PP \&\fBi2d_PrivateKey()\fR encodes \fBkey\fR. It uses a key specific format or, if none is defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format. \&\fBi2d_PublicKey()\fR does the same for public keys. .PP These functions are similar to the \fBd2i_X509()\fR functions; see \fBd2i_X509\fR\|(3). .SH "NOTES" .IX Header "NOTES" All the functions that operate on data in memory update the data pointer \fI*pp\fR after a successful operation, just like the other d2i and i2d functions; see \fBd2i_X509\fR\|(3). .PP All these functions use \s-1DER\s0 format and unencrypted keys. Applications wishing to encrypt or decrypt private keys should use other functions such as \&\fBd2i_PKCS8PrivateKey()\fR instead. .PP If the \fB*a\fR is not \s-1NULL\s0 when calling \fBd2i_PrivateKey()\fR or \fBd2i_AutoPrivateKey()\fR (i.e. an existing structure is being reused) and the key format is PKCS#8 then \fB*a\fR will be freed and replaced on a successful call. .PP To decode a key with type \fB\s-1EVP_PKEY_EC\s0\fR, \fBd2i_PublicKey()\fR requires \fB*a\fR to be a non-NULL \s-1EVP_PKEY\s0 structure assigned an \s-1EC_KEY\s0 structure referencing the proper \&\s-1EC_GROUP.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" The \fBd2i_PrivateKey()\fR, \fBd2i_AutoPrivateKey()\fR, \fBd2i_PrivateKey_bio()\fR, \fBd2i_PrivateKey_fp()\fR, and \fBd2i_PublicKey()\fR functions return a valid \fB\s-1EVP_KEY\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurs. The error code can be obtained by calling \fBERR_get_error\fR\|(3). .PP \&\fBi2d_PrivateKey()\fR and \fBi2d_PublicKey()\fR return the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by calling \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \&\fBd2i_PKCS8PrivateKey_bio\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!u@u@ASN1_TIME_set.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ASN1_TIME_SET 3" .TH ASN1_TIME_SET 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, ASN1_TIME_adj, ASN1_UTCTIME_adj, ASN1_GENERALIZEDTIME_adj, ASN1_TIME_check, ASN1_UTCTIME_check, ASN1_GENERALIZEDTIME_check, ASN1_TIME_set_string, ASN1_UTCTIME_set_string, ASN1_GENERALIZEDTIME_set_string, ASN1_TIME_set_string_X509, ASN1_TIME_normalize, ASN1_TIME_to_tm, ASN1_TIME_print, ASN1_UTCTIME_print, ASN1_GENERALIZEDTIME_print, ASN1_TIME_diff, ASN1_TIME_cmp_time_t, ASN1_UTCTIME_cmp_time_t, ASN1_TIME_compare, ASN1_TIME_to_generalizedtime \- ASN.1 Time functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 4 \& ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); \& ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); \& ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, \& time_t t); \& \& ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, \& long offset_sec); \& ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, \& int offset_day, long offset_sec); \& ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, \& time_t t, int offset_day, \& long offset_sec); \& \& int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); \& int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); \& int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); \& int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, \& const char *str); \& \& int ASN1_TIME_normalize(ASN1_TIME *s); \& \& int ASN1_TIME_check(const ASN1_TIME *t); \& int ASN1_UTCTIME_check(const ASN1_UTCTIME *t); \& int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *t); \& \& int ASN1_TIME_print(BIO *b, const ASN1_TIME *s); \& int ASN1_UTCTIME_print(BIO *b, const ASN1_UTCTIME *s); \& int ASN1_GENERALIZEDTIME_print(BIO *b, const ASN1_GENERALIZEDTIME *s); \& \& int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); \& int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, \& const ASN1_TIME *to); \& \& int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t); \& int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); \& \& int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b); \& \& ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, \& ASN1_GENERALIZEDTIME **out); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR and \fBASN1_GENERALIZEDTIME_set()\fR functions set the structure \fBs\fR to the time represented by the time_t value \fBt\fR. If \fBs\fR is \s-1NULL\s0 a new time structure is allocated and returned. .PP The \fBASN1_TIME_adj()\fR, \fBASN1_UTCTIME_adj()\fR and \fBASN1_GENERALIZEDTIME_adj()\fR functions set the time structure \fBs\fR to the time represented by the time \fBoffset_day\fR and \fBoffset_sec\fR after the time_t value \fBt\fR. The values of \fBoffset_day\fR or \fBoffset_sec\fR can be negative to set a time before \fBt\fR. The \fBoffset_sec\fR value can also exceed the number of seconds in a day. If \fBs\fR is \s-1NULL\s0 a new structure is allocated and returned. .PP The \fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR and \&\fBASN1_GENERALIZEDTIME_set_string()\fR functions set the time structure \fBs\fR to the time represented by string \fBstr\fR which must be in appropriate \s-1ASN.1\s0 time format (for example \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ\s0). If \fBs\fR is \s-1NULL\s0 this function performs a format check on \fBstr\fR only. The string \fBstr\fR is copied into \fBs\fR. .PP \&\fBASN1_TIME_set_string_X509()\fR sets \s-1ASN1_TIME\s0 structure \fBs\fR to the time represented by string \fBstr\fR which must be in appropriate time format that \s-1RFC 5280\s0 requires, which means it only allows \s-1YYMMDDHHMMSSZ\s0 and \&\s-1YYYYMMDDHHMMSSZ\s0 (leap second is rejected), all other \s-1ASN.1\s0 time format are not allowed. If \fBs\fR is \s-1NULL\s0 this function performs a format check on \fBstr\fR only. .PP The \fBASN1_TIME_normalize()\fR function converts an \s-1ASN1_GENERALIZEDTIME\s0 or \&\s-1ASN1_UTCTIME\s0 into a time value that can be used in a certificate. It should be used after the \fBASN1_TIME_set_string()\fR functions and before \&\fBASN1_TIME_print()\fR functions to get consistent (i.e. \s-1GMT\s0) results. .PP The \fBASN1_TIME_check()\fR, \fBASN1_UTCTIME_check()\fR and \fBASN1_GENERALIZEDTIME_check()\fR functions check the syntax of the time structure \fBs\fR. .PP The \fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR functions print the time structure \fBs\fR to \s-1BIO\s0 \fBb\fR in human readable format. It will be of the format \s-1MMM DD HH:MM:SS YYYY\s0 [\s-1GMT\s0], for example \&\*(L"Feb 3 00:55:52 2015 \s-1GMT\*(R"\s0 it does not include a newline. If the time structure has invalid format it prints out \*(L"Bad time value\*(R" and returns an error. The output for generalized time may include a fractional part following the second. .PP \&\fBASN1_TIME_to_tm()\fR converts the time \fBs\fR to the standard \fBtm\fR structure. If \fBs\fR is \s-1NULL,\s0 then the current time is converted. The output time is \s-1GMT.\s0 The \fBtm_sec\fR, \fBtm_min\fR, \fBtm_hour\fR, \fBtm_mday\fR, \fBtm_wday\fR, \fBtm_yday\fR, \&\fBtm_mon\fR and \fBtm_year\fR fields of \fBtm\fR structure are set to proper values, whereas all other fields are set to 0. If \fBtm\fR is \s-1NULL\s0 this function performs a format check on \fBs\fR only. If \fBs\fR is in Generalized format with fractional seconds, e.g. \s-1YYYYMMDDHHMMSS.SSSZ,\s0 the fractional seconds will be lost while converting \fBs\fR to \fBtm\fR structure. .PP \&\fBASN1_TIME_diff()\fR sets \fB*pday\fR and \fB*psec\fR to the time difference between \&\fBfrom\fR and \fBto\fR. If \fBto\fR represents a time later than \fBfrom\fR then one or both (depending on the time difference) of \fB*pday\fR and \fB*psec\fR will be positive. If \fBto\fR represents a time earlier than \fBfrom\fR then one or both of \fB*pday\fR and \fB*psec\fR will be negative. If \fBto\fR and \fBfrom\fR represent the same time then \fB*pday\fR and \fB*psec\fR will both be zero. If both \fB*pday\fR and \fB*psec\fR are nonzero they will always have the same sign. The value of \fB*psec\fR will always be less than the number of seconds in a day. If \fBfrom\fR or \fBto\fR is \s-1NULL\s0 the current time is used. .PP The \fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR functions compare the two times represented by the time structure \fBs\fR and the time_t \fBt\fR. .PP The \fBASN1_TIME_compare()\fR function compares the two times represented by the time structures \fBa\fR and \fBb\fR. .PP The \fBASN1_TIME_to_generalizedtime()\fR function converts an \s-1ASN1_TIME\s0 to an \&\s-1ASN1_GENERALIZEDTIME,\s0 regardless of year. If either \fBout\fR or \&\fB*out\fR are \s-1NULL,\s0 then a new object is allocated and must be freed after use. .SH "NOTES" .IX Header "NOTES" The \s-1ASN1_TIME\s0 structure corresponds to the \s-1ASN.1\s0 structure \fBTime\fR defined in \s-1RFC5280\s0 et al. The time setting functions obey the rules outlined in \s-1RFC5280:\s0 if the date can be represented by UTCTime it is used, else GeneralizedTime is used. .PP The \s-1ASN1_TIME, ASN1_UTCTIME\s0 and \s-1ASN1_GENERALIZEDTIME\s0 structures are represented as an \s-1ASN1_STRING\s0 internally and can be freed up using \fBASN1_STRING_free()\fR. .PP The \s-1ASN1_TIME\s0 structure can represent years from 0000 to 9999 but no attempt is made to correct ancient calendar changes (for example from Julian to Gregorian calendars). .PP \&\s-1ASN1_UTCTIME\s0 is limited to a year range of 1950 through 2049. .PP Some applications add offset times directly to a time_t value and pass the results to \fBASN1_TIME_set()\fR (or equivalent). This can cause problems as the time_t value can overflow on some systems resulting in unexpected results. New applications should use \fBASN1_TIME_adj()\fR instead and pass the offset value in the \fBoffset_sec\fR and \fBoffset_day\fR parameters instead of directly manipulating a time_t value. .PP \&\fBASN1_TIME_adj()\fR may change the type from \s-1ASN1_GENERALIZEDTIME\s0 to \s-1ASN1_UTCTIME,\s0 or vice versa, based on the resulting year. The \fBASN1_GENERALIZEDTIME_adj()\fR and \&\fBASN1_UTCTIME_adj()\fR functions will not modify the type of the return structure. .PP It is recommended that functions starting with \s-1ASN1_TIME\s0 be used instead of those starting with \s-1ASN1_UTCTIME\s0 or \s-1ASN1_GENERALIZEDTIME.\s0 The functions starting with \s-1ASN1_UTCTIME\s0 and \s-1ASN1_GENERALIZEDTIME\s0 act only on that specific time format. The functions starting with \s-1ASN1_TIME\s0 will operate on either format. .SH "BUGS" .IX Header "BUGS" \&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR do not print out the timezone: it either prints out \*(L"\s-1GMT\*(R"\s0 or nothing. But all certificates complying with \s-1RFC5280\s0 et al use \s-1GMT\s0 anyway. .PP Use the \fBASN1_TIME_normalize()\fR function to normalize the time value before printing to get \s-1GMT\s0 results. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR, \fBASN1_GENERALIZEDTIME_set()\fR, \fBASN1_TIME_adj()\fR, ASN1_UTCTIME_adj and ASN1_GENERALIZEDTIME_set return a pointer to a time structure or \s-1NULL\s0 if an error occurred. .PP \&\fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR, \fBASN1_GENERALIZEDTIME_set_string()\fR \&\fBASN1_TIME_set_string_X509()\fR return 1 if the time value is successfully set and 0 otherwise. .PP \&\fBASN1_TIME_normalize()\fR returns 1 on success, and 0 on error. .PP \&\fBASN1_TIME_check()\fR, ASN1_UTCTIME_check and \fBASN1_GENERALIZEDTIME_check()\fR return 1 if the structure is syntactically correct and 0 otherwise. .PP \&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR return 1 if the time is successfully printed out and 0 if an error occurred (I/O error or invalid time format). .PP \&\fBASN1_TIME_to_tm()\fR returns 1 if the time is successfully parsed and 0 if an error occurred (invalid time format). .PP \&\fBASN1_TIME_diff()\fR returns 1 for success and 0 for failure. It can fail if the passed-in time structure has invalid syntax, for example. .PP \&\fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR return \-1 if \fBs\fR is before \fBt\fR, 0 if \fBs\fR equals \fBt\fR, or 1 if \fBs\fR is after \fBt\fR. \-2 is returned on error. .PP \&\fBASN1_TIME_compare()\fR returns \-1 if \fBa\fR is before \fBb\fR, 0 if \fBa\fR equals \fBb\fR, or 1 if \fBa\fR is after \fBb\fR. \-2 is returned on error. .PP \&\fBASN1_TIME_to_generalizedtime()\fR returns a pointer to the appropriate time structure on success or \s-1NULL\s0 if an error occurred. .SH "EXAMPLES" .IX Header "EXAMPLES" Set a time structure to one hour after the current time and print it out: .PP .Vb 2 \& #include \& #include \& \& ASN1_TIME *tm; \& time_t t; \& BIO *b; \& \& t = time(NULL); \& tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60); \& b = BIO_new_fp(stdout, BIO_NOCLOSE); \& ASN1_TIME_print(b, tm); \& ASN1_STRING_free(tm); \& BIO_free(b); .Ve .PP Determine if one time is later or sooner than the current time: .PP .Vb 1 \& int day, sec; \& \& if (!ASN1_TIME_diff(&day, &sec, NULL, to)) \& /* Invalid time format */ \& \& if (day > 0 || sec > 0) \& printf("Later\en"); \& else if (day < 0 || sec < 0) \& printf("Sooner\en"); \& else \& printf("Same\en"); .Ve .SH "HISTORY" .IX Header "HISTORY" The \fBASN1_TIME_to_tm()\fR function was added in OpenSSL 1.1.1. The \fBASN1_TIME_set_string_X509()\fR function was added in OpenSSL 1.1.1. The \fBASN1_TIME_normalize()\fR function was added in OpenSSL 1.1.1. The \fBASN1_TIME_cmp_time_t()\fR function was added in OpenSSL 1.1.1. The \fBASN1_TIME_compare()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!qD0C$C$CRYPTO_THREAD_run_once.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CRYPTO_THREAD_RUN_ONCE 3" .TH CRYPTO_THREAD_RUN_ONCE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CRYPTO_THREAD_run_once, CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock, CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, CRYPTO_atomic_add \- OpenSSL thread support .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& CRYPTO_ONCE CRYPTO_ONCE_STATIC_INIT; \& int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); \& \& CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); \& int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock); \& int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock); \& int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); \& void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); \& \& int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" OpenSSL can be safely used in multi-threaded applications provided that support for the underlying \s-1OS\s0 threading \s-1API\s0 is built-in. Currently, OpenSSL supports the pthread and Windows APIs. OpenSSL can also be built without any multi-threading support, for example on platforms that don't provide any threading support or that provide a threading \s-1API\s0 that is not yet supported by OpenSSL. .PP The following multi-threading function are provided: .IP "\(bu" 2 \&\fBCRYPTO_THREAD_run_once()\fR can be used to perform one-time initialization. The \fBonce\fR argument must be a pointer to a static object of type \&\fB\s-1CRYPTO_ONCE\s0\fR that was statically initialized to the value \&\fB\s-1CRYPTO_ONCE_STATIC_INIT\s0\fR. The \fBinit\fR argument is a pointer to a function that performs the desired exactly once initialization. In particular, this can be used to allocate locks in a thread-safe manner, which can then be used with the locking functions below. .IP "\(bu" 2 \&\fBCRYPTO_THREAD_lock_new()\fR allocates, initializes and returns a new read/write lock. .IP "\(bu" 2 \&\fBCRYPTO_THREAD_read_lock()\fR locks the provided \fBlock\fR for reading. .IP "\(bu" 2 \&\fBCRYPTO_THREAD_write_lock()\fR locks the provided \fBlock\fR for writing. .IP "\(bu" 2 \&\fBCRYPTO_THREAD_unlock()\fR unlocks the previously locked \fBlock\fR. .IP "\(bu" 2 \&\fBCRYPTO_THREAD_lock_free()\fR frees the provided \fBlock\fR. .IP "\(bu" 2 \&\fBCRYPTO_atomic_add()\fR atomically adds \fBamount\fR to \fBval\fR and returns the result of the operation in \fBret\fR. \fBlock\fR will be locked, unless atomic operations are supported on the specific platform. Because of this, if a variable is modified by \fBCRYPTO_atomic_add()\fR then \fBCRYPTO_atomic_add()\fR must be the only way that the variable is modified. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCRYPTO_THREAD_run_once()\fR returns 1 on success, or 0 on error. .PP \&\fBCRYPTO_THREAD_lock_new()\fR returns the allocated lock, or \s-1NULL\s0 on error. .PP \&\fBCRYPTO_THREAD_lock_free()\fR returns no value. .PP The other functions return 1 on success, or 0 on error. .SH "NOTES" .IX Header "NOTES" On Windows platforms the CRYPTO_THREAD_* types and functions in the openssl/crypto.h header are dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to crypto.h where use of CRYPTO_THREAD_* types and functions is required. .SH "EXAMPLES" .IX Header "EXAMPLES" This example safely initializes and uses a lock. .PP .Vb 4 \& #ifdef _WIN32 \& # include \& #endif \& #include \& \& static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT; \& static CRYPTO_RWLOCK *lock; \& \& static void myinit(void) \& { \& lock = CRYPTO_THREAD_lock_new(); \& } \& \& static int mylock(void) \& { \& if (!CRYPTO_THREAD_run_once(&once, void init) || lock == NULL) \& return 0; \& return CRYPTO_THREAD_write_lock(lock); \& } \& \& static int myunlock(void) \& { \& return CRYPTO_THREAD_unlock(lock); \& } \& \& int serialized(void) \& { \& int ret = 0; \& \& if (mylock()) { \& /* Your code here, do not return without releasing the lock! */ \& ret = ... ; \& } \& myunlock(); \& return ret; \& } .Ve .PP Finalization of locks is an advanced topic, not covered in this example. This can only be done at process exit or when a dynamically loaded library is no longer in use and is unloaded. The simplest solution is to just \*(L"leak\*(R" the lock in applications and not repeatedly load/unload shared libraries that allocate locks. .SH "NOTES" .IX Header "NOTES" You can find out if OpenSSL was configured with thread support: .PP .Vb 6 \& #include \& #if defined(OPENSSL_THREADS) \& /* thread support enabled */ \& #else \& /* no thread support */ \& #endif .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!5~܂-- ADMISSIONS.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ADMISSIONS 3" .TH ADMISSIONS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ADMISSIONS, ADMISSIONS_get0_admissionAuthority, ADMISSIONS_get0_namingAuthority, ADMISSIONS_get0_professionInfos, ADMISSIONS_set0_admissionAuthority, ADMISSIONS_set0_namingAuthority, ADMISSIONS_set0_professionInfos, ADMISSION_SYNTAX, ADMISSION_SYNTAX_get0_admissionAuthority, ADMISSION_SYNTAX_get0_contentsOfAdmissions, ADMISSION_SYNTAX_set0_admissionAuthority, ADMISSION_SYNTAX_set0_contentsOfAdmissions, NAMING_AUTHORITY, NAMING_AUTHORITY_get0_authorityId, NAMING_AUTHORITY_get0_authorityURL, NAMING_AUTHORITY_get0_authorityText, NAMING_AUTHORITY_set0_authorityId, NAMING_AUTHORITY_set0_authorityURL, NAMING_AUTHORITY_set0_authorityText, PROFESSION_INFO, PROFESSION_INFOS, PROFESSION_INFO_get0_addProfessionInfo, PROFESSION_INFO_get0_namingAuthority, PROFESSION_INFO_get0_professionItems, PROFESSION_INFO_get0_professionOIDs, PROFESSION_INFO_get0_registrationNumber, PROFESSION_INFO_set0_addProfessionInfo, PROFESSION_INFO_set0_namingAuthority, PROFESSION_INFO_set0_professionItems, PROFESSION_INFO_set0_professionOIDs, PROFESSION_INFO_set0_registrationNumber \&\- Accessors and settors for ADMISSION_SYNTAX .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 5 \& typedef struct NamingAuthority_st NAMING_AUTHORITY; \& typedef struct ProfessionInfo_st PROFESSION_INFO; \& typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; \& typedef struct Admissions_st ADMISSIONS; \& typedef struct AdmissionSyntax_st ADMISSION_SYNTAX; \& \& const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( \& const NAMING_AUTHORITY *n); \& void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, \& ASN1_OBJECT* namingAuthorityId); \& const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( \& const NAMING_AUTHORITY *n); \& void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, \& ASN1_IA5STRING* namingAuthorityUrl); \& const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( \& const NAMING_AUTHORITY *n); \& void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, \& ASN1_STRING* namingAuthorityText); \& \& const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( \& const ADMISSION_SYNTAX *as); \& void ADMISSION_SYNTAX_set0_admissionAuthority( \& ADMISSION_SYNTAX *as, GENERAL_NAME *aa); \& const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions( \& const ADMISSION_SYNTAX *as); \& void ADMISSION_SYNTAX_set0_contentsOfAdmissions( \& ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a); \& \& const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a); \& void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa); \& const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a); \& void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na); \& const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a); \& void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi); \& \& const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo( \& const PROFESSION_INFO *pi); \& void PROFESSION_INFO_set0_addProfessionInfo( \& PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos); \& const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority( \& const PROFESSION_INFO *pi); \& void PROFESSION_INFO_set0_namingAuthority( \& PROFESSION_INFO *pi, NAMING_AUTHORITY *na); \& const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems( \& const PROFESSION_INFO *pi); \& void PROFESSION_INFO_set0_professionItems( \& PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as); \& const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs( \& const PROFESSION_INFO *pi); \& void PROFESSION_INFO_set0_professionOIDs( \& PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po); \& const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( \& const PROFESSION_INFO *pi); \& void PROFESSION_INFO_set0_registrationNumber( \& PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fB\s-1PROFESSION_INFOS\s0\fR, \fB\s-1ADMISSION_SYNTAX\s0\fR, \fB\s-1ADMISSIONS\s0\fR, and \&\fB\s-1PROFESSION_INFO\s0\fR types are opaque structures representing the analogous types defined in the Common \s-1PKI\s0 Specification published by . Knowledge of those structures and their semantics is assumed. .PP The conventional routines to convert between \s-1DER\s0 and the local format are described in \fBd2i_X509\fR\|(3). The conventional routines to allocate and free the types are defined in \fBX509_dup\fR\|(3). .PP The \fB\s-1PROFESSION_INFOS\s0\fR type is a stack of \fB\s-1PROFESSION_INFO\s0\fR; see \&\s-1\fBDEFINE_STACK_OF\s0\fR\|(3) for details. .PP The \fB\s-1NAMING_AUTHORITY\s0\fR type has an authority \s-1ID\s0 and \s-1URL,\s0 and text fields. The \fBNAMING_AUTHORITY_get0_authorityId()\fR, \&\fBNAMING_AUTHORITY_get0_get0_authorityURL()\fR, and \&\fBNAMING_AUTHORITY_get0_get0_authorityText()\fR, functions return pointers to those values within the object. The \fBNAMING_AUTHORITY_set0_authorityId()\fR, \&\fBNAMING_AUTHORITY_set0_get0_authorityURL()\fR, and \&\fBNAMING_AUTHORITY_set0_get0_authorityText()\fR, functions free any existing value and set the pointer to the specified value. .PP The \fB\s-1ADMISSION_SYNTAX\s0\fR type has an authority name and a stack of \&\fB\s-1ADMISSION\s0\fR objects. The \fBADMISSION_SYNTAX_get0_admissionAuthority()\fR and \fBADMISSION_SYNTAX_get0_contentsOfAdmissions()\fR functions return pointers to those values within the object. The \&\fBADMISSION_SYNTAX_set0_admissionAuthority()\fR and \&\fBADMISSION_SYNTAX_set0_contentsOfAdmissions()\fR functions free any existing value and set the pointer to the specified value. .PP The \fB\s-1ADMISSION\s0\fR type has an authority name, authority object, and a stack of \fB\s-1PROFESSION_INFO\s0\fR items. The \fBADMISSIONS_get0_admissionAuthority()\fR, \fBADMISSIONS_get0_namingAuthority()\fR, and \fBADMISSIONS_get0_professionInfos()\fR functions return pointers to those values within the object. The \&\fBADMISSIONS_set0_admissionAuthority()\fR, \&\fBADMISSIONS_set0_namingAuthority()\fR, and \&\fBADMISSIONS_set0_professionInfos()\fR functions free any existing value and set the pointer to the specified value. .PP The \fB\s-1PROFESSION_INFO\s0\fR type has a name authority, stacks of profession Items and OIDs, a registration number, and additional profession info. The functions \fBPROFESSION_INFO_get0_addProfessionInfo()\fR, \&\fBPROFESSION_INFO_get0_namingAuthority()\fR, \fBPROFESSION_INFO_get0_professionItems()\fR, \&\fBPROFESSION_INFO_get0_professionOIDs()\fR, and \&\fBPROFESSION_INFO_get0_registrationNumber()\fR functions return pointers to those values within the object. The \&\fBPROFESSION_INFO_set0_addProfessionInfo()\fR, \&\fBPROFESSION_INFO_set0_namingAuthority()\fR, \&\fBPROFESSION_INFO_set0_professionItems()\fR, \&\fBPROFESSION_INFO_set0_professionOIDs()\fR, and \&\fBPROFESSION_INFO_set0_registrationNumber()\fR functions free any existing value and set the pointer to the specified value. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Described above. Note that all of the \fIget0\fR functions return a pointer to the internal data structure and must not be freed. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_dup\fR\|(3), \&\fBd2i_X509\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!mӣ\\SSL_CTX_get_verify_mode.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_GET_VERIFY_MODE 3" .TH SSL_CTX_GET_VERIFY_MODE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); \& int SSL_get_verify_mode(const SSL *ssl); \& int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); \& int SSL_get_verify_depth(const SSL *ssl); \& int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *); \& int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_get_verify_mode()\fR returns the verification mode currently set in \&\fBctx\fR. .PP \&\fBSSL_get_verify_mode()\fR returns the verification mode currently set in \&\fBssl\fR. .PP \&\fBSSL_CTX_get_verify_depth()\fR returns the verification depth limit currently set in \fBctx\fR. If no limit has been explicitly set, \-1 is returned and the default value will be used. .PP \&\fBSSL_get_verify_depth()\fR returns the verification depth limit currently set in \fBssl\fR. If no limit has been explicitly set, \-1 is returned and the default value will be used. .PP \&\fBSSL_CTX_get_verify_callback()\fR returns a function pointer to the verification callback currently set in \fBctx\fR. If no callback was explicitly set, the \&\s-1NULL\s0 pointer is returned and the default callback will be used. .PP \&\fBSSL_get_verify_callback()\fR returns a function pointer to the verification callback currently set in \fBssl\fR. If no callback was explicitly set, the \&\s-1NULL\s0 pointer is returned and the default callback will be used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" See \s-1DESCRIPTION\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_verify\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!0ϯ RAND_bytes.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RAND_BYTES 3" .TH RAND_BYTES 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RAND_bytes, RAND_priv_bytes, RAND_pseudo_bytes \- generate random data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int RAND_bytes(unsigned char *buf, int num); \& int RAND_priv_bytes(unsigned char *buf, int num); .Ve .PP Deprecated: .PP .Vb 3 \& #if OPENSSL_API_COMPAT < 0x10100000L \& int RAND_pseudo_bytes(unsigned char *buf, int num); \& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBRAND_bytes()\fR generates \fBnum\fR random bytes using a cryptographically secure pseudo random generator (\s-1CSPRNG\s0) and stores them in \fBbuf\fR. .PP \&\fBRAND_priv_bytes()\fR has the same semantics as \fBRAND_bytes()\fR. It is intended to be used for generating values that should remain private. If using the default \s-1RAND_METHOD,\s0 this function uses a separate \*(L"private\*(R" \s-1PRNG\s0 instance so that a compromise of the \*(L"public\*(R" \s-1PRNG\s0 instance will not affect the secrecy of these private values, as described in \s-1\fBRAND\s0\fR\|(7) and \s-1\fBRAND_DRBG\s0\fR\|(7). .SH "NOTES" .IX Header "NOTES" By default, the OpenSSL \s-1CSPRNG\s0 supports a security level of 256 bits, provided it was able to seed itself from a trusted entropy source. On all major platforms supported by OpenSSL (including the Unix-like platforms and Windows), OpenSSL is configured to automatically seed the \s-1CSPRNG\s0 on first use using the operating systems's random generator. .PP If the entropy source fails or is not available, the \s-1CSPRNG\s0 will enter an error state and refuse to generate random bytes. For that reason, it is important to always check the error return value of \fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR and not take randomness for granted. .PP On other platforms, there might not be a trusted entropy source available or OpenSSL might have been explicitly configured to use different entropy sources. If you are in doubt about the quality of the entropy source, don't hesitate to ask your operating system vendor or post a question on GitHub or the openssl-users mailing list. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR return 1 on success, \-1 if not supported by the current \&\s-1RAND\s0 method, or 0 on other failure. The error code can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRAND_add\fR\|(3), \&\fBRAND_bytes\fR\|(3), \&\fBRAND_priv_bytes\fR\|(3), \&\fBERR_get_error\fR\|(3), \&\s-1\fBRAND\s0\fR\|(7), \&\s-1\fBRAND_DRBG\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" .IP "\(bu" 2 \&\fBRAND_pseudo_bytes()\fR was deprecated in OpenSSL 1.1.0; use \fBRAND_bytes()\fR instead. .IP "\(bu" 2 The \fBRAND_priv_bytes()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ͣ{ZERR_set_mark.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ERR_SET_MARK 3" .TH ERR_SET_MARK 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ERR_set_mark, ERR_pop_to_mark \- set marks and pop errors until mark .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int ERR_set_mark(void); \& \& int ERR_pop_to_mark(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBERR_set_mark()\fR sets a mark on the current topmost error record if there is one. .PP \&\fBERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found. The mark is then removed. If there is no mark, the whole stack is removed. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1. .PP \&\fBERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which implies that the stack became empty, otherwise 1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2003\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!|=.##X509_NAME_add_entry_by_txt.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_NAME_ADD_ENTRY_BY_TXT 3" .TH X509_NAME_ADD_ENTRY_BY_TXT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, \& const unsigned char *bytes, int len, int loc, int set); \& \& int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, \& const unsigned char *bytes, int len, int loc, int set); \& \& int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, \& const unsigned char *bytes, int len, int loc, int set); \& \& int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, int set); \& \& X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR and \&\fBX509_NAME_add_entry_by_NID()\fR add a field whose name is defined by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively. The field value to be added is in \fBbytes\fR of length \fBlen\fR. If \&\fBlen\fR is \-1 then the field length is calculated internally using strlen(bytes). .PP The type of field is determined by \fBtype\fR which can either be a definition of the type of \fBbytes\fR (such as \fB\s-1MBSTRING_ASC\s0\fR) or a standard \s-1ASN1\s0 type (such as \fBV_ASN1_IA5STRING\fR). The new entry is added to a position determined by \fBloc\fR and \fBset\fR. .PP \&\fBX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR to \fBname\fR. The new entry is added to a position determined by \fBloc\fR and \fBset\fR. Since a copy of \fBne\fR is added \fBne\fR must be freed up after the call. .PP \&\fBX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position \&\fBloc\fR. The deleted entry is returned and must be freed up. .SH "NOTES" .IX Header "NOTES" The use of string types such as \fB\s-1MBSTRING_ASC\s0\fR or \fB\s-1MBSTRING_UTF8\s0\fR is strongly recommended for the \fBtype\fR parameter. This allows the internal code to correctly determine the type of the field and to apply length checks according to the relevant standards. This is done using \fBASN1_STRING_set_by_NID()\fR. .PP If instead an \s-1ASN1\s0 type is used no checks are performed and the supplied data in \fBbytes\fR is used directly. .PP In \fBX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents the field name using OBJ_txt2obj(field, 0). .PP The \fBloc\fR and \fBset\fR parameters determine where a new entry should be added. For almost all applications \fBloc\fR can be set to \-1 and \fBset\fR to 0. This adds a new entry to the end of \fBname\fR as a single valued RelativeDistinguishedName (\s-1RDN\s0). .PP \&\fBloc\fR actually determines the index where the new entry is inserted: if it is \-1 it is appended. .PP \&\fBset\fR determines how the new type is added. If it is zero a new \s-1RDN\s0 is created. .PP If \fBset\fR is \-1 or 1 it is added to the previous or next \s-1RDN\s0 structure respectively. This will then be a multivalued \s-1RDN:\s0 since multivalues RDNs are very seldom used \fBset\fR is almost always set to zero. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR, \&\fBX509_NAME_add_entry_by_NID()\fR and \fBX509_NAME_add_entry()\fR return 1 for success of 0 if an error occurred. .PP \&\fBX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR structure of \fB\s-1NULL\s0\fR if an error occurred. .SH "EXAMPLES" .IX Header "EXAMPLES" Create an \fBX509_NAME\fR structure: .PP \&\*(L"C=UK, O=Disorganized Organization, CN=Joe Bloggs\*(R" .PP .Vb 1 \& X509_NAME *nm; \& \& nm = X509_NAME_new(); \& if (nm == NULL) \& /* Some error */ \& if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC, \& "UK", \-1, \-1, 0)) \& /* Error */ \& if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC, \& "Disorganized Organization", \-1, \-1, 0)) \& /* Error */ \& if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, \& "Joe Bloggs", \-1, \-1, 0)) \& /* Error */ .Ve .SH "BUGS" .IX Header "BUGS" \&\fBtype\fR can still be set to \fBV_ASN1_APP_CHOOSE\fR to use a different algorithm to determine field types. Since this form does not understand multicharacter types, performs no length checks and can result in invalid field types its use is strongly discouraged. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!C~--SSL_CTX_add1_chain_cert.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_ADD1_CHAIN_CERT 3" .TH SSL_CTX_ADD1_CHAIN_CERT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs, SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert, SSL_get0_chain_certs, SSL_clear_chain_certs, SSL_CTX_build_cert_chain, SSL_build_cert_chain, SSL_CTX_select_current_cert, SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert \- extra chain certificate processing .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); \& int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); \& int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509); \& int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509); \& int SSL_CTX_get0_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk); \& int SSL_CTX_clear_chain_certs(SSL_CTX *ctx); \& \& int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *sk); \& int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *sk); \& int SSL_add0_chain_cert(SSL *ssl, X509 *x509); \& int SSL_add1_chain_cert(SSL *ssl, X509 *x509); \& int SSL_get0_chain_certs(SSL *ssl, STACK_OF(X509) **sk); \& int SSL_clear_chain_certs(SSL *ssl); \& \& int SSL_CTX_build_cert_chain(SSL_CTX *ctx, flags); \& int SSL_build_cert_chain(SSL *ssl, flags); \& \& int SSL_CTX_select_current_cert(SSL_CTX *ctx, X509 *x509); \& int SSL_select_current_cert(SSL *ssl, X509 *x509); \& int SSL_CTX_set_current_cert(SSL_CTX *ctx, long op); \& int SSL_set_current_cert(SSL *ssl, long op); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set0_chain()\fR and \fBSSL_CTX_set1_chain()\fR set the certificate chain associated with the current certificate of \fBctx\fR to \fBsk\fR. .PP \&\fBSSL_CTX_add0_chain_cert()\fR and \fBSSL_CTX_add1_chain_cert()\fR append the single certificate \fBx509\fR to the chain associated with the current certificate of \&\fBctx\fR. .PP \&\fBSSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current certificate of \fBctx\fR. .PP \&\fBSSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the current certificate of \fBctx\fR. (This is implemented by calling \&\fBSSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR). .PP \&\fBSSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally this uses the chain store or the verify store if the chain store is not set. If the function is successful the built chain will replace any existing chain. The \fBflags\fR parameter can be set to \fB\s-1SSL_BUILD_CHAIN_FLAG_UNTRUSTED\s0\fR to use existing chain certificates as untrusted CAs, \fB\s-1SSL_BUILD_CHAIN_FLAG_NO_ROOT\s0\fR to omit the root \s-1CA\s0 from the built chain, \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to use all existing chain certificates only to build the chain (effectively sanity checking and rearranging them if necessary), the flag \&\fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR ignores any errors during verification: if flag \fB\s-1SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR\s0\fR is also set verification errors are cleared from the error queue. .PP Each of these functions operates on the \fIcurrent\fR end entity (i.e. server or client) certificate. This is the last certificate loaded or selected on the corresponding \fBctx\fR structure. .PP \&\fBSSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity certificate, but only if \fBx509\fR has already been loaded into \fBctx\fR using a function such as \fBSSL_CTX_use_certificate()\fR. .PP \&\fBSSL_set0_chain()\fR, \fBSSL_set1_chain()\fR, \fBSSL_add0_chain_cert()\fR, \&\fBSSL_add1_chain_cert()\fR, \fBSSL_get0_chain_certs()\fR, \fBSSL_clear_chain_certs()\fR, \&\fBSSL_build_cert_chain()\fR, \fBSSL_select_current_cert()\fR and \fBSSL_set_current_cert()\fR are similar except they apply to \s-1SSL\s0 structure \fBssl\fR. .PP \&\fBSSL_CTX_set_current_cert()\fR changes the current certificate to a value based on the \fBop\fR argument. Currently \fBop\fR can be \fB\s-1SSL_CERT_SET_FIRST\s0\fR to use the first valid certificate or \fB\s-1SSL_CERT_SET_NEXT\s0\fR to set the next valid certificate after the current certificate. These two operations can be used to iterate over all certificates in an \fB\s-1SSL_CTX\s0\fR structure. .PP \&\fBSSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR. If \fBssl\fR is a server and has sent a certificate to a connected client this option sets that certificate to the current certificate and returns 1. If the negotiated cipher suite is anonymous (and thus no certificate will be sent) 2 is returned and the current certificate is unchanged. If \fBssl\fR is not a server or a certificate has not been sent 0 is returned and the current certificate is unchanged. .PP All these functions are implemented as macros. Those containing a \fB1\fR increment the reference count of the supplied certificate or chain so it must be freed at some point after the operation. Those containing a \fB0\fR do not increment reference counts and the supplied certificate or chain \&\fB\s-1MUST NOT\s0\fR be freed after the operation. .SH "NOTES" .IX Header "NOTES" The chains associate with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 structures when \fBSSL_new()\fR is called. \s-1SSL\s0 structures will not be affected by any chains subsequently changed in the parent \s-1SSL_CTX.\s0 .PP One chain can be set for each key type supported by a server. So, for example, an \s-1RSA\s0 and a \s-1DSA\s0 certificate can (and often will) have different chains. .PP The functions \fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR can be used to check application configuration and to ensure any necessary subordinate CAs are sent in the correct order. Misconfigured applications sending incorrect certificate chains often cause problems with peers. .PP For example an application can add any set of certificates using \&\fBSSL_CTX_use_certificate_chain_file()\fR then call \fBSSL_CTX_build_cert_chain()\fR with the option \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to check and reorder them. .PP Applications can issue non fatal warnings when checking chains by setting the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS\s0\fR and checking the return value. .PP Calling \fBSSL_CTX_build_cert_chain()\fR or \fBSSL_build_cert_chain()\fR is more efficient than the automatic chain building as it is only performed once. Automatic chain building is performed on each new session. .PP If any certificates are added using these functions no certificates added using \fBSSL_CTX_add_extra_chain_cert()\fR will be used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if no server certificate is used because the cipher suites is anonymous and 0 for failure. .PP \&\fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR return 1 for success and 0 for failure. If the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR and a verification error occurs then 2 is returned. .PP All other functions return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!] SHA256_Init.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SHA256_INIT 3" .TH SHA256_INIT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384, SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update, SHA512_Final \- Secure Hash Algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SHA1_Init(SHA_CTX *c); \& int SHA1_Update(SHA_CTX *c, const void *data, size_t len); \& int SHA1_Final(unsigned char *md, SHA_CTX *c); \& unsigned char *SHA1(const unsigned char *d, size_t n, \& unsigned char *md); \& \& int SHA224_Init(SHA256_CTX *c); \& int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); \& int SHA224_Final(unsigned char *md, SHA256_CTX *c); \& unsigned char *SHA224(const unsigned char *d, size_t n, \& unsigned char *md); \& \& int SHA256_Init(SHA256_CTX *c); \& int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); \& int SHA256_Final(unsigned char *md, SHA256_CTX *c); \& unsigned char *SHA256(const unsigned char *d, size_t n, \& unsigned char *md); \& \& int SHA384_Init(SHA512_CTX *c); \& int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); \& int SHA384_Final(unsigned char *md, SHA512_CTX *c); \& unsigned char *SHA384(const unsigned char *d, size_t n, \& unsigned char *md); \& \& int SHA512_Init(SHA512_CTX *c); \& int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); \& int SHA512_Final(unsigned char *md, SHA512_CTX *c); \& unsigned char *SHA512(const unsigned char *d, size_t n, \& unsigned char *md); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" Applications should use the higher level functions \&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the hash functions directly. .PP \&\s-1SHA\-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a 160 bit output. .PP \&\s-1\fBSHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR bytes at \fBd\fR and places it in \fBmd\fR (which must have space for \&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. Note: setting \fBmd\fR to \s-1NULL\s0 is \fBnot thread safe\fR. .PP The following functions may be used if the message is not completely stored in memory: .PP \&\fBSHA1_Init()\fR initializes a \fB\s-1SHA_CTX\s0\fR structure. .PP \&\fBSHA1_Update()\fR can be called repeatedly with chunks of the message to be hashed (\fBlen\fR bytes at \fBdata\fR). .PP \&\fBSHA1_Final()\fR places the message digest in \fBmd\fR, which must have space for \s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output, and erases the \fB\s-1SHA_CTX\s0\fR. .PP The \s-1SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 families of functions operate in the same way as for the \s-1SHA1\s0 functions. Note that \s-1SHA224\s0 and \s-1SHA256\s0 use a \&\fB\s-1SHA256_CTX\s0\fR object instead of \fB\s-1SHA_CTX\s0\fR. \s-1SHA384\s0 and \s-1SHA512\s0 use \fB\s-1SHA512_CTX\s0\fR. The buffer \fBmd\fR must have space for the output from the \s-1SHA\s0 variant being used (defined by \s-1SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH\s0 and \&\s-1SHA512_DIGEST_LENGTH\s0). Also note that, as for the \s-1\fBSHA1\s0()\fR function above, the \&\s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR functions are not thread safe if \&\fBmd\fR is \s-1NULL.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\s-1\fBSHA1\s0()\fR, \s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR return a pointer to the hash value. .PP \&\fBSHA1_Init()\fR, \fBSHA1_Update()\fR and \fBSHA1_Final()\fR and equivalent \s-1SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 functions return 1 for success, 0 otherwise. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1US\s0 Federal Information Processing Standard \s-1FIPS PUB 180\-4\s0 (Secure Hash Standard), \&\s-1ANSI X9.30\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!,eSSL_CTX_set_read_ahead.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_READ_AHEAD 3" .TH SSL_CTX_SET_READ_AHEAD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead, SSL_CTX_get_default_read_ahead \&\- manage whether to read as many input bytes as possible .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_set_read_ahead(SSL *s, int yes); \& int SSL_get_read_ahead(const SSL *s); \& \& SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); \& long SSL_CTX_get_read_ahead(SSL_CTX *ctx); \& long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_read_ahead()\fR and \fBSSL_set_read_ahead()\fR set whether we should read as many input bytes as possible (for nonblocking reads) or not. For example if \&\fBx\fR bytes are currently required by OpenSSL, but \fBy\fR bytes are available from the underlying \s-1BIO\s0 (where \fBy\fR > \fBx\fR), then OpenSSL will read all \fBy\fR bytes into its buffer (providing that the buffer is large enough) if reading ahead is on, or \fBx\fR bytes otherwise. Setting the parameter \fByes\fR to 0 turns reading ahead is off, other values turn it on. \&\fBSSL_CTX_set_default_read_ahead()\fR is identical to \fBSSL_CTX_set_read_ahead()\fR. .PP \&\fBSSL_CTX_get_read_ahead()\fR and \fBSSL_get_read_ahead()\fR indicate whether reading ahead has been set or not. \&\fBSSL_CTX_get_default_read_ahead()\fR is identical to \fBSSL_CTX_get_read_ahead()\fR. .SH "NOTES" .IX Header "NOTES" These functions have no impact when used with \s-1DTLS.\s0 The return values for \&\fBSSL_CTX_get_read_head()\fR and \fBSSL_get_read_ahead()\fR are undefined for \s-1DTLS.\s0 Setting \&\fBread_ahead\fR can impact the behaviour of the \fBSSL_pending()\fR function (see \fBSSL_pending\fR\|(3)). .PP Since \fBSSL_read()\fR can return \fB\s-1SSL_ERROR_WANT_READ\s0\fR for non-application data records, and \fBSSL_has_pending()\fR can't tell the difference between processed and unprocessed data, it's recommended that if read ahead is turned on that \&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is not turned off using \fBSSL_CTX_clear_mode()\fR. That will prevent getting \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is still a complete record available that hasn't been processed. .PP If the application wants to continue to use the underlying transport (e.g. \s-1TCP\s0 connection) after the \s-1SSL\s0 connection is finished using \fBSSL_shutdown()\fR reading ahead should be turned off. Otherwise the \s-1SSL\s0 structure might read data that it shouldn't. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_get_read_ahead()\fR and \fBSSL_CTX_get_read_ahead()\fR return 0 if reading ahead is off, and non zero otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_pending\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!hEVP_EncryptInit.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_ENCRYPTINIT 3" .TH EVP_ENCRYPTINIT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free, EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate, EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate, EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl, EVP_EncryptInit, EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname, EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid, EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length, EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, EVP_CIPHER_CTX_set_padding, EVP_enc_null \&\- EVP cipher routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); \& int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx); \& void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); \& \& int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, \& ENGINE *impl, const unsigned char *key, const unsigned char *iv); \& int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl, const unsigned char *in, int inl); \& int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); \& \& int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, \& ENGINE *impl, const unsigned char *key, const unsigned char *iv); \& int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl, const unsigned char *in, int inl); \& int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); \& \& int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, \& ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); \& int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl, const unsigned char *in, int inl); \& int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); \& \& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, \& const unsigned char *key, const unsigned char *iv); \& int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); \& \& int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, \& const unsigned char *key, const unsigned char *iv); \& int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); \& \& int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, \& const unsigned char *key, const unsigned char *iv, int enc); \& int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); \& \& int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); \& int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); \& int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); \& int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); \& \& const EVP_CIPHER *EVP_get_cipherbyname(const char *name); \& const EVP_CIPHER *EVP_get_cipherbynid(int nid); \& const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a); \& \& int EVP_CIPHER_nid(const EVP_CIPHER *e); \& int EVP_CIPHER_block_size(const EVP_CIPHER *e); \& int EVP_CIPHER_key_length(const EVP_CIPHER *e); \& int EVP_CIPHER_iv_length(const EVP_CIPHER *e); \& unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e); \& unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e); \& int EVP_CIPHER_type(const EVP_CIPHER *ctx); \& \& const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); \& int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); \& int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); \& int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); \& int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); \& void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); \& void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data); \& int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx); \& int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx); \& \& int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); \& int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1EVP\s0 cipher routines are a high-level interface to certain symmetric ciphers. .PP \&\fBEVP_CIPHER_CTX_new()\fR creates a cipher context. .PP \&\fBEVP_CIPHER_CTX_free()\fR clears all information from a cipher context and free up any allocated memory associate with it, including \fBctx\fR itself. This function should be called after all operations using a cipher are complete so sensitive information does not remain in memory. .PP \&\fBEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created before calling this function. \fBtype\fR is normally supplied by a function such as \fBEVP_aes_256_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the default implementation is used. \fBkey\fR is the symmetric key to use and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes used for the key and \s-1IV\s0 depends on the cipher. It is possible to set all parameters to \s-1NULL\s0 except \fBtype\fR in an initial call and supply the remaining parameters in subsequent calls, all of which have \fBtype\fR set to \s-1NULL.\s0 This is done when the default cipher parameters are not appropriate. .PP \&\fBEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and writes the encrypted version to \fBout\fR. This function can be called multiple times to encrypt successive blocks of data. The amount of data written depends on the block alignment of the encrypted data. For most ciphers and modes, the amount of data written can be anything from zero bytes to (inl + cipher_block_size \- 1) bytes. For wrap cipher modes, the amount of data written can be anything from zero bytes to (inl + cipher_block_size) bytes. For stream ciphers, the amount of data written can be anything from zero bytes to inl bytes. Thus, \fBout\fR should contain sufficient room for the operation being performed. The actual number of bytes written is placed in \fBoutl\fR. It also checks if \fBin\fR and \fBout\fR are partially overlapping, and if they are 0 is returned to indicate failure. .PP If padding is enabled (the default) then \fBEVP_EncryptFinal_ex()\fR encrypts the \*(L"final\*(R" data, that is any data that remains in a partial block. It uses standard block padding (aka \s-1PKCS\s0 padding) as described in the \s-1NOTES\s0 section, below. The encrypted final data is written to \fBout\fR which should have sufficient space for one cipher block. The number of bytes written is placed in \fBoutl\fR. After this function is called the encryption operation is finished and no further calls to \fBEVP_EncryptUpdate()\fR should be made. .PP If padding is disabled then \fBEVP_EncryptFinal_ex()\fR will not encrypt any more data and it will return an error if any data remains in a partial block: that is if the total data length is not a multiple of the block size. .PP \&\fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal_ex()\fR are the corresponding decryption operations. \fBEVP_DecryptFinal()\fR will return an error code if padding is enabled and the final block is not correctly formatted. The parameters and restrictions are identical to the encryption operations except that if padding is enabled the decrypted data buffer \fBout\fR passed to \fBEVP_DecryptUpdate()\fR should have sufficient room for (\fBinl\fR + cipher_block_size) bytes unless the cipher block size is 1 in which case \fBinl\fR bytes is sufficient. .PP \&\fBEVP_CipherInit_ex()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal_ex()\fR are functions that can be used for decryption or encryption. The operation performed depends on the value of the \fBenc\fR parameter. It should be set to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged (the actual value of 'enc' being supplied in a previous call). .PP \&\fBEVP_CIPHER_CTX_reset()\fR clears all information from a cipher context and free up any allocated memory associate with it, except the \fBctx\fR itself. This function should be called anytime \fBctx\fR is to be reused for another \fBEVP_CipherInit()\fR / \fBEVP_CipherUpdate()\fR / \fBEVP_CipherFinal()\fR series of calls. .PP \&\fBEVP_EncryptInit()\fR, \fBEVP_DecryptInit()\fR and \fBEVP_CipherInit()\fR behave in a similar way to \fBEVP_EncryptInit_ex()\fR, \fBEVP_DecryptInit_ex()\fR and \&\fBEVP_CipherInit_ex()\fR except they always use the default cipher implementation. .PP \&\fBEVP_EncryptFinal()\fR, \fBEVP_DecryptFinal()\fR and \fBEVP_CipherFinal()\fR are identical to \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptFinal_ex()\fR and \&\fBEVP_CipherFinal_ex()\fR. In previous releases they also cleaned up the \fBctx\fR, but this is no longer done and \fBEVP_CIPHER_CTX_clean()\fR must be called to free any context resources. .PP \&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an \&\s-1ASN1_OBJECT\s0 structure. .PP \&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The actual \s-1NID\s0 value is an internal value which may not have a corresponding \s-1OBJECT IDENTIFIER.\s0 .PP \&\fBEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. This function should be called after the context is set up for encryption or decryption with \fBEVP_EncryptInit_ex()\fR, \fBEVP_DecryptInit_ex()\fR or \&\fBEVP_CipherInit_ex()\fR. By default encryption operations are padded using standard block padding and the padding is checked and removed when decrypting. If the \fBpad\fR parameter is zero then no padding is performed, the total amount of data encrypted or decrypted must then be a multiple of the block size or an error will occur. .PP \&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length for all ciphers. Note: although \fBEVP_CIPHER_key_length()\fR is fixed for a given cipher, the value of \fBEVP_CIPHER_CTX_key_length()\fR may be different for variable key length ciphers. .PP \&\fBEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx. If the cipher is a fixed length cipher then attempting to set the key length to any value other than the fixed value is an error. .PP \&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR. It will return zero if the cipher does not use an \s-1IV.\s0 The constant \&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers. .PP \&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block size of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The constant \fB\s-1EVP_MAX_BLOCK_LENGTH\s0\fR is also the maximum block length for all ciphers. .PP \&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the type of the passed cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and 128 bit \s-1RC2\s0 have the same \s-1NID.\s0 If the cipher does not have an object identifier or does not have \s-1ASN1\s0 support this function will return \&\fBNID_undef\fR. .PP \&\fBEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed an \fB\s-1EVP_CIPHER_CTX\s0\fR structure. .PP \&\fBEVP_CIPHER_mode()\fR and \fBEVP_CIPHER_CTX_mode()\fR return the block cipher mode: \&\s-1EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE\s0 or \s-1EVP_CIPH_OCB_MODE.\s0 If the cipher is a stream cipher then \&\s-1EVP_CIPH_STREAM_CIPHER\s0 is returned. .PP \&\fBEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based on the passed cipher. This will typically include any parameters and an \&\s-1IV.\s0 The cipher \s-1IV\s0 (if any) must be set when this call is made. This call should be made before the cipher is actually \*(L"used\*(R" (before any \&\fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR calls for example). This function may fail if the cipher does not have any \s-1ASN1\s0 support. .PP \&\fBEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0 AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher In the case of \s-1RC2,\s0 for example, it will set the \s-1IV\s0 and effective key length. This function should be called after the base cipher type is set but before the key is set. For example \fBEVP_CipherInit()\fR will be called with the \s-1IV\s0 and key set to \s-1NULL,\s0 \fBEVP_CIPHER_asn1_to_param()\fR will be called and finally \&\fBEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support or the parameters cannot be set (for example the \s-1RC2\s0 effective key length is not supported. .PP \&\fBEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined and set. .PP \&\fBEVP_CIPHER_CTX_rand_key()\fR generates a random key of the appropriate length based on the cipher context. The \s-1EVP_CIPHER\s0 can provide its own random key generation routine to support keys of a specific form. \fBKey\fR must point to a buffer at least as big as the value returned by \fBEVP_CIPHER_CTX_key_length()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_CIPHER_CTX_new()\fR returns a pointer to a newly created \&\fB\s-1EVP_CIPHER_CTX\s0\fR for success and \fB\s-1NULL\s0\fR for failure. .PP \&\fBEVP_EncryptInit_ex()\fR, \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal_ex()\fR return 1 for success and 0 for failure. .PP \&\fBEVP_DecryptInit_ex()\fR and \fBEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. \&\fBEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success. .PP \&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherUpdate()\fR return 1 for success and 0 for failure. \&\fBEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success. .PP \&\fBEVP_CIPHER_CTX_reset()\fR returns 1 for success and 0 for failure. .PP \&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error. .PP \&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0 .PP \&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block size. .PP \&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key length. .PP \&\fBEVP_CIPHER_CTX_set_padding()\fR always returns 1. .PP \&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 length, zero if the cipher does not use an \s-1IV\s0 and a negative value on error. .PP \&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's \&\s-1OBJECT IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT IDENTIFIER.\s0 .PP \&\fBEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure. .PP \&\fBEVP_CIPHER_param_to_asn1()\fR and \fBEVP_CIPHER_asn1_to_param()\fR return greater than zero for success and zero or a negative number on failure. .PP \&\fBEVP_CIPHER_CTX_rand_key()\fR returns 1 for success. .SH "CIPHER LISTING" .IX Header "CIPHER LISTING" All algorithms have a fixed key length unless otherwise stated. .PP Refer to \*(L"\s-1SEE ALSO\*(R"\s0 for the full list of ciphers available through the \s-1EVP\s0 interface. .IP "\fBEVP_enc_null()\fR" 4 .IX Item "EVP_enc_null()" Null cipher: does nothing. .SH "AEAD Interface" .IX Header "AEAD Interface" The \s-1EVP\s0 interface for Authenticated Encryption with Associated Data (\s-1AEAD\s0) modes are subtly altered and several additional \fIctrl\fR operations are supported depending on the mode specified. .PP To specify additional authenticated data (\s-1AAD\s0), a call to \fBEVP_CipherUpdate()\fR, \&\fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR should be made with the output parameter \fBout\fR set to \fB\s-1NULL\s0\fR. .PP When decrypting, the return value of \fBEVP_DecryptFinal()\fR or \fBEVP_CipherFinal()\fR indicates whether the operation was successful. If it does not indicate success, the authentication operation has failed and any output data \fB\s-1MUST NOT\s0\fR be used as it is corrupted. .SS "\s-1GCM\s0 and \s-1OCB\s0 Modes" .IX Subsection "GCM and OCB Modes" The following \fIctrl\fRs are supported in \s-1GCM\s0 and \s-1OCB\s0 modes. .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" Sets the \s-1IV\s0 length. This call can only be made before specifying an \s-1IV.\s0 If not called a default \s-1IV\s0 length is used. .Sp For \s-1GCM AES\s0 and \s-1OCB AES\s0 the default is 12 (i.e. 96 bits). For \s-1OCB\s0 mode the maximum is 15. .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG,\s0 taglen, tag)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. This call can only be made when encrypting data and \fBafter\fR all data has been processed (e.g. after an \fBEVP_EncryptFinal()\fR call). .Sp For \s-1OCB,\s0 \f(CW\*(C`taglen\*(C'\fR must either be 16 or the value previously set via \&\fB\s-1EVP_CTRL_AEAD_SET_TAG\s0\fR. .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" When decrypting, this call sets the expected tag to \f(CW\*(C`taglen\*(C'\fR bytes from \f(CW\*(C`tag\*(C'\fR. \&\f(CW\*(C`taglen\*(C'\fR must be between 1 and 16 inclusive. The tag must be set prior to any call to \fBEVP_DecryptFinal()\fR or \&\fBEVP_DecryptFinal_ex()\fR. .Sp For \s-1GCM,\s0 this call is only valid when decrypting data. .Sp For \s-1OCB,\s0 this call is valid when decrypting data to set the expected tag, and when encrypting to set the desired tag length. .Sp In \s-1OCB\s0 mode, calling this when encrypting with \f(CW\*(C`tag\*(C'\fR set to \f(CW\*(C`NULL\*(C'\fR sets the tag length. The tag length can only be set before specifying an \s-1IV.\s0 If this is not called prior to setting the \s-1IV\s0 during encryption, then a default tag length is used. .Sp For \s-1OCB AES,\s0 the default tag length is 16 (i.e. 128 bits). It is also the maximum tag length for \s-1OCB.\s0 .SS "\s-1CCM\s0 Mode" .IX Subsection "CCM Mode" The \s-1EVP\s0 interface for \s-1CCM\s0 mode is similar to that of the \s-1GCM\s0 mode but with a few additional requirements and different \fIctrl\fR values. .PP For \s-1CCM\s0 mode, the total plaintext or ciphertext length \fB\s-1MUST\s0\fR be passed to \&\fBEVP_CipherUpdate()\fR, \fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR with the output and input parameters (\fBin\fR and \fBout\fR) set to \fB\s-1NULL\s0\fR and the length passed in the \fBinl\fR parameter. .PP The following \fIctrl\fRs are supported in \s-1CCM\s0 mode. .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" This call is made to set the expected \fB\s-1CCM\s0\fR tag value when decrypting or the length of the tag (with the \f(CW\*(C`tag\*(C'\fR parameter set to \s-1NULL\s0) when encrypting. The tag length is often referred to as \fBM\fR. If not set a default value is used (12 for \s-1AES\s0). When decrypting, the tag needs to be set before passing in data to be decrypted, but as in \s-1GCM\s0 and \s-1OCB\s0 mode, it can be set after passing additional authenticated data (see \*(L"\s-1AEAD\s0 Interface\*(R"). .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_CCM_SET_L,\s0 ivlen, \s-1NULL\s0)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)" Sets the \s-1CCM\s0 \fBL\fR value. If not set a default is used (8 for \s-1AES\s0). .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" Sets the \s-1CCM\s0 nonce (\s-1IV\s0) length. This call can only be made before specifying a nonce value. The nonce length is given by \fB15 \- L\fR so it is 7 by default for \&\s-1AES.\s0 .SS "ChaCha20\-Poly1305" .IX Subsection "ChaCha20-Poly1305" The following \fIctrl\fRs are supported for the ChaCha20\-Poly1305 \s-1AEAD\s0 algorithm. .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" Sets the nonce length. This call can only be made before specifying the nonce. If not called a default nonce length of 12 (i.e. 96 bits) is used. The maximum nonce length is 12 bytes (i.e. 96\-bits). If a nonce of less than 12 bytes is set then the nonce is automatically padded with leading 0 bytes to make it 12 bytes in length. .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG,\s0 taglen, tag)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. This call can only be made when encrypting data and \fBafter\fR all data has been processed (e.g. after an \fBEVP_EncryptFinal()\fR call). .Sp \&\f(CW\*(C`taglen\*(C'\fR specified here must be 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR, i.e. 128\-bits) or less. .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" Sets the expected tag to \f(CW\*(C`taglen\*(C'\fR bytes from \f(CW\*(C`tag\*(C'\fR. The tag length can only be set before specifying an \s-1IV.\s0 \&\f(CW\*(C`taglen\*(C'\fR must be between 1 and 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR) inclusive. This call is only valid when decrypting data. .SH "NOTES" .IX Header "NOTES" Where possible the \fB\s-1EVP\s0\fR interface to symmetric ciphers should be used in preference to the low-level interfaces. This is because the code then becomes transparent to the cipher used and much more flexible. Additionally, the \&\fB\s-1EVP\s0\fR interface will ensure the use of platform specific cryptographic acceleration such as AES-NI (the low-level interfaces do not provide the guarantee). .PP \&\s-1PKCS\s0 padding works by adding \fBn\fR padding bytes of value \fBn\fR to make the total length of the encrypted data a multiple of the block size. Padding is always added so if the data is already a multiple of the block size \fBn\fR will equal the block size. For example if the block size is 8 and 11 bytes are to be encrypted then 5 padding bytes of value 5 will be added. .PP When decrypting the final block is checked to see if it has the correct form. .PP Although the decryption operation can produce an error if padding is enabled, it is not a strong test that the input data or key is correct. A random block has better than 1 in 256 chance of being of the correct format and problems with the input data earlier on will not produce a final decrypt error. .PP If padding is disabled then the decryption operation will always succeed if the total amount of data decrypted is a multiple of the block size. .PP The functions \fBEVP_EncryptInit()\fR, \fBEVP_EncryptFinal()\fR, \fBEVP_DecryptInit()\fR, \&\fBEVP_CipherInit()\fR and \fBEVP_CipherFinal()\fR are obsolete but are retained for compatibility with existing code. New code should use \fBEVP_EncryptInit_ex()\fR, \&\fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptFinal_ex()\fR, \&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherFinal_ex()\fR because they can reuse an existing context without allocating and freeing it up on each call. .PP There are some differences between functions \fBEVP_CipherInit()\fR and \&\fBEVP_CipherInit_ex()\fR, significant in some circumstances. \fBEVP_CipherInit()\fR fills the passed context object with zeros. As a consequence, \fBEVP_CipherInit()\fR does not allow step-by-step initialization of the ctx when the \fIkey\fR and \fIiv\fR are passed in separate calls. It also means that the flags set for the \s-1CTX\s0 are removed, and it is especially important for the \&\fB\s-1EVP_CIPHER_CTX_FLAG_WRAP_ALLOW\s0\fR flag treated specially in \&\fBEVP_CipherInit_ex()\fR. .PP \&\fBEVP_get_cipherbynid()\fR, and \fBEVP_get_cipherbyobj()\fR are implemented as macros. .SH "BUGS" .IX Header "BUGS" \&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR and \fB\s-1EVP_MAX_IV_LENGTH\s0\fR only refer to the internal ciphers with default key lengths. If custom ciphers exceed these values the results are unpredictable. This is because it has become standard practice to define a generic key as a fixed unsigned char array containing \&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR bytes. .PP The \s-1ASN1\s0 code is incomplete (and sometimes inaccurate) it has only been tested for certain common S/MIME ciphers (\s-1RC2, DES,\s0 triple \s-1DES\s0) in \s-1CBC\s0 mode. .SH "EXAMPLES" .IX Header "EXAMPLES" Encrypt a string using \s-1IDEA:\s0 .PP .Vb 10 \& int do_crypt(char *outfile) \& { \& unsigned char outbuf[1024]; \& int outlen, tmplen; \& /* \& * Bogus key and IV: we\*(Aqd normally set these from \& * another source. \& */ \& unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; \& unsigned char iv[] = {1,2,3,4,5,6,7,8}; \& char intext[] = "Some Crypto Text"; \& EVP_CIPHER_CTX *ctx; \& FILE *out; \& \& ctx = EVP_CIPHER_CTX_new(); \& EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv); \& \& if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) { \& /* Error */ \& EVP_CIPHER_CTX_free(ctx); \& return 0; \& } \& /* \& * Buffer passed to EVP_EncryptFinal() must be after data just \& * encrypted to avoid overwriting it. \& */ \& if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) { \& /* Error */ \& EVP_CIPHER_CTX_free(ctx); \& return 0; \& } \& outlen += tmplen; \& EVP_CIPHER_CTX_free(ctx); \& /* \& * Need binary mode for fopen because encrypted data is \& * binary data. Also cannot use strlen() on it because \& * it won\*(Aqt be NUL terminated and may contain embedded \& * NULs. \& */ \& out = fopen(outfile, "wb"); \& if (out == NULL) { \& /* Error */ \& return 0; \& } \& fwrite(outbuf, 1, outlen, out); \& fclose(out); \& return 1; \& } .Ve .PP The ciphertext from the above example can be decrypted using the \fBopenssl\fR utility with the command line (shown on two lines for clarity): .PP .Vb 2 \& openssl idea \-d \e \& \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708 . PK!&^uqq BIO_new_CMS.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_NEW_CMS 3" .TH BIO_NEW_CMS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_new_CMS \- CMS streaming filter BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_new_CMS()\fR returns a streaming filter \s-1BIO\s0 chain based on \fBcms\fR. The output of the filter is written to \fBout\fR. Any data written to the chain is automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appropriate type. .SH "NOTES" .IX Header "NOTES" The chain returned by this function behaves like a standard filter \s-1BIO.\s0 It supports non blocking I/O. Content is processed and streamed on the fly and not all held in memory at once: so it is possible to encode very large structures. After all content has been written through the chain \fBBIO_flush()\fR must be called to finalise the structure. .PP The \fB\s-1CMS_STREAM\s0\fR flag must be included in the corresponding \fBflags\fR parameter of the \fBcms\fR creation function. .PP If an application wishes to write additional data to \fBout\fR BIOs should be removed from the chain using \fBBIO_pop()\fR and freed with \fBBIO_free()\fR until \fBout\fR is reached. If no additional data needs to be written \fBBIO_free_all()\fR can be called to free up the whole chain. .PP Any content written through the filter is used verbatim: no canonical translation is performed. .PP It is possible to chain multiple BIOs to, for example, create a triple wrapped signed, enveloped, signed structure. In this case it is the applications responsibility to set the inner content type of any outer CMS_ContentInfo structures. .PP Large numbers of small writes through the chain should be avoided as this will produce an output consisting of lots of \s-1OCTET STRING\s0 structures. Prepending a \fBBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this. .SH "BUGS" .IX Header "BUGS" There is currently no corresponding inverse \s-1BIO:\s0 i.e. one which can decode a \s-1CMS\s0 structure on the fly. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_new_CMS()\fR returns a \s-1BIO\s0 chain when successful or \s-1NULL\s0 if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), \&\fBCMS_encrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBBIO_new_CMS()\fR function was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!7%"DDEC_POINT_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EC_POINT_NEW 3" .TH EC_POINT_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf, EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy, EC_POINT_dup, EC_POINT_method_of, EC_POINT_set_to_infinity, EC_POINT_get_Jprojective_coordinates_GFp, EC_POINT_set_affine_coordinates, EC_POINT_get_affine_coordinates, EC_POINT_set_compressed_coordinates, EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp, EC_POINT_set_compressed_coordinates_GFp, EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m, EC_POINT_set_compressed_coordinates_GF2m, EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex, EC_POINT_hex2point \&\- Functions for creating, destroying and manipulating EC_POINT objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& EC_POINT *EC_POINT_new(const EC_GROUP *group); \& void EC_POINT_free(EC_POINT *point); \& void EC_POINT_clear_free(EC_POINT *point); \& int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); \& EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); \& const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); \& int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); \& int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, \& EC_POINT *p, \& const BIGNUM *x, const BIGNUM *y, \& const BIGNUM *z, BN_CTX *ctx); \& int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, \& const EC_POINT *p, \& BIGNUM *x, BIGNUM *y, BIGNUM *z, \& BN_CTX *ctx); \& int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, \& const BIGNUM *x, const BIGNUM *y, \& BN_CTX *ctx); \& int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, \& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); \& int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, \& const BIGNUM *x, int y_bit, \& BN_CTX *ctx); \& int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, \& const BIGNUM *x, const BIGNUM *y, \& BN_CTX *ctx); \& int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, \& const EC_POINT *p, \& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); \& int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, \& EC_POINT *p, \& const BIGNUM *x, int y_bit, \& BN_CTX *ctx); \& int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, \& const BIGNUM *x, const BIGNUM *y, \& BN_CTX *ctx); \& int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, \& const EC_POINT *p, \& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); \& int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, \& EC_POINT *p, \& const BIGNUM *x, int y_bit, \& BN_CTX *ctx); \& size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, \& point_conversion_form_t form, \& unsigned char *buf, size_t len, BN_CTX *ctx); \& size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, \& point_conversion_form_t form, \& unsigned char **pbuf, BN_CTX *ctx); \& int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, \& const unsigned char *buf, size_t len, BN_CTX *ctx); \& BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *p, \& point_conversion_form_t form, BIGNUM *bn, \& BN_CTX *ctx); \& EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, const BIGNUM *bn, \& EC_POINT *p, BN_CTX *ctx); \& char *EC_POINT_point2hex(const EC_GROUP *group, const EC_POINT *p, \& point_conversion_form_t form, BN_CTX *ctx); \& EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, const char *hex, \& EC_POINT *p, BN_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" An \fB\s-1EC_POINT\s0\fR structure represents a point on a curve. A new point is constructed by calling the function \fBEC_POINT_new()\fR and providing the \&\fBgroup\fR object that the point relates to. .PP \&\fBEC_POINT_free()\fR frees the memory associated with the \fB\s-1EC_POINT\s0\fR. if \fBpoint\fR is \s-1NULL\s0 nothing is done. .PP \&\fBEC_POINT_clear_free()\fR destroys any sensitive data held within the \s-1EC_POINT\s0 and then frees its memory. If \fBpoint\fR is \s-1NULL\s0 nothing is done. .PP \&\fBEC_POINT_copy()\fR copies the point \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR must use the same \fB\s-1EC_METHOD\s0\fR. .PP \&\fBEC_POINT_dup()\fR creates a new \fB\s-1EC_POINT\s0\fR object and copies the content from \&\fBsrc\fR to the newly created \fB\s-1EC_POINT\s0\fR object. .PP \&\fBEC_POINT_method_of()\fR obtains the \fB\s-1EC_METHOD\s0\fR associated with \fBpoint\fR. .PP A valid point on a curve is the special point at infinity. A point is set to be at infinity by calling \fBEC_POINT_set_to_infinity()\fR. .PP The affine co-ordinates for a point describe a point in terms of its x and y position. The function \fBEC_POINT_set_affine_coordinates()\fR sets the \fBx\fR and \fBy\fR co-ordinates for the point \fBp\fR defined over the curve given in \fBgroup\fR. The function \fBEC_POINT_get_affine_coordinates()\fR sets \fBx\fR and \fBy\fR, either of which may be \s-1NULL,\s0 to the corresponding coordinates of \fBp\fR. .PP The functions \fBEC_POINT_set_affine_coordinates_GFp()\fR and \&\fBEC_POINT_set_affine_coordinates_GF2m()\fR are synonyms for \&\fBEC_POINT_set_affine_coordinates()\fR. They are defined for backwards compatibility only and should not be used. .PP The functions \fBEC_POINT_get_affine_coordinates_GFp()\fR and \&\fBEC_POINT_get_affine_coordinates_GF2m()\fR are synonyms for \&\fBEC_POINT_get_affine_coordinates()\fR. They are defined for backwards compatibility only and should not be used. .PP As well as the affine co-ordinates, a point can alternatively be described in terms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian projective co-ordinates are expressed as three values x, y and z. Working in this co-ordinate system provides more efficient point multiplication operations. A mapping exists between Jacobian projective co-ordinates and affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian projective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped to (x, y, 1). To set or get the projective co-ordinates use \&\fBEC_POINT_set_Jprojective_coordinates_GFp()\fR and \&\fBEC_POINT_get_Jprojective_coordinates_GFp()\fR respectively. .PP Points can also be described in terms of their compressed co-ordinates. For a point (x, y), for any given value for x such that the point is on the curve there will only ever be two possible values for y. Therefore, a point can be set using the \fBEC_POINT_set_compressed_coordinates()\fR function where \fBx\fR is the x co-ordinate and \fBy_bit\fR is a value 0 or 1 to identify which of the two possible values for y should be used. .PP The functions \fBEC_POINT_set_compressed_coordinates_GFp()\fR and \&\fBEC_POINT_set_compressed_coordinates_GF2m()\fR are synonyms for \&\fBEC_POINT_set_compressed_coordinates()\fR. They are defined for backwards compatibility only and should not be used. .PP In addition \fB\s-1EC_POINT\s0\fR can be converted to and from various external representations. The octet form is the binary encoding of the \fBECPoint\fR structure (as defined in \s-1RFC5480\s0 and used in certificates and \s-1TLS\s0 records): only the content octets are present, the \fB\s-1OCTET STRING\s0\fR tag and length are not included. \fB\s-1BIGNUM\s0\fR form is the octet form interpreted as a big endian integer converted to a \fB\s-1BIGNUM\s0\fR structure. Hexadecimal form is the octet form converted to a \s-1NULL\s0 terminated character string where each character is one of the printable values 0\-9 or A\-F (or a\-f). .PP The functions \fBEC_POINT_point2oct()\fR, \fBEC_POINT_oct2point()\fR, \fBEC_POINT_point2bn()\fR, \&\fBEC_POINT_bn2point()\fR, \fBEC_POINT_point2hex()\fR and \fBEC_POINT_hex2point()\fR convert from and to EC_POINTs for the formats: octet, \s-1BIGNUM\s0 and hexadecimal respectively. .PP The function \fBEC_POINT_point2oct()\fR encodes the given curve point \fBp\fR as an octet string into the buffer \fBbuf\fR of size \fBlen\fR, using the specified conversion form \fBform\fR. The encoding conforms with Sec. 2.3.3 of the \s-1SECG SEC 1\s0 (\*(L"Elliptic Curve Cryptography\*(R") standard. Similarly the function \fBEC_POINT_oct2point()\fR decodes a curve point into \fBp\fR from the octet string contained in the given buffer \fBbuf\fR of size \fBlen\fR, conforming to Sec. 2.3.4 of the \s-1SECG SEC 1\s0 (\*(L"Elliptic Curve Cryptography\*(R") standard. .PP The functions \fBEC_POINT_point2hex()\fR and \fBEC_POINT_point2bn()\fR convert a point \fBp\fR, respectively, to the hexadecimal or \s-1BIGNUM\s0 representation of the same encoding of the function \fBEC_POINT_point2oct()\fR. Vice versa, similarly to the function \fBEC_POINT_oct2point()\fR, the functions \&\fBEC_POINT_hex2point()\fR and \fBEC_POINT_point2bn()\fR decode the hexadecimal or \&\s-1BIGNUM\s0 representation into the \s-1EC_POINT\s0 \fBp\fR. .PP Notice that, according to the standard, the octet string encoding of the point at infinity for a given curve is fixed to a single octet of value zero and that, vice versa, a single octet of size zero is decoded as the point at infinity. .PP The function \fBEC_POINT_point2oct()\fR must be supplied with a buffer long enough to store the octet form. The return value provides the number of octets stored. Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but will still return the required buffer length. .PP The function \fBEC_POINT_point2buf()\fR allocates a buffer of suitable length and writes an \s-1EC_POINT\s0 to it in octet format. The allocated buffer is written to \&\fB*pbuf\fR and its length is returned. The caller must free up the allocated buffer with a call to \fBOPENSSL_free()\fR. Since the allocated buffer value is written to \fB*pbuf\fR the \fBpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR. .PP The function \fBEC_POINT_point2hex()\fR will allocate sufficient memory to store the hexadecimal string. It is the caller's responsibility to free this memory with a subsequent call to \fBOPENSSL_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEC_POINT_new()\fR and \fBEC_POINT_dup()\fR return the newly allocated \s-1EC_POINT\s0 or \s-1NULL\s0 on error. .PP The following functions return 1 on success or 0 on error: \fBEC_POINT_copy()\fR, \&\fBEC_POINT_set_to_infinity()\fR, \fBEC_POINT_set_Jprojective_coordinates_GFp()\fR, \&\fBEC_POINT_get_Jprojective_coordinates_GFp()\fR, \&\fBEC_POINT_set_affine_coordinates_GFp()\fR, \fBEC_POINT_get_affine_coordinates_GFp()\fR, \&\fBEC_POINT_set_compressed_coordinates_GFp()\fR, \&\fBEC_POINT_set_affine_coordinates_GF2m()\fR, \fBEC_POINT_get_affine_coordinates_GF2m()\fR, \&\fBEC_POINT_set_compressed_coordinates_GF2m()\fR and \fBEC_POINT_oct2point()\fR. .PP EC_POINT_method_of returns the \s-1EC_METHOD\s0 associated with the supplied \s-1EC_POINT.\s0 .PP \&\fBEC_POINT_point2oct()\fR and \fBEC_POINT_point2buf()\fR return the length of the required buffer or 0 on error. .PP \&\fBEC_POINT_point2bn()\fR returns the pointer to the \s-1BIGNUM\s0 supplied, or \s-1NULL\s0 on error. .PP \&\fBEC_POINT_bn2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on error. .PP \&\fBEC_POINT_point2hex()\fR returns a pointer to the hex string, or \s-1NULL\s0 on error. .PP \&\fBEC_POINT_hex2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), \&\fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!kuuEVP_PKEY_meth_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_METH_NEW 3" .TH EVP_PKEY_METH_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, EVP_PKEY_meth_add0, EVP_PKEY_METHOD, EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, EVP_PKEY_meth_set_digestsign, EVP_PKEY_meth_set_digestverify, EVP_PKEY_meth_set_check, EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check, EVP_PKEY_meth_set_digest_custom, EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, EVP_PKEY_meth_get_digestsign, EVP_PKEY_meth_get_digestverify, EVP_PKEY_meth_get_check, EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, EVP_PKEY_meth_get_digest_custom, EVP_PKEY_meth_remove \&\- manipulating EVP_PKEY_METHOD structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef struct evp_pkey_method_st EVP_PKEY_METHOD; \& \& EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); \& void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); \& void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); \& const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); \& int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); \& int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); \& \& void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, \& int (*init) (EVP_PKEY_CTX *ctx)); \& void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, \& int (*copy) (EVP_PKEY_CTX *dst, \& EVP_PKEY_CTX *src)); \& void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, \& void (*cleanup) (EVP_PKEY_CTX *ctx)); \& void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, \& int (*paramgen_init) (EVP_PKEY_CTX *ctx), \& int (*paramgen) (EVP_PKEY_CTX *ctx, \& EVP_PKEY *pkey)); \& void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, \& int (*keygen_init) (EVP_PKEY_CTX *ctx), \& int (*keygen) (EVP_PKEY_CTX *ctx, \& EVP_PKEY *pkey)); \& void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, \& int (*sign_init) (EVP_PKEY_CTX *ctx), \& int (*sign) (EVP_PKEY_CTX *ctx, \& unsigned char *sig, size_t *siglen, \& const unsigned char *tbs, \& size_t tbslen)); \& void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, \& int (*verify_init) (EVP_PKEY_CTX *ctx), \& int (*verify) (EVP_PKEY_CTX *ctx, \& const unsigned char *sig, \& size_t siglen, \& const unsigned char *tbs, \& size_t tbslen)); \& void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, \& int (*verify_recover_init) (EVP_PKEY_CTX \& *ctx), \& int (*verify_recover) (EVP_PKEY_CTX \& *ctx, \& unsigned char \& *sig, \& size_t *siglen, \& const unsigned \& char *tbs, \& size_t tbslen)); \& void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, \& int (*signctx_init) (EVP_PKEY_CTX *ctx, \& EVP_MD_CTX *mctx), \& int (*signctx) (EVP_PKEY_CTX *ctx, \& unsigned char *sig, \& size_t *siglen, \& EVP_MD_CTX *mctx)); \& void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, \& int (*verifyctx_init) (EVP_PKEY_CTX *ctx, \& EVP_MD_CTX *mctx), \& int (*verifyctx) (EVP_PKEY_CTX *ctx, \& const unsigned char *sig, \& int siglen, \& EVP_MD_CTX *mctx)); \& void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, \& int (*encrypt_init) (EVP_PKEY_CTX *ctx), \& int (*encryptfn) (EVP_PKEY_CTX *ctx, \& unsigned char *out, \& size_t *outlen, \& const unsigned char *in, \& size_t inlen)); \& void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, \& int (*decrypt_init) (EVP_PKEY_CTX *ctx), \& int (*decrypt) (EVP_PKEY_CTX *ctx, \& unsigned char *out, \& size_t *outlen, \& const unsigned char *in, \& size_t inlen)); \& void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, \& int (*derive_init) (EVP_PKEY_CTX *ctx), \& int (*derive) (EVP_PKEY_CTX *ctx, \& unsigned char *key, \& size_t *keylen)); \& void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, \& int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, \& void *p2), \& int (*ctrl_str) (EVP_PKEY_CTX *ctx, \& const char *type, \& const char *value)); \& void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, \& int (*digestsign) (EVP_MD_CTX *ctx, \& unsigned char *sig, \& size_t *siglen, \& const unsigned char *tbs, \& size_t tbslen)); \& void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, \& int (*digestverify) (EVP_MD_CTX *ctx, \& const unsigned char *sig, \& size_t siglen, \& const unsigned char *tbs, \& size_t tbslen)); \& void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, \& int (*check) (EVP_PKEY *pkey)); \& void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, \& int (*check) (EVP_PKEY *pkey)); \& void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, \& int (*check) (EVP_PKEY *pkey)); \& void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, \& int (*digest_custom) (EVP_PKEY_CTX *ctx, \& EVP_MD_CTX *mctx)); \& \& void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, \& int (**pinit) (EVP_PKEY_CTX *ctx)); \& void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, \& int (**pcopy) (EVP_PKEY_CTX *dst, \& EVP_PKEY_CTX *src)); \& void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, \& void (**pcleanup) (EVP_PKEY_CTX *ctx)); \& void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, \& int (**pparamgen_init) (EVP_PKEY_CTX *ctx), \& int (**pparamgen) (EVP_PKEY_CTX *ctx, \& EVP_PKEY *pkey)); \& void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, \& int (**pkeygen_init) (EVP_PKEY_CTX *ctx), \& int (**pkeygen) (EVP_PKEY_CTX *ctx, \& EVP_PKEY *pkey)); \& void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, \& int (**psign_init) (EVP_PKEY_CTX *ctx), \& int (**psign) (EVP_PKEY_CTX *ctx, \& unsigned char *sig, size_t *siglen, \& const unsigned char *tbs, \& size_t tbslen)); \& void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, \& int (**pverify_init) (EVP_PKEY_CTX *ctx), \& int (**pverify) (EVP_PKEY_CTX *ctx, \& const unsigned char *sig, \& size_t siglen, \& const unsigned char *tbs, \& size_t tbslen)); \& void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, \& int (**pverify_recover_init) (EVP_PKEY_CTX \& *ctx), \& int (**pverify_recover) (EVP_PKEY_CTX \& *ctx, \& unsigned char \& *sig, \& size_t *siglen, \& const unsigned \& char *tbs, \& size_t tbslen)); \& void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, \& int (**psignctx_init) (EVP_PKEY_CTX *ctx, \& EVP_MD_CTX *mctx), \& int (**psignctx) (EVP_PKEY_CTX *ctx, \& unsigned char *sig, \& size_t *siglen, \& EVP_MD_CTX *mctx)); \& void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, \& int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, \& EVP_MD_CTX *mctx), \& int (**pverifyctx) (EVP_PKEY_CTX *ctx, \& const unsigned char *sig, \& int siglen, \& EVP_MD_CTX *mctx)); \& void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, \& int (**pencrypt_init) (EVP_PKEY_CTX *ctx), \& int (**pencryptfn) (EVP_PKEY_CTX *ctx, \& unsigned char *out, \& size_t *outlen, \& const unsigned char *in, \& size_t inlen)); \& void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, \& int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), \& int (**pdecrypt) (EVP_PKEY_CTX *ctx, \& unsigned char *out, \& size_t *outlen, \& const unsigned char *in, \& size_t inlen)); \& void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, \& int (**pderive_init) (EVP_PKEY_CTX *ctx), \& int (**pderive) (EVP_PKEY_CTX *ctx, \& unsigned char *key, \& size_t *keylen)); \& void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, \& int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, \& void *p2), \& int (**pctrl_str) (EVP_PKEY_CTX *ctx, \& const char *type, \& const char *value)); \& void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, \& int (**digestsign) (EVP_MD_CTX *ctx, \& unsigned char *sig, \& size_t *siglen, \& const unsigned char *tbs, \& size_t tbslen)); \& void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, \& int (**digestverify) (EVP_MD_CTX *ctx, \& const unsigned char *sig, \& size_t siglen, \& const unsigned char *tbs, \& size_t tbslen)); \& void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, \& int (**pcheck) (EVP_PKEY *pkey)); \& void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, \& int (**pcheck) (EVP_PKEY *pkey)); \& void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, \& int (**pcheck) (EVP_PKEY *pkey)); \& void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, \& int (**pdigest_custom) (EVP_PKEY_CTX *ctx, \& EVP_MD_CTX *mctx)); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fB\s-1EVP_PKEY_METHOD\s0\fR is a structure which holds a set of methods for a specific public key cryptographic algorithm. Those methods are usually used to perform different jobs, such as generating a key, signing or verifying, encrypting or decrypting, etc. .PP There are two places where the \fB\s-1EVP_PKEY_METHOD\s0\fR objects are stored: one is a built-in static array representing the standard methods for different algorithms, and the other one is a stack of user-defined application-specific methods, which can be manipulated by using \fBEVP_PKEY_meth_add0\fR\|(3). .PP The \fB\s-1EVP_PKEY_METHOD\s0\fR objects are usually referenced by \fB\s-1EVP_PKEY_CTX\s0\fR objects. .SS "Methods" .IX Subsection "Methods" The methods are the underlying implementations of a particular public key algorithm present by the \fB\s-1EVP_PKEY_CTX\s0\fR object. .PP .Vb 3 \& int (*init) (EVP_PKEY_CTX *ctx); \& int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); \& void (*cleanup) (EVP_PKEY_CTX *ctx); .Ve .PP The \fBinit()\fR method is called to initialize algorithm-specific data when a new \&\fB\s-1EVP_PKEY_CTX\s0\fR is created. As opposed to \fBinit()\fR, the \fBcleanup()\fR method is called when an \fB\s-1EVP_PKEY_CTX\s0\fR is freed. The \fBcopy()\fR method is called when an \fB\s-1EVP_PKEY_CTX\s0\fR is being duplicated. Refer to \fBEVP_PKEY_CTX_new\fR\|(3), \fBEVP_PKEY_CTX_new_id\fR\|(3), \&\fBEVP_PKEY_CTX_free\fR\|(3) and \fBEVP_PKEY_CTX_dup\fR\|(3). .PP .Vb 2 \& int (*paramgen_init) (EVP_PKEY_CTX *ctx); \& int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); .Ve .PP The \fBparamgen_init()\fR and \fBparamgen()\fR methods deal with key parameter generation. They are called by \fBEVP_PKEY_paramgen_init\fR\|(3) and \fBEVP_PKEY_paramgen\fR\|(3) to handle the parameter generation process. .PP .Vb 2 \& int (*keygen_init) (EVP_PKEY_CTX *ctx); \& int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); .Ve .PP The \fBkeygen_init()\fR and \fBkeygen()\fR methods are used to generate the actual key for the specified algorithm. They are called by \fBEVP_PKEY_keygen_init\fR\|(3) and \&\fBEVP_PKEY_keygen\fR\|(3). .PP .Vb 3 \& int (*sign_init) (EVP_PKEY_CTX *ctx); \& int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, \& const unsigned char *tbs, size_t tbslen); .Ve .PP The \fBsign_init()\fR and \fBsign()\fR methods are used to generate the signature of a piece of data using a private key. They are called by \fBEVP_PKEY_sign_init\fR\|(3) and \fBEVP_PKEY_sign\fR\|(3). .PP .Vb 4 \& int (*verify_init) (EVP_PKEY_CTX *ctx); \& int (*verify) (EVP_PKEY_CTX *ctx, \& const unsigned char *sig, size_t siglen, \& const unsigned char *tbs, size_t tbslen); .Ve .PP The \fBverify_init()\fR and \fBverify()\fR methods are used to verify whether a signature is valid. They are called by \fBEVP_PKEY_verify_init\fR\|(3) and \fBEVP_PKEY_verify\fR\|(3). .PP .Vb 4 \& int (*verify_recover_init) (EVP_PKEY_CTX *ctx); \& int (*verify_recover) (EVP_PKEY_CTX *ctx, \& unsigned char *rout, size_t *routlen, \& const unsigned char *sig, size_t siglen); .Ve .PP The \fBverify_recover_init()\fR and \fBverify_recover()\fR methods are used to verify a signature and then recover the digest from the signature (for instance, a signature that was generated by \s-1RSA\s0 signing algorithm). They are called by \&\fBEVP_PKEY_verify_recover_init\fR\|(3) and \fBEVP_PKEY_verify_recover\fR\|(3). .PP .Vb 3 \& int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); \& int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, \& EVP_MD_CTX *mctx); .Ve .PP The \fBsignctx_init()\fR and \fBsignctx()\fR methods are used to sign a digest present by a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the EVP_DigestSign functions. See \&\fBEVP_DigestSignInit\fR\|(3) for details. .PP .Vb 3 \& int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); \& int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, \& EVP_MD_CTX *mctx); .Ve .PP The \fBverifyctx_init()\fR and \fBverifyctx()\fR methods are used to verify a signature against the data in a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the various EVP_DigestVerify functions. See \fBEVP_DigestVerifyInit\fR\|(3) for details. .PP .Vb 3 \& int (*encrypt_init) (EVP_PKEY_CTX *ctx); \& int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, \& const unsigned char *in, size_t inlen); .Ve .PP The \fBencrypt_init()\fR and \fBencrypt()\fR methods are used to encrypt a piece of data. They are called by \fBEVP_PKEY_encrypt_init\fR\|(3) and \fBEVP_PKEY_encrypt\fR\|(3). .PP .Vb 3 \& int (*decrypt_init) (EVP_PKEY_CTX *ctx); \& int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, \& const unsigned char *in, size_t inlen); .Ve .PP The \fBdecrypt_init()\fR and \fBdecrypt()\fR methods are used to decrypt a piece of data. They are called by \fBEVP_PKEY_decrypt_init\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3). .PP .Vb 2 \& int (*derive_init) (EVP_PKEY_CTX *ctx); \& int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); .Ve .PP The \fBderive_init()\fR and \fBderive()\fR methods are used to derive the shared secret from a public key algorithm (for instance, the \s-1DH\s0 algorithm). They are called by \&\fBEVP_PKEY_derive_init\fR\|(3) and \fBEVP_PKEY_derive\fR\|(3). .PP .Vb 2 \& int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); \& int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); .Ve .PP The \fBctrl()\fR and \fBctrl_str()\fR methods are used to adjust algorithm-specific settings. See \fBEVP_PKEY_CTX_ctrl\fR\|(3) and related functions for details. .PP .Vb 5 \& int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, \& const unsigned char *tbs, size_t tbslen); \& int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, \& size_t siglen, const unsigned char *tbs, \& size_t tbslen); .Ve .PP The \fBdigestsign()\fR and \fBdigestverify()\fR methods are used to generate or verify a signature in a one-shot mode. They could be called by \fBEVP_DigestSign\fR\|(3) and \fBEVP_DigestVerify\fR\|(3). .PP .Vb 3 \& int (*check) (EVP_PKEY *pkey); \& int (*public_check) (EVP_PKEY *pkey); \& int (*param_check) (EVP_PKEY *pkey); .Ve .PP The \fBcheck()\fR, \fBpublic_check()\fR and \fBparam_check()\fR methods are used to validate a key-pair, the public component and parameters respectively for a given \fBpkey\fR. They could be called by \fBEVP_PKEY_check\fR\|(3), \fBEVP_PKEY_public_check\fR\|(3) and \&\fBEVP_PKEY_param_check\fR\|(3) respectively. .PP .Vb 1 \& int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); .Ve .PP The \fBdigest_custom()\fR method is used to generate customized digest content before the real message is passed to functions like \fBEVP_DigestSignUpdate\fR\|(3) or \&\fBEVP_DigestVerifyInit\fR\|(3). This is usually required by some public key signature algorithms like \s-1SM2\s0 which requires a hashed prefix to the message to be signed. The \fBdigest_custom()\fR function will be called by \fBEVP_DigestSignInit\fR\|(3) and \fBEVP_DigestVerifyInit\fR\|(3). .SS "Functions" .IX Subsection "Functions" \&\fBEVP_PKEY_meth_new()\fR creates and returns a new \fB\s-1EVP_PKEY_METHOD\s0\fR object, and associates the given \fBid\fR and \fBflags\fR. The following flags are supported: .PP .Vb 2 \& EVP_PKEY_FLAG_AUTOARGLEN \& EVP_PKEY_FLAG_SIGCTX_CUSTOM .Ve .PP If an \fB\s-1EVP_PKEY_METHOD\s0\fR is set with the \fB\s-1EVP_PKEY_FLAG_AUTOARGLEN\s0\fR flag, the maximum size of the output buffer will be automatically calculated or checked in corresponding \s-1EVP\s0 methods by the \s-1EVP\s0 framework. Thus the implementations of these methods don't need to care about handling the case of returning output buffer size by themselves. For details on the output buffer size, refer to \&\fBEVP_PKEY_sign\fR\|(3). .PP The \fB\s-1EVP_PKEY_FLAG_SIGCTX_CUSTOM\s0\fR is used to indicate the \fBsignctx()\fR method of an \fB\s-1EVP_PKEY_METHOD\s0\fR is always called by the \s-1EVP\s0 framework while doing a digest signing operation by calling \fBEVP_DigestSignFinal\fR\|(3). .PP \&\fBEVP_PKEY_meth_free()\fR frees an existing \fB\s-1EVP_PKEY_METHOD\s0\fR pointed by \&\fBpmeth\fR. .PP \&\fBEVP_PKEY_meth_copy()\fR copies an \fB\s-1EVP_PKEY_METHOD\s0\fR object from \fBsrc\fR to \fBdst\fR. .PP \&\fBEVP_PKEY_meth_find()\fR finds an \fB\s-1EVP_PKEY_METHOD\s0\fR object with the \fBid\fR. This function first searches through the user-defined method objects and then the built-in objects. .PP \&\fBEVP_PKEY_meth_add0()\fR adds \fBpmeth\fR to the user defined stack of methods. .PP \&\fBEVP_PKEY_meth_remove()\fR removes an \fB\s-1EVP_PKEY_METHOD\s0\fR object added by \&\fBEVP_PKEY_meth_add0()\fR. .PP The EVP_PKEY_meth_set functions set the corresponding fields of \&\fB\s-1EVP_PKEY_METHOD\s0\fR structure with the arguments passed. .PP The EVP_PKEY_meth_get functions get the corresponding fields of \&\fB\s-1EVP_PKEY_METHOD\s0\fR structure to the arguments provided. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_meth_new()\fR returns a pointer to a new \fB\s-1EVP_PKEY_METHOD\s0\fR object or returns \s-1NULL\s0 on error. .PP \&\fBEVP_PKEY_meth_free()\fR and \fBEVP_PKEY_meth_copy()\fR do not return values. .PP \&\fBEVP_PKEY_meth_find()\fR returns a pointer to the found \fB\s-1EVP_PKEY_METHOD\s0\fR object or returns \s-1NULL\s0 if not found. .PP \&\fBEVP_PKEY_meth_add0()\fR returns 1 if method is added successfully or 0 if an error occurred. .PP \&\fBEVP_PKEY_meth_remove()\fR returns 1 if method is removed successfully or 0 if an error occurred. .PP All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return values. For the 'get' functions, function pointers are returned by arguments. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!70X++SSL_CTX_set_client_hello_cb.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CLIENT_HELLO_CB 3" .TH SSL_CTX_SET_CLIENT_HELLO_CB 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_client_hello_get0_legacy_version, SSL_client_hello_get0_random, SSL_client_hello_get0_session_id, SSL_client_hello_get0_ciphers, SSL_client_hello_get0_compression_methods, SSL_client_hello_get1_extensions_present, SSL_client_hello_get0_ext \- callback functions for early server\-side ClientHello processing .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 10 \& typedef int (*SSL_client_hello_cb_fn)(SSL *s, int *al, void *arg); \& void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn *f, \& void *arg); \& int SSL_client_hello_isv2(SSL *s); \& unsigned int SSL_client_hello_get0_legacy_version(SSL *s); \& size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); \& size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); \& size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); \& size_t SSL_client_hello_get0_compression_methods(SSL *s, \& const unsigned char **out); \& int SSL_client_hello_get1_extensions_present(SSL *s, int **out, \& size_t *outlen); \& int SSL_client_hello_get0_ext(SSL *s, int type, const unsigned char **out, \& size_t *outlen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_client_hello_cb()\fR sets the callback function, which is automatically called during the early stages of ClientHello processing on the server. The argument supplied when setting the callback is passed back to the callback at runtime. A callback that returns failure (0) will cause the connection to terminate, and callbacks returning failure should indicate what alert value is to be sent in the \fBal\fR parameter. A callback may also return a negative value to suspend the handshake, and the handshake function will return immediately. \fBSSL_get_error\fR\|(3) will return \&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 to indicate that the handshake was suspended. It is the job of the ClientHello callback to store information about the state of the last call if needed to continue. On the next call into the handshake function, the ClientHello callback will be called again, and, if it returns success, normal handshake processing will continue from that point. .PP \&\fBSSL_client_hello_isv2()\fR indicates whether the ClientHello was carried in a SSLv2 record and is in the SSLv2 format. The SSLv2 format has substantial differences from the normal SSLv3 format, including using three bytes per cipher suite, and not allowing extensions. Additionally, the SSLv2 format \&'challenge' field is exposed via \fBSSL_client_hello_get0_random()\fR, padded to \&\s-1SSL3_RANDOM_SIZE\s0 bytes with zeros if needed. For SSLv2 format ClientHellos, \&\fBSSL_client_hello_get0_compression_methods()\fR returns a dummy list that only includes the null compression method, since the SSLv2 format does not include a mechanism by which to negotiate compression. .PP \&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, \&\fBSSL_client_hello_get0_ciphers()\fR, and \&\fBSSL_client_hello_get0_compression_methods()\fR provide access to the corresponding ClientHello fields, returning the field length and optionally setting an out pointer to the octets of that field. .PP Similarly, \fBSSL_client_hello_get0_ext()\fR provides access to individual extensions from the ClientHello on a per-extension basis. For the provided wire protocol extension type value, the extension value and length are returned in the output parameters (if present). .PP \&\fBSSL_client_hello_get1_extensions_present()\fR can be used prior to \&\fBSSL_client_hello_get0_ext()\fR, to determine which extensions are present in the ClientHello before querying for them. The \fBout\fR and \fBoutlen\fR parameters are both required, and on success the caller must release the storage allocated for \&\fB*out\fR using \fBOPENSSL_free()\fR. The contents of \fB*out\fR is an array of integers holding the numerical value of the \s-1TLS\s0 extension types in the order they appear in the ClientHello. \fB*outlen\fR contains the number of elements in the array. In situations when the ClientHello has no extensions, the function will return success with \fB*out\fR set to \s-1NULL\s0 and \fB*outlen\fR set to 0. .SH "NOTES" .IX Header "NOTES" The ClientHello callback provides a vast window of possibilities for application code to affect the \s-1TLS\s0 handshake. A primary use of the callback is to allow the server to examine the server name indication extension provided by the client in order to select an appropriate certificate to present, and make other configuration adjustments relevant to that server name and its configuration. Such configuration changes can include swapping out the associated \s-1SSL_CTX\s0 pointer, modifying the server's list of permitted \s-1TLS\s0 versions, changing the server's cipher list in response to the client's cipher list, etc. .PP It is also recommended that applications utilize a ClientHello callback and not use a servername callback, in order to avoid unexpected behavior that occurs due to the relative order of processing between things like session resumption and the historical servername callback. .PP The SSL_client_hello_* family of functions may only be called from code executing within a ClientHello callback. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The application's supplied ClientHello callback returns \&\s-1SSL_CLIENT_HELLO_SUCCESS\s0 on success, \s-1SSL_CLIENT_HELLO_ERROR\s0 on failure, and \&\s-1SSL_CLIENT_HELLO_RETRY\s0 to suspend processing. .PP \&\fBSSL_client_hello_isv2()\fR returns 1 for SSLv2\-format ClientHellos and 0 otherwise. .PP \&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, \&\fBSSL_client_hello_get0_ciphers()\fR, and \&\fBSSL_client_hello_get0_compression_methods()\fR return the length of the corresponding ClientHello fields. If zero is returned, the output pointer should not be assumed to be valid. .PP \&\fBSSL_client_hello_get0_ext()\fR returns 1 if the extension of type 'type' is present, and 0 otherwise. .PP \&\fBSSL_client_hello_get1_extensions_present()\fR returns 1 on success and 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_servername_callback\fR\|(3), SSL_bytes_to_cipher_list .SH "HISTORY" .IX Header "HISTORY" The \s-1SSL\s0 ClientHello callback, \fBSSL_client_hello_isv2()\fR, \&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, \&\fBSSL_client_hello_get0_ciphers()\fR, \fBSSL_client_hello_get0_compression_methods()\fR, \&\fBSSL_client_hello_get0_ext()\fR, and \fBSSL_client_hello_get1_extensions_present()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!9bj(j(SSL_CTX_sess_set_get_cb.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SESS_SET_GET_CB 3" .TH SSL_CTX_SESS_SET_GET_CB 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, \& int (*new_session_cb)(SSL *, SSL_SESSION *)); \& void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, \& void (*remove_session_cb)(SSL_CTX *ctx, \& SSL_SESSION *)); \& void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, \& SSL_SESSION (*get_session_cb)(SSL *, \& const unsigned char *, \& int, int *)); \& \& int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, \& SSL_SESSION *sess); \& void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, \& SSL_SESSION *sess); \& SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, \& const unsigned char *data, \& int len, int *copy); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_sess_set_new_cb()\fR sets the callback function that is called whenever a new session was negotiated. .PP \&\fBSSL_CTX_sess_set_remove_cb()\fR sets the callback function that is called whenever a session is removed by the \s-1SSL\s0 engine. For example, this can occur because a session is considered faulty or has become obsolete because of exceeding the timeout value. .PP \&\fBSSL_CTX_sess_set_get_cb()\fR sets the callback function that is called whenever a \s-1TLS\s0 client proposed to resume a session but the session could not be found in the internal session cache (see \&\fBSSL_CTX_set_session_cache_mode\fR\|(3)). (\s-1TLS\s0 server only.) .PP \&\fBSSL_CTX_sess_get_new_cb()\fR, \fBSSL_CTX_sess_get_remove_cb()\fR, and \&\fBSSL_CTX_sess_get_get_cb()\fR retrieve the function pointers set by the corresponding set callback functions. If a callback function has not been set, the \s-1NULL\s0 pointer is returned. .SH "NOTES" .IX Header "NOTES" In order to allow external session caching, synchronization with the internal session cache is realized via callback functions. Inside these callback functions, session can be saved to disk or put into a database using the \&\fBd2i_SSL_SESSION\fR\|(3) interface. .PP The \fBnew_session_cb()\fR is called whenever a new session has been negotiated and session caching is enabled (see \fBSSL_CTX_set_session_cache_mode\fR\|(3)). The \&\fBnew_session_cb()\fR is passed the \fBssl\fR connection and the nascent ssl session \fBsess\fR. Since sessions are reference-counted objects, the reference count on the session is incremented before the callback, on behalf of the application. If the callback returns \fB0\fR, the session will be immediately removed from the internal cache and the reference count released. If the callback returns \fB1\fR, the application retains the reference (for an entry in the application-maintained \*(L"external session cache\*(R"), and is responsible for calling \fBSSL_SESSION_free()\fR when the session reference is no longer in use. .PP Note that in TLSv1.3, sessions are established after the main handshake has completed. The server decides when to send the client the session information and this may occur some time after the end of the handshake (or not at all). This means that applications should expect the \fBnew_session_cb()\fR function to be invoked during the handshake (for <= TLSv1.2) or after the handshake (for TLSv1.3). It is also possible in TLSv1.3 for multiple sessions to be established with a single connection. In these case the \fBnew_session_cb()\fR function will be invoked multiple times. .PP In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for resumption once. One way of enforcing that is for applications to call \&\fBSSL_CTX_remove_session\fR\|(3) after a session has been used. .PP The \fBremove_session_cb()\fR is called whenever the \s-1SSL\s0 engine removes a session from the internal cache. This can happen when the session is removed because it is expired or when a connection was not shutdown cleanly. It also happens for all sessions in the internal session cache when \&\fBSSL_CTX_free\fR\|(3) is called. The \fBremove_session_cb()\fR is passed the \fBctx\fR and the ssl session \fBsess\fR. It does not provide any feedback. .PP The \fBget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers, and is given the session id proposed by the client. The \fBget_session_cb()\fR is always called, even when session caching was disabled. The \fBget_session_cb()\fR is passed the \&\fBssl\fR connection and the session id of length \fBlength\fR at the memory location \&\fBdata\fR. By setting the parameter \fBcopy\fR to \fB1\fR, the callback can require the \&\s-1SSL\s0 engine to increment the reference count of the \s-1SSL_SESSION\s0 object; setting \fBcopy\fR to \fB0\fR causes the reference count to remain unchanged. If the \fBget_session_cb()\fR does not write to \fBcopy\fR, the reference count is incremented and the session must be explicitly freed with \&\fBSSL_SESSION_free\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_sess_get_new_cb()\fR, \fBSSL_CTX_sess_get_remove_cb()\fR and \fBSSL_CTX_sess_get_get_cb()\fR return different callback function pointers respectively. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBd2i_SSL_SESSION\fR\|(3), \&\fBSSL_CTX_set_session_cache_mode\fR\|(3), \&\fBSSL_CTX_flush_sessions\fR\|(3), \&\fBSSL_SESSION_free\fR\|(3), \&\fBSSL_CTX_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!Vs((BIO_should_retry.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_SHOULD_RETRY 3" .TH BIO_SHOULD_RETRY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_should_read, BIO_should_write, BIO_should_io_special, BIO_retry_type, BIO_should_retry, BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason \- BIO retry functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int BIO_should_read(BIO *b); \& int BIO_should_write(BIO *b); \& int BIO_should_io_special(iBIO *b); \& int BIO_retry_type(BIO *b); \& int BIO_should_retry(BIO *b); \& \& BIO *BIO_get_retry_BIO(BIO *bio, int *reason); \& int BIO_get_retry_reason(BIO *bio); \& void BIO_set_retry_reason(BIO *bio, int reason); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions determine why a \s-1BIO\s0 is not able to read or write data. They will typically be called after a failed \fBBIO_read_ex()\fR or \fBBIO_write_ex()\fR call. .PP \&\fBBIO_should_retry()\fR is true if the call that produced this condition should then be retried at a later time. .PP If \fBBIO_should_retry()\fR is false then the cause is an error condition. .PP \&\fBBIO_should_read()\fR is true if the cause of the condition is that the \s-1BIO\s0 has insufficient data to return. Check for readability and/or retry the last operation. .PP \&\fBBIO_should_write()\fR is true if the cause of the condition is that the \s-1BIO\s0 has pending data to write. Check for writability and/or retry the last operation. .PP \&\fBBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a reason other than reading or writing is the cause of the condition. .PP \&\fBBIO_retry_type()\fR returns a mask of the cause of a retry condition consisting of the values \fB\s-1BIO_FLAGS_READ\s0\fR, \fB\s-1BIO_FLAGS_WRITE\s0\fR, \&\fB\s-1BIO_FLAGS_IO_SPECIAL\s0\fR though current \s-1BIO\s0 types will only set one of these. .PP \&\fBBIO_get_retry_BIO()\fR determines the precise reason for the special condition, it returns the \s-1BIO\s0 that caused this condition and if \&\fBreason\fR is not \s-1NULL\s0 it contains the reason code. The meaning of the reason code and the action that should be taken depends on the type of \s-1BIO\s0 that resulted in this condition. .PP \&\fBBIO_get_retry_reason()\fR returns the reason for a special condition if passed the relevant \s-1BIO,\s0 for example as returned by \fBBIO_get_retry_BIO()\fR. .PP \&\fBBIO_set_retry_reason()\fR sets the retry reason for a special condition for a given \&\s-1BIO.\s0 This would usually only be called by \s-1BIO\s0 implementations. .SH "NOTES" .IX Header "NOTES" \&\fBBIO_should_read()\fR, \fBBIO_should_write()\fR, \fBBIO_should_io_special()\fR, \&\fBBIO_retry_type()\fR, and \fBBIO_should_retry()\fR, are implemented as macros. .PP If \fBBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R" depends on the \s-1BIO\s0 type that caused it and the return code of the \s-1BIO\s0 operation. For example if a call to \fBBIO_read_ex()\fR on a socket \s-1BIO\s0 returns 0 and \fBBIO_should_retry()\fR is false then the cause will be that the connection closed. A similar condition on a file \s-1BIO\s0 will mean that it has reached \s-1EOF.\s0 Some \s-1BIO\s0 types may place additional information on the error queue. For more details see the individual \s-1BIO\s0 type manual pages. .PP If the underlying I/O structure is in a blocking mode almost all current \&\s-1BIO\s0 types will not request a retry, because the underlying I/O calls will not. If the application knows that the \s-1BIO\s0 type will never signal a retry then it need not call \fBBIO_should_retry()\fR after a failed \&\s-1BIO I/O\s0 call. This is typically done with file BIOs. .PP \&\s-1SSL\s0 BIOs are the only current exception to this rule: they can request a retry even if the underlying I/O structure is blocking, if a handshake occurs during a call to \fBBIO_read()\fR. An application can retry the failed call immediately or avoid this situation by setting \s-1SSL_MODE_AUTO_RETRY\s0 on the underlying \s-1SSL\s0 structure. .PP While an application may retry a failed non blocking call immediately this is likely to be very inefficient because the call will fail repeatedly until data can be processed or is available. An application will normally wait until the necessary condition is satisfied. How this is done depends on the underlying I/O structure. .PP For example if the cause is ultimately a socket and \fBBIO_should_read()\fR is true then a call to \fBselect()\fR may be made to wait until data is available and then retry the \s-1BIO\s0 operation. By combining the retry conditions of several non blocking BIOs in a single \fBselect()\fR call it is possible to service several BIOs in a single thread, though the performance may be poor if \s-1SSL\s0 BIOs are present because long delays can occur during the initial handshake process. .PP It is possible for a \s-1BIO\s0 to block indefinitely if the underlying I/O structure cannot process or return any data. This depends on the behaviour of the platforms I/O functions. This is often not desirable: one solution is to use non blocking I/O and use a timeout on the \fBselect()\fR (or equivalent) call. .SH "BUGS" .IX Header "BUGS" The OpenSSL \s-1ASN1\s0 functions cannot gracefully deal with non blocking I/O: that is they cannot retry after a partial read or write. This is usually worked around by only passing the relevant data to \s-1ASN1\s0 functions when the entire structure can be read or written. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_should_read()\fR, \fBBIO_should_write()\fR, \fBBIO_should_io_special()\fR, and \&\fBBIO_should_retry()\fR return either 1 or 0 based on the actual conditions of the \fB\s-1BIO\s0\fR. .PP \&\fBBIO_retry_type()\fR returns a flag combination presenting the cause of a retry condition or false if there is no retry condition. .PP \&\fBBIO_get_retry_BIO()\fR returns a valid \fB\s-1BIO\s0\fR structure. .PP \&\fBBIO_get_retry_reason()\fR returns the reason for a special condition. .SH "SEE ALSO" .IX Header "SEE ALSO" bio .SH "HISTORY" .IX Header "HISTORY" The \fBBIO_get_retry_reason()\fR and \fBBIO_set_retry_reason()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!k5і,,X509_check_host.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_CHECK_HOST 3" .TH X509_CHECK_HOST 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc \- X.509 certificate matching .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_check_host(X509 *, const char *name, size_t namelen, \& unsigned int flags, char **peername); \& int X509_check_email(X509 *, const char *address, size_t addresslen, \& unsigned int flags); \& int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen, \& unsigned int flags); \& int X509_check_ip_asc(X509 *, const char *address, unsigned int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The certificate matching functions are used to check whether a certificate matches a given hostname, email address, or \s-1IP\s0 address. The validity of the certificate and its trust level has to be checked by other means. .PP \&\fBX509_check_host()\fR checks if the certificate Subject Alternative Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified hostname, which must be encoded in the preferred name syntax described in section 3.5 of \s-1RFC 1034.\s0 By default, wildcards are supported and they match only in the left-most label; but they may match part of that label with an explicit prefix or suffix. For example, by default, the host \fBname\fR \*(L"www.example.com\*(R" would match a certificate with a \s-1SAN\s0 or \s-1CN\s0 value of \*(L"*.example.com\*(R", \*(L"w*.example.com\*(R" or \*(L"*w.example.com\*(R". .PP Per section 6.4.2 of \s-1RFC 6125,\s0 \fBname\fR values representing international domain names must be given in A\-label form. The \fBnamelen\fR argument must be the number of characters in the name string or zero in which case the length is calculated with strlen(\fBname\fR). When \fBname\fR starts with a dot (e.g. \*(L".example.com\*(R"), it will be matched by a certificate valid for any sub-domain of \fBname\fR, (see also \&\fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR below). .PP When the certificate is matched, and \fBpeername\fR is not \s-1NULL,\s0 a pointer to a copy of the matching \s-1SAN\s0 or \s-1CN\s0 from the peer certificate is stored at the address passed in \fBpeername\fR. The application is responsible for freeing the peername via \fBOPENSSL_free()\fR when it is no longer needed. .PP \&\fBX509_check_email()\fR checks if the certificate matches the specified email \fBaddress\fR. Only the mailbox syntax of \s-1RFC 822\s0 is supported, comments are not allowed, and no attempt is made to normalize quoted characters. The \fBaddresslen\fR argument must be the number of characters in the address string or zero in which case the length is calculated with strlen(\fBaddress\fR). .PP \&\fBX509_check_ip()\fR checks if the certificate matches a specified IPv4 or IPv6 address. The \fBaddress\fR array is in binary format, in network byte order. The length is either 4 (IPv4) or 16 (IPv6). Only explicitly marked addresses in the certificates are considered; \s-1IP\s0 addresses stored in \s-1DNS\s0 names and Common Names are ignored. .PP \&\fBX509_check_ip_asc()\fR is similar, except that the NUL-terminated string \fBaddress\fR is first converted to the internal representation. .PP The \fBflags\fR argument is usually 0. It can be the bitwise \s-1OR\s0 of the flags: .IP "\fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR," 4 .IX Item "X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT," .PD 0 .IP "\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR," 4 .IX Item "X509_CHECK_FLAG_NEVER_CHECK_SUBJECT," .IP "\fBX509_CHECK_FLAG_NO_WILDCARDS\fR," 4 .IX Item "X509_CHECK_FLAG_NO_WILDCARDS," .IP "\fBX509_CHECK_FLAG_NO_PARTIAL_WILDCARDS\fR," 4 .IX Item "X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS," .IP "\fBX509_CHECK_FLAG_MULTI_LABEL_WILDCARDS\fR." 4 .IX Item "X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS." .IP "\fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR." 4 .IX Item "X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS." .PD .PP The \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR flag causes the function to consider the subject \s-1DN\s0 even if the certificate contains at least one subject alternative name of the right type (\s-1DNS\s0 name or email address as appropriate); the default is to ignore the subject \s-1DN\s0 when at least one corresponding subject alternative names is present. .PP The \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR flag causes the function to never consider the subject \s-1DN\s0 even if the certificate contains no subject alternative names of the right type (\s-1DNS\s0 name or email address as appropriate); the default is to use the subject \s-1DN\s0 when no corresponding subject alternative names are present. If both \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR and \&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR are specified, the latter takes precedence and the subject \s-1DN\s0 is not checked for matching names. .PP If set, \fBX509_CHECK_FLAG_NO_WILDCARDS\fR disables wildcard expansion; this only applies to \fBX509_check_host\fR. .PP If set, \fBX509_CHECK_FLAG_NO_PARTIAL_WILDCARDS\fR suppresses support for \*(L"*\*(R" as wildcard pattern in labels that have a prefix or suffix, such as: \*(L"www*\*(R" or \*(L"*www\*(R"; this only applies to \fBX509_check_host\fR. .PP If set, \fBX509_CHECK_FLAG_MULTI_LABEL_WILDCARDS\fR allows a \*(L"*\*(R" that constitutes the complete label of a \s-1DNS\s0 name (e.g. \*(L"*.example.com\*(R") to match more than one label in \fBname\fR; this flag only applies to \fBX509_check_host\fR. .PP If set, \fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR restricts \fBname\fR values which start with \*(L".\*(R", that would otherwise match any sub-domain in the peer certificate, to only match direct child sub-domains. Thus, for instance, with this flag set a \fBname\fR of \*(L".example.com\*(R" would match a peer certificate with a \s-1DNS\s0 name of \*(L"www.example.com\*(R", but would not match a peer certificate with a \s-1DNS\s0 name of \&\*(L"www.sub.example.com\*(R"; this flag only applies to \fBX509_check_host\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The functions return 1 for a successful match, 0 for a failed match and \-1 for an internal error: typically a memory allocation failure or an \s-1ASN.1\s0 decoding error. .PP All functions can also return \-2 if the input is malformed. For example, \&\fBX509_check_host()\fR returns \-2 if the provided \fBname\fR contains embedded NULs. .SH "NOTES" .IX Header "NOTES" Applications are encouraged to use \fBX509_VERIFY_PARAM_set1_host()\fR rather than explicitly calling \fBX509_check_host\fR\|(3). Host name checks may be out of scope with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, and the internal checks will be suppressed as appropriate when \&\s-1DANE\s0 support is enabled. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_get_verify_result\fR\|(3), \&\fBX509_VERIFY_PARAM_set1_host\fR\|(3), \&\fBX509_VERIFY_PARAM_add1_host\fR\|(3), \&\fBX509_VERIFY_PARAM_set1_email\fR\|(3), \&\fBX509_VERIFY_PARAM_set1_ip\fR\|(3), \&\fBX509_VERIFY_PARAM_set1_ipasc\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2012\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!>BBN_cmp.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_CMP 3" .TH BN_CMP 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_abs_is_word, BN_is_odd \- BIGNUM comparison and test functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int BN_cmp(const BIGNUM *a, const BIGNUM *b); \& int BN_ucmp(const BIGNUM *a, const BIGNUM *b); \& \& int BN_is_zero(const BIGNUM *a); \& int BN_is_one(const BIGNUM *a); \& int BN_is_word(const BIGNUM *a, const BN_ULONG w); \& int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); \& int BN_is_odd(const BIGNUM *a); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBN_cmp()\fR compares the numbers \fIa\fR and \fIb\fR. \fBBN_ucmp()\fR compares their absolute values. .PP \&\fBBN_is_zero()\fR, \fBBN_is_one()\fR, \fBBN_is_word()\fR and \fBBN_abs_is_word()\fR test if \&\fIa\fR equals 0, 1, \fIw\fR, or |\fIw\fR| respectively. \&\fBBN_is_odd()\fR tests if \fIa\fR is odd. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBN_cmp()\fR returns \-1 if \fIa\fR < \fIb\fR, 0 if \fIa\fR == \fIb\fR and 1 if \&\fIa\fR > \fIb\fR. \fBBN_ucmp()\fR is the same using the absolute values of \fIa\fR and \fIb\fR. .PP \&\fBBN_is_zero()\fR, \fBBN_is_one()\fR \fBBN_is_word()\fR, \fBBN_abs_is_word()\fR and \&\fBBN_is_odd()\fR return 1 if the condition is true, 0 otherwise. .SH "HISTORY" .IX Header "HISTORY" Prior to OpenSSL 1.1.0, \fBBN_is_zero()\fR, \fBBN_is_one()\fR, \fBBN_is_word()\fR, \&\fBBN_abs_is_word()\fR and \fBBN_is_odd()\fR were macros. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!|X!X! BIO_connect.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_CONNECT 3" .TH BIO_CONNECT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_socket, BIO_bind, BIO_connect, BIO_listen, BIO_accept_ex, BIO_closesocket \- BIO socket communication setup routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int BIO_socket(int domain, int socktype, int protocol, int options); \& int BIO_bind(int sock, const BIO_ADDR *addr, int options); \& int BIO_connect(int sock, const BIO_ADDR *addr, int options); \& int BIO_listen(int sock, const BIO_ADDR *addr, int options); \& int BIO_accept_ex(int accept_sock, BIO_ADDR *peer, int options); \& int BIO_closesocket(int sock); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_socket()\fR creates a socket in the domain \fBdomain\fR, of type \&\fBsocktype\fR and \fBprotocol\fR. Socket \fBoptions\fR are currently unused, but is present for future use. .PP \&\fBBIO_bind()\fR binds the source address and service to a socket and may be useful before calling \fBBIO_connect()\fR. The options may include \&\fB\s-1BIO_SOCK_REUSEADDR\s0\fR, which is described in \*(L"\s-1FLAGS\*(R"\s0 below. .PP \&\fBBIO_connect()\fR connects \fBsock\fR to the address and service given by \&\fBaddr\fR. Connection \fBoptions\fR may be zero or any combination of \&\fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR and \fB\s-1BIO_SOCK_NODELAY\s0\fR. The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. .PP \&\fBBIO_listen()\fR has \fBsock\fR start listening on the address and service given by \fBaddr\fR. Connection \fBoptions\fR may be zero or any combination of \fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, \&\fB\s-1BIO_SOCK_NODELAY\s0\fR, \fB\s-1BIO_SOCK_REUSEADDR\s0\fR and \fB\s-1BIO_SOCK_V6_ONLY\s0\fR. The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. .PP \&\fBBIO_accept_ex()\fR waits for an incoming connections on the given socket \fBaccept_sock\fR. When it gets a connection, the address and port of the peer gets stored in \fBpeer\fR if that one is non-NULL. Accept \fBoptions\fR may be zero or \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, and is applied on the accepted socket. The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. .PP \&\fBBIO_closesocket()\fR closes \fBsock\fR. .SH "FLAGS" .IX Header "FLAGS" .IP "\s-1BIO_SOCK_KEEPALIVE\s0" 4 .IX Item "BIO_SOCK_KEEPALIVE" Enables regular sending of keep-alive messages. .IP "\s-1BIO_SOCK_NONBLOCK\s0" 4 .IX Item "BIO_SOCK_NONBLOCK" Sets the socket to nonblocking mode. .IP "\s-1BIO_SOCK_NODELAY\s0" 4 .IX Item "BIO_SOCK_NODELAY" Corresponds to \fB\s-1TCP_NODELAY\s0\fR, and disables the Nagle algorithm. With this set, any data will be sent as soon as possible instead of being buffered until there's enough for the socket to send out in one go. .IP "\s-1BIO_SOCK_REUSEADDR\s0" 4 .IX Item "BIO_SOCK_REUSEADDR" Try to reuse the address and port combination for a recently closed port. .IP "\s-1BIO_SOCK_V6_ONLY\s0" 4 .IX Item "BIO_SOCK_V6_ONLY" When creating an IPv6 socket, make it only listen for IPv6 addresses and not IPv4 addresses mapped to IPv6. .PP These flags are bit flags, so they are to be combined with the \&\f(CW\*(C`|\*(C'\fR operator, for example: .PP .Vb 1 \& BIO_connect(sock, addr, BIO_SOCK_KEEPALIVE | BIO_SOCK_NONBLOCK); .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_socket()\fR returns the socket number on success or \fB\s-1INVALID_SOCKET\s0\fR (\-1) on error. When an error has occurred, the OpenSSL error stack will hold the error data and errno has the system error. .PP \&\fBBIO_bind()\fR, \fBBIO_connect()\fR and \fBBIO_listen()\fR return 1 on success or 0 on error. When an error has occurred, the OpenSSL error stack will hold the error data and errno has the system error. .PP \&\fBBIO_accept_ex()\fR returns the accepted socket on success or \&\fB\s-1INVALID_SOCKET\s0\fR (\-1) on error. When an error has occurred, the OpenSSL error stack will hold the error data and errno has the system error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\s-1\fBBIO_ADDR\s0\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBBIO_gethostname()\fR, \fBBIO_get_port()\fR, \fBBIO_get_host_ip()\fR, \&\fBBIO_get_accept_socket()\fR and \fBBIO_accept()\fR were deprecated in OpenSSL 1.1.0. Use the functions described above instead. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! %%X509_STORE_add_cert.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_STORE_ADD_CERT 3" .TH X509_STORE_ADD_CERT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_STORE, X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, X509_STORE_add_lookup, X509_STORE_load_locations, X509_STORE_set_default_paths \&\- X509_STORE manipulation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef x509_store_st X509_STORE; \& \& int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); \& int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); \& int X509_STORE_set_depth(X509_STORE *store, int depth); \& int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); \& int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); \& int X509_STORE_set_trust(X509_STORE *ctx, int trust); \& \& X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *store, \& X509_LOOKUP_METHOD *meth); \& \& int X509_STORE_load_locations(X509_STORE *ctx, \& const char *file, const char *dir); \& int X509_STORE_set_default_paths(X509_STORE *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBX509_STORE\fR structure is intended to be a consolidated mechanism for holding information about X.509 certificates and CRLs, and constructing and validating chains of certificates terminating in trusted roots. It admits multiple lookup mechanisms and efficient scaling performance with large numbers of certificates, and a great deal of flexibility in how validation and policy checks are performed. .PP \&\fBX509_STORE_new\fR\|(3) creates an empty \fBX509_STORE\fR structure, which contains no information about trusted certificates or where such certificates are located on disk, and is generally not usable. Normally, trusted certificates will be added to the \fBX509_STORE\fR to prepare it for use, via mechanisms such as \fBX509_STORE_add_lookup()\fR and \fBX509_LOOKUP_file()\fR, or \&\fBPEM_read_bio_X509_AUX()\fR and \fBX509_STORE_add_cert()\fR. CRLs can also be added, and many behaviors configured as desired. .PP Once the \fBX509_STORE\fR is suitably configured, \fBX509_STORE_CTX_new()\fR is used to instantiate a single-use \fBX509_STORE_CTX\fR for each chain-building and verification operation. That process includes providing the end-entity certificate to be verified and an additional set of untrusted certificates that may be used in chain-building. As such, it is expected that the certificates included in the \fBX509_STORE\fR are certificates that represent trusted entities such as root certificate authorities (CAs). OpenSSL represents these trusted certificates internally as \fBX509\fR objects with an associated \fBX509_CERT_AUX\fR, as are produced by \&\fBPEM_read_bio_X509_AUX()\fR and similar routines that refer to X509_AUX. The public interfaces that operate on such trusted certificates still operate on pointers to \fBX509\fR objects, though. .PP \&\fBX509_STORE_add_cert()\fR and \fBX509_STORE_add_crl()\fR add the respective object to the \fBX509_STORE\fR's local storage. Untrusted objects should not be added in this way. The added object's reference count is incremented by one, hence the caller retains ownership of the object and needs to free it when it is no longer needed. .PP \&\fBX509_STORE_set_depth()\fR, \fBX509_STORE_set_flags()\fR, \fBX509_STORE_set_purpose()\fR, \&\fBX509_STORE_set_trust()\fR, and \fBX509_STORE_set1_param()\fR set the default values for the corresponding values used in certificate chain validation. Their behavior is documented in the corresponding \fBX509_VERIFY_PARAM\fR manual pages, e.g., \fBX509_VERIFY_PARAM_set_depth\fR\|(3). .PP \&\fBX509_STORE_add_lookup()\fR finds or creates a \fBX509_LOOKUP\fR\|(3) with the \&\fBX509_LOOKUP_METHOD\fR\|(3) \fImeth\fR and adds it to the \fBX509_STORE\fR \&\fIstore\fR. This also associates the \fBX509_STORE\fR with the lookup, so \&\fBX509_LOOKUP\fR functions can look up objects in that store. .PP \&\fBX509_STORE_load_locations()\fR loads trusted certificate(s) into an \&\fBX509_STORE\fR from a given file and/or directory path. It is permitted to specify just a file, just a directory, or both paths. The certificates in the directory must be in hashed form, as documented in \&\fBX509_LOOKUP_hash_dir\fR\|(3). .PP \&\fBX509_STORE_set_default_paths()\fR is somewhat misnamed, in that it does not set what default paths should be used for loading certificates. Instead, it loads certificates into the \fBX509_STORE\fR from the hardcoded default paths. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_STORE_add_cert()\fR, \fBX509_STORE_add_crl()\fR, \fBX509_STORE_set_depth()\fR, \&\fBX509_STORE_set_flags()\fR, \fBX509_STORE_set_purpose()\fR, \&\fBX509_STORE_set_trust()\fR, \fBX509_STORE_load_locations()\fR, and \&\fBX509_STORE_set_default_paths()\fR return 1 on success or 0 on failure. .PP \&\fBX509_STORE_add_lookup()\fR returns the found or created \&\fBX509_LOOKUP\fR\|(3), or \s-1NULL\s0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_LOOKUP_hash_dir\fR\|(3). \&\fBX509_VERIFY_PARAM_set_depth\fR\|(3). \&\fBX509_STORE_new\fR\|(3), \&\fBX509_STORE_get0_param\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!sxP2P2!SSL_CTX_set_split_send_fragment.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3" .TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_max_send_fragment, SSL_set_max_send_fragment, SSL_CTX_set_split_send_fragment, SSL_set_split_send_fragment, SSL_CTX_set_max_pipelines, SSL_set_max_pipelines, SSL_CTX_set_default_read_buffer_len, SSL_set_default_read_buffer_len, SSL_CTX_set_tlsext_max_fragment_length, SSL_set_tlsext_max_fragment_length, SSL_SESSION_get_max_fragment_length \- Control fragment size settings and pipelining operations .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, long); \& long SSL_set_max_send_fragment(SSL *ssl, long m); \& \& long SSL_CTX_set_max_pipelines(SSL_CTX *ctx, long m); \& long SSL_set_max_pipelines(SSL_CTX *ssl, long m); \& \& long SSL_CTX_set_split_send_fragment(SSL_CTX *ctx, long m); \& long SSL_set_split_send_fragment(SSL *ssl, long m); \& \& void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); \& void SSL_set_default_read_buffer_len(SSL *s, size_t len); \& \& int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); \& int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); \& uint8_t SSL_SESSION_get_max_fragment_length(SSL_SESSION *session); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" Some engines are able to process multiple simultaneous crypto operations. This capability could be utilised to parallelise the processing of a single connection. For example a single write can be split into multiple records and each one encrypted independently and in parallel. Note: this will only work in \&\s-1TLS1.1+.\s0 There is no support in SSLv3, TLSv1.0 or \s-1DTLS\s0 (any version). This capability is known as \*(L"pipelining\*(R" within OpenSSL. .PP In order to benefit from the pipelining capability. You need to have an engine that provides ciphers that support this. The OpenSSL \*(L"dasync\*(R" engine provides \&\s-1AES128\-SHA\s0 based ciphers that have this capability. However, these are for development and test purposes only. .PP \&\fBSSL_CTX_set_max_send_fragment()\fR and \fBSSL_set_max_send_fragment()\fR set the \&\fBmax_send_fragment\fR parameter for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. This value restricts the amount of plaintext bytes that will be sent in any one \&\s-1SSL/TLS\s0 record. By default its value is \s-1SSL3_RT_MAX_PLAIN_LENGTH\s0 (16384). These functions will only accept a value in the range 512 \- \s-1SSL3_RT_MAX_PLAIN_LENGTH.\s0 .PP \&\fBSSL_CTX_set_max_pipelines()\fR and \fBSSL_set_max_pipelines()\fR set the maximum number of pipelines that will be used at any one time. This value applies to both \&\*(L"read\*(R" pipelining and \*(L"write\*(R" pipelining. By default only one pipeline will be used (i.e. normal non-parallel operation). The number of pipelines set must be in the range 1 \- \s-1SSL_MAX_PIPELINES\s0 (32). Setting this to a value > 1 will also automatically turn on \*(L"read_ahead\*(R" (see \fBSSL_CTX_set_read_ahead\fR\|(3)). This is explained further below. OpenSSL will only every use more than one pipeline if a cipher suite is negotiated that uses a pipeline capable cipher provided by an engine. .PP Pipelining operates slightly differently for reading encrypted data compared to writing encrypted data. \fBSSL_CTX_set_split_send_fragment()\fR and \&\fBSSL_set_split_send_fragment()\fR define how data is split up into pipelines when writing encrypted data. The number of pipelines used will be determined by the amount of data provided to the \fBSSL_write_ex()\fR or \fBSSL_write()\fR call divided by \&\fBsplit_send_fragment\fR. .PP For example if \fBsplit_send_fragment\fR is set to 2000 and \fBmax_pipelines\fR is 4 then: .PP SSL_write/SSL_write_ex called with 0\-2000 bytes == 1 pipeline used .PP SSL_write/SSL_write_ex called with 2001\-4000 bytes == 2 pipelines used .PP SSL_write/SSL_write_ex called with 4001\-6000 bytes == 3 pipelines used .PP SSL_write/SSL_write_ex called with 6001+ bytes == 4 pipelines used .PP \&\fBsplit_send_fragment\fR must always be less than or equal to \&\fBmax_send_fragment\fR. By default it is set to be equal to \fBmax_send_fragment\fR. This will mean that the same number of records will always be created as would have been created in the non-parallel case, although the data will be apportioned differently. In the parallel case data will be spread equally between the pipelines. .PP Read pipelining is controlled in a slightly different way than with write pipelining. While reading we are constrained by the number of records that the peer (and the network) can provide to us in one go. The more records we can get in one go the more opportunity we have to parallelise the processing. As noted above when setting \fBmax_pipelines\fR to a value greater than one, \fBread_ahead\fR is automatically set. The \fBread_ahead\fR parameter causes OpenSSL to attempt to read as much data into the read buffer as the network can provide and will fit into the buffer. Without this set data is read into the read buffer one record at a time. The more data that can be read, the more opportunity there is for parallelising the processing at the cost of increased memory overhead per connection. Setting \fBread_ahead\fR can impact the behaviour of the \fBSSL_pending()\fR function (see \fBSSL_pending\fR\|(3)). .PP The \fBSSL_CTX_set_default_read_buffer_len()\fR and \fBSSL_set_default_read_buffer_len()\fR functions control the size of the read buffer that will be used. The \fBlen\fR parameter sets the size of the buffer. The value will only be used if it is greater than the default that would have been used anyway. The normal default value depends on a number of factors but it will be at least \&\s-1SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD\s0 (16704) bytes. .PP \&\fBSSL_CTX_set_tlsext_max_fragment_length()\fR sets the default maximum fragment length negotiation mode via value \fBmode\fR to \fBctx\fR. This setting affects only \s-1SSL\s0 instances created after this function is called. It affects the client-side as only its side may initiate this extension use. .PP \&\fBSSL_set_tlsext_max_fragment_length()\fR sets the maximum fragment length negotiation mode via value \fBmode\fR to \fBssl\fR. This setting will be used during a handshake when extensions are exchanged between client and server. So it only affects \s-1SSL\s0 sessions created after this function is called. It affects the client-side as only its side may initiate this extension use. .PP \&\fBSSL_SESSION_get_max_fragment_length()\fR gets the maximum fragment length negotiated in \fBsession\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All non-void functions return 1 on success and 0 on failure. .SH "NOTES" .IX Header "NOTES" The Maximum Fragment Length extension support is optional on the server side. If the server does not support this extension then \&\fBSSL_SESSION_get_max_fragment_length()\fR will return: TLSEXT_max_fragment_length_DISABLED. .PP The following modes are available: .IP "TLSEXT_max_fragment_length_DISABLED" 4 .IX Item "TLSEXT_max_fragment_length_DISABLED" Disables Maximum Fragment Length Negotiation (default). .IP "TLSEXT_max_fragment_length_512" 4 .IX Item "TLSEXT_max_fragment_length_512" Sets Maximum Fragment Length to 512 bytes. .IP "TLSEXT_max_fragment_length_1024" 4 .IX Item "TLSEXT_max_fragment_length_1024" Sets Maximum Fragment Length to 1024. .IP "TLSEXT_max_fragment_length_2048" 4 .IX Item "TLSEXT_max_fragment_length_2048" Sets Maximum Fragment Length to 2048. .IP "TLSEXT_max_fragment_length_4096" 4 .IX Item "TLSEXT_max_fragment_length_4096" Sets Maximum Fragment Length to 4096. .PP With the exception of \fBSSL_CTX_set_default_read_buffer_len()\fR \&\fBSSL_set_default_read_buffer_len()\fR, \fBSSL_CTX_set_tlsext_max_fragment_length()\fR, \&\fBSSL_set_tlsext_max_fragment_length()\fR and \fBSSL_SESSION_get_max_fragment_length()\fR all these functions are implemented using macros. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_set_read_ahead\fR\|(3), \fBSSL_pending\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_CTX_set_max_pipelines()\fR, \fBSSL_set_max_pipelines()\fR, \&\fBSSL_CTX_set_split_send_fragment()\fR, \fBSSL_set_split_send_fragment()\fR, \&\fBSSL_CTX_set_default_read_buffer_len()\fR and \fBSSL_set_default_read_buffer_len()\fR functions were added in OpenSSL 1.1.0. .PP The \fBSSL_CTX_set_tlsext_max_fragment_length()\fR, \fBSSL_set_tlsext_max_fragment_length()\fR and \fBSSL_SESSION_get_max_fragment_length()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!WD߽ EVP_rc4.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_RC4 3" .TH EVP_RC4 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_rc4, EVP_rc4_40, EVP_rc4_hmac_md5 \&\- EVP RC4 stream cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_CIPHER *EVP_rc4(void) \& const EVP_CIPHER *EVP_rc4_40(void) \& const EVP_CIPHER *EVP_rc4_hmac_md5(void) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1RC4\s0 stream cipher for \s-1EVP.\s0 .IP "\fBEVP_rc4()\fR" 4 .IX Item "EVP_rc4()" \&\s-1RC4\s0 stream cipher. This is a variable key length cipher with a default key length of 128 bits. .IP "\fBEVP_rc4_40()\fR" 4 .IX Item "EVP_rc4_40()" \&\s-1RC4\s0 stream cipher with 40 bit key length. .Sp \&\s-1WARNING:\s0 this function is obsolete. Its usage should be replaced with the \&\fBEVP_rc4()\fR and the \fBEVP_CIPHER_CTX_set_key_length()\fR functions. .IP "\fBEVP_rc4_hmac_md5()\fR" 4 .IX Item "EVP_rc4_hmac_md5()" Authenticated encryption with the \s-1RC4\s0 stream cipher with \s-1MD5\s0 as \s-1HMAC.\s0 .Sp \&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 interface. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!RAND_DRBG_set_ex_data.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RAND_DRBG_SET_EX_DATA 3" .TH RAND_DRBG_SET_EX_DATA 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RAND_DRBG_set_ex_data, RAND_DRBG_get_ex_data, RAND_DRBG_get_ex_new_index \&\- store and retrieve extra data from the DRBG instance .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *data); \& \& void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx); \& \& int RAND_DRBG_get_ex_new_index(long argl, void *argp, \& CRYPTO_EX_new *new_func, \& CRYPTO_EX_dup *dup_func, \& CRYPTO_EX_free *free_func); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBRAND_DRBG_set_ex_data()\fR enables an application to store arbitrary application specific data \fBdata\fR in a \s-1RAND_DRBG\s0 instance \fBdrbg\fR. The index \fBidx\fR should be a value previously returned from a call to \fBRAND_DRBG_get_ex_new_index()\fR. .PP \&\fBRAND_DRBG_get_ex_data()\fR retrieves application specific data previously stored in an \s-1RAND_DRBG\s0 instance \fBdrbg\fR. The \fBidx\fR value should be the same as that used when originally storing the data. .PP For more detailed information see \fBCRYPTO_get_ex_data\fR\|(3) and \&\fBCRYPTO_set_ex_data\fR\|(3) which implement these functions and \&\fBCRYPTO_get_ex_new_index\fR\|(3) for generating a unique index. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_DRBG_set_ex_data()\fR returns 1 for success or 0 for failure. .PP \&\fBRAND_DRBG_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on failure. \s-1NULL\s0 may also be a valid value. .SH "NOTES" .IX Header "NOTES" RAND_DRBG_get_ex_new_index(...) is implemented as a macro and equivalent to CRYPTO_get_ex_new_index(\s-1CRYPTO_EX_INDEX_DRBG,...\s0). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBCRYPTO_get_ex_data\fR\|(3), \&\fBCRYPTO_set_ex_data\fR\|(3), \&\fBCRYPTO_get_ex_new_index\fR\|(3), \&\s-1\fBRAND_DRBG\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!O-''SSL_CTX_set_tlsext_status_cb.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_STATUS_CB 3" .TH SSL_CTX_SET_TLSEXT_STATUS_CB 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_tlsext_status_cb, SSL_CTX_get_tlsext_status_cb, SSL_CTX_set_tlsext_status_arg, SSL_CTX_get_tlsext_status_arg, SSL_CTX_set_tlsext_status_type, SSL_CTX_get_tlsext_status_type, SSL_set_tlsext_status_type, SSL_get_tlsext_status_type, SSL_get_tlsext_status_ocsp_resp, SSL_set_tlsext_status_ocsp_resp \&\- OCSP Certificate Status Request functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, int (*callback)(SSL *, void *)); \& long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx, int (**callback)(SSL *, void *)); \& \& long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); \& long SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg); \& \& long SSL_CTX_set_tlsext_status_type(SSL_CTX *ctx, int type); \& long SSL_CTX_get_tlsext_status_type(SSL_CTX *ctx); \& \& long SSL_set_tlsext_status_type(SSL *s, int type); \& long SSL_get_tlsext_status_type(SSL *s); \& \& long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp); \& long SSL_set_tlsext_status_ocsp_resp(ssl, unsigned char *resp, int len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A client application may request that a server send back an \s-1OCSP\s0 status response (also known as \s-1OCSP\s0 stapling). To do so the client should call the \&\fBSSL_CTX_set_tlsext_status_type()\fR function prior to the creation of any \s-1SSL\s0 objects. Alternatively an application can call the \fBSSL_set_tlsext_status_type()\fR function on an individual \s-1SSL\s0 object prior to the start of the handshake. Currently the only supported type is \fBTLSEXT_STATUSTYPE_ocsp\fR. This value should be passed in the \fBtype\fR argument. Calling \&\fBSSL_CTX_get_tlsext_status_type()\fR will return the type \fBTLSEXT_STATUSTYPE_ocsp\fR previously set via \fBSSL_CTX_set_tlsext_status_type()\fR or \-1 if not set. .PP The client should additionally provide a callback function to decide what to do with the returned \s-1OCSP\s0 response by calling \fBSSL_CTX_set_tlsext_status_cb()\fR. The callback function should determine whether the returned \s-1OCSP\s0 response is acceptable or not. The callback will be passed as an argument the value previously set via a call to \fBSSL_CTX_set_tlsext_status_arg()\fR. Note that the callback will not be called in the event of a handshake where session resumption occurs (because there are no Certificates exchanged in such a handshake). The callback previously set via \fBSSL_CTX_set_tlsext_status_cb()\fR can be retrieved by calling \fBSSL_CTX_get_tlsext_status_cb()\fR, and the argument by calling \&\fBSSL_CTX_get_tlsext_status_arg()\fR. .PP On the client side \fBSSL_get_tlsext_status_type()\fR can be used to determine whether the client has previously called \fBSSL_set_tlsext_status_type()\fR. It will return \&\fBTLSEXT_STATUSTYPE_ocsp\fR if it has been called or \-1 otherwise. On the server side \fBSSL_get_tlsext_status_type()\fR can be used to determine whether the client requested \s-1OCSP\s0 stapling. If the client requested it then this function will return \fBTLSEXT_STATUSTYPE_ocsp\fR, or \-1 otherwise. .PP The response returned by the server can be obtained via a call to \&\fBSSL_get_tlsext_status_ocsp_resp()\fR. The value \fB*resp\fR will be updated to point to the \s-1OCSP\s0 response data and the return value will be the length of that data. Typically a callback would obtain an \s-1OCSP_RESPONSE\s0 object from this data via a call to the \fBd2i_OCSP_RESPONSE()\fR function. If the server has not provided any response data then \fB*resp\fR will be \s-1NULL\s0 and the return value from \&\fBSSL_get_tlsext_status_ocsp_resp()\fR will be \-1. .PP A server application must also call the \fBSSL_CTX_set_tlsext_status_cb()\fR function if it wants to be able to provide clients with \s-1OCSP\s0 Certificate Status responses. Typically the server callback would obtain the server certificate that is being sent back to the client via a call to \fBSSL_get_certificate()\fR; obtain the \s-1OCSP\s0 response to be sent back; and then set that response data by calling \fBSSL_set_tlsext_status_ocsp_resp()\fR. A pointer to the response data should be provided in the \fBresp\fR argument, and the length of that data should be in the \fBlen\fR argument. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The callback when used on the client side should return a negative value on error; 0 if the response is not acceptable (in which case the handshake will fail) or a positive value if it is acceptable. .PP The callback when used on the server side should return with either \&\s-1SSL_TLSEXT_ERR_OK\s0 (meaning that the \s-1OCSP\s0 response that has been set should be returned), \s-1SSL_TLSEXT_ERR_NOACK\s0 (meaning that an \s-1OCSP\s0 response should not be returned) or \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 (meaning that a fatal error has occurred). .PP \&\fBSSL_CTX_set_tlsext_status_cb()\fR, \fBSSL_CTX_set_tlsext_status_arg()\fR, \&\fBSSL_CTX_set_tlsext_status_type()\fR, \fBSSL_set_tlsext_status_type()\fR and \&\fBSSL_set_tlsext_status_ocsp_resp()\fR return 0 on error or 1 on success. .PP \&\fBSSL_CTX_get_tlsext_status_type()\fR returns the value previously set by \&\fBSSL_CTX_set_tlsext_status_type()\fR, or \-1 if not set. .PP \&\fBSSL_get_tlsext_status_ocsp_resp()\fR returns the length of the \s-1OCSP\s0 response data or \-1 if there is no \s-1OCSP\s0 response data. .PP \&\fBSSL_get_tlsext_status_type()\fR returns \fBTLSEXT_STATUSTYPE_ocsp\fR on the client side if \fBSSL_set_tlsext_status_type()\fR was previously called, or on the server side if the client requested \s-1OCSP\s0 stapling. Otherwise \-1 is returned. .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_get_tlsext_status_type()\fR, \fBSSL_CTX_get_tlsext_status_type()\fR and \fBSSL_CTX_set_tlsext_status_type()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!;#vDD RAND_add.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RAND_ADD 3" .TH RAND_ADD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen, RAND_keep_random_devices_open \&\- add randomness to the PRNG or get its status .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int RAND_status(void); \& int RAND_poll(); \& \& void RAND_add(const void *buf, int num, double randomness); \& void RAND_seed(const void *buf, int num); \& \& void RAND_keep_random_devices_open(int keep); .Ve .PP Deprecated: .PP .Vb 4 \& #if OPENSSL_API_COMPAT < 0x10100000L \& int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam); \& void RAND_screen(void); \& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions can be used to seed the random generator and to check its seeded state. In general, manual (re\-)seeding of the default OpenSSL random generator (\fBRAND_OpenSSL\fR\|(3)) is not necessary (but allowed), since it does (re\-)seed itself automatically using trusted system entropy sources. This holds unless the default \s-1RAND_METHOD\s0 has been replaced or OpenSSL was built with automatic reseeding disabled, see \s-1\fBRAND\s0\fR\|(7) for more details. .PP \&\fBRAND_status()\fR indicates whether or not the random generator has been sufficiently seeded. If not, functions such as \fBRAND_bytes\fR\|(3) will fail. .PP \&\fBRAND_poll()\fR uses the system's capabilities to seed the random generator using random input obtained from polling various trusted entropy sources. The default choice of the entropy source can be modified at build time, see \s-1\fBRAND\s0\fR\|(7) for more details. .PP \&\fBRAND_add()\fR mixes the \fBnum\fR bytes at \fBbuf\fR into the internal state of the random generator. This function will not normally be needed, as mentioned above. The \fBrandomness\fR argument is an estimate of how much randomness is contained in \&\fBbuf\fR, in bytes, and should be a number between zero and \fBnum\fR. Details about sources of randomness and how to estimate their randomness can be found in the literature; for example [\s-1NIST SP 800\-90B\s0]. The content of \fBbuf\fR cannot be recovered from subsequent random generator output. Applications that intend to save and restore random state in an external file should consider using \fBRAND_load_file\fR\|(3) instead. .PP \&\fBRAND_seed()\fR is equivalent to \fBRAND_add()\fR with \fBrandomness\fR set to \fBnum\fR. .PP \&\fBRAND_keep_random_devices_open()\fR is used to control file descriptor usage by the random seed sources. Some seed sources maintain open file descriptors by default, which allows such sources to operate in a \&\fBchroot\fR\|(2) jail without the associated device nodes being available. When the \fBkeep\fR argument is zero, this call disables the retention of file descriptors. Conversely, a nonzero argument enables the retention of file descriptors. This function is usually called during initialization and it takes effect immediately. .PP \&\fBRAND_event()\fR and \fBRAND_screen()\fR are equivalent to \fBRAND_poll()\fR and exist for compatibility reasons only. See \s-1HISTORY\s0 section below. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_status()\fR returns 1 if the random generator has been seeded with enough data, 0 otherwise. .PP \&\fBRAND_poll()\fR returns 1 if it generated seed data, 0 otherwise. .PP \&\fBRAND_event()\fR returns \fBRAND_status()\fR. .PP The other functions do not return values. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRAND_bytes\fR\|(3), \&\fBRAND_egd\fR\|(3), \&\fBRAND_load_file\fR\|(3), \&\s-1\fBRAND\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" \&\fBRAND_event()\fR and \fBRAND_screen()\fR were deprecated in OpenSSL 1.1.0 and should not be used. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!=a=aSSL_read_early_data.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_READ_EARLY_DATA 3" .TH SSL_READ_EARLY_DATA 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_set_max_early_data, SSL_CTX_set_max_early_data, SSL_get_max_early_data, SSL_CTX_get_max_early_data, SSL_set_recv_max_early_data, SSL_CTX_set_recv_max_early_data, SSL_get_recv_max_early_data, SSL_CTX_get_recv_max_early_data, SSL_SESSION_get_max_early_data, SSL_SESSION_set_max_early_data, SSL_write_early_data, SSL_read_early_data, SSL_get_early_data_status, SSL_allow_early_data_cb_fn, SSL_CTX_set_allow_early_data_cb, SSL_set_allow_early_data_cb \&\- functions for sending and receiving early data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); \& uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); \& int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); \& uint32_t SSL_get_max_early_data(const SSL *s); \& \& int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); \& uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); \& int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); \& uint32_t SSL_get_recv_max_early_data(const SSL *s); \& \& uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); \& int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data); \& \& int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written); \& \& int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes); \& \& int SSL_get_early_data_status(const SSL *s); \& \& \& typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); \& \& void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, \& SSL_allow_early_data_cb_fn cb, \& void *arg); \& void SSL_set_allow_early_data_cb(SSL *s, \& SSL_allow_early_data_cb_fn cb, \& void *arg); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions are used to send and receive early data where TLSv1.3 has been negotiated. Early data can be sent by the client immediately after its initial ClientHello without having to wait for the server to complete the handshake. Early data can be sent if a session has previously been established with the server or when establishing a new session using an out-of-band \s-1PSK,\s0 and only when the server is known to support it. Additionally these functions can be used to send data from the server to the client when the client has not yet completed the authentication stage of the handshake. .PP Early data has weaker security properties than other data sent over an \s-1SSL/TLS\s0 connection. In particular the data does not have forward secrecy. There are also additional considerations around replay attacks (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 below). For these reasons extreme care should be exercised when using early data. For specific details, consult the \s-1TLS 1.3\s0 specification. .PP When a server receives early data it may opt to immediately respond by sending application data back to the client. Data sent by the server at this stage is done before the full handshake has been completed. Specifically the client's authentication messages have not yet been received, i.e. the client is unauthenticated at this point and care should be taken when using this capability. .PP A server or client can determine whether the full handshake has been completed or not by calling \fBSSL_is_init_finished\fR\|(3). .PP On the client side, the function \fBSSL_SESSION_get_max_early_data()\fR can be used to determine if a session established with a server can be used to send early data. If the session cannot be used then this function will return 0. Otherwise it will return the maximum number of early data bytes that can be sent. .PP The function \fBSSL_SESSION_set_max_early_data()\fR sets the maximum number of early data bytes that can be sent for a session. This would typically be used when creating a \s-1PSK\s0 session file (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). If using a ticket based \s-1PSK\s0 then this is set automatically to the value provided by the server. .PP A client uses the function \fBSSL_write_early_data()\fR to send early data. This function is similar to the \fBSSL_write_ex\fR\|(3) function, but with the following differences. See \fBSSL_write_ex\fR\|(3) for information on how to write bytes to the underlying connection, and how to handle any errors that may arise. This page describes the differences between \fBSSL_write_early_data()\fR and \&\fBSSL_write_ex\fR\|(3). .PP When called by a client, \fBSSL_write_early_data()\fR must be the first \s-1IO\s0 function called on a new connection, i.e. it must occur before any calls to \&\fBSSL_write_ex\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_connect\fR\|(3), \fBSSL_do_handshake\fR\|(3) or other similar functions. It may be called multiple times to stream data to the server, but the total number of bytes written must not exceed the value returned from \fBSSL_SESSION_get_max_early_data()\fR. Once the initial \&\fBSSL_write_early_data()\fR call has completed successfully the client may interleave calls to \fBSSL_read_ex\fR\|(3) and \fBSSL_read\fR\|(3) with calls to \&\fBSSL_write_early_data()\fR as required. .PP If \fBSSL_write_early_data()\fR fails you should call \fBSSL_get_error\fR\|(3) to determine the correct course of action, as for \fBSSL_write_ex\fR\|(3). .PP When the client no longer wishes to send any more early data then it should complete the handshake by calling a function such as \fBSSL_connect\fR\|(3) or \&\fBSSL_do_handshake\fR\|(3). Alternatively you can call a standard write function such as \fBSSL_write_ex\fR\|(3), which will transparently complete the connection and write the requested data. .PP A server may choose to ignore early data that has been sent to it. Once the connection has been completed you can determine whether the server accepted or rejected the early data by calling \fBSSL_get_early_data_status()\fR. This will return \&\s-1SSL_EARLY_DATA_ACCEPTED\s0 if the data was accepted, \s-1SSL_EARLY_DATA_REJECTED\s0 if it was rejected or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. This function may be called by either the client or the server. .PP A server uses the \fBSSL_read_early_data()\fR function to receive early data on a connection for which early data has been enabled using \&\fBSSL_CTX_set_max_early_data()\fR or \fBSSL_set_max_early_data()\fR. As for \&\fBSSL_write_early_data()\fR, this must be the first \s-1IO\s0 function called on a connection, i.e. it must occur before any calls to \&\fBSSL_write_ex\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_accept\fR\|(3), \fBSSL_do_handshake\fR\|(3), or other similar functions. .PP \&\fBSSL_read_early_data()\fR is similar to \fBSSL_read_ex\fR\|(3) with the following differences. Refer to \fBSSL_read_ex\fR\|(3) for full details. .PP \&\fBSSL_read_early_data()\fR may return 3 possible values: .IP "\s-1SSL_READ_EARLY_DATA_ERROR\s0" 4 .IX Item "SSL_READ_EARLY_DATA_ERROR" This indicates an \s-1IO\s0 or some other error occurred. This should be treated in the same way as a 0 return value from \fBSSL_read_ex\fR\|(3). .IP "\s-1SSL_READ_EARLY_DATA_SUCCESS\s0" 4 .IX Item "SSL_READ_EARLY_DATA_SUCCESS" This indicates that early data was successfully read. This should be treated in the same way as a 1 return value from \fBSSL_read_ex\fR\|(3). You should continue to call \fBSSL_read_early_data()\fR to read more data. .IP "\s-1SSL_READ_EARLY_DATA_FINISH\s0" 4 .IX Item "SSL_READ_EARLY_DATA_FINISH" This indicates that no more early data can be read. It may be returned on the first call to \fBSSL_read_early_data()\fR if the client has not sent any early data, or if the early data was rejected. .PP Once the initial \fBSSL_read_early_data()\fR call has completed successfully (i.e. it has returned \s-1SSL_READ_EARLY_DATA_SUCCESS\s0 or \s-1SSL_READ_EARLY_DATA_FINISH\s0) then the server may choose to write data immediately to the unauthenticated client using \&\fBSSL_write_early_data()\fR. If \fBSSL_read_early_data()\fR returned \&\s-1SSL_READ_EARLY_DATA_FINISH\s0 then in some situations (e.g. if the client only supports TLSv1.2) the handshake may have already been completed and calls to \fBSSL_write_early_data()\fR are not allowed. Call \fBSSL_is_init_finished\fR\|(3) to determine whether the handshake has completed or not. If the handshake is still in progress then the server may interleave calls to \fBSSL_write_early_data()\fR with calls to \fBSSL_read_early_data()\fR as required. .PP Servers must not call \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) or \&\fBSSL_write\fR\|(3) until \fBSSL_read_early_data()\fR has returned with \&\s-1SSL_READ_EARLY_DATA_FINISH.\s0 Once it has done so the connection to the client still needs to be completed. Complete the connection by calling a function such as \fBSSL_accept\fR\|(3) or \fBSSL_do_handshake\fR\|(3). Alternatively you can call a standard read function such as \fBSSL_read_ex\fR\|(3), which will transparently complete the connection and read the requested data. Note that it is an error to attempt to complete the connection before \fBSSL_read_early_data()\fR has returned \&\s-1SSL_READ_EARLY_DATA_FINISH.\s0 .PP Only servers may call \fBSSL_read_early_data()\fR. .PP Calls to \fBSSL_read_early_data()\fR may, in certain circumstances, complete the connection immediately without further need to call a function such as \&\fBSSL_accept\fR\|(3). This can happen if the client is using a protocol version less than TLSv1.3. Applications can test for this by calling \&\fBSSL_is_init_finished\fR\|(3). Alternatively, applications may choose to call \&\fBSSL_accept\fR\|(3) anyway. Such a call will successfully return immediately with no further action taken. .PP When a session is created between a server and a client the server will specify the maximum amount of any early data that it will accept on any future connection attempt. By default the server does not accept early data; a server may indicate support for early data by calling \&\fBSSL_CTX_set_max_early_data()\fR or \&\fBSSL_set_max_early_data()\fR to set it for the whole \s-1SSL_CTX\s0 or an individual \s-1SSL\s0 object respectively. The \fBmax_early_data\fR parameter specifies the maximum amount of early data in bytes that is permitted to be sent on a single connection. Similarly the \fBSSL_CTX_get_max_early_data()\fR and \&\fBSSL_get_max_early_data()\fR functions can be used to obtain the current maximum early data settings for the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. Generally a server application will either use both of \fBSSL_read_early_data()\fR and \&\fBSSL_CTX_set_max_early_data()\fR (or \fBSSL_set_max_early_data()\fR), or neither of them, since there is no practical benefit from using only one of them. If the maximum early data setting for a server is nonzero then replay protection is automatically enabled (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 below). .PP If the server rejects the early data sent by a client then it will skip over the data that is sent. The maximum amount of received early data that is skipped is controlled by the recv_max_early_data setting. If a client sends more than this then the connection will abort. This value can be set by calling \&\fBSSL_CTX_set_recv_max_early_data()\fR or \fBSSL_set_recv_max_early_data()\fR. The current value for this setting can be obtained by calling \&\fBSSL_CTX_get_recv_max_early_data()\fR or \fBSSL_get_recv_max_early_data()\fR. The default value for this setting is 16,384 bytes. .PP The recv_max_early_data value also has an impact on early data that is accepted. The amount of data that is accepted will always be the lower of the max_early_data for the session and the recv_max_early_data setting for the server. If a client sends more data than this then the connection will abort. .PP The configured value for max_early_data on a server may change over time as required. However, clients may have tickets containing the previously configured max_early_data value. The recv_max_early_data should always be equal to or higher than any recently configured max_early_data value in order to avoid aborted connections. The recv_max_early_data should never be set to less than the current configured max_early_data value. .PP Some server applications may wish to have more control over whether early data is accepted or not, for example to mitigate replay risks (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 below) or to decline early_data when the server is heavily loaded. The functions \&\fBSSL_CTX_set_allow_early_data_cb()\fR and \fBSSL_set_allow_early_data_cb()\fR set a callback which is called at a point in the handshake immediately before a decision is made to accept or reject early data. The callback is provided with a pointer to the user data argument that was provided when the callback was first set. Returning 1 from the callback will allow early data and returning 0 will reject it. Note that the OpenSSL library may reject early data for other reasons in which case this callback will not get called. Notably, the built-in replay protection feature will still be used even if a callback is present unless it has been explicitly disabled using the \s-1SSL_OP_NO_ANTI_REPLAY\s0 option. See \&\*(L"\s-1REPLAY PROTECTION\*(R"\s0 below. .SH "NOTES" .IX Header "NOTES" The whole purpose of early data is to enable a client to start sending data to the server before a full round trip of network traffic has occurred. Application developers should ensure they consider optimisation of the underlying \s-1TCP\s0 socket to obtain a performant solution. For example Nagle's algorithm is commonly used by operating systems in an attempt to avoid lots of small \s-1TCP\s0 packets. In many scenarios this is beneficial for performance, but it does not work well with the early data solution as implemented in OpenSSL. In Nagle's algorithm the \s-1OS\s0 will buffer outgoing \s-1TCP\s0 data if a \s-1TCP\s0 packet has already been sent which we have not yet received an \s-1ACK\s0 for from the peer. The buffered data will only be transmitted if enough data to fill an entire \s-1TCP\s0 packet is accumulated, or if the \s-1ACK\s0 is received from the peer. The initial ClientHello will be sent in the first \s-1TCP\s0 packet along with any data from the first call to \&\fBSSL_write_early_data()\fR. If the amount of data written will exceed the size of a single \s-1TCP\s0 packet, or if there are more calls to \fBSSL_write_early_data()\fR then that additional data will be sent in subsequent \s-1TCP\s0 packets which will be buffered by the \s-1OS\s0 and not sent until an \s-1ACK\s0 is received for the first packet containing the ClientHello. This means the early data is not actually sent until a complete round trip with the server has occurred which defeats the objective of early data. .PP In many operating systems the \s-1TCP_NODELAY\s0 socket option is available to disable Nagle's algorithm. If an application opts to disable Nagle's algorithm consideration should be given to turning it back on again after the handshake is complete if appropriate. .PP In rare circumstances, it may be possible for a client to have a session that reports a max early data value greater than 0, but where the server does not support this. For example, this can occur if a server has had its configuration changed to accept a lower max early data value such as by calling \&\fBSSL_CTX_set_recv_max_early_data()\fR. Another example is if a server used to support TLSv1.3 but was later downgraded to TLSv1.2. Sending early data to such a server will cause the connection to abort. Clients that encounter an aborted connection while sending early data may want to retry the connection without sending early data as this does not happen automatically. A client will have to establish a new transport layer connection to the server and attempt the \s-1SSL/TLS\s0 connection again but without sending early data. Note that it is inadvisable to retry with a lower maximum protocol version. .SH "REPLAY PROTECTION" .IX Header "REPLAY PROTECTION" When early data is in use the \s-1TLS\s0 protocol provides no security guarantees that the same early data was not replayed across multiple connections. As a mitigation for this issue OpenSSL automatically enables replay protection if the server is configured with a nonzero max early data value. With replay protection enabled sessions are forced to be single use only. If a client attempts to reuse a session ticket more than once, then the second and subsequent attempts will fall back to a full handshake (and any early data that was submitted will be ignored). Note that single use tickets are enforced even if a client does not send any early data. .PP The replay protection mechanism relies on the internal OpenSSL server session cache (see \fBSSL_CTX_set_session_cache_mode\fR\|(3)). When replay protection is being used the server will operate as if the \s-1SSL_OP_NO_TICKET\s0 option had been selected (see \fBSSL_CTX_set_options\fR\|(3)). Sessions will be added to the cache whenever a session ticket is issued. When a client attempts to resume the session, OpenSSL will check for its presence in the internal cache. If it exists then the resumption is allowed and the session is removed from the cache. If it does not exist then the resumption is not allowed and a full handshake will occur. .PP Note that some applications may maintain an external cache of sessions (see \&\fBSSL_CTX_sess_set_new_cb\fR\|(3) and similar functions). It is the application's responsibility to ensure that any sessions in the external cache are also populated in the internal cache and that once removed from the internal cache they are similarly removed from the external cache. Failing to do this could result in an application becoming vulnerable to replay attacks. Note that OpenSSL will lock the internal cache while a session is removed but that lock is not held when the remove session callback (see \fBSSL_CTX_sess_set_remove_cb\fR\|(3)) is called. This could result in a small amount of time where the session has been removed from the internal cache but is still available in the external cache. Applications should be designed with this in mind in order to minimise the possibility of replay attacks. .PP The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs) (e.g. see \fBSSL_CTX_set_psk_find_session_callback\fR\|(3)). Therefore, extreme caution should be applied when combining external PSKs with early data. .PP Some applications may mitigate the replay risks in other ways. For those applications it is possible to turn off the built-in replay protection feature using the \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR option. See \fBSSL_CTX_set_options\fR\|(3) for details. Applications can also set a callback to make decisions about accepting early data or not. See \fBSSL_CTX_set_allow_early_data_cb()\fR above for details. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_write_early_data()\fR returns 1 for success or 0 for failure. In the event of a failure call \fBSSL_get_error\fR\|(3) to determine the correct course of action. .PP \&\fBSSL_read_early_data()\fR returns \s-1SSL_READ_EARLY_DATA_ERROR\s0 for failure, \&\s-1SSL_READ_EARLY_DATA_SUCCESS\s0 for success with more data to read and \&\s-1SSL_READ_EARLY_DATA_FINISH\s0 for success with no more to data be read. In the event of a failure call \fBSSL_get_error\fR\|(3) to determine the correct course of action. .PP \&\fBSSL_get_max_early_data()\fR, \fBSSL_CTX_get_max_early_data()\fR and \&\fBSSL_SESSION_get_max_early_data()\fR return the maximum number of early data bytes that may be sent. .PP \&\fBSSL_set_max_early_data()\fR, \fBSSL_CTX_set_max_early_data()\fR and \&\fBSSL_SESSION_set_max_early_data()\fR return 1 for success or 0 for failure. .PP \&\fBSSL_get_early_data_status()\fR returns \s-1SSL_EARLY_DATA_ACCEPTED\s0 if early data was accepted by the server, \s-1SSL_EARLY_DATA_REJECTED\s0 if early data was rejected by the server, or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_get_error\fR\|(3), \&\fBSSL_write_ex\fR\|(3), \&\fBSSL_read_ex\fR\|(3), \&\fBSSL_connect\fR\|(3), \&\fBSSL_accept\fR\|(3), \&\fBSSL_do_handshake\fR\|(3), \&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3), \&\fBssl\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" All of the functions described above were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!vߏh%h%SSL_CTX_set_msg_callback.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MSG_CALLBACK 3" .TH SSL_CTX_SET_MSG_CALLBACK 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_set_msg_callback_arg \&\- install callback for observing protocol messages .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CTX_set_msg_callback(SSL_CTX *ctx, \& void (*cb)(int write_p, int version, \& int content_type, const void *buf, \& size_t len, SSL *ssl, void *arg)); \& void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); \& \& void SSL_set_msg_callback(SSL *ssl, \& void (*cb)(int write_p, int version, \& int content_type, const void *buf, \& size_t len, SSL *ssl, void *arg)); \& void SSL_set_msg_callback_arg(SSL *ssl, void *arg); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_msg_callback()\fR or \fBSSL_set_msg_callback()\fR can be used to define a message callback function \fIcb\fR for observing all \s-1SSL/TLS\s0 protocol messages (such as handshake messages) that are received or sent, as well as other events that occur during processing. \&\fBSSL_CTX_set_msg_callback_arg()\fR and \fBSSL_set_msg_callback_arg()\fR can be used to set argument \fIarg\fR to the callback function, which is available for arbitrary application use. .PP \&\fBSSL_CTX_set_msg_callback()\fR and \fBSSL_CTX_set_msg_callback_arg()\fR specify default settings that will be copied to new \fB\s-1SSL\s0\fR objects by \&\fBSSL_new\fR\|(3). \fBSSL_set_msg_callback()\fR and \&\fBSSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR object. Using a \fB\s-1NULL\s0\fR pointer for \fIcb\fR disables the message callback. .PP When \fIcb\fR is called by the \s-1SSL/TLS\s0 library the function arguments have the following meaning: .IP "\fIwrite_p\fR" 4 .IX Item "write_p" This flag is \fB0\fR when a protocol message has been received and \fB1\fR when a protocol message has been sent. .IP "\fIversion\fR" 4 .IX Item "version" The protocol version according to which the protocol message is interpreted by the library such as \fB\s-1TLS1_3_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR etc. This is set to 0 for the \s-1SSL3_RT_HEADER\s0 pseudo content type (see \s-1NOTES\s0 below). .IP "\fIcontent_type\fR" 4 .IX Item "content_type" This is one of the content type values defined in the protocol specification (\fB\s-1SSL3_RT_CHANGE_CIPHER_SPEC\s0\fR, \fB\s-1SSL3_RT_ALERT\s0\fR, \fB\s-1SSL3_RT_HANDSHAKE\s0\fR; but never \&\fB\s-1SSL3_RT_APPLICATION_DATA\s0\fR because the callback will only be called for protocol messages). Alternatively it may be a \*(L"pseudo\*(R" content type. These pseudo content types are used to signal some other event in the processing of data (see \&\s-1NOTES\s0 below). .IP "\fIbuf\fR, \fIlen\fR" 4 .IX Item "buf, len" \&\fIbuf\fR points to a buffer containing the protocol message or other data (in the case of pseudo content types), which consists of \fIlen\fR bytes. The buffer is no longer valid after the callback function has returned. .IP "\fIssl\fR" 4 .IX Item "ssl" The \fB\s-1SSL\s0\fR object that received or sent the message. .IP "\fIarg\fR" 4 .IX Item "arg" The user-defined argument optionally defined by \&\fBSSL_CTX_set_msg_callback_arg()\fR or \fBSSL_set_msg_callback_arg()\fR. .SH "NOTES" .IX Header "NOTES" Protocol messages are passed to the callback function after decryption and fragment collection where applicable. (Thus record boundaries are not visible.) .PP If processing a received protocol message results in an error, the callback function may not be called. For example, the callback function will never see messages that are considered too large to be processed. .PP Due to automatic protocol version negotiation, \fIversion\fR is not necessarily the protocol version used by the sender of the message: If a \s-1TLS 1.0\s0 ClientHello message is received by an \s-1SSL 3\s0.0\-only server, \&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR. .PP Pseudo content type values may be sent at various points during the processing of data. The following pseudo content types are currently defined: .IP "\fB\s-1SSL3_RT_HEADER\s0\fR" 4 .IX Item "SSL3_RT_HEADER" Used when a record is sent or received. The \fBbuf\fR contains the record header bytes only. .IP "\fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR" 4 .IX Item "SSL3_RT_INNER_CONTENT_TYPE" Used when an encrypted TLSv1.3 record is sent or received. In encrypted TLSv1.3 records the content type in the record header is always \&\s-1SSL3_RT_APPLICATION_DATA.\s0 The real content type for the record is contained in an \*(L"inner\*(R" content type. \fBbuf\fR contains the encoded \*(L"inner\*(R" content type byte. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_msg_callback()\fR, \fBSSL_CTX_set_msg_callback_arg()\fR, \fBSSL_set_msg_callback()\fR and \fBSSL_set_msg_callback_arg()\fR do not return values. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The pseudo content type \fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!YG++ BIO_s_mem.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_S_MEM 3" .TH BIO_S_MEM 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_s_secmem, BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, BIO_get_mem_ptr, BIO_new_mem_buf \- memory BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const BIO_METHOD *BIO_s_mem(void); \& const BIO_METHOD *BIO_s_secmem(void); \& \& BIO_set_mem_eof_return(BIO *b, int v) \& long BIO_get_mem_data(BIO *b, char **pp) \& BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c) \& BIO_get_mem_ptr(BIO *b, BUF_MEM **pp) \& \& BIO *BIO_new_mem_buf(const void *buf, int len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_s_mem()\fR returns the memory \s-1BIO\s0 method function. .PP A memory \s-1BIO\s0 is a source/sink \s-1BIO\s0 which uses memory for its I/O. Data written to a memory \s-1BIO\s0 is stored in a \s-1BUF_MEM\s0 structure which is extended as appropriate to accommodate the stored data. .PP \&\fBBIO_s_secmem()\fR is like \fBBIO_s_mem()\fR except that the secure heap is used for buffer storage. .PP Any data written to a memory \s-1BIO\s0 can be recalled by reading from it. Unless the memory \s-1BIO\s0 is read only any data read from it is deleted from the \s-1BIO.\s0 .PP Memory BIOs support \fBBIO_gets()\fR and \fBBIO_puts()\fR. .PP If the \s-1BIO_CLOSE\s0 flag is set when a memory \s-1BIO\s0 is freed then the underlying \&\s-1BUF_MEM\s0 structure is also freed. .PP Calling \fBBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in it if the flag \s-1BIO_FLAGS_NONCLEAR_RST\s0 is not set, otherwise it just restores the read pointer to the state it was just after the last write was performed and the data can be read again. On a read only \s-1BIO\s0 it similarly restores the \s-1BIO\s0 to its original state and the read only data can be read again. .PP \&\fBBIO_eof()\fR is true if no data is in the \s-1BIO.\s0 .PP \&\fBBIO_ctrl_pending()\fR returns the number of bytes currently stored. .PP \&\fBBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is it will return zero and BIO_should_retry(b) will be false. If \fBv\fR is non zero then it will return \fBv\fR when it is empty and it will set the read retry flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal positive return value \fBv\fR should be set to a negative value, typically \-1. .PP \&\fBBIO_get_mem_data()\fR sets *\fBpp\fR to a pointer to the start of the memory BIOs data and returns the total amount of data available. It is implemented as a macro. .PP \&\fBBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 It is a macro. .PP \&\fBBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in *\fBpp\fR. It is a macro. .PP \&\fBBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR, if \fBlen\fR is \-1 then the \fBbuf\fR is assumed to be nul terminated and its length is determined by \fBstrlen\fR. The \s-1BIO\s0 is set to a read only state and as a result cannot be written to. This is useful when some data needs to be made available from a static area of memory in the form of a \s-1BIO.\s0 The supplied data is read directly from the supplied buffer: it is \fBnot\fR copied first, so the supplied area of memory must be unchanged until the \s-1BIO\s0 is freed. .SH "NOTES" .IX Header "NOTES" Writes to memory BIOs will always succeed if memory is available: that is their size can grow indefinitely. .PP Every write after partial read (not all data in the memory buffer was read) to a read write memory \s-1BIO\s0 will have to move the unread data with an internal copy operation, if a \s-1BIO\s0 contains a lot of data and it is read in small chunks intertwined with writes the operation can be very slow. Adding a buffering \s-1BIO\s0 to the chain can speed up the process. .PP Calling \fBBIO_set_mem_buf()\fR on a \s-1BIO\s0 created with \fBBIO_new_secmem()\fR will give undefined results, including perhaps a program crash. .PP Switching the memory \s-1BIO\s0 from read write to read only is not supported and can give undefined results including a program crash. There are two notable exceptions to the rule. The first one is to assign a static memory buffer immediately after \s-1BIO\s0 creation and set the \s-1BIO\s0 as read only. .PP The other supported sequence is to start with read write \s-1BIO\s0 then temporarily switch it to read only and call \fBBIO_reset()\fR on the read only \s-1BIO\s0 immediately before switching it back to read write. Before the \s-1BIO\s0 is freed it must be switched back to the read write mode. .PP Calling \fBBIO_get_mem_ptr()\fR on read only \s-1BIO\s0 will return a \s-1BUF_MEM\s0 that contains only the remaining data to be read. If the close status of the \&\s-1BIO\s0 is set to \s-1BIO_NOCLOSE,\s0 before freeing the \s-1BUF_MEM\s0 the data pointer in it must be set to \s-1NULL\s0 as the data pointer does not point to an allocated memory. .PP Calling \fBBIO_reset()\fR on a read write memory \s-1BIO\s0 with \s-1BIO_FLAGS_NONCLEAR_RST\s0 flag set can have unexpected outcome when the reads and writes to the \&\s-1BIO\s0 are intertwined. As documented above the \s-1BIO\s0 will be reset to the state after the last completed write operation. The effects of reads preceding that write operation cannot be undone. .PP Calling \fBBIO_get_mem_ptr()\fR prior to a \fBBIO_reset()\fR call with \&\s-1BIO_FLAGS_NONCLEAR_RST\s0 set has the same effect as a write operation. .SH "BUGS" .IX Header "BUGS" There should be an option to set the maximum size of a memory \s-1BIO.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_s_mem()\fR and \fBBIO_s_secmem()\fR return a valid memory \fB\s-1BIO_METHOD\s0\fR structure. .PP \&\fBBIO_set_mem_eof_return()\fR, \fBBIO_set_mem_buf()\fR and \fBBIO_get_mem_ptr()\fR return 1 on success or a value which is less than or equal to 0 if an error occurred. .PP \&\fBBIO_get_mem_data()\fR returns the total number of bytes available on success, 0 if b is \s-1NULL,\s0 or a negative value in case of other errors. .PP \&\fBBIO_new_mem_buf()\fR returns a valid \fB\s-1BIO\s0\fR structure on success or \s-1NULL\s0 on error. .SH "EXAMPLES" .IX Header "EXAMPLES" Create a memory \s-1BIO\s0 and write some data to it: .PP .Vb 1 \& BIO *mem = BIO_new(BIO_s_mem()); \& \& BIO_puts(mem, "Hello World\en"); .Ve .PP Create a read only memory \s-1BIO:\s0 .PP .Vb 2 \& char data[] = "Hello World"; \& BIO *mem = BIO_new_mem_buf(data, \-1); .Ve .PP Extract the \s-1BUF_MEM\s0 structure from a memory \s-1BIO\s0 and then free up the \s-1BIO:\s0 .PP .Vb 1 \& BUF_MEM *bptr; \& \& BIO_get_mem_ptr(mem, &bptr); \& BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */ \& BIO_free(mem); .Ve .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!` А RAND_egd.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RAND_EGD 3" .TH RAND_EGD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes \- query entropy gathering daemon .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int RAND_egd_bytes(const char *path, int num); \& int RAND_egd(const char *path); \& \& int RAND_query_egd_bytes(const char *path, unsigned char *buf, int num); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" On older platforms without a good source of randomness such as \f(CW\*(C`/dev/urandom\*(C'\fR, it is possible to query an Entropy Gathering Daemon (\s-1EGD\s0) over a local socket to obtain randomness and seed the OpenSSL \s-1RNG.\s0 The protocol used is defined by the EGDs available at or . .PP \&\fBRAND_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at the specified socket \fBpath\fR, and passes the data it receives into \fBRAND_add()\fR. \&\fBRAND_egd()\fR is equivalent to \fBRAND_egd_bytes()\fR with \fBnum\fR set to 255. .PP \&\fBRAND_query_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at the specified socket \fBpath\fR, where \fBnum\fR must be less than 256. If \fBbuf\fR is \fB\s-1NULL\s0\fR, it is equivalent to \fBRAND_egd_bytes()\fR. If \fBbuf\fR is not \fB\s-1NULL\s0\fR, then the data is copied to the buffer and \&\fBRAND_add()\fR is not called. .PP OpenSSL can be configured at build time to try to use the \s-1EGD\s0 for seeding automatically. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_egd()\fR and \fBRAND_egd_bytes()\fR return the number of bytes read from the daemon on success, or \-1 if the connection failed or the daemon did not return enough data to fully seed the \s-1PRNG.\s0 .PP \&\fBRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on success, or \-1 if the connection failed. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRAND_add\fR\|(3), \&\fBRAND_bytes\fR\|(3), \&\s-1\fBRAND\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!>v>o2i_SCT_LIST.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "O2I_SCT_LIST 3" .TH O2I_SCT_LIST 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" o2i_SCT_LIST, i2o_SCT_LIST, o2i_SCT, i2o_SCT \- decode and encode Signed Certificate Timestamp lists in TLS wire format .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, \& size_t len); \& int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); \& SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); \& int i2o_SCT(const SCT *sct, unsigned char **out); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1SCT_LIST\s0 and \s-1SCT\s0 functions are very similar to the i2d and d2i family of functions, except that they convert to and from \s-1TLS\s0 wire format, as described in \&\s-1RFC 6962.\s0 See d2i_SCT_LIST for more information about how the parameters are treated and the return values. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All of the functions have return values consistent with those stated for d2i_SCT_LIST and i2d_SCT_LIST. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBct\fR\|(7), \&\fBd2i_SCT_LIST\fR\|(3), \&\fBi2d_SCT_LIST\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!`ua a DSA_generate_parameters.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DSA_GENERATE_PARAMETERS 3" .TH DSA_GENERATE_PARAMETERS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DSA_generate_parameters_ex, DSA_generate_parameters \- generate DSA parameters .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int DSA_generate_parameters_ex(DSA *dsa, int bits, \& const unsigned char *seed, int seed_len, \& int *counter_ret, unsigned long *h_ret, \& BN_GENCB *cb); .Ve .PP Deprecated: .PP .Vb 5 \& #if OPENSSL_API_COMPAT < 0x00908000L \& DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len, \& int *counter_ret, unsigned long *h_ret, \& void (*callback)(int, int, void *), void *cb_arg); \& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBDSA_generate_parameters_ex()\fR generates primes p and q and a generator g for use in the \s-1DSA\s0 and stores the result in \fBdsa\fR. .PP \&\fBbits\fR is the length of the prime p to be generated. For lengths under 2048 bits, the length of q is 160 bits; for lengths greater than or equal to 2048 bits, the length of q is set to 256 bits. .PP If \fBseed\fR is \s-1NULL,\s0 the primes will be generated at random. If \fBseed_len\fR is less than the length of q, an error is returned. .PP \&\fBDSA_generate_parameters_ex()\fR places the iteration count in *\fBcounter_ret\fR and a counter used for finding a generator in *\fBh_ret\fR, unless these are \fB\s-1NULL\s0\fR. .PP A callback function may be used to provide feedback about the progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be called as shown below. For information on the \s-1BN_GENCB\s0 structure and the BN_GENCB_call function discussed below, refer to \&\fBBN_generate_prime\fR\|(3). .PP \&\fBDSA_generate_prime()\fR is similar to \fBDSA_generate_prime_ex()\fR but expects an old-style callback function; see \&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. .IP "\(bu" 2 When a candidate for q is generated, \fBBN_GENCB_call(cb, 0, m++)\fR is called (m is 0 for the first candidate). .IP "\(bu" 2 When a candidate for q has passed a test by trial division, \&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. While a candidate for q is tested by Miller-Rabin primality tests, \&\fBBN_GENCB_call(cb, 1, i)\fR is called in the outer loop (once for each witness that confirms that the candidate may be prime); i is the loop counter (starting at 0). .IP "\(bu" 2 When a prime q has been found, \fBBN_GENCB_call(cb, 2, 0)\fR and \&\fBBN_GENCB_call(cb, 3, 0)\fR are called. .IP "\(bu" 2 Before a candidate for p (other than the first) is generated and tested, \&\fBBN_GENCB_call(cb, 0, counter)\fR is called. .IP "\(bu" 2 When a candidate for p has passed the test by trial division, \&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. While it is tested by the Miller-Rabin primality test, \&\fBBN_GENCB_call(cb, 1, i)\fR is called in the outer loop (once for each witness that confirms that the candidate may be prime). i is the loop counter (starting at 0). .IP "\(bu" 2 When p has been found, \fBBN_GENCB_call(cb, 2, 1)\fR is called. .IP "\(bu" 2 When the generator has been found, \fBBN_GENCB_call(cb, 3, 1)\fR is called. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDSA_generate_parameters_ex()\fR returns a 1 on success, or 0 otherwise. The error codes can be obtained by \fBERR_get_error\fR\|(3). .PP \&\fBDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure or \&\fB\s-1NULL\s0\fR if the parameter generation fails. .SH "BUGS" .IX Header "BUGS" Seed lengths greater than 20 are not supported. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \&\fBDSA_free\fR\|(3), \fBBN_generate_prime\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBDSA_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use \&\fBDSA_generate_parameters_ex()\fR instead. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!:SZZSSL_get_default_timeout.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_DEFAULT_TIMEOUT 3" .TH SSL_GET_DEFAULT_TIMEOUT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get_default_timeout \- get default session timeout value .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_get_default_timeout(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_get_default_timeout()\fR returns the default timeout value assigned to \&\s-1SSL_SESSION\s0 objects negotiated for the protocol valid for \fBssl\fR. .SH "NOTES" .IX Header "NOTES" Whenever a new session is negotiated, it is assigned a timeout value, after which it will not be accepted for session reuse. If the timeout value was not explicitly set using \&\fBSSL_CTX_set_timeout\fR\|(3), the hardcoded default timeout for the protocol will be used. .PP \&\fBSSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds for all currently supported protocols. .SH "RETURN VALUES" .IX Header "RETURN VALUES" See description. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_session_cache_mode\fR\|(3), \&\fBSSL_SESSION_get_time\fR\|(3), \&\fBSSL_CTX_flush_sessions\fR\|(3), \&\fBSSL_get_default_timeout\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!?C3=3=DSA_meth_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DSA_METH_NEW 3" .TH DSA_METH_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DSA_meth_new, DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_name, DSA_meth_get_flags, DSA_meth_set_flags, DSA_meth_get0_app_data, DSA_meth_set0_app_data, DSA_meth_get_sign, DSA_meth_set_sign, DSA_meth_get_sign_setup, DSA_meth_set_sign_setup, DSA_meth_get_verify, DSA_meth_set_verify, DSA_meth_get_mod_exp, DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp, DSA_meth_get_init, DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen, DSA_meth_set_keygen \- Routines to build up DSA methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& DSA_METHOD *DSA_meth_new(const char *name, int flags); \& \& void DSA_meth_free(DSA_METHOD *dsam); \& \& DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth); \& \& const char *DSA_meth_get0_name(const DSA_METHOD *dsam); \& int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); \& \& int DSA_meth_get_flags(const DSA_METHOD *dsam); \& int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); \& \& void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); \& int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); \& \& DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))(const unsigned char *, \& int, DSA *); \& int DSA_meth_set_sign(DSA_METHOD *dsam, DSA_SIG *(*sign)(const unsigned char *, \& int, DSA *)); \& \& int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))(DSA *, BN_CTX *,$ \& BIGNUM **, BIGNUM **); \& int DSA_meth_set_sign_setup(DSA_METHOD *dsam, int (*sign_setup)(DSA *, BN_CTX *, \& BIGNUM **, BIGNUM **)); \& \& int (*DSA_meth_get_verify(const DSA_METHOD *dsam))(const unsigned char *, \& int, DSA_SIG *, DSA *); \& int DSA_meth_set_verify(DSA_METHOD *dsam, int (*verify)(const unsigned char *, \& int, DSA_SIG *, DSA *)); \& \& int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *rr, BIGNUM *a1, \& BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, \& BIGNUM *m, BN_CTX *ctx, \& BN_MONT_CTX *in_mont); \& int DSA_meth_set_mod_exp(DSA_METHOD *dsam, int (*mod_exp)(DSA *dsa, BIGNUM *rr, \& BIGNUM *a1, BIGNUM *p1, \& BIGNUM *a2, BIGNUM *p2, \& BIGNUM *m, BN_CTX *ctx, \& BN_MONT_CTX *mont)); \& \& int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *r, BIGNUM *a, \& const BIGNUM *p, const BIGNUM *m, \& BN_CTX *ctx, BN_MONT_CTX *mont); \& int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, int (*bn_mod_exp)(DSA *dsa, \& BIGNUM *r, \& BIGNUM *a, \& const BIGNUM *p, \& const BIGNUM *m, \& BN_CTX *ctx, \& BN_MONT_CTX *mont)); \& \& int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *); \& int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)); \& \& int (*DSA_meth_get_finish(const DSA_METHOD *dsam))(DSA *); \& int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish)(DSA *)); \& \& int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))(DSA *, int, \& const unsigned char *, \& int, int *, unsigned long *, \& BN_GENCB *); \& int DSA_meth_set_paramgen(DSA_METHOD *dsam, \& int (*paramgen)(DSA *, int, const unsigned char *, \& int, int *, unsigned long *, BN_GENCB *)); \& \& int (*DSA_meth_get_keygen(const DSA_METHOD *dsam))(DSA *); \& int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen)(DSA *)); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fB\s-1DSA_METHOD\s0\fR type is a structure used for the provision of custom \s-1DSA\s0 implementations. It provides a set of functions used by OpenSSL for the implementation of the various \s-1DSA\s0 capabilities. See the dsa page for more information. .PP \&\fBDSA_meth_new()\fR creates a new \fB\s-1DSA_METHOD\s0\fR structure. It should be given a unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated string, which will be duplicated and stored in the \fB\s-1DSA_METHOD\s0\fR object. It is the callers responsibility to free the original string. The flags will be used during the construction of a new \fB\s-1DSA\s0\fR object based on this \fB\s-1DSA_METHOD\s0\fR. Any new \fB\s-1DSA\s0\fR object will have those flags set by default. .PP \&\fBDSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1DSA_METHOD\s0\fR object passed as a parameter. This might be useful for creating a new \fB\s-1DSA_METHOD\s0\fR based on an existing one, but with some differences. .PP \&\fBDSA_meth_free()\fR destroys a \fB\s-1DSA_METHOD\s0\fR structure and frees up any memory associated with it. .PP \&\fBDSA_meth_get0_name()\fR will return a pointer to the name of this \s-1DSA_METHOD.\s0 This is a pointer to the internal name string and so should not be freed by the caller. \fBDSA_meth_set1_name()\fR sets the name of the \s-1DSA_METHOD\s0 to \fBname\fR. The string is duplicated and the copy is stored in the \s-1DSA_METHOD\s0 structure, so the caller remains responsible for freeing the memory associated with the name. .PP \&\fBDSA_meth_get_flags()\fR returns the current value of the flags associated with this \&\s-1DSA_METHOD.\s0 \fBDSA_meth_set_flags()\fR provides the ability to set these flags. .PP The functions \fBDSA_meth_get0_app_data()\fR and \fBDSA_meth_set0_app_data()\fR provide the ability to associate implementation specific data with the \s-1DSA_METHOD.\s0 It is the application's responsibility to free this data before the \s-1DSA_METHOD\s0 is freed via a call to \fBDSA_meth_free()\fR. .PP \&\fBDSA_meth_get_sign()\fR and \fBDSA_meth_set_sign()\fR get and set the function used for creating a \s-1DSA\s0 signature respectively. This function will be called in response to the application calling \fBDSA_do_sign()\fR (or \fBDSA_sign()\fR). The parameters for the function have the same meaning as for \fBDSA_do_sign()\fR. .PP \&\fBDSA_meth_get_sign_setup()\fR and \fBDSA_meth_set_sign_setup()\fR get and set the function used for precalculating the \s-1DSA\s0 signature values \fBk^\-1\fR and \fBr\fR. This function will be called in response to the application calling \fBDSA_sign_setup()\fR. The parameters for the function have the same meaning as for \fBDSA_sign_setup()\fR. .PP \&\fBDSA_meth_get_verify()\fR and \fBDSA_meth_set_verify()\fR get and set the function used for verifying a \s-1DSA\s0 signature respectively. This function will be called in response to the application calling \fBDSA_do_verify()\fR (or \fBDSA_verify()\fR). The parameters for the function have the same meaning as for \fBDSA_do_verify()\fR. .PP \&\fBDSA_meth_get_mod_exp()\fR and \fBDSA_meth_set_mod_exp()\fR get and set the function used for computing the following value: .PP .Vb 1 \& rr = a1^p1 * a2^p2 mod m .Ve .PP This function will be called by the default OpenSSL method during verification of a \s-1DSA\s0 signature. The result is stored in the \fBrr\fR parameter. This function may be \s-1NULL.\s0 .PP \&\fBDSA_meth_get_bn_mod_exp()\fR and \fBDSA_meth_set_bn_mod_exp()\fR get and set the function used for computing the following value: .PP .Vb 1 \& r = a ^ p mod m .Ve .PP This function will be called by the default OpenSSL function for \&\fBDSA_sign_setup()\fR. The result is stored in the \fBr\fR parameter. This function may be \s-1NULL.\s0 .PP \&\fBDSA_meth_get_init()\fR and \fBDSA_meth_set_init()\fR get and set the function used for creating a new \s-1DSA\s0 instance respectively. This function will be called in response to the application calling \fBDSA_new()\fR (if the current default \&\s-1DSA_METHOD\s0 is this one) or \fBDSA_new_method()\fR. The \fBDSA_new()\fR and \fBDSA_new_method()\fR functions will allocate the memory for the new \s-1DSA\s0 object, and a pointer to this newly allocated structure will be passed as a parameter to the function. This function may be \s-1NULL.\s0 .PP \&\fBDSA_meth_get_finish()\fR and \fBDSA_meth_set_finish()\fR get and set the function used for destroying an instance of a \s-1DSA\s0 object respectively. This function will be called in response to the application calling \fBDSA_free()\fR. A pointer to the \s-1DSA\s0 to be destroyed is passed as a parameter. The destroy function should be used for \s-1DSA\s0 implementation specific clean up. The memory for the \s-1DSA\s0 itself should not be freed by this function. This function may be \s-1NULL.\s0 .PP \&\fBDSA_meth_get_paramgen()\fR and \fBDSA_meth_set_paramgen()\fR get and set the function used for generating \s-1DSA\s0 parameters respectively. This function will be called in response to the application calling \fBDSA_generate_parameters_ex()\fR (or \&\fBDSA_generate_parameters()\fR). The parameters for the function have the same meaning as for \fBDSA_generate_parameters_ex()\fR. .PP \&\fBDSA_meth_get_keygen()\fR and \fBDSA_meth_set_keygen()\fR get and set the function used for generating a new \s-1DSA\s0 key pair respectively. This function will be called in response to the application calling \fBDSA_generate_key()\fR. The parameter for the function has the same meaning as for \fBDSA_generate_key()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDSA_meth_new()\fR and \fBDSA_meth_dup()\fR return the newly allocated \s-1DSA_METHOD\s0 object or \s-1NULL\s0 on failure. .PP \&\fBDSA_meth_get0_name()\fR and \fBDSA_meth_get_flags()\fR return the name and flags associated with the \s-1DSA_METHOD\s0 respectively. .PP All other DSA_meth_get_*() functions return the appropriate function pointer that has been set in the \s-1DSA_METHOD,\s0 or \s-1NULL\s0 if no such pointer has yet been set. .PP \&\fBDSA_meth_set1_name()\fR and all DSA_meth_set_*() functions return 1 on success or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \fBDSA_generate_key\fR\|(3), \&\fBDSA_dup_DH\fR\|(3), \fBDSA_do_sign\fR\|(3), \fBDSA_set_method\fR\|(3), \fBDSA_SIG_new\fR\|(3), \&\fBDSA_sign\fR\|(3), \fBDSA_size\fR\|(3), \fBDSA_get0_pqg\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!LV'V' PEM_read.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PEM_READ 3" .TH PEM_READ 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" PEM_write, PEM_write_bio, PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO \&\- PEM encoding routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int PEM_write(FILE *fp, const char *name, const char *header, \& const unsigned char *data, long len) \& int PEM_write_bio(BIO *bp, const char *name, const char *header, \& const unsigned char *data, long len) \& \& int PEM_read(FILE *fp, char **name, char **header, \& unsigned char **data, long *len); \& int PEM_read_bio(BIO *bp, char **name, char **header, \& unsigned char **data, long *len); \& \& int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo); \& int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len, \& pem_password_cb *cb, void *u); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions read and write PEM-encoded objects, using the \s-1PEM\s0 type \fBname\fR, any additional \fBheader\fR information, and the raw \&\fBdata\fR of length \fBlen\fR. .PP \&\s-1PEM\s0 is the term used for binary content encoding first defined in \s-1IETF RFC 1421.\s0 The content is a series of base64\-encoded lines, surrounded by begin/end markers each on their own line. For example: .PP .Vb 4 \& \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- \& MIICdg.... \& ... bhTQ== \& \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- .Ve .PP Optional header line(s) may appear after the begin line, and their existence depends on the type of object being written or read. .PP \&\fBPEM_write()\fR writes to the file \fBfp\fR, while \fBPEM_write_bio()\fR writes to the \s-1BIO\s0 \fBbp\fR. The \fBname\fR is the name to use in the marker, the \&\fBheader\fR is the header value or \s-1NULL,\s0 and \fBdata\fR and \fBlen\fR specify the data and its length. .PP The final \fBdata\fR buffer is typically an \s-1ASN.1\s0 object which can be decoded with the \fBd2i\fR function appropriate to the type \fBname\fR; see \fBd2i_X509\fR\|(3) for examples. .PP \&\fBPEM_read()\fR reads from the file \fBfp\fR, while \fBPEM_read_bio()\fR reads from the \s-1BIO\s0 \fBbp\fR. Both skip any non-PEM data that precedes the start of the next \s-1PEM\s0 object. When an object is successfully retrieved, the type name from the \*(L"\-\-\-\-BEGIN \-\-\-\-\-\*(R" is returned via the \fBname\fR argument, any encapsulation headers are returned in \fBheader\fR and the base64\-decoded content and its length are returned via \fBdata\fR and \fBlen\fR respectively. The \fBname\fR, \fBheader\fR and \fBdata\fR pointers are allocated via \fBOPENSSL_malloc()\fR and should be freed by the caller via \fBOPENSSL_free()\fR when no longer needed. .PP \&\fBPEM_get_EVP_CIPHER_INFO()\fR can be used to determine the \fBdata\fR returned by \&\fBPEM_read()\fR or \fBPEM_read_bio()\fR is encrypted and to retrieve the associated cipher and \s-1IV.\s0 The caller passes a pointer to structure of type \fB\s-1EVP_CIPHER_INFO\s0\fR via the \&\fBcinfo\fR argument and the \fBheader\fR returned via \fBPEM_read()\fR or \fBPEM_read_bio()\fR. If the call is successful 1 is returned and the cipher and \s-1IV\s0 are stored at the address pointed to by \fBcinfo\fR. When the header is malformed, or not supported or when the cipher is unknown or some internal error happens 0 is returned. This function is deprecated, see \fB\s-1NOTES\s0\fR below. .PP \&\fBPEM_do_header()\fR can then be used to decrypt the data if the header indicates encryption. The \fBcinfo\fR argument is a pointer to the structure initialized by the previous call to \fBPEM_get_EVP_CIPHER_INFO()\fR. The \fBdata\fR and \fBlen\fR arguments are those returned by the previous call to \&\fBPEM_read()\fR or \fBPEM_read_bio()\fR. The \fBcb\fR and \fBu\fR arguments make it possible to override the default password prompt function as described in \fBPEM_read_PrivateKey\fR\|(3). On successful completion the \fBdata\fR is decrypted in place, and \fBlen\fR is updated to indicate the plaintext length. This function is deprecated, see \fB\s-1NOTES\s0\fR below. .PP If the data is a priori known to not be encrypted, then neither \fBPEM_do_header()\fR nor \fBPEM_get_EVP_CIPHER_INFO()\fR need be called. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPEM_read()\fR and \fBPEM_read_bio()\fR return 1 on success and 0 on failure, the latter includes the case when no more \s-1PEM\s0 objects remain in the input file. To distinguish end of file from more serious errors the caller must peek at the error stack and check for \fB\s-1PEM_R_NO_START_LINE\s0\fR, which indicates that no more \&\s-1PEM\s0 objects were found. See \fBERR_peek_last_error\fR\|(3), \s-1\fBERR_GET_REASON\s0\fR\|(3). .PP \&\fBPEM_get_EVP_CIPHER_INFO()\fR and \fBPEM_do_header()\fR return 1 on success, and 0 on failure. The \fBdata\fR is likely meaningless if these functions fail. .SH "NOTES" .IX Header "NOTES" The \fBPEM_get_EVP_CIPHER_INFO()\fR and \fBPEM_do_header()\fR functions are deprecated. This is because the underlying \s-1PEM\s0 encryption format is obsolete, and should be avoided. It uses an encryption format with an OpenSSL-specific key-derivation function, which employs \s-1MD5\s0 with an iteration count of 1! Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5 v2.0 \s-1PBE.\s0 See \fBPEM_write_PrivateKey\fR\|(3) and \fBd2i_PKCS8PrivateKey_bio\fR\|(3). .PP \&\fBPEM_do_header()\fR makes no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_peek_last_error\fR\|(3), \s-1\fBERR_GET_LIB\s0\fR\|(3), \&\fBd2i_PKCS8PrivateKey_bio\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ӱMSSL_get_version.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_VERSION 3" .TH SSL_GET_VERSION 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_version \- get the protocol information of a connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_client_version(const SSL *s); \& \& const char *SSL_get_version(const SSL *ssl); \& \& int SSL_is_dtls(const SSL *ssl); \& \& int SSL_version(const SSL *s); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_client_version()\fR returns the numeric protocol version advertised by the client in the legacy_version field of the ClientHello when initiating the connection. Note that, for \s-1TLS,\s0 this value will never indicate a version greater than TLSv1.2 even if TLSv1.3 is subsequently negotiated. \fBSSL_get_version()\fR returns the name of the protocol used for the connection. \fBSSL_version()\fR returns the numeric protocol version used for the connection. They should only be called after the initial handshake has been completed. Prior to that the results returned from these functions may be unreliable. .PP \&\fBSSL_is_dtls()\fR returns one if the connection is using \s-1DTLS,\s0 zero if not. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_get_version()\fR returns one of the following strings: .IP "SSLv3" 4 .IX Item "SSLv3" The connection uses the SSLv3 protocol. .IP "TLSv1" 4 .IX Item "TLSv1" The connection uses the TLSv1.0 protocol. .IP "TLSv1.1" 4 .IX Item "TLSv1.1" The connection uses the TLSv1.1 protocol. .IP "TLSv1.2" 4 .IX Item "TLSv1.2" The connection uses the TLSv1.2 protocol. .IP "TLSv1.3" 4 .IX Item "TLSv1.3" The connection uses the TLSv1.3 protocol. .IP "unknown" 4 .IX Item "unknown" This indicates an unknown protocol version. .PP \&\fBSSL_version()\fR and \fBSSL_client_version()\fR return an integer which could include any of the following: .IP "\s-1SSL3_VERSION\s0" 4 .IX Item "SSL3_VERSION" The connection uses the SSLv3 protocol. .IP "\s-1TLS1_VERSION\s0" 4 .IX Item "TLS1_VERSION" The connection uses the TLSv1.0 protocol. .IP "\s-1TLS1_1_VERSION\s0" 4 .IX Item "TLS1_1_VERSION" The connection uses the TLSv1.1 protocol. .IP "\s-1TLS1_2_VERSION\s0" 4 .IX Item "TLS1_2_VERSION" The connection uses the TLSv1.2 protocol. .IP "\s-1TLS1_3_VERSION\s0" 4 .IX Item "TLS1_3_VERSION" The connection uses the TLSv1.3 protocol (never returned for \&\fBSSL_client_version()\fR). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_is_dtls()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!###X509_PUBKEY_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_PUBKEY_NEW 3" .TH X509_PUBKEY_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get, d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp, i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, X509_PUBKEY_get0_param \- SubjectPublicKeyInfo public key functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& X509_PUBKEY *X509_PUBKEY_new(void); \& void X509_PUBKEY_free(X509_PUBKEY *a); \& \& int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); \& EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); \& EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); \& \& EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); \& int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); \& \& EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); \& EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); \& \& int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); \& int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); \& \& int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, \& int ptype, void *pval, \& unsigned char *penc, int penclen); \& int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, \& const unsigned char **pk, int *ppklen, \& X509_ALGOR **pa, X509_PUBKEY *pub); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBX509_PUBKEY\fR structure represents the \s-1ASN.1\s0 \fBSubjectPublicKeyInfo\fR structure defined in \s-1RFC5280\s0 and used in certificates and certificate requests. .PP \&\fBX509_PUBKEY_new()\fR allocates and initializes an \fBX509_PUBKEY\fR structure. .PP \&\fBX509_PUBKEY_free()\fR frees up \fBX509_PUBKEY\fR structure \fBa\fR. If \fBa\fR is \s-1NULL\s0 nothing is done. .PP \&\fBX509_PUBKEY_set()\fR sets the public key in \fB*x\fR to the public key contained in the \fB\s-1EVP_PKEY\s0\fR structure \fBpkey\fR. If \fB*x\fR is not \s-1NULL\s0 any existing public key structure will be freed. .PP \&\fBX509_PUBKEY_get0()\fR returns the public key contained in \fBkey\fR. The returned value is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed after use. .PP \&\fBX509_PUBKEY_get()\fR is similar to \fBX509_PUBKEY_get0()\fR except the reference count on the returned key is incremented so it \fB\s-1MUST\s0\fR be freed using \&\fBEVP_PKEY_free()\fR after use. .PP \&\fBd2i_PUBKEY()\fR and \fBi2d_PUBKEY()\fR decode and encode an \fB\s-1EVP_PKEY\s0\fR structure using \fBSubjectPublicKeyInfo\fR format. They otherwise follow the conventions of other \s-1ASN.1\s0 functions such as \fBd2i_X509()\fR. .PP \&\fBd2i_PUBKEY_bio()\fR, \fBd2i_PUBKEY_fp()\fR, \fBi2d_PUBKEY_bio()\fR and \fBi2d_PUBKEY_fp()\fR are similar to \fBd2i_PUBKEY()\fR and \fBi2d_PUBKEY()\fR except they decode or encode using a \&\fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR pointer. .PP \&\fBX509_PUBKEY_set0_param()\fR sets the public key parameters of \fBpub\fR. The \&\s-1OID\s0 associated with the algorithm is set to \fBaobj\fR. The type of the algorithm parameters is set to \fBtype\fR using the structure \fBpval\fR. The encoding of the public key itself is set to the \fBpenclen\fR bytes contained in buffer \fBpenc\fR. On success ownership of all the supplied parameters is passed to \fBpub\fR so they must not be freed after the call. .PP \&\fBX509_PUBKEY_get0_param()\fR retrieves the public key parameters from \fBpub\fR, \&\fB*ppkalg\fR is set to the associated \s-1OID\s0 and the encoding consists of \&\fB*ppklen\fR bytes at \fB*pk\fR, \fB*pa\fR is set to the associated AlgorithmIdentifier for the public key. If the value of any of these parameters is not required it can be set to \fB\s-1NULL\s0\fR. All of the retrieved pointers are internal and must not be freed after the call. .SH "NOTES" .IX Header "NOTES" The \fBX509_PUBKEY\fR functions can be used to encode and decode public keys in a standard format. .PP In many cases applications will not call the \fBX509_PUBKEY\fR functions directly: they will instead call wrapper functions such as \fBX509_get0_pubkey()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" If the allocation fails, \fBX509_PUBKEY_new()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained by \fBERR_get_error\fR\|(3). .PP Otherwise it returns a pointer to the newly allocated structure. .PP \&\fBX509_PUBKEY_free()\fR does not return a value. .PP \&\fBX509_PUBKEY_get0()\fR and \fBX509_PUBKEY_get()\fR return a pointer to an \fB\s-1EVP_PKEY\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurs. .PP \&\fBX509_PUBKEY_set()\fR, \fBX509_PUBKEY_set0_param()\fR and \fBX509_PUBKEY_get0_param()\fR return 1 for success and 0 if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), \&\fBERR_get_error\fR\|(3), \&\fBX509_get_pubkey\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!~l"l"CMS_add1_signer.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CMS_ADD1_SIGNER 3" .TH CMS_ADD1_SIGNER 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CMS_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed data structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert, \& EVP_PKEY *pkey, const EVP_MD *md, \& unsigned int flags); \& \& int CMS_SignerInfo_sign(CMS_SignerInfo *si); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBCMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData structure \fBcms\fR. .PP The CMS_ContentInfo structure should be obtained from an initial call to \&\fBCMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a valid CMS_ContentInfo SignedData structure. .PP If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public key algorithm will be used. .PP Unless the \fB\s-1CMS_REUSE_DIGEST\s0\fR flag is set the returned CMS_ContentInfo structure is not complete and must be finalized either by streaming (if applicable) or a call to \fBCMS_final()\fR. .PP The \fBCMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PARTIAL\s0\fR flags are both set. .SH "NOTES" .IX Header "NOTES" The main purpose of \fBCMS_add1_signer()\fR is to provide finer control over a \s-1CMS\s0 signed data structure where the simpler \fBCMS_sign()\fR function defaults are not appropriate. For example if multiple signers or non default digest algorithms are needed. New attributes can also be added using the returned CMS_SignerInfo structure and the \s-1CMS\s0 attribute utility functions or the \&\s-1CMS\s0 signed receipt request functions. .PP Any of the following flags (ored together) can be passed in the \fBflags\fR parameter. .PP If \fB\s-1CMS_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content digest value from the CMS_ContentInfo structure: to add a signer to an existing structure. An error occurs if a matching digest value cannot be found to copy. The returned CMS_ContentInfo structure will be valid and finalized when this flag is set. .PP If \fB\s-1CMS_PARTIAL\s0\fR is set in addition to \fB\s-1CMS_REUSE_DIGEST\s0\fR then the CMS_SignerInfo structure will not be finalized so additional attributes can be added. In this case an explicit call to \fBCMS_SignerInfo_sign()\fR is needed to finalize it. .PP If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the CMS_ContentInfo structure, the signer's certificate must still be supplied in the \fBsigncert\fR parameter though. This can reduce the size of the signature if the signers certificate can be obtained by other means: for example a previously signed message. .PP The SignedData structure includes several \s-1CMS\s0 signedAttributes including the signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are omitted. .PP OpenSSL will by default identify signing certificates using issuer name and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key identifier value instead. An error occurs if the signing certificate does not have a subject key identifier extension. .PP If present the SMIMECapabilities attribute indicates support for the following algorithms in preference order: 256 bit \s-1AES,\s0 Gost R3411\-94, Gost 28147\-89, 192 bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is not loaded. .PP \&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo structure just added, this can be used to set additional attributes before it is finalized. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo structure just added or \s-1NULL\s0 if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), \&\fBCMS_final\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2014\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!രWWCMS_add0_cert.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CMS_ADD0_CERT 3" .TH CMS_ADD0_CERT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls \&\- CMS certificate and CRL utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); \& int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); \& STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); \& \& int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); \& int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); \& STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBCMS_add0_cert()\fR and \fBCMS_add1_cert()\fR add certificate \fIcert\fR to \fIcms\fR. \&\fIcms\fR must be of type signed data or (authenticated) enveloped data. For signed data, such a certificate can be used when signing or verifying to fill in the signer certificate or to provide an extra \s-1CA\s0 certificate that may be needed for chain building in certificate validation. .PP \&\fBCMS_get1_certs()\fR returns all certificates in \fIcms\fR. .PP \&\fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR add \s-1CRL\s0 \fIcrl\fR to \fIcms\fR. \&\fIcms\fR must be of type signed data or (authenticated) enveloped data. For signed data, such a \s-1CRL\s0 may be used in certificate validation. It may be given both for inclusion when signing a \s-1CMS\s0 message and when verifying a signed \s-1CMS\s0 message. .PP \&\fBCMS_get1_crls()\fR returns all CRLs in \fIcms\fR. .SH "NOTES" .IX Header "NOTES" The CMS_ContentInfo structure \fIcms\fR must be of type signed data or enveloped data or an error will be returned. .PP For signed data certificates and CRLs are added to the \fIcertificates\fR and \&\fIcrls\fR fields of SignedData structure. For enveloped data they are added to \&\fBOriginatorInfo\fR. .PP As the \fI0\fR implies \fBCMS_add0_cert()\fR adds \fIcert\fR internally to \fIcms\fR and it must not be freed up after the call as opposed to \fBCMS_add1_cert()\fR where \fIcert\fR must be freed up. .PP The same certificate or \s-1CRL\s0 must not be added to the same cms structure more than once. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_add0_cert()\fR, \fBCMS_add1_cert()\fR and \fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR return 1 for success and 0 for failure. .PP \&\fBCMS_get1_certs()\fR and \fBCMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs or \s-1NULL\s0 if there are none or an error occurs. The only error which will occur in practice is if the \fIcms\fR type is invalid. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \&\fBCMS_sign\fR\|(3), \&\fBCMS_encrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!'Ts's'!SSL_CTX_set_generate_session_id.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_GENERATE_SESSION_ID 3" .TH SSL_CTX_SET_GENERATE_SESSION_ID 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id, GEN_SESSION_CB \&\- manipulate generation of SSL session IDs (server only) .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef int (*GEN_SESSION_CB)(SSL *ssl, unsigned char *id, \& unsigned int *id_len); \& \& int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); \& int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb); \& int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, \& unsigned int id_len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_generate_session_id()\fR sets the callback function for generating new session ids for \s-1SSL/TLS\s0 sessions for \fBctx\fR to be \fBcb\fR. .PP \&\fBSSL_set_generate_session_id()\fR sets the callback function for generating new session ids for \s-1SSL/TLS\s0 sessions for \fBssl\fR to be \fBcb\fR. .PP \&\fBSSL_has_matching_session_id()\fR checks, whether a session with id \fBid\fR (of length \fBid_len\fR) is already contained in the internal session cache of the parent context of \fBssl\fR. .SH "NOTES" .IX Header "NOTES" When a new session is established between client and server, the server generates a session id. The session id is an arbitrary sequence of bytes. The length of the session id is between 1 and 32 bytes. The session id is not security critical but must be unique for the server. Additionally, the session id is transmitted in the clear when reusing the session so it must not contain sensitive information. .PP Without a callback being set, an OpenSSL server will generate a unique session id from pseudo random numbers of the maximum possible length. Using the callback function, the session id can be changed to contain additional information like e.g. a host id in order to improve load balancing or external caching techniques. .PP The callback function receives a pointer to the memory location to put \&\fBid\fR into and a pointer to the maximum allowed length \fBid_len\fR. The buffer at location \fBid\fR is only guaranteed to have the size \fBid_len\fR. The callback is only allowed to generate a shorter id and reduce \fBid_len\fR; the callback \fBmust never\fR increase \fBid_len\fR or write to the location \&\fBid\fR exceeding the given limit. .PP The location \fBid\fR is filled with 0x00 before the callback is called, so the callback may only fill part of the possible length and leave \fBid_len\fR untouched while maintaining reproducibility. .PP Since the sessions must be distinguished, session ids must be unique. Without the callback a random number is used, so that the probability of generating the same session id is extremely small (2^256 for SSLv3/TLSv1). In order to assure the uniqueness of the generated session id, the callback must call \&\fBSSL_has_matching_session_id()\fR and generate another id if a conflict occurs. If an id conflict is not resolved, the handshake will fail. If the application codes e.g. a unique host id, a unique process number, and a unique sequence number into the session id, uniqueness could easily be achieved without randomness added (it should however be taken care that no confidential information is leaked this way). If the application can not guarantee uniqueness, it is recommended to use the maximum \fBid_len\fR and fill in the bytes not used to code special information with random data to avoid collisions. .PP \&\fBSSL_has_matching_session_id()\fR will only query the internal session cache, not the external one. Since the session id is generated before the handshake is completed, it is not immediately added to the cache. If another thread is using the same internal session cache, a race condition can occur in that another thread generates the same session id. Collisions can also occur when using an external session cache, since the external cache is not tested with \fBSSL_has_matching_session_id()\fR and the same race condition applies. .PP The callback must return 0 if it cannot generate a session id for whatever reason and return 1 on success. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_generate_session_id()\fR and \fBSSL_set_generate_session_id()\fR always return 1. .PP \&\fBSSL_has_matching_session_id()\fR returns 1 if another session with the same id is already in the cache. .SH "EXAMPLES" .IX Header "EXAMPLES" The callback function listed will generate a session id with the server id given, and will fill the rest with pseudo random bytes: .PP .Vb 1 \& const char session_id_prefix = "www\-18"; \& \& #define MAX_SESSION_ID_ATTEMPTS 10 \& static int generate_session_id(SSL *ssl, unsigned char *id, \& unsigned int *id_len) \& { \& unsigned int count = 0; \& \& do { \& RAND_pseudo_bytes(id, *id_len); \& /* \& * Prefix the session_id with the required prefix. NB: If our \& * prefix is too long, clip it \- but there will be worse effects \& * anyway, e.g. the server could only possibly create 1 session \& * ID (i.e. the prefix!) so all future session negotiations will \& * fail due to conflicts. \& */ \& memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ? \& strlen(session_id_prefix) : *id_len); \& } while (SSL_has_matching_session_id(ssl, id, *id_len) \& && ++count < MAX_SESSION_ID_ATTEMPTS); \& if (count >= MAX_SESSION_ID_ATTEMPTS) \& return 0; \& return 1; \& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_version\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!C ҦRIPEMD160_Init.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RIPEMD160_INIT 3" .TH RIPEMD160_INIT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- RIPEMD\-160 hash function .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, \& unsigned char *md); \& \& int RIPEMD160_Init(RIPEMD160_CTX *c); \& int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); \& int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1RIPEMD\-160\s0 is a cryptographic hash function with a 160 bit output. .PP \&\s-1\fBRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR bytes at \fBd\fR and places it in \fBmd\fR (which must have space for \&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. .PP The following functions may be used if the message is not completely stored in memory: .PP \&\fBRIPEMD160_Init()\fR initializes a \fB\s-1RIPEMD160_CTX\s0\fR structure. .PP \&\fBRIPEMD160_Update()\fR can be called repeatedly with chunks of the message to be hashed (\fBlen\fR bytes at \fBdata\fR). .PP \&\fBRIPEMD160_Final()\fR places the message digest in \fBmd\fR, which must have space for \s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output, and erases the \fB\s-1RIPEMD160_CTX\s0\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\s-1\fBRIPEMD160\s0()\fR returns a pointer to the hash value. .PP \&\fBRIPEMD160_Init()\fR, \fBRIPEMD160_Update()\fR and \fBRIPEMD160_Final()\fR return 1 for success, 0 otherwise. .SH "NOTE" .IX Header "NOTE" Applications should use the higher level functions \&\fBEVP_DigestInit\fR\|(3) etc. instead of calling these functions directly. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1ISO/IEC 10118\-3:2016\s0 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!DII%=%= BIO_f_ssl.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_F_SSL 3" .TH BIO_F_SSL 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_do_handshake, BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes, BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, BIO_ssl_shutdown \- SSL BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 \& #include \& #include \& \& const BIO_METHOD *BIO_f_ssl(void); \& \& long BIO_set_ssl(BIO *b, SSL *ssl, long c); \& long BIO_get_ssl(BIO *b, SSL **sslp); \& long BIO_set_ssl_mode(BIO *b, long client); \& long BIO_set_ssl_renegotiate_bytes(BIO *b, long num); \& long BIO_set_ssl_renegotiate_timeout(BIO *b, long seconds); \& long BIO_get_num_renegotiates(BIO *b); \& \& BIO *BIO_new_ssl(SSL_CTX *ctx, int client); \& BIO *BIO_new_ssl_connect(SSL_CTX *ctx); \& BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); \& int BIO_ssl_copy_session_id(BIO *to, BIO *from); \& void BIO_ssl_shutdown(BIO *bio); \& \& long BIO_do_handshake(BIO *b); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to \&\s-1SSL I/O.\s0 .PP I/O performed on an \s-1SSL BIO\s0 communicates using the \s-1SSL\s0 protocol with the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established then an attempt is made to establish one on the first I/O call. .PP If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fBBIO_push()\fR it is automatically used as the \s-1SSL\s0 BIOs read and write BIOs. .PP Calling \fBBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection by calling \fBSSL_shutdown()\fR. \fBBIO_reset()\fR is then sent to the next \s-1BIO\s0 in the chain: this will typically disconnect the underlying transport. The \s-1SSL BIO\s0 is then reset to the initial accept or connect state. .PP If the close flag is set when an \s-1SSL BIO\s0 is freed then the internal \&\s-1SSL\s0 structure is also freed using \fBSSL_free()\fR. .PP \&\fBBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1SSL BIO\s0 \fBb\fR to \fBssl\fR using the close flag \fBc\fR. .PP \&\fBBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1SSL BIO\s0 \fBb\fR, it can then be manipulated using the standard \s-1SSL\s0 library functions. .PP \&\fBBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR is 1 client mode is set. If \fBclient\fR is 0 server mode is set. .PP \&\fBBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count of \s-1SSL BIO\s0 \fBb\fR to \fBnum\fR. When set after every \fBnum\fR bytes of I/O (read and write) the \s-1SSL\s0 session is automatically renegotiated. \fBnum\fR must be at least 512 bytes. .PP \&\fBBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout of \s-1SSL BIO\s0 \fBb\fR to \fBseconds\fR. When the renegotiate timeout elapses the session is automatically renegotiated. .PP \&\fBBIO_get_num_renegotiates()\fR returns the total number of session renegotiations due to I/O or timeout of \s-1SSL BIO\s0 \fBb\fR. .PP \&\fBBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using client mode if \fBclient\fR is non zero. .PP \&\fBBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an \&\s-1SSL BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO.\s0 .PP \&\fBBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of a buffering \s-1BIO,\s0 an \s-1SSL BIO\s0 (using \fBctx\fR), and a connect \s-1BIO.\s0 .PP \&\fBBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between \&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the \&\s-1SSL\s0 BIOs in each chain and calling \fBSSL_copy_session_id()\fR on the internal \s-1SSL\s0 pointer. .PP \&\fBBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0 chain \fBbio\fR. It does this by locating the \s-1SSL BIO\s0 in the chain and calling \fBSSL_shutdown()\fR on its internal \s-1SSL\s0 pointer. .PP \&\fBBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. It returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established, the call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs to determine if the call should be retried. If an \s-1SSL\s0 connection has already been established this call has no effect. .SH "NOTES" .IX Header "NOTES" \&\s-1SSL\s0 BIOs are exceptional in that if the underlying transport is non blocking they can still request a retry in exceptional circumstances. Specifically this will happen if a session renegotiation takes place during a \fBBIO_read_ex()\fR operation, one case where this happens is when step up occurs. .PP The \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be set to disable this behaviour. That is when this flag is set an \s-1SSL BIO\s0 using a blocking transport will never request a retry. .PP Since unknown \fBBIO_ctrl()\fR operations are sent through filter BIOs the servers name and port can be set using \fBBIO_set_host()\fR on the \s-1BIO\s0 returned by \fBBIO_new_ssl_connect()\fR without having to locate the connect \s-1BIO\s0 first. .PP Applications do not have to call \fBBIO_do_handshake()\fR but may wish to do so to separate the handshake process from other I/O processing. .PP \&\fBBIO_set_ssl()\fR, \fBBIO_get_ssl()\fR, \fBBIO_set_ssl_mode()\fR, \&\fBBIO_set_ssl_renegotiate_bytes()\fR, \fBBIO_set_ssl_renegotiate_timeout()\fR, \&\fBBIO_get_num_renegotiates()\fR, and \fBBIO_do_handshake()\fR are implemented as macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_f_ssl()\fR returns the \s-1SSL\s0 \fB\s-1BIO_METHOD\s0\fR structure. .PP \&\fBBIO_set_ssl()\fR, \fBBIO_get_ssl()\fR, \fBBIO_set_ssl_mode()\fR, \fBBIO_set_ssl_renegotiate_bytes()\fR, \&\fBBIO_set_ssl_renegotiate_timeout()\fR and \fBBIO_get_num_renegotiates()\fR return 1 on success or a value which is less than or equal to 0 if an error occurred. .PP \&\fBBIO_new_ssl()\fR, \fBBIO_new_ssl_connect()\fR and \fBBIO_new_buffer_ssl_connect()\fR return a valid \fB\s-1BIO\s0\fR structure on success or \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBBIO_ssl_copy_session_id()\fR returns 1 on success or 0 on error. .PP \&\fBBIO_do_handshake()\fR returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established. .SH "EXAMPLES" .IX Header "EXAMPLES" This \s-1SSL/TLS\s0 client example attempts to retrieve a page from an \&\s-1SSL/TLS\s0 web server. The I/O routines are identical to those of the unencrypted example in \fBBIO_s_connect\fR\|(3). .PP .Vb 5 \& BIO *sbio, *out; \& int len; \& char tmpbuf[1024]; \& SSL_CTX *ctx; \& SSL *ssl; \& \& /* XXX Seed the PRNG if needed. */ \& \& ctx = SSL_CTX_new(TLS_client_method()); \& \& /* XXX Set verify paths and mode here. */ \& \& sbio = BIO_new_ssl_connect(ctx); \& BIO_get_ssl(sbio, &ssl); \& if (ssl == NULL) { \& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en"); \& ERR_print_errors_fp(stderr); \& exit(1); \& } \& \& /* Don\*(Aqt want any retries */ \& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); \& \& /* XXX We might want to do other things with ssl here */ \& \& /* An empty host part means the loopback address */ \& BIO_set_conn_hostname(sbio, ":https"); \& \& out = BIO_new_fp(stdout, BIO_NOCLOSE); \& if (BIO_do_connect(sbio) <= 0) { \& fprintf(stderr, "Error connecting to server\en"); \& ERR_print_errors_fp(stderr); \& exit(1); \& } \& \& /* XXX Could examine ssl here to get connection info */ \& \& BIO_puts(sbio, "GET / HTTP/1.0\en\en"); \& for (;;) { \& len = BIO_read(sbio, tmpbuf, 1024); \& if (len <= 0) \& break; \& BIO_write(out, tmpbuf, len); \& } \& BIO_free_all(sbio); \& BIO_free(out); .Ve .PP Here is a simple server example. It makes use of a buffering \&\s-1BIO\s0 to allow lines to be read from the \s-1SSL BIO\s0 using BIO_gets. It creates a pseudo web page containing the actual request from a client and also echoes the request to standard output. .PP .Vb 5 \& BIO *sbio, *bbio, *acpt, *out; \& int len; \& char tmpbuf[1024]; \& SSL_CTX *ctx; \& SSL *ssl; \& \& /* XXX Seed the PRNG if needed. */ \& \& ctx = SSL_CTX_new(TLS_server_method()); \& if (!SSL_CTX_use_certificate_file(ctx, "server.pem", SSL_FILETYPE_PEM) \& || !SSL_CTX_use_PrivateKey_file(ctx, "server.pem", SSL_FILETYPE_PEM) \& || !SSL_CTX_check_private_key(ctx)) { \& fprintf(stderr, "Error setting up SSL_CTX\en"); \& ERR_print_errors_fp(stderr); \& exit(1); \& } \& \& /* XXX Other things like set verify locations, EDH temp callbacks. */ \& \& /* New SSL BIO setup as server */ \& sbio = BIO_new_ssl(ctx, 0); \& BIO_get_ssl(sbio, &ssl); \& if (ssl == NULL) { \& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en"); \& ERR_print_errors_fp(stderr); \& exit(1); \& } \& \& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); \& bbio = BIO_new(BIO_f_buffer()); \& sbio = BIO_push(bbio, sbio); \& acpt = BIO_new_accept("4433"); \& \& /* \& * By doing this when a new connection is established \& * we automatically have sbio inserted into it. The \& * BIO chain is now \*(Aqswallowed\*(Aq by the accept BIO and \& * will be freed when the accept BIO is freed. \& */ \& BIO_set_accept_bios(acpt, sbio); \& out = BIO_new_fp(stdout, BIO_NOCLOSE); \& \& /* Setup accept BIO */ \& if (BIO_do_accept(acpt) <= 0) { \& fprintf(stderr, "Error setting up accept BIO\en"); \& ERR_print_errors_fp(stderr); \& exit(1); \& } \& \& /* We only want one connection so remove and free accept BIO */ \& sbio = BIO_pop(acpt); \& BIO_free_all(acpt); \& \& if (BIO_do_handshake(sbio) <= 0) { \& fprintf(stderr, "Error in SSL handshake\en"); \& ERR_print_errors_fp(stderr); \& exit(1); \& } \& \& BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent\-type: text/plain\er\en\er\en"); \& BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en"); \& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en"); \& \& for (;;) { \& len = BIO_gets(sbio, tmpbuf, 1024); \& if (len <= 0) \& break; \& BIO_write(sbio, tmpbuf, len); \& BIO_write(out, tmpbuf, len); \& /* Look for blank line signifying end of headers*/ \& if (tmpbuf[0] == \*(Aq\er\*(Aq || tmpbuf[0] == \*(Aq\en\*(Aq) \& break; \& } \& \& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en"); \& BIO_puts(sbio, "\er\en"); \& BIO_flush(sbio); \& BIO_free_all(sbio); .Ve .SH "HISTORY" .IX Header "HISTORY" In OpenSSL before 1.0.0 the \fBBIO_pop()\fR call was handled incorrectly, the I/O \s-1BIO\s0 reference count was incorrectly incremented (instead of decremented) and dissociated with the \s-1SSL BIO\s0 even if the \s-1SSL BIO\s0 was not explicitly being popped (e.g. a pop higher up the chain). Applications which included workarounds for this bug (e.g. freeing BIOs more than once) should be modified to handle this fix or they may free up an already freed \s-1BIO.\s0 .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!1KnCnCDEFINE_STACK_OF.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DEFINE_STACK_OF 3" .TH DEFINE_STACK_OF 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF, DEFINE_SPECIAL_STACK_OF_CONST, sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, sk_TYPE_reserve, sk_TYPE_free, sk_TYPE_zero, sk_TYPE_delete, sk_TYPE_delete_ptr, sk_TYPE_push, sk_TYPE_unshift, sk_TYPE_pop, sk_TYPE_shift, sk_TYPE_pop_free, sk_TYPE_insert, sk_TYPE_set, sk_TYPE_find, sk_TYPE_find_ex, sk_TYPE_sort, sk_TYPE_is_sorted, sk_TYPE_dup, sk_TYPE_deep_copy, sk_TYPE_set_cmp_func, sk_TYPE_new_reserve \&\- stack container .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& STACK_OF(TYPE) \& DEFINE_STACK_OF(TYPE) \& DEFINE_STACK_OF_CONST(TYPE) \& DEFINE_SPECIAL_STACK_OF(FUNCTYPE, TYPE) \& DEFINE_SPECIAL_STACK_OF_CONST(FUNCTYPE, TYPE) \& \& typedef int (*sk_TYPE_compfunc)(const TYPE *const *a, const TYPE *const *b); \& typedef TYPE * (*sk_TYPE_copyfunc)(const TYPE *a); \& typedef void (*sk_TYPE_freefunc)(TYPE *a); \& \& int sk_TYPE_num(const STACK_OF(TYPE) *sk); \& TYPE *sk_TYPE_value(const STACK_OF(TYPE) *sk, int idx); \& STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare); \& STACK_OF(TYPE) *sk_TYPE_new_null(void); \& int sk_TYPE_reserve(STACK_OF(TYPE) *sk, int n); \& void sk_TYPE_free(const STACK_OF(TYPE) *sk); \& void sk_TYPE_zero(const STACK_OF(TYPE) *sk); \& TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i); \& TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr); \& int sk_TYPE_push(STACK_OF(TYPE) *sk, const TYPE *ptr); \& int sk_TYPE_unshift(STACK_OF(TYPE) *sk, const TYPE *ptr); \& TYPE *sk_TYPE_pop(STACK_OF(TYPE) *sk); \& TYPE *sk_TYPE_shift(STACK_OF(TYPE) *sk); \& void sk_TYPE_pop_free(STACK_OF(TYPE) *sk, sk_TYPE_freefunc freefunc); \& int sk_TYPE_insert(STACK_OF(TYPE) *sk, TYPE *ptr, int idx); \& TYPE *sk_TYPE_set(STACK_OF(TYPE) *sk, int idx, const TYPE *ptr); \& int sk_TYPE_find(STACK_OF(TYPE) *sk, TYPE *ptr); \& int sk_TYPE_find_ex(STACK_OF(TYPE) *sk, TYPE *ptr); \& void sk_TYPE_sort(const STACK_OF(TYPE) *sk); \& int sk_TYPE_is_sorted(const STACK_OF(TYPE) *sk); \& STACK_OF(TYPE) *sk_TYPE_dup(const STACK_OF(TYPE) *sk); \& STACK_OF(TYPE) *sk_TYPE_deep_copy(const STACK_OF(TYPE) *sk, \& sk_TYPE_copyfunc copyfunc, \& sk_TYPE_freefunc freefunc); \& sk_TYPE_compfunc (*sk_TYPE_set_cmp_func(STACK_OF(TYPE) *sk, \& sk_TYPE_compfunc compare)); \& STACK_OF(TYPE) *sk_TYPE_new_reserve(sk_TYPE_compfunc compare, int n); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" Applications can create and use their own stacks by placing any of the macros described below in a header file. These macros define typesafe inline functions that wrap around the utility \fBOPENSSL_sk_\fR \s-1API.\s0 In the description here, \fI\s-1TYPE\s0\fR is used as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. .PP \&\s-1\fBSTACK_OF\s0()\fR returns the name for a stack of the specified \fB\s-1TYPE\s0\fR. \&\s-1\fBDEFINE_STACK_OF\s0()\fR creates set of functions for a stack of \fB\s-1TYPE\s0\fR. This will mean that type \fB\s-1TYPE\s0\fR is stored in each stack, the type is referenced by \&\s-1STACK_OF\s0(\s-1TYPE\s0) and each function name begins with \fIsk_TYPE_\fR. For example: .PP .Vb 1 \& TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); .Ve .PP \&\s-1\fBDEFINE_STACK_OF_CONST\s0()\fR is identical to \s-1\fBDEFINE_STACK_OF\s0()\fR except each element is constant. For example: .PP .Vb 1 \& const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); .Ve .PP \&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR defines a stack of \fB\s-1TYPE\s0\fR but each function uses \fB\s-1FUNCNAME\s0\fR in the function name. For example: .PP .Vb 1 \& TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); .Ve .PP \&\s-1\fBDEFINE_SPECIAL_STACK_OF_CONST\s0()\fR is similar except that each element is constant: .PP .Vb 1 \& const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); .Ve .PP \&\fBsk_TYPE_num()\fR returns the number of elements in \fBsk\fR or \-1 if \fBsk\fR is \&\fB\s-1NULL\s0\fR. .PP \&\fBsk_TYPE_value()\fR returns element \fBidx\fR in \fBsk\fR, where \fBidx\fR starts at zero. If \fBidx\fR is out of range then \fB\s-1NULL\s0\fR is returned. .PP \&\fBsk_TYPE_new()\fR allocates a new empty stack using comparison function \fBcompare\fR. If \fBcompare\fR is \fB\s-1NULL\s0\fR then no comparison function is used. This function is equivalent to sk_TYPE_new_reserve(compare, 0). .PP \&\fBsk_TYPE_new_null()\fR allocates a new empty stack with no comparison function. This function is equivalent to sk_TYPE_new_reserve(\s-1NULL, 0\s0). .PP \&\fBsk_TYPE_reserve()\fR allocates additional memory in the \fBsk\fR structure such that the next \fBn\fR calls to \fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR or \fBsk_TYPE_unshift()\fR will not fail or cause memory to be allocated or reallocated. If \fBn\fR is zero, any excess space allocated in the \&\fBsk\fR structure is freed. On error \fBsk\fR is unchanged. .PP \&\fBsk_TYPE_new_reserve()\fR allocates a new stack. The new stack will have additional memory allocated to hold \fBn\fR elements if \fBn\fR is positive. The next \fBn\fR calls to \fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR or \fBsk_TYPE_unshift()\fR will not fail or cause memory to be allocated or reallocated. If \fBn\fR is zero or less than zero, no memory is allocated. \fBsk_TYPE_new_reserve()\fR also sets the comparison function \&\fBcompare\fR to the newly created stack. If \fBcompare\fR is \fB\s-1NULL\s0\fR then no comparison function is used. .PP \&\fBsk_TYPE_set_cmp_func()\fR sets the comparison function of \fBsk\fR to \fBcompare\fR. The previous comparison function is returned or \fB\s-1NULL\s0\fR if there was no previous comparison function. .PP \&\fBsk_TYPE_free()\fR frees up the \fBsk\fR structure. It does \fBnot\fR free up any elements of \fBsk\fR. After this call \fBsk\fR is no longer valid. .PP \&\fBsk_TYPE_zero()\fR sets the number of elements in \fBsk\fR to zero. It does not free \&\fBsk\fR so after this call \fBsk\fR is still valid. .PP \&\fBsk_TYPE_pop_free()\fR frees up all elements of \fBsk\fR and \fBsk\fR itself. The free function \fBfreefunc()\fR is called on each element to free it. .PP \&\fBsk_TYPE_delete()\fR deletes element \fBi\fR from \fBsk\fR. It returns the deleted element or \fB\s-1NULL\s0\fR if \fBi\fR is out of range. .PP \&\fBsk_TYPE_delete_ptr()\fR deletes element matching \fBptr\fR from \fBsk\fR. It returns the deleted element or \fB\s-1NULL\s0\fR if no element matching \fBptr\fR was found. .PP \&\fBsk_TYPE_insert()\fR inserts \fBptr\fR into \fBsk\fR at position \fBidx\fR. Any existing elements at or after \fBidx\fR are moved downwards. If \fBidx\fR is out of range the new element is appended to \fBsk\fR. \fBsk_TYPE_insert()\fR either returns the number of elements in \fBsk\fR after the new element is inserted or zero if an error (such as memory allocation failure) occurred. .PP \&\fBsk_TYPE_push()\fR appends \fBptr\fR to \fBsk\fR it is equivalent to: .PP .Vb 1 \& sk_TYPE_insert(sk, ptr, \-1); .Ve .PP \&\fBsk_TYPE_unshift()\fR inserts \fBptr\fR at the start of \fBsk\fR it is equivalent to: .PP .Vb 1 \& sk_TYPE_insert(sk, ptr, 0); .Ve .PP \&\fBsk_TYPE_pop()\fR returns and removes the last element from \fBsk\fR. .PP \&\fBsk_TYPE_shift()\fR returns and removes the first element from \fBsk\fR. .PP \&\fBsk_TYPE_set()\fR sets element \fBidx\fR of \fBsk\fR to \fBptr\fR replacing the current element. The new element value is returned or \fB\s-1NULL\s0\fR if an error occurred: this will only happen if \fBsk\fR is \fB\s-1NULL\s0\fR or \fBidx\fR is out of range. .PP \&\fBsk_TYPE_find()\fR searches \fBsk\fR for the element \fBptr\fR. In the case where no comparison function has been specified, the function performs a linear search for a pointer equal to \fBptr\fR. The index of the first matching element is returned or \fB\-1\fR if there is no match. In the case where a comparison function has been specified, \fBsk\fR is sorted then \&\fBsk_TYPE_find()\fR returns the index of a matching element or \fB\-1\fR if there is no match. Note that, in this case, the matching element returned is not guaranteed to be the first; the comparison function will usually compare the values pointed to rather than the pointers themselves and the order of elements in \fBsk\fR could change. .PP \&\fBsk_TYPE_find_ex()\fR operates like \fBsk_TYPE_find()\fR except when a comparison function has been specified and no matching element is found. Instead of returning \fB\-1\fR, \fBsk_TYPE_find_ex()\fR returns the index of the element either before or after the location where \fBptr\fR would be if it were present in \fBsk\fR. .PP \&\fBsk_TYPE_sort()\fR sorts \fBsk\fR using the supplied comparison function. .PP \&\fBsk_TYPE_is_sorted()\fR returns \fB1\fR if \fBsk\fR is sorted and \fB0\fR otherwise. .PP \&\fBsk_TYPE_dup()\fR returns a copy of \fBsk\fR. Note the pointers in the copy are identical to the original. .PP \&\fBsk_TYPE_deep_copy()\fR returns a new stack where each element has been copied. Copying is performed by the supplied \fBcopyfunc()\fR and freeing by \fBfreefunc()\fR. The function \fBfreefunc()\fR is only called if an error occurs. .SH "NOTES" .IX Header "NOTES" Care should be taken when accessing stacks in multi-threaded environments. Any operation which increases the size of a stack such as \fBsk_TYPE_insert()\fR or \&\fBsk_push()\fR can \*(L"grow\*(R" the size of an internal array and cause race conditions if the same stack is accessed in a different thread. Operations such as \&\fBsk_find()\fR and \fBsk_sort()\fR can also reorder the stack. .PP Any comparison function supplied should use a metric suitable for use in a binary search operation. That is it should return zero, a positive or negative value if \fBa\fR is equal to, greater than or less than \fBb\fR respectively. .PP Care should be taken when checking the return values of the functions \&\fBsk_TYPE_find()\fR and \fBsk_TYPE_find_ex()\fR. They return an index to the matching element. In particular \fB0\fR indicates a matching first element. A failed search is indicated by a \fB\-1\fR return value. .PP \&\s-1\fBSTACK_OF\s0()\fR, \s-1\fBDEFINE_STACK_OF\s0()\fR, \s-1\fBDEFINE_STACK_OF_CONST\s0()\fR, and \&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR are implemented as macros. .PP The underlying utility \fBOPENSSL_sk_\fR \s-1API\s0 should not be used directly. It defines these functions: \fBOPENSSL_sk_deep_copy()\fR, \&\fBOPENSSL_sk_delete()\fR, \fBOPENSSL_sk_delete_ptr()\fR, \fBOPENSSL_sk_dup()\fR, \&\fBOPENSSL_sk_find()\fR, \fBOPENSSL_sk_find_ex()\fR, \fBOPENSSL_sk_free()\fR, \&\fBOPENSSL_sk_insert()\fR, \fBOPENSSL_sk_is_sorted()\fR, \fBOPENSSL_sk_new()\fR, \&\fBOPENSSL_sk_new_null()\fR, \fBOPENSSL_sk_num()\fR, \fBOPENSSL_sk_pop()\fR, \&\fBOPENSSL_sk_pop_free()\fR, \fBOPENSSL_sk_push()\fR, \fBOPENSSL_sk_reserve()\fR, \&\fBOPENSSL_sk_set()\fR, \fBOPENSSL_sk_set_cmp_func()\fR, \fBOPENSSL_sk_shift()\fR, \&\fBOPENSSL_sk_sort()\fR, \fBOPENSSL_sk_unshift()\fR, \fBOPENSSL_sk_value()\fR, \&\fBOPENSSL_sk_zero()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBsk_TYPE_num()\fR returns the number of elements in the stack or \fB\-1\fR if the passed stack is \fB\s-1NULL\s0\fR. .PP \&\fBsk_TYPE_value()\fR returns a pointer to a stack element or \fB\s-1NULL\s0\fR if the index is out of range. .PP \&\fBsk_TYPE_new()\fR, \fBsk_TYPE_new_null()\fR and \fBsk_TYPE_new_reserve()\fR return an empty stack or \fB\s-1NULL\s0\fR if an error occurs. .PP \&\fBsk_TYPE_reserve()\fR returns \fB1\fR on successful allocation of the required memory or \fB0\fR on error. .PP \&\fBsk_TYPE_set_cmp_func()\fR returns the old comparison function or \fB\s-1NULL\s0\fR if there was no old comparison function. .PP \&\fBsk_TYPE_free()\fR, \fBsk_TYPE_zero()\fR, \fBsk_TYPE_pop_free()\fR and \fBsk_TYPE_sort()\fR do not return values. .PP \&\fBsk_TYPE_pop()\fR, \fBsk_TYPE_shift()\fR, \fBsk_TYPE_delete()\fR and \fBsk_TYPE_delete_ptr()\fR return a pointer to the deleted element or \fB\s-1NULL\s0\fR on error. .PP \&\fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR and \fBsk_TYPE_unshift()\fR return the total number of elements in the stack and 0 if an error occurred. \fBsk_TYPE_push()\fR further returns \-1 if \fBsk\fR is \fB\s-1NULL\s0\fR. .PP \&\fBsk_TYPE_set()\fR returns a pointer to the replacement element or \fB\s-1NULL\s0\fR on error. .PP \&\fBsk_TYPE_find()\fR and \fBsk_TYPE_find_ex()\fR return an index to the found element or \fB\-1\fR on error. .PP \&\fBsk_TYPE_is_sorted()\fR returns \fB1\fR if the stack is sorted and \fB0\fR if it is not. .PP \&\fBsk_TYPE_dup()\fR and \fBsk_TYPE_deep_copy()\fR return a pointer to the copy of the stack. .SH "HISTORY" .IX Header "HISTORY" Before OpenSSL 1.1.0, this was implemented via macros and not inline functions and was not a public \s-1API.\s0 .PP \&\fBsk_TYPE_reserve()\fR and \fBsk_TYPE_new_reserve()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!e`b1b1EVP_MD_meth_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_MD_METH_NEW 3" .TH EVP_MD_METH_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_MD_meth_dup, EVP_MD_meth_new, EVP_MD_meth_free, EVP_MD_meth_set_input_blocksize, EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize, EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update, EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup, EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize, EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize, EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update, EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup, EVP_MD_meth_get_ctrl \&\- Routines to build up EVP_MD methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); \& void EVP_MD_meth_free(EVP_MD *md); \& EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); \& \& int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); \& int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); \& int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); \& int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); \& int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); \& int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, \& const void *data, \& size_t count)); \& int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, \& unsigned char *md)); \& int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, \& const EVP_MD_CTX *from)); \& int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); \& int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, \& int p1, void *p2)); \& \& int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); \& int EVP_MD_meth_get_result_size(const EVP_MD *md); \& int EVP_MD_meth_get_app_datasize(const EVP_MD *md); \& unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); \& int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); \& int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, \& const void *data, \& size_t count); \& int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, \& unsigned char *md); \& int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, \& const EVP_MD_CTX *from); \& int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); \& int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, \& int p1, void *p2); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fB\s-1EVP_MD\s0\fR type is a structure for digest method implementation. It can also have associated public/private key signing and verifying routines. .PP \&\fBEVP_MD_meth_new()\fR creates a new \fB\s-1EVP_MD\s0\fR structure. .PP \&\fBEVP_MD_meth_dup()\fR creates a copy of \fBmd\fR. .PP \&\fBEVP_MD_meth_free()\fR destroys a \fB\s-1EVP_MD\s0\fR structure. .PP \&\fBEVP_MD_meth_set_input_blocksize()\fR sets the internal input block size for the method \fBmd\fR to \fBblocksize\fR bytes. .PP \&\fBEVP_MD_meth_set_result_size()\fR sets the size of the result that the digest method in \fBmd\fR is expected to produce to \fBresultsize\fR bytes. .PP The digest method may have its own private data, which OpenSSL will allocate for it. \fBEVP_MD_meth_set_app_datasize()\fR should be used to set the size for it to \fBdatasize\fR. .PP \&\fBEVP_MD_meth_set_flags()\fR sets the flags to describe optional behaviours in the particular \fBmd\fR. Several flags can be or'd together. The available flags are: .IP "\s-1EVP_MD_FLAG_ONESHOT\s0" 4 .IX Item "EVP_MD_FLAG_ONESHOT" This digest method can only handle one block of input. .IP "\s-1EVP_MD_FLAG_XOF\s0" 4 .IX Item "EVP_MD_FLAG_XOF" This digest method is an extensible-output function (\s-1XOF\s0) and supports the \fB\s-1EVP_MD_CTRL_XOF_LEN\s0\fR control. .IP "\s-1EVP_MD_FLAG_DIGALGID_NULL\s0" 4 .IX Item "EVP_MD_FLAG_DIGALGID_NULL" When setting up a DigestAlgorithmIdentifier, this flag will have the parameter set to \s-1NULL\s0 by default. Use this for PKCS#1. \fINote: if combined with \s-1EVP_MD_FLAG_DIGALGID_ABSENT,\s0 the latter will override.\fR .IP "\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0" 4 .IX Item "EVP_MD_FLAG_DIGALGID_ABSENT" When setting up a DigestAlgorithmIdentifier, this flag will have the parameter be left absent by default. \fINote: if combined with \&\s-1EVP_MD_FLAG_DIGALGID_NULL,\s0 the latter will be overridden.\fR .IP "\s-1EVP_MD_FLAG_DIGALGID_CUSTOM\s0" 4 .IX Item "EVP_MD_FLAG_DIGALGID_CUSTOM" Custom DigestAlgorithmIdentifier handling via ctrl, with \&\fB\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0\fR as default. \fINote: if combined with \&\s-1EVP_MD_FLAG_DIGALGID_NULL,\s0 the latter will be overridden.\fR Currently unused. .IP "\s-1EVP_MD_FLAG_FIPS\s0" 4 .IX Item "EVP_MD_FLAG_FIPS" This digest method is suitable for use in \s-1FIPS\s0 mode. Currently unused. .PP \&\fBEVP_MD_meth_set_init()\fR sets the digest init function for \fBmd\fR. The digest init function is called by \fBEVP_Digest()\fR, \fBEVP_DigestInit()\fR, \&\fBEVP_DigestInit_ex()\fR, EVP_SignInit, \fBEVP_SignInit_ex()\fR, \fBEVP_VerifyInit()\fR and \fBEVP_VerifyInit_ex()\fR. .PP \&\fBEVP_MD_meth_set_update()\fR sets the digest update function for \fBmd\fR. The digest update function is called by \fBEVP_Digest()\fR, \fBEVP_DigestUpdate()\fR and \&\fBEVP_SignUpdate()\fR. .PP \&\fBEVP_MD_meth_set_final()\fR sets the digest final function for \fBmd\fR. The digest final function is called by \fBEVP_Digest()\fR, \fBEVP_DigestFinal()\fR, \&\fBEVP_DigestFinal_ex()\fR, \fBEVP_SignFinal()\fR and \fBEVP_VerifyFinal()\fR. .PP \&\fBEVP_MD_meth_set_copy()\fR sets the function for \fBmd\fR to do extra computations after the method's private data structure has been copied from one \fB\s-1EVP_MD_CTX\s0\fR to another. If all that's needed is to copy the data, there is no need for this copy function. Note that the copy function is passed two \fB\s-1EVP_MD_CTX\s0 *\fR, the private data structure is then available with \fBEVP_MD_CTX_md_data()\fR. This copy function is called by \fBEVP_MD_CTX_copy()\fR and \&\fBEVP_MD_CTX_copy_ex()\fR. .PP \&\fBEVP_MD_meth_set_cleanup()\fR sets the function for \fBmd\fR to do extra cleanup before the method's private data structure is cleaned out and freed. Note that the cleanup function is passed a \fB\s-1EVP_MD_CTX\s0 *\fR, the private data structure is then available with \fBEVP_MD_CTX_md_data()\fR. This cleanup function is called by \fBEVP_MD_CTX_reset()\fR and \&\fBEVP_MD_CTX_free()\fR. .PP \&\fBEVP_MD_meth_set_ctrl()\fR sets the control function for \fBmd\fR. See \fBEVP_MD_CTX_ctrl\fR\|(3) for the available controls. .PP \&\fBEVP_MD_meth_get_input_blocksize()\fR, \fBEVP_MD_meth_get_result_size()\fR, \&\fBEVP_MD_meth_get_app_datasize()\fR, \fBEVP_MD_meth_get_flags()\fR, \&\fBEVP_MD_meth_get_init()\fR, \fBEVP_MD_meth_get_update()\fR, \&\fBEVP_MD_meth_get_final()\fR, \fBEVP_MD_meth_get_copy()\fR, \&\fBEVP_MD_meth_get_cleanup()\fR and \fBEVP_MD_meth_get_ctrl()\fR are all used to retrieve the method data given with the EVP_MD_meth_set_*() functions above. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_MD_meth_new()\fR and \fBEVP_MD_meth_dup()\fR return a pointer to a newly created \fB\s-1EVP_MD\s0\fR, or \s-1NULL\s0 on failure. All EVP_MD_meth_set_*() functions return 1. \&\fBEVP_MD_get_input_blocksize()\fR, \fBEVP_MD_meth_get_result_size()\fR, \&\fBEVP_MD_meth_get_app_datasize()\fR and \fBEVP_MD_meth_get_flags()\fR return the indicated sizes or flags. All other EVP_CIPHER_meth_get_*() functions return pointers to their respective \fBmd\fR function. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_DigestInit\fR\|(3), \fBEVP_SignInit\fR\|(3), \fBEVP_VerifyInit\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fB\s-1EVP_MD\s0\fR structure was openly available in OpenSSL before version 1.1. The functions described here were added in OpenSSL 1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ƹ@@EVP_PKEY_cmp.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_CMP 3" .TH EVP_PKEY_CMP 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, EVP_PKEY_cmp \- public key parameter and comparison functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); \& int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); \& \& int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); \& int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm doesn't use parameters. .PP The function \fBEVP_PKEY_copy_parameters()\fR copies the parameters from key \&\fBfrom\fR to key \fBto\fR. An error is returned if the parameters are missing in \&\fBfrom\fR or present in both \fBfrom\fR and \fBto\fR and mismatch. If the parameters in \fBfrom\fR and \fBto\fR are both present and match this function has no effect. .PP The function \fBEVP_PKEY_cmp_parameters()\fR compares the parameters of keys \&\fBa\fR and \fBb\fR. .PP The function \fBEVP_PKEY_cmp()\fR compares the public key components and parameters (if present) of keys \fBa\fR and \fBb\fR. .SH "NOTES" .IX Header "NOTES" The main purpose of the functions \fBEVP_PKEY_missing_parameters()\fR and \&\fBEVP_PKEY_copy_parameters()\fR is to handle public keys in certificates where the parameters are sometimes omitted from a public key if they are inherited from the \s-1CA\s0 that signed it. .PP Since OpenSSL private keys contain public key components too the function \&\fBEVP_PKEY_cmp()\fR can also be used to determine if a private key matches a public key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm doesn't use parameters. .PP These functions \fBEVP_PKEY_copy_parameters()\fR returns 1 for success and 0 for failure. .PP The function \fBEVP_PKEY_cmp_parameters()\fR and \fBEVP_PKEY_cmp()\fR return 1 if the keys match, 0 if they don't match, \-1 if the key types are different and \&\-2 if the operation is not supported. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_keygen\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!KK DSA_SIG_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DSA_SIG_NEW 3" .TH DSA_SIG_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DSA_SIG_get0, DSA_SIG_set0, DSA_SIG_new, DSA_SIG_free \- allocate and free DSA signature objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& DSA_SIG *DSA_SIG_new(void); \& void DSA_SIG_free(DSA_SIG *a); \& void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); \& int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBDSA_SIG_new()\fR allocates an empty \fB\s-1DSA_SIG\s0\fR structure. .PP \&\fBDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The values are erased before the memory is returned to the system. .PP \&\fBDSA_SIG_get0()\fR returns internal pointers to the \fBr\fR and \fBs\fR values contained in \fBsig\fR. .PP The \fBr\fR and \fBs\fR values can be set by calling \fBDSA_SIG_set0()\fR and passing the new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this function transfers the memory management of the values to the \s-1DSA_SIG\s0 object, and therefore the values that have been passed in should not be freed directly after this function has been called. .SH "RETURN VALUES" .IX Header "RETURN VALUES" If the allocation fails, \fBDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained by \&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP \&\fBDSA_SIG_free()\fR returns no value. .PP \&\fBDSA_SIG_set0()\fR returns 1 on success or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \&\fBDSA_do_sign\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! T6T6BIO_s_accept.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_S_ACCEPT 3" .TH BIO_S_ACCEPT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_s_accept, BIO_set_accept_name, BIO_set_accept_port, BIO_get_accept_name, BIO_get_accept_port, BIO_new_accept, BIO_set_nbio_accept, BIO_set_accept_bios, BIO_get_peer_name, BIO_get_peer_port, BIO_get_accept_ip_family, BIO_set_accept_ip_family, BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept \- accept BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const BIO_METHOD *BIO_s_accept(void); \& \& long BIO_set_accept_name(BIO *b, char *name); \& char *BIO_get_accept_name(BIO *b); \& \& long BIO_set_accept_port(BIO *b, char *port); \& char *BIO_get_accept_port(BIO *b); \& \& BIO *BIO_new_accept(char *host_port); \& \& long BIO_set_nbio_accept(BIO *b, int n); \& long BIO_set_accept_bios(BIO *b, char *bio); \& \& char *BIO_get_peer_name(BIO *b); \& char *BIO_get_peer_port(BIO *b); \& long BIO_get_accept_ip_family(BIO *b); \& long BIO_set_accept_ip_family(BIO *b, long family); \& \& long BIO_set_bind_mode(BIO *b, long mode); \& long BIO_get_bind_mode(BIO *b); \& \& int BIO_do_accept(BIO *b); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper round the platform's \s-1TCP/IP\s0 socket accept routines. .PP Using accept BIOs, \s-1TCP/IP\s0 connections can be accepted and data transferred using only \s-1BIO\s0 routines. In this way any platform specific operations are hidden by the \s-1BIO\s0 abstraction. .PP Read and write operations on an accept \s-1BIO\s0 will perform I/O on the underlying connection. If no connection is established and the port (see below) is set up properly then the \s-1BIO\s0 waits for an incoming connection. .PP Accept BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR. .PP If the close flag is set on an accept \s-1BIO\s0 then any active connection on that chain is shutdown and the socket closed when the \s-1BIO\s0 is freed. .PP Calling \fBBIO_reset()\fR on an accept \s-1BIO\s0 will close any active connection and reset the \s-1BIO\s0 into a state where it awaits another incoming connection. .PP \&\fBBIO_get_fd()\fR and \fBBIO_set_fd()\fR can be called to retrieve or set the accept socket. See \fBBIO_s_fd\fR\|(3) .PP \&\fBBIO_set_accept_name()\fR uses the string \fBname\fR to set the accept name. The name is represented as a string of the form \*(L"host:port\*(R", where \*(L"host\*(R" is the interface to use and \*(L"port\*(R" is the port. The host can be \*(L"*\*(R" or empty which is interpreted as meaning any interface. If the host is an IPv6 address, it has to be enclosed in brackets, for example \*(L"[::1]:https\*(R". \*(L"port\*(R" has the same syntax as the port specified in \fBBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical port string or a string to lookup using \fBgetservbyname()\fR and a string table. .PP \&\fBBIO_set_accept_port()\fR uses the string \fBport\fR to set the accept port. \*(L"port\*(R" has the same syntax as the port specified in \&\fBBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical port string or a string to lookup using \fBgetservbyname()\fR and a string table. .PP \&\fBBIO_new_accept()\fR combines \fBBIO_new()\fR and \fBBIO_set_accept_name()\fR into a single call: that is it creates a new accept \s-1BIO\s0 with port \&\fBhost_port\fR. .PP \&\fBBIO_set_nbio_accept()\fR sets the accept socket to blocking mode (the default) if \fBn\fR is 0 or non blocking mode if \fBn\fR is 1. .PP \&\fBBIO_set_accept_bios()\fR can be used to set a chain of BIOs which will be duplicated and prepended to the chain when an incoming connection is received. This is useful if, for example, a buffering or \s-1SSL BIO\s0 is required for each connection. The chain of BIOs must not be freed after this call, they will be automatically freed when the accept \s-1BIO\s0 is freed. .PP \&\fBBIO_set_bind_mode()\fR and \fBBIO_get_bind_mode()\fR set and retrieve the current bind mode. If \fB\s-1BIO_BIND_NORMAL\s0\fR (the default) is set then another socket cannot be bound to the same port. If \&\fB\s-1BIO_BIND_REUSEADDR\s0\fR is set then other sockets can bind to the same port. If \fB\s-1BIO_BIND_REUSEADDR_IF_UNUSED\s0\fR is set then and attempt is first made to use \s-1BIO_BIN_NORMAL,\s0 if this fails and the port is not in use then a second attempt is made using \fB\s-1BIO_BIND_REUSEADDR\s0\fR. .PP \&\fBBIO_do_accept()\fR serves two functions. When it is first called, after the accept \s-1BIO\s0 has been setup, it will attempt to create the accept socket and bind an address to it. Second and subsequent calls to \fBBIO_do_accept()\fR will await an incoming connection, or request a retry in non blocking mode. .SH "NOTES" .IX Header "NOTES" When an accept \s-1BIO\s0 is at the end of a chain it will await an incoming connection before processing I/O calls. When an accept \&\s-1BIO\s0 is not at then end of a chain it passes I/O calls to the next \&\s-1BIO\s0 in the chain. .PP When a connection is established a new socket \s-1BIO\s0 is created for the connection and appended to the chain. That is the chain is now accept\->socket. This effectively means that attempting I/O on an initial accept socket will await an incoming connection then perform I/O on it. .PP If any additional BIOs have been set using \fBBIO_set_accept_bios()\fR then they are placed between the socket and the accept \s-1BIO,\s0 that is the chain will be accept\->otherbios\->socket. .PP If a server wishes to process multiple connections (as is normally the case) then the accept \s-1BIO\s0 must be made available for further incoming connections. This can be done by waiting for a connection and then calling: .PP .Vb 1 \& connection = BIO_pop(accept); .Ve .PP After this call \fBconnection\fR will contain a \s-1BIO\s0 for the recently established connection and \fBaccept\fR will now be a single \s-1BIO\s0 again which can be used to await further incoming connections. If no further connections will be accepted the \fBaccept\fR can be freed using \fBBIO_free()\fR. .PP If only a single connection will be processed it is possible to perform I/O using the accept \s-1BIO\s0 itself. This is often undesirable however because the accept \s-1BIO\s0 will still accept additional incoming connections. This can be resolved by using \fBBIO_pop()\fR (see above) and freeing up the accept \s-1BIO\s0 after the initial connection. .PP If the underlying accept socket is nonblocking and \fBBIO_do_accept()\fR is called to await an incoming connection it is possible for \&\fBBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens then it is an indication that an accept attempt would block: the application should take appropriate action to wait until the underlying socket has accepted a connection and retry the call. .PP \&\fBBIO_set_accept_name()\fR, \fBBIO_get_accept_name()\fR, \fBBIO_set_accept_port()\fR, \&\fBBIO_get_accept_port()\fR, \fBBIO_set_nbio_accept()\fR, \fBBIO_set_accept_bios()\fR, \&\fBBIO_get_peer_name()\fR, \fBBIO_get_peer_port()\fR, \&\fBBIO_get_accept_ip_family()\fR, \fBBIO_set_accept_ip_family()\fR, \&\fBBIO_set_bind_mode()\fR, \fBBIO_get_bind_mode()\fR and \fBBIO_do_accept()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_do_accept()\fR, \&\fBBIO_set_accept_name()\fR, \fBBIO_set_accept_port()\fR, \fBBIO_set_nbio_accept()\fR, \&\fBBIO_set_accept_bios()\fR, \fBBIO_set_accept_ip_family()\fR, and \fBBIO_set_bind_mode()\fR return 1 for success and 0 or \-1 for failure. .PP \&\fBBIO_get_accept_name()\fR returns the accept name or \s-1NULL\s0 on error. \&\fBBIO_get_peer_name()\fR returns the peer name or \s-1NULL\s0 on error. .PP \&\fBBIO_get_accept_port()\fR returns the accept port as a string or \s-1NULL\s0 on error. \&\fBBIO_get_peer_port()\fR returns the peer port as a string or \s-1NULL\s0 on error. \&\fBBIO_get_accept_ip_family()\fR returns the \s-1IP\s0 family or \-1 on error. .PP \&\fBBIO_get_bind_mode()\fR returns the set of \fB\s-1BIO_BIND\s0\fR flags, or \-1 on failure. .PP \&\fBBIO_new_accept()\fR returns a \s-1BIO\s0 or \s-1NULL\s0 on error. .SH "EXAMPLES" .IX Header "EXAMPLES" This example accepts two connections on port 4444, sends messages down each and finally closes both down. .PP .Vb 1 \& BIO *abio, *cbio, *cbio2; \& \& /* First call to BIO_accept() sets up accept BIO */ \& abio = BIO_new_accept("4444"); \& if (BIO_do_accept(abio) <= 0) { \& fprintf(stderr, "Error setting up accept\en"); \& ERR_print_errors_fp(stderr); \& exit(1); \& } \& \& /* Wait for incoming connection */ \& if (BIO_do_accept(abio) <= 0) { \& fprintf(stderr, "Error accepting connection\en"); \& ERR_print_errors_fp(stderr); \& exit(1); \& } \& fprintf(stderr, "Connection 1 established\en"); \& \& /* Retrieve BIO for connection */ \& cbio = BIO_pop(abio); \& BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\en"); \& fprintf(stderr, "Sent out data on connection 1\en"); \& \& /* Wait for another connection */ \& if (BIO_do_accept(abio) <= 0) { \& fprintf(stderr, "Error accepting connection\en"); \& ERR_print_errors_fp(stderr); \& exit(1); \& } \& fprintf(stderr, "Connection 2 established\en"); \& \& /* Close accept BIO to refuse further connections */ \& cbio2 = BIO_pop(abio); \& BIO_free(abio); \& BIO_puts(cbio2, "Connection 2: Sending out Data on second\en"); \& fprintf(stderr, "Sent out data on connection 2\en"); \& \& BIO_puts(cbio, "Connection 1: Second connection established\en"); \& \& /* Close the two established connections */ \& BIO_free(cbio); \& BIO_free(cbio2); .Ve .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!6A7&W&W&X509_get0_signature.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_GET0_SIGNATURE 3" .TH X509_GET0_SIGNATURE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo, X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set \- signature information .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void X509_get0_signature(const ASN1_BIT_STRING **psig, \& const X509_ALGOR **palg, \& const X509 *x); \& void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); \& int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); \& int X509_get_signature_nid(const X509 *x); \& const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); \& \& void X509_REQ_get0_signature(const X509_REQ *crl, \& const ASN1_BIT_STRING **psig, \& const X509_ALGOR **palg); \& int X509_REQ_get_signature_nid(const X509_REQ *crl); \& \& void X509_CRL_get0_signature(const X509_CRL *crl, \& const ASN1_BIT_STRING **psig, \& const X509_ALGOR **palg); \& int X509_CRL_get_signature_nid(const X509_CRL *crl); \& \& int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, \& uint32_t *flags); \& \& int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, \& int *secbits, uint32_t *flags); \& void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, \& int secbits, uint32_t flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_get0_signature()\fR sets \fB*psig\fR to the signature of \fBx\fR and \fB*palg\fR to the signature algorithm of \fBx\fR. The values returned are internal pointers which \fB\s-1MUST NOT\s0\fR be freed up after the call. .PP \&\fBX509_set0_signature()\fR and \fBX509_REQ_set1_signature_algo()\fR are the equivalent setters for the two values of \fBX509_get0_signature()\fR. .PP \&\fBX509_get0_tbs_sigalg()\fR returns the signature algorithm in the signed portion of \fBx\fR. .PP \&\fBX509_get_signature_nid()\fR returns the \s-1NID\s0 corresponding to the signature algorithm of \fBx\fR. .PP \&\fBX509_REQ_get0_signature()\fR, \fBX509_REQ_get_signature_nid()\fR \&\fBX509_CRL_get0_signature()\fR and \fBX509_CRL_get_signature_nid()\fR perform the same function for certificate requests and CRLs. .PP \&\fBX509_get_signature_info()\fR retrieves information about the signature of certificate \fBx\fR. The \s-1NID\s0 of the signing digest is written to \fB*mdnid\fR, the public key algorithm to \fB*pknid\fR, the effective security bits to \&\fB*secbits\fR and flag details to \fB*flags\fR. Any of the parameters can be set to \fB\s-1NULL\s0\fR if the information is not required. .PP \&\fBX509_SIG_INFO_get()\fR and \fBX509_SIG_INFO_set()\fR get and set information about a signature in an \fBX509_SIG_INFO\fR structure. They are only used by implementations of algorithms which need to set custom signature information: most applications will never need to call them. .SH "NOTES" .IX Header "NOTES" These functions provide lower level access to signatures in certificates where an application wishes to analyse or generate a signature in a form where \fBX509_sign()\fR et al is not appropriate (for example a non standard or unsupported format). .PP The security bits returned by \fBX509_get_signature_info()\fR refers to information available from the certificate signature (such as the signing digest). In some cases the actual security of the signature is less because the signing key is less secure: for example a certificate signed using \s-1SHA\-512\s0 and a 1024 bit \s-1RSA\s0 key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_get_signature_nid()\fR, \fBX509_REQ_get_signature_nid()\fR and \&\fBX509_CRL_get_signature_nid()\fR return a \s-1NID.\s0 .PP \&\fBX509_get0_signature()\fR, \fBX509_REQ_get0_signature()\fR and \&\fBX509_CRL_get0_signature()\fR do not return values. .PP \&\fBX509_get_signature_info()\fR returns 1 if the signature information returned is valid or 0 if the information is not available (e.g. unknown algorithms or malformed parameters). .PP \&\fBX509_REQ_set1_signature_algo()\fR returns 0 on success; or 1 on an error (e.g. null \s-1ALGO\s0 pointer). X509_REQ_set0_signature does not return an error value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), \&\fBERR_get_error\fR\|(3), \&\fBX509_CRL_get0_by_serial\fR\|(3), \&\fBX509_get_ext_d2i\fR\|(3), \&\fBX509_get_extension_flags\fR\|(3), \&\fBX509_get_pubkey\fR\|(3), \&\fBX509_get_subject_name\fR\|(3), \&\fBX509_get_version\fR\|(3), \&\fBX509_NAME_add_entry_by_txt\fR\|(3), \&\fBX509_NAME_ENTRY_get_object\fR\|(3), \&\fBX509_NAME_get_index_by_NID\fR\|(3), \&\fBX509_NAME_print_ex\fR\|(3), \&\fBX509_new\fR\|(3), \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \&\fBX509_get0_signature()\fR and \fBX509_get_signature_nid()\fR functions were added in OpenSSL 1.0.2. .PP The \&\fBX509_REQ_get0_signature()\fR, \fBX509_REQ_get_signature_nid()\fR, \&\fBX509_CRL_get0_signature()\fR and \fBX509_CRL_get_signature_nid()\fR were added in OpenSSL 1.1.0. .PP The \fBX509_REQ_set0_signature()\fR and \fBX509_REQ_set1_signature_algo()\fR were added in OpenSSL 1.1.1e. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!]]EVP_PKEY_ASN1_METHOD.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_ASN1_METHOD 3" .TH EVP_PKEY_ASN1_METHOD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_ASN1_METHOD, EVP_PKEY_asn1_new, EVP_PKEY_asn1_copy, EVP_PKEY_asn1_free, EVP_PKEY_asn1_add0, EVP_PKEY_asn1_add_alias, EVP_PKEY_asn1_set_public, EVP_PKEY_asn1_set_private, EVP_PKEY_asn1_set_param, EVP_PKEY_asn1_set_free, EVP_PKEY_asn1_set_ctrl, EVP_PKEY_asn1_set_item, EVP_PKEY_asn1_set_siginf, EVP_PKEY_asn1_set_check, EVP_PKEY_asn1_set_public_check, EVP_PKEY_asn1_set_param_check, EVP_PKEY_asn1_set_security_bits, EVP_PKEY_asn1_set_set_priv_key, EVP_PKEY_asn1_set_set_pub_key, EVP_PKEY_asn1_set_get_priv_key, EVP_PKEY_asn1_set_get_pub_key, EVP_PKEY_get0_asn1 \&\- manipulating and registering EVP_PKEY_ASN1_METHOD structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; \& \& EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, \& const char *pem_str, \& const char *info); \& void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, \& const EVP_PKEY_ASN1_METHOD *src); \& void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); \& int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); \& int EVP_PKEY_asn1_add_alias(int to, int from); \& \& void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, \& int (*pub_decode) (EVP_PKEY *pk, \& X509_PUBKEY *pub), \& int (*pub_encode) (X509_PUBKEY *pub, \& const EVP_PKEY *pk), \& int (*pub_cmp) (const EVP_PKEY *a, \& const EVP_PKEY *b), \& int (*pub_print) (BIO *out, \& const EVP_PKEY *pkey, \& int indent, ASN1_PCTX *pctx), \& int (*pkey_size) (const EVP_PKEY *pk), \& int (*pkey_bits) (const EVP_PKEY *pk)); \& void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, \& int (*priv_decode) (EVP_PKEY *pk, \& const PKCS8_PRIV_KEY_INFO \& *p8inf), \& int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, \& const EVP_PKEY *pk), \& int (*priv_print) (BIO *out, \& const EVP_PKEY *pkey, \& int indent, \& ASN1_PCTX *pctx)); \& void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, \& int (*param_decode) (EVP_PKEY *pkey, \& const unsigned char **pder, \& int derlen), \& int (*param_encode) (const EVP_PKEY *pkey, \& unsigned char **pder), \& int (*param_missing) (const EVP_PKEY *pk), \& int (*param_copy) (EVP_PKEY *to, \& const EVP_PKEY *from), \& int (*param_cmp) (const EVP_PKEY *a, \& const EVP_PKEY *b), \& int (*param_print) (BIO *out, \& const EVP_PKEY *pkey, \& int indent, \& ASN1_PCTX *pctx)); \& \& void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, \& void (*pkey_free) (EVP_PKEY *pkey)); \& void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, \& int (*pkey_ctrl) (EVP_PKEY *pkey, int op, \& long arg1, void *arg2)); \& void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, \& int (*item_verify) (EVP_MD_CTX *ctx, \& const ASN1_ITEM *it, \& void *asn, \& X509_ALGOR *a, \& ASN1_BIT_STRING *sig, \& EVP_PKEY *pkey), \& int (*item_sign) (EVP_MD_CTX *ctx, \& const ASN1_ITEM *it, \& void *asn, \& X509_ALGOR *alg1, \& X509_ALGOR *alg2, \& ASN1_BIT_STRING *sig)); \& \& void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, \& int (*siginf_set) (X509_SIG_INFO *siginf, \& const X509_ALGOR *alg, \& const ASN1_STRING *sig)); \& \& void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, \& int (*pkey_check) (const EVP_PKEY *pk)); \& \& void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, \& int (*pkey_pub_check) (const EVP_PKEY *pk)); \& \& void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, \& int (*pkey_param_check) (const EVP_PKEY *pk)); \& \& void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, \& int (*pkey_security_bits) (const EVP_PKEY \& *pk)); \& \& void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, \& int (*set_priv_key) (EVP_PKEY *pk, \& const unsigned char \& *priv, \& size_t len)); \& \& void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, \& int (*set_pub_key) (EVP_PKEY *pk, \& const unsigned char *pub, \& size_t len)); \& \& void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, \& int (*get_priv_key) (const EVP_PKEY *pk, \& unsigned char *priv, \& size_t *len)); \& \& void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, \& int (*get_pub_key) (const EVP_PKEY *pk, \& unsigned char *pub, \& size_t *len)); \& \& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR is a structure which holds a set of \s-1ASN.1\s0 conversion, printing and information methods for a specific public key algorithm. .PP There are two places where the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are stored: one is a built-in array representing the standard methods for different algorithms, and the other one is a stack of user-defined application-specific methods, which can be manipulated by using \&\fBEVP_PKEY_asn1_add0\fR\|(3). .SS "Methods" .IX Subsection "Methods" The methods are the underlying implementations of a particular public key algorithm present by the \fB\s-1EVP_PKEY\s0\fR object. .PP .Vb 5 \& int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub); \& int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); \& int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); \& int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, \& ASN1_PCTX *pctx); .Ve .PP The \fBpub_decode()\fR and \fBpub_encode()\fR methods are called to decode / encode \fBX509_PUBKEY\fR \s-1ASN.1\s0 parameters to / from \fBpk\fR. They \s-1MUST\s0 return 0 on error, 1 on success. They're called by \fBX509_PUBKEY_get0\fR\|(3) and \fBX509_PUBKEY_set\fR\|(3). .PP The \fBpub_cmp()\fR method is called when two public keys are to be compared. It \s-1MUST\s0 return 1 when the keys are equal, 0 otherwise. It's called by \fBEVP_PKEY_cmp\fR\|(3). .PP The \fBpub_print()\fR method is called to print a public key in humanly readable text to \fBout\fR, indented \fBindent\fR spaces. It \s-1MUST\s0 return 0 on error, 1 on success. It's called by \fBEVP_PKEY_print_public\fR\|(3). .PP .Vb 4 \& int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); \& int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); \& int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, \& ASN1_PCTX *pctx); .Ve .PP The \fBpriv_decode()\fR and \fBpriv_encode()\fR methods are called to decode / encode \fB\s-1PKCS8_PRIV_KEY_INFO\s0\fR form private key to / from \fBpk\fR. They \s-1MUST\s0 return 0 on error, 1 on success. They're called by \s-1\fBEVP_PKCS82PKEY\s0\fR\|(3) and \s-1\fBEVP_PKEY2PKCS8\s0\fR\|(3). .PP The \fBpriv_print()\fR method is called to print a private key in humanly readable text to \fBout\fR, indented \fBindent\fR spaces. It \s-1MUST\s0 return 0 on error, 1 on success. It's called by \fBEVP_PKEY_print_private\fR\|(3). .PP .Vb 3 \& int (*pkey_size) (const EVP_PKEY *pk); \& int (*pkey_bits) (const EVP_PKEY *pk); \& int (*pkey_security_bits) (const EVP_PKEY *pk); .Ve .PP The \fBpkey_size()\fR method returns the key size in bytes. It's called by \fBEVP_PKEY_size\fR\|(3). .PP The \fBpkey_bits()\fR method returns the key size in bits. It's called by \fBEVP_PKEY_bits\fR\|(3). .PP .Vb 8 \& int (*param_decode) (EVP_PKEY *pkey, \& const unsigned char **pder, int derlen); \& int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); \& int (*param_missing) (const EVP_PKEY *pk); \& int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); \& int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); \& int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, \& ASN1_PCTX *pctx); .Ve .PP The \fBparam_decode()\fR and \fBparam_encode()\fR methods are called to decode / encode \s-1DER\s0 formatted parameters to / from \fBpk\fR. They \s-1MUST\s0 return 0 on error, 1 on success. They're called by \fBPEM_read_bio_Parameters\fR\|(3) and the \fBfile:\fR \&\s-1\fBOSSL_STORE_LOADER\s0\fR\|(3). .PP The \fBparam_missing()\fR method returns 0 if a key parameter is missing, otherwise 1. It's called by \fBEVP_PKEY_missing_parameters\fR\|(3). .PP The \fBparam_copy()\fR method copies key parameters from \fBfrom\fR to \fBto\fR. It \s-1MUST\s0 return 0 on error, 1 on success. It's called by \fBEVP_PKEY_copy_parameters\fR\|(3). .PP The \fBparam_cmp()\fR method compares the parameters of keys \fBa\fR and \fBb\fR. It \s-1MUST\s0 return 1 when the keys are equal, 0 when not equal, or a negative number on error. It's called by \fBEVP_PKEY_cmp_parameters\fR\|(3). .PP The \fBparam_print()\fR method prints the private key parameters in humanly readable text to \fBout\fR, indented \fBindent\fR spaces. It \s-1MUST\s0 return 0 on error, 1 on success. It's called by \fBEVP_PKEY_print_params\fR\|(3). .PP .Vb 3 \& int (*sig_print) (BIO *out, \& const X509_ALGOR *sigalg, const ASN1_STRING *sig, \& int indent, ASN1_PCTX *pctx); .Ve .PP The \fBsig_print()\fR method prints a signature in humanly readable text to \&\fBout\fR, indented \fBindent\fR spaces. \&\fBsigalg\fR contains the exact signature algorithm. If the signature in \fBsig\fR doesn't correspond to what this method expects, \fBX509_signature_dump()\fR must be used as a last resort. It \s-1MUST\s0 return 0 on error, 1 on success. It's called by \fBX509_signature_print\fR\|(3). .PP .Vb 1 \& void (*pkey_free) (EVP_PKEY *pkey); .Ve .PP The \fBpkey_free()\fR method helps freeing the internals of \fBpkey\fR. It's called by \fBEVP_PKEY_free\fR\|(3), \fBEVP_PKEY_set_type\fR\|(3), \&\fBEVP_PKEY_set_type_str\fR\|(3), and \fBEVP_PKEY_assign\fR\|(3). .PP .Vb 1 \& int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); .Ve .PP The \fBpkey_ctrl()\fR method adds extra algorithm specific control. It's called by \fBEVP_PKEY_get_default_digest_nid\fR\|(3), \&\fBEVP_PKEY_set1_tls_encodedpoint\fR\|(3), \&\fBEVP_PKEY_get1_tls_encodedpoint\fR\|(3), \fBPKCS7_SIGNER_INFO_set\fR\|(3), \&\fBPKCS7_RECIP_INFO_set\fR\|(3), ... .PP .Vb 3 \& int (*old_priv_decode) (EVP_PKEY *pkey, \& const unsigned char **pder, int derlen); \& int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); .Ve .PP The \fBold_priv_decode()\fR and \fBold_priv_encode()\fR methods decode / encode they private key \fBpkey\fR from / to a \s-1DER\s0 formatted array. These are exclusively used to help decoding / encoding older (pre PKCS#8) \s-1PEM\s0 formatted encrypted private keys. \&\fBold_priv_decode()\fR \s-1MUST\s0 return 0 on error, 1 on success. \&\fBold_priv_encode()\fR \s-1MUST\s0 the return same kind of values as \&\fBi2d_PrivateKey()\fR. They're called by \fBd2i_PrivateKey\fR\|(3) and \fBi2d_PrivateKey\fR\|(3). .PP .Vb 5 \& int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, \& X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); \& int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, \& X509_ALGOR *alg1, X509_ALGOR *alg2, \& ASN1_BIT_STRING *sig); .Ve .PP The \fBitem_sign()\fR and \fBitem_verify()\fR methods make it possible to have algorithm specific signatures and verification of them. .PP \&\fBitem_sign()\fR \s-1MUST\s0 return one of: .IP "<=0" 4 .IX Item "<=0" error .IP "1" 4 .IX Item "1" \&\fBitem_sign()\fR did everything, OpenSSL internals just needs to pass the signature length back. .IP "2" 4 .IX Item "2" \&\fBitem_sign()\fR did nothing, OpenSSL internal standard routines are expected to continue with the default signature production. .IP "3" 4 .IX Item "3" \&\fBitem_sign()\fR set the algorithm identifier \fBalgor1\fR and \fBalgor2\fR, OpenSSL internals should just sign using those algorithms. .PP \&\fBitem_verify()\fR \s-1MUST\s0 return one of: .IP "<=0" 4 .IX Item "<=0" error .IP "1" 4 .IX Item "1" \&\fBitem_sign()\fR did everything, OpenSSL internals just needs to pass the signature length back. .IP "2" 4 .IX Item "2" \&\fBitem_sign()\fR did nothing, OpenSSL internal standard routines are expected to continue with the default signature production. .PP \&\fBitem_verify()\fR and \fBitem_sign()\fR are called by \fBASN1_item_verify\fR\|(3) and \&\fBASN1_item_sign\fR\|(3), and by extension, \fBX509_verify\fR\|(3), \&\fBX509_REQ_verify\fR\|(3), \fBX509_sign\fR\|(3), \fBX509_REQ_sign\fR\|(3), ... .PP .Vb 2 \& int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg, \& const ASN1_STRING *sig); .Ve .PP The \fBsiginf_set()\fR method is used to set custom \fBX509_SIG_INFO\fR parameters. It \s-1MUST\s0 return 0 on error, or 1 on success. It's called as part of \fBX509_check_purpose\fR\|(3), \fBX509_check_ca\fR\|(3) and \fBX509_check_issued\fR\|(3). .PP .Vb 3 \& int (*pkey_check) (const EVP_PKEY *pk); \& int (*pkey_public_check) (const EVP_PKEY *pk); \& int (*pkey_param_check) (const EVP_PKEY *pk); .Ve .PP The \fBpkey_check()\fR, \fBpkey_public_check()\fR and \fBpkey_param_check()\fR methods are used to check the validity of \fBpk\fR for key-pair, public component and parameters, respectively. They \s-1MUST\s0 return 0 for an invalid key, or 1 for a valid key. They are called by \fBEVP_PKEY_check\fR\|(3), \fBEVP_PKEY_public_check\fR\|(3) and \&\fBEVP_PKEY_param_check\fR\|(3) respectively. .PP .Vb 2 \& int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len); \& int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); .Ve .PP The \fBset_priv_key()\fR and \fBset_pub_key()\fR methods are used to set the raw private and public key data for an \s-1EVP_PKEY.\s0 They \s-1MUST\s0 return 0 on error, or 1 on success. They are called by \fBEVP_PKEY_new_raw_private_key\fR\|(3), and \&\fBEVP_PKEY_new_raw_public_key\fR\|(3) respectively. .SS "Functions" .IX Subsection "Functions" \&\fBEVP_PKEY_asn1_new()\fR creates and returns a new \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object, and associates the given \fBid\fR, \fBflags\fR, \fBpem_str\fR and \&\fBinfo\fR. \&\fBid\fR is a \s-1NID,\s0 \fBpem_str\fR is the \s-1PEM\s0 type string, \fBinfo\fR is a descriptive string. The following \fBflags\fR are supported: .PP .Vb 1 \& ASN1_PKEY_SIGPARAM_NULL .Ve .PP If \fB\s-1ASN1_PKEY_SIGPARAM_NULL\s0\fR is set, then the signature algorithm parameters are given the type \fBV_ASN1_NULL\fR by default, otherwise they will be given the type \fBV_ASN1_UNDEF\fR (i.e. the parameter is omitted). See \fBX509_ALGOR_set0\fR\|(3) for more information. .PP \&\fBEVP_PKEY_asn1_copy()\fR copies an \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object from \&\fBsrc\fR to \fBdst\fR. This function is not thread safe, it's recommended to only use this when initializing the application. .PP \&\fBEVP_PKEY_asn1_free()\fR frees an existing \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR pointed by \fBameth\fR. .PP \&\fBEVP_PKEY_asn1_add0()\fR adds \fBameth\fR to the user defined stack of methods unless another \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is already there. This function is not thread safe, it's recommended to only use this when initializing the application. .PP \&\fBEVP_PKEY_asn1_add_alias()\fR creates an alias with the \s-1NID\s0 \fBto\fR for the \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 \fBfrom\fR unless another \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is already added. This function is not thread safe, it's recommended to only use this when initializing the application. .PP \&\fBEVP_PKEY_asn1_set_public()\fR, \fBEVP_PKEY_asn1_set_private()\fR, \&\fBEVP_PKEY_asn1_set_param()\fR, \fBEVP_PKEY_asn1_set_free()\fR, \&\fBEVP_PKEY_asn1_set_ctrl()\fR, \fBEVP_PKEY_asn1_set_item()\fR, \&\fBEVP_PKEY_asn1_set_siginf()\fR, \fBEVP_PKEY_asn1_set_check()\fR, \&\fBEVP_PKEY_asn1_set_public_check()\fR, \fBEVP_PKEY_asn1_set_param_check()\fR, \&\fBEVP_PKEY_asn1_set_security_bits()\fR, \fBEVP_PKEY_asn1_set_set_priv_key()\fR, \&\fBEVP_PKEY_asn1_set_set_pub_key()\fR, \fBEVP_PKEY_asn1_set_get_priv_key()\fR and \&\fBEVP_PKEY_asn1_set_get_pub_key()\fR set the diverse methods of the given \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object. .PP \&\fBEVP_PKEY_get0_asn1()\fR finds the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR associated with the key \fBpkey\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_asn1_new()\fR returns \s-1NULL\s0 on error, or a pointer to an \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. .PP \&\fBEVP_PKEY_asn1_add0()\fR and \fBEVP_PKEY_asn1_add_alias()\fR return 0 on error, or 1 on success. .PP \&\fBEVP_PKEY_get0_asn1()\fR returns \s-1NULL\s0 on error, or a pointer to a constant \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!2lbbSSL_get_peer_tmp_key.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_TMP_KEY 3" .TH SSL_GET_PEER_TMP_KEY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key \- get information about temporary keys used during a handshake .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key); \& long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key); \& long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_get_peer_tmp_key()\fR returns the temporary key provided by the peer and used during key exchange. For example, if \s-1ECDHE\s0 is in use, then this represents the peer's public \s-1ECDHE\s0 key. On success a pointer to the key is stored in \&\fB*key\fR. It is the caller's responsibility to free this key after use using \&\fBEVP_PKEY_free\fR\|(3). .PP \&\fBSSL_get_server_tmp_key()\fR is a backwards compatibility alias for \&\fBSSL_get_peer_tmp_key()\fR. Under that name it worked just on the client side of the connection, its behaviour on the server end is release-dependent. .PP \&\fBSSL_get_tmp_key()\fR returns the equivalent information for the local end of the connection. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All these functions return 1 on success and 0 otherwise. .SH "NOTES" .IX Header "NOTES" This function is implemented as a macro. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBEVP_PKEY_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! z77 EC_KEY_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EC_KEY_NEW 3" .TH EC_KEY_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, EC_KEY_get_conv_form, EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_decoded_from_explicit_params, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, EC_KEY_priv2buf \- Functions for creating, destroying and manipulating EC_KEY objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& EC_KEY *EC_KEY_new(void); \& int EC_KEY_get_flags(const EC_KEY *key); \& void EC_KEY_set_flags(EC_KEY *key, int flags); \& void EC_KEY_clear_flags(EC_KEY *key, int flags); \& EC_KEY *EC_KEY_new_by_curve_name(int nid); \& void EC_KEY_free(EC_KEY *key); \& EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); \& EC_KEY *EC_KEY_dup(const EC_KEY *src); \& int EC_KEY_up_ref(EC_KEY *key); \& ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); \& const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); \& int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); \& const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); \& int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key); \& const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); \& int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); \& point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); \& void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); \& void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); \& int EC_KEY_decoded_from_explicit_params(const EC_KEY *key); \& int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); \& int EC_KEY_generate_key(EC_KEY *key); \& int EC_KEY_check_key(const EC_KEY *key); \& int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); \& const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); \& int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); \& \& int EC_KEY_oct2key(EC_KEY *eckey, const unsigned char *buf, size_t len, BN_CTX *ctx); \& size_t EC_KEY_key2buf(const EC_KEY *eckey, point_conversion_form_t form, \& unsigned char **pbuf, BN_CTX *ctx); \& \& int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len); \& size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len); \& \& size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" An \s-1EC_KEY\s0 represents a public key and, optionally, the associated private key. A new \s-1EC_KEY\s0 with no associated curve can be constructed by calling \&\fBEC_KEY_new()\fR. The reference count for the newly created \s-1EC_KEY\s0 is initially set to 1. A curve can be associated with the \s-1EC_KEY\s0 by calling \&\fBEC_KEY_set_group()\fR. .PP Alternatively a new \s-1EC_KEY\s0 can be constructed by calling \&\fBEC_KEY_new_by_curve_name()\fR and supplying the nid of the associated curve. See \&\fBEC_GROUP_new\fR\|(3) for a description of curve names. This function simply wraps calls to \fBEC_KEY_new()\fR and \fBEC_GROUP_new_by_curve_name()\fR. .PP Calling \fBEC_KEY_free()\fR decrements the reference count for the \s-1EC_KEY\s0 object, and if it has dropped to zero then frees the memory associated with it. If \&\fBkey\fR is \s-1NULL\s0 nothing is done. .PP \&\fBEC_KEY_copy()\fR copies the contents of the \s-1EC_KEY\s0 in \fBsrc\fR into \fBdest\fR. .PP \&\fBEC_KEY_dup()\fR creates a new \s-1EC_KEY\s0 object and copies \fBec_key\fR into it. .PP \&\fBEC_KEY_up_ref()\fR increments the reference count associated with the \s-1EC_KEY\s0 object. .PP \&\fBEC_KEY_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1EC_KEY\s0 object. .PP \&\fBEC_KEY_generate_key()\fR generates a new public and private key for the supplied \&\fBeckey\fR object. \fBeckey\fR must have an \s-1EC_GROUP\s0 object associated with it before calling this function. The private key is a random integer (0 < priv_key < order, where \fIorder\fR is the order of the \s-1EC_GROUP\s0 object). The public key is an \s-1EC_POINT\s0 on the curve calculated by multiplying the generator for the curve by the private key. .PP \&\fBEC_KEY_check_key()\fR performs various sanity checks on the \s-1EC_KEY\s0 object to confirm that it is valid. .PP \&\fBEC_KEY_set_public_key_affine_coordinates()\fR sets the public key for \fBkey\fR based on its affine co-ordinates; i.e., it constructs an \s-1EC_POINT\s0 object based on the supplied \fBx\fR and \fBy\fR values and sets the public key to be this \&\s-1EC_POINT.\s0 It also performs certain sanity checks on the key to confirm that it is valid. .PP The functions \fBEC_KEY_get0_group()\fR, \fBEC_KEY_set_group()\fR, \&\fBEC_KEY_get0_private_key()\fR, \fBEC_KEY_set_private_key()\fR, \fBEC_KEY_get0_public_key()\fR, and \fBEC_KEY_set_public_key()\fR get and set the \s-1EC_GROUP\s0 object, the private key, and the \s-1EC_POINT\s0 public key for the \fBkey\fR respectively. The function \&\fBEC_KEY_set_private_key()\fR accepts \s-1NULL\s0 as the priv_key argument to securely clear the private key component from the \s-1EC_KEY.\s0 .PP The functions \fBEC_KEY_get_conv_form()\fR and \fBEC_KEY_set_conv_form()\fR get and set the point_conversion_form for the \fBkey\fR. For a description of point_conversion_forms please see \fBEC_POINT_new\fR\|(3). .PP \&\fBEC_KEY_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1EC_KEY\s0 object. Any flags that are already set are left set. The flags currently defined are \s-1EC_FLAG_NON_FIPS_ALLOW\s0 and \s-1EC_FLAG_FIPS_CHECKED.\s0 In addition there is the flag \s-1EC_FLAG_COFACTOR_ECDH\s0 which is specific to \s-1ECDH.\s0 \&\fBEC_KEY_get_flags()\fR returns the current flags that are set for this \s-1EC_KEY.\s0 \&\fBEC_KEY_clear_flags()\fR clears the flags indicated by the \fBflags\fR parameter; all other flags are left in their existing state. .PP \&\fBEC_KEY_set_asn1_flag()\fR sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object (if set). Refer to \fBEC_GROUP_copy\fR\|(3) for further information on the asn1_flag. .PP \&\fBEC_KEY_decoded_from_explicit_params()\fR returns 1 if the group of the \fIkey\fR was decoded from data with explicitly encoded group parameters, \-1 if the \fIkey\fR is \s-1NULL\s0 or the group parameters are missing, and 0 otherwise. .PP \&\fBEC_KEY_precompute_mult()\fR stores multiples of the underlying \s-1EC_GROUP\s0 generator for faster point multiplication. See also \fBEC_POINT_add\fR\|(3). .PP \&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_key2buf()\fR are identical to the functions \&\fBEC_POINT_oct2point()\fR and \fBEC_POINT_point2buf()\fR except they use the public key \&\s-1EC_POINT\s0 in \fBeckey\fR. .PP \&\fBEC_KEY_oct2priv()\fR and \fBEC_KEY_priv2oct()\fR convert between the private key component of \fBeckey\fR and octet form. The octet form consists of the content octets of the \fBprivateKey\fR \s-1OCTET STRING\s0 in an \fBECPrivateKey\fR \s-1ASN.1\s0 structure. .PP The function \fBEC_KEY_priv2oct()\fR must be supplied with a buffer long enough to store the octet form. The return value provides the number of octets stored. Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but will just return the required buffer length. .PP The function \fBEC_KEY_priv2buf()\fR allocates a buffer of suitable length and writes an \s-1EC_KEY\s0 to it in octet format. The allocated buffer is written to \fB*pbuf\fR and its length is returned. The caller must free up the allocated buffer with a call to \fBOPENSSL_free()\fR. Since the allocated buffer value is written to \fB*pbuf\fR the \fBpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR. .PP \&\fBEC_KEY_priv2buf()\fR converts an \s-1EC_KEY\s0 private key into an allocated buffer. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEC_KEY_new()\fR, \fBEC_KEY_new_by_curve_name()\fR and \fBEC_KEY_dup()\fR return a pointer to the newly created \s-1EC_KEY\s0 object, or \s-1NULL\s0 on error. .PP \&\fBEC_KEY_get_flags()\fR returns the flags associated with the \s-1EC_KEY\s0 object as an integer. .PP \&\fBEC_KEY_copy()\fR returns a pointer to the destination key, or \s-1NULL\s0 on error. .PP \&\fBEC_KEY_get0_engine()\fR returns a pointer to an \s-1ENGINE,\s0 or \s-1NULL\s0 if it wasn't set. .PP \&\fBEC_KEY_up_ref()\fR, \fBEC_KEY_set_group()\fR, \fBEC_KEY_set_public_key()\fR, \&\fBEC_KEY_precompute_mult()\fR, \fBEC_KEY_generate_key()\fR, \fBEC_KEY_check_key()\fR, \&\fBEC_KEY_set_public_key_affine_coordinates()\fR, \fBEC_KEY_oct2key()\fR and \&\fBEC_KEY_oct2priv()\fR return 1 on success or 0 on error. .PP \&\fBEC_KEY_set_private_key()\fR returns 1 on success or 0 on error except when the priv_key argument is \s-1NULL,\s0 in that case it returns 0, for legacy compatibility, and should not be treated as an error. .PP \&\fBEC_KEY_get0_group()\fR returns the \s-1EC_GROUP\s0 associated with the \s-1EC_KEY.\s0 .PP \&\fBEC_KEY_get0_private_key()\fR returns the private key associated with the \s-1EC_KEY.\s0 .PP \&\fBEC_KEY_get_conv_form()\fR return the point_conversion_form for the \s-1EC_KEY.\s0 .PP \&\fBEC_KEY_key2buf()\fR, \fBEC_KEY_priv2oct()\fR and \fBEC_KEY_priv2buf()\fR return the length of the buffer or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3), \&\fBEC_POINT_add\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), \&\fBd2i_ECPKParameters\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!<3y?%% BIO_s_file.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_S_FILE 3" .TH BIO_S_FILE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, BIO_read_filename, BIO_write_filename, BIO_append_filename, BIO_rw_filename \- FILE bio .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const BIO_METHOD *BIO_s_file(void); \& BIO *BIO_new_file(const char *filename, const char *mode); \& BIO *BIO_new_fp(FILE *stream, int flags); \& \& BIO_set_fp(BIO *b, FILE *fp, int flags); \& BIO_get_fp(BIO *b, FILE **fpp); \& \& int BIO_read_filename(BIO *b, char *name) \& int BIO_write_filename(BIO *b, char *name) \& int BIO_append_filename(BIO *b, char *name) \& int BIO_rw_filename(BIO *b, char *name) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it is a wrapper round the stdio \s-1FILE\s0 structure and it is a source/sink \s-1BIO.\s0 .PP Calls to \fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read and write data to the underlying stream. \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported on file BIOs. .PP \&\fBBIO_flush()\fR on a file \s-1BIO\s0 calls the \fBfflush()\fR function on the wrapped stream. .PP \&\fBBIO_reset()\fR attempts to change the file pointer to the start of file using fseek(stream, 0, 0). .PP \&\fBBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file using fseek(stream, ofs, 0). .PP \&\fBBIO_eof()\fR calls \fBfeof()\fR. .PP Setting the \s-1BIO_CLOSE\s0 flag calls \fBfclose()\fR on the stream when the \s-1BIO\s0 is freed. .PP \&\fBBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning of \fBmode\fR is the same as the stdio function \fBfopen()\fR. The \s-1BIO_CLOSE\s0 flag is set on the returned \s-1BIO.\s0 .PP \&\fBBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be: \&\s-1BIO_CLOSE, BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying stream to text mode, default is binary: this only has any effect under Win32). .PP \&\fBBIO_set_fp()\fR sets the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same meaning as in \fBBIO_new_fp()\fR, it is a macro. .PP \&\fBBIO_get_fp()\fR retrieves the fp of a file \s-1BIO,\s0 it is a macro. .PP \&\fBBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes from the start of file. .PP \&\fBBIO_tell()\fR returns the value of the position pointer. .PP \&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and \&\fBBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for reading, writing, append or read write respectively. .SH "NOTES" .IX Header "NOTES" When wrapping stdout, stdin or stderr the underlying stream should not normally be closed so the \s-1BIO_NOCLOSE\s0 flag should be set. .PP Because the file \s-1BIO\s0 calls the underlying stdio functions any quirks in stdio behaviour will be mirrored by the corresponding \s-1BIO.\s0 .PP On Windows BIO_new_files reserves for the filename argument to be \&\s-1UTF\-8\s0 encoded. In other words if you have to make it work in multi\- lingual environment, encode filenames in \s-1UTF\-8.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_s_file()\fR returns the file \s-1BIO\s0 method. .PP \&\fBBIO_new_file()\fR and \fBBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error occurred. .PP \&\fBBIO_set_fp()\fR and \fBBIO_get_fp()\fR return 1 for success or 0 for failure (although the current implementation never return 0). .PP \&\fBBIO_seek()\fR returns the same value as the underlying \fBfseek()\fR function: 0 for success or \-1 for failure. .PP \&\fBBIO_tell()\fR returns the current file position. .PP \&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and \&\fBBIO_rw_filename()\fR return 1 for success or 0 for failure. .SH "EXAMPLES" .IX Header "EXAMPLES" File \s-1BIO\s0 \*(L"hello world\*(R": .PP .Vb 1 \& BIO *bio_out; \& \& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); \& BIO_printf(bio_out, "Hello World\en"); .Ve .PP Alternative technique: .PP .Vb 1 \& BIO *bio_out; \& \& bio_out = BIO_new(BIO_s_file()); \& if (bio_out == NULL) \& /* Error */ \& if (!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) \& /* Error */ \& BIO_printf(bio_out, "Hello World\en"); .Ve .PP Write to a file: .PP .Vb 1 \& BIO *out; \& \& out = BIO_new_file("filename.txt", "w"); \& if (!out) \& /* Error */ \& BIO_printf(out, "Hello World\en"); \& BIO_free(out); .Ve .PP Alternative technique: .PP .Vb 1 \& BIO *out; \& \& out = BIO_new(BIO_s_file()); \& if (out == NULL) \& /* Error */ \& if (!BIO_write_filename(out, "filename.txt")) \& /* Error */ \& BIO_printf(out, "Hello World\en"); \& BIO_free(out); .Ve .SH "BUGS" .IX Header "BUGS" \&\fBBIO_reset()\fR and \fBBIO_seek()\fR are implemented using \fBfseek()\fR on the underlying stream. The return value for \fBfseek()\fR is 0 for success or \-1 if an error occurred this differs from other types of \s-1BIO\s0 which will typically return 1 for success and a non positive value if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBIO_seek\fR\|(3), \fBBIO_tell\fR\|(3), \&\fBBIO_reset\fR\|(3), \fBBIO_flush\fR\|(3), \&\fBBIO_read_ex\fR\|(3), \&\fBBIO_write_ex\fR\|(3), \fBBIO_puts\fR\|(3), \&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3), \&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!33RSA_get0_key.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RSA_GET0_KEY 3" .TH RSA_GET0_KEY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key, RSA_get0_factors, RSA_get0_crt_params, RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q, RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, RSA_get0_pss_params, RSA_clear_flags, RSA_test_flags, RSA_set_flags, RSA_get0_engine, RSA_get_multi_prime_extra_count, RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params, RSA_set0_multi_prime_params, RSA_get_version \&\- Routines for getting and setting data in an RSA object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); \& int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); \& int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); \& void RSA_get0_key(const RSA *r, \& const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); \& void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); \& void RSA_get0_crt_params(const RSA *r, \& const BIGNUM **dmp1, const BIGNUM **dmq1, \& const BIGNUM **iqmp); \& const BIGNUM *RSA_get0_n(const RSA *d); \& const BIGNUM *RSA_get0_e(const RSA *d); \& const BIGNUM *RSA_get0_d(const RSA *d); \& const BIGNUM *RSA_get0_p(const RSA *d); \& const BIGNUM *RSA_get0_q(const RSA *d); \& const BIGNUM *RSA_get0_dmp1(const RSA *r); \& const BIGNUM *RSA_get0_dmq1(const RSA *r); \& const BIGNUM *RSA_get0_iqmp(const RSA *r); \& const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r); \& void RSA_clear_flags(RSA *r, int flags); \& int RSA_test_flags(const RSA *r, int flags); \& void RSA_set_flags(RSA *r, int flags); \& ENGINE *RSA_get0_engine(RSA *r); \& int RSA_get_multi_prime_extra_count(const RSA *r); \& int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]); \& int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], \& const BIGNUM *coeffs[]); \& int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], \& BIGNUM *coeffs[], int pnum); \& int RSA_get_version(RSA *r); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" An \s-1RSA\s0 object contains the components for the public and private key, \&\fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR. \fBn\fR is the modulus common to both public and private key, \fBe\fR is the public exponent and \fBd\fR is the private exponent. \fBp\fR, \fBq\fR, \fBdmp1\fR, \&\fBdmq1\fR and \fBiqmp\fR are the factors for the second representation of a private key (see PKCS#1 section 3 Key Types), where \fBp\fR and \fBq\fR are the first and second factor of \fBn\fR and \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR are the exponents and coefficient for \s-1CRT\s0 calculations. .PP For multi-prime \s-1RSA\s0 (defined in \s-1RFC 8017\s0), there are also one or more \&'triplet' in an \s-1RSA\s0 object. A triplet contains three members, \fBr\fR, \fBd\fR and \fBt\fR. \fBr\fR is the additional prime besides \fBp\fR and \fBq\fR. \fBd\fR and \&\fBt\fR are the exponent and coefficient for \s-1CRT\s0 calculations. .PP The \fBn\fR, \fBe\fR and \fBd\fR parameters can be obtained by calling \&\fBRSA_get0_key()\fR. If they have not been set yet, then \fB*n\fR, \fB*e\fR and \&\fB*d\fR will be set to \s-1NULL.\s0 Otherwise, they are set to pointers to their respective values. These point directly to the internal representations of the values and therefore should not be freed by the caller. .PP The \fBn\fR, \fBe\fR and \fBd\fR parameter values can be set by calling \&\fBRSA_set0_key()\fR and passing the new values for \fBn\fR, \fBe\fR and \fBd\fR as parameters to the function. The values \fBn\fR and \fBe\fR must be non-NULL the first time this function is called on a given \s-1RSA\s0 object. The value \fBd\fR may be \s-1NULL.\s0 On subsequent calls any of these values may be \&\s-1NULL\s0 which means the corresponding \s-1RSA\s0 field is left untouched. Calling this function transfers the memory management of the values to the \s-1RSA\s0 object, and therefore the values that have been passed in should not be freed by the caller after this function has been called. .PP In a similar fashion, the \fBp\fR and \fBq\fR parameters can be obtained and set with \fBRSA_get0_factors()\fR and \fBRSA_set0_factors()\fR, and the \fBdmp1\fR, \&\fBdmq1\fR and \fBiqmp\fR parameters can be obtained and set with \&\fBRSA_get0_crt_params()\fR and \fBRSA_set0_crt_params()\fR. .PP For \fBRSA_get0_key()\fR, \fBRSA_get0_factors()\fR, and \fBRSA_get0_crt_params()\fR, \&\s-1NULL\s0 value \s-1BIGNUM\s0 ** output parameters are permitted. The functions ignore \s-1NULL\s0 parameters but return values for other, non-NULL, parameters. .PP For multi-prime \s-1RSA,\s0 \fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_params()\fR can be used to obtain other primes and related \s-1CRT\s0 parameters. The return values are stored in an array of \fB\s-1BIGNUM\s0 *\fR. \fBRSA_set0_multi_prime_params()\fR sets a collect of multi-prime 'triplet' members (prime, exponent and coefficient) into an \s-1RSA\s0 object. .PP Any of the values \fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR, and \fBiqmp\fR can also be retrieved separately by the corresponding function \&\fBRSA_get0_n()\fR, \fBRSA_get0_e()\fR, \fBRSA_get0_d()\fR, \fBRSA_get0_p()\fR, \fBRSA_get0_q()\fR, \&\fBRSA_get0_dmp1()\fR, \fBRSA_get0_dmq1()\fR, and \fBRSA_get0_iqmp()\fR, respectively. .PP \&\fBRSA_get0_pss_params()\fR is used to retrieve the RSA-PSS parameters. .PP \&\fBRSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1RSA\s0 object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. \fBRSA_test_flags()\fR tests to see whether the flags passed in the \fBflags\fR parameter are currently set in the \s-1RSA\s0 object. Multiple flags can be tested in one go. All flags that are currently set are returned, or zero if none of the flags are set. \fBRSA_clear_flags()\fR clears the specified flags within the \&\s-1RSA\s0 object. .PP \&\fBRSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1RSA\s0 object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. .PP \&\fBRSA_get_version()\fR returns the version of an \s-1RSA\s0 object \fBr\fR. .SH "NOTES" .IX Header "NOTES" Values retrieved with \fBRSA_get0_key()\fR are owned by the \s-1RSA\s0 object used in the call and may therefore \fInot\fR be passed to \fBRSA_set0_key()\fR. If needed, duplicate the received value using \fBBN_dup()\fR and pass the duplicate. The same applies to \fBRSA_get0_factors()\fR and \fBRSA_set0_factors()\fR as well as \fBRSA_get0_crt_params()\fR and \fBRSA_set0_crt_params()\fR. .PP The caller should obtain the size by calling \fBRSA_get_multi_prime_extra_count()\fR in advance and allocate sufficient buffer to store the return values before calling \fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_params()\fR. .PP \&\fBRSA_set0_multi_prime_params()\fR always clears the original multi-prime triplets in \s-1RSA\s0 object \fBr\fR and assign the new set of triplets into it. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRSA_set0_key()\fR, \fBRSA_set0_factors()\fR, \fBRSA_set0_crt_params()\fR and \&\fBRSA_set0_multi_prime_params()\fR return 1 on success or 0 on failure. .PP \&\fBRSA_get0_n()\fR, \fBRSA_get0_e()\fR, \fBRSA_get0_d()\fR, \fBRSA_get0_p()\fR, \fBRSA_get0_q()\fR, \&\fBRSA_get0_dmp1()\fR, \fBRSA_get0_dmq1()\fR, and \fBRSA_get0_iqmp()\fR return the respective value. .PP \&\fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_crt_params()\fR return 1 on success or 0 on failure. .PP \&\fBRSA_get_multi_prime_extra_count()\fR returns two less than the number of primes in use, which is 0 for traditional \s-1RSA\s0 and the number of extra primes for multi-prime \s-1RSA.\s0 .PP \&\fBRSA_get_version()\fR returns \fB\s-1RSA_ASN1_VERSION_MULTI\s0\fR for multi-prime \s-1RSA\s0 and \&\fB\s-1RSA_ASN1_VERSION_DEFAULT\s0\fR for normal two-prime \s-1RSA,\s0 as defined in \s-1RFC 8017.\s0 .PP \&\fBRSA_test_flags()\fR returns the current state of the flags in the \s-1RSA\s0 object. .PP \&\fBRSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1RSA\s0 object or \s-1NULL\s0 if no \&\s-1ENGINE\s0 has been set. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRSA_new\fR\|(3), \fBRSA_size\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBRSA_get0_pss_params()\fR function was added in OpenSSL 1.1.1e. .PP The \&\fBRSA_get_multi_prime_extra_count()\fR, \fBRSA_get0_multi_prime_factors()\fR, \&\fBRSA_get0_multi_prime_crt_params()\fR, \fBRSA_set0_multi_prime_params()\fR, and \fBRSA_get_version()\fR functions were added in OpenSSL 1.1.1. .PP Other functions described here were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!bU8r&r&OPENSSL_secure_malloc.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OPENSSL_SECURE_MALLOC 3" .TH OPENSSL_SECURE_MALLOC 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized, CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, CRYPTO_secure_free, OPENSSL_secure_clear_free, CRYPTO_secure_clear_free, OPENSSL_secure_actual_size, CRYPTO_secure_allocated, CRYPTO_secure_used \- secure heap storage .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int CRYPTO_secure_malloc_init(size_t size, int minsize); \& \& int CRYPTO_secure_malloc_initialized(); \& \& int CRYPTO_secure_malloc_done(); \& \& void *OPENSSL_secure_malloc(size_t num); \& void *CRYPTO_secure_malloc(size_t num, const char *file, int line); \& \& void *OPENSSL_secure_zalloc(size_t num); \& void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); \& \& void OPENSSL_secure_free(void* ptr); \& void CRYPTO_secure_free(void *ptr, const char *, int); \& \& void OPENSSL_secure_clear_free(void* ptr, size_t num); \& void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int); \& \& size_t OPENSSL_secure_actual_size(const void *ptr); \& \& int CRYPTO_secure_allocated(const void *ptr); \& size_t CRYPTO_secure_used(); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" In order to help protect applications (particularly long-running servers) from pointer overruns or underruns that could return arbitrary data from the program's dynamic memory area, where keys and other sensitive information might be stored, OpenSSL supports the concept of a \*(L"secure heap.\*(R" The level and type of security guarantees depend on the operating system. It is a good idea to review the code and see if it addresses your threat model and concerns. .PP If a secure heap is used, then private key \fB\s-1BIGNUM\s0\fR values are stored there. This protects long-term storage of private keys, but will not necessarily put all intermediate values and computations there. .PP \&\fBCRYPTO_secure_malloc_init()\fR creates the secure heap, with the specified \&\f(CW\*(C`size\*(C'\fR in bytes. The \f(CW\*(C`minsize\*(C'\fR parameter is the minimum size to allocate from the heap. Both \f(CW\*(C`size\*(C'\fR and \f(CW\*(C`minsize\*(C'\fR must be a power of two. .PP \&\fBCRYPTO_secure_malloc_initialized()\fR indicates whether or not the secure heap as been initialized and is available. .PP \&\fBCRYPTO_secure_malloc_done()\fR releases the heap and makes the memory unavailable to the process if all secure memory has been freed. It can take noticeably long to complete. .PP \&\fBOPENSSL_secure_malloc()\fR allocates \f(CW\*(C`num\*(C'\fR bytes from the heap. If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to calling \fBOPENSSL_malloc()\fR. It is a macro that expands to \&\fBCRYPTO_secure_malloc()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters. .PP \&\fBOPENSSL_secure_zalloc()\fR and \fBCRYPTO_secure_zalloc()\fR are like \&\fBOPENSSL_secure_malloc()\fR and \fBCRYPTO_secure_malloc()\fR, respectively, except that they call \fBmemset()\fR to zero the memory before returning. .PP \&\fBOPENSSL_secure_free()\fR releases the memory at \f(CW\*(C`ptr\*(C'\fR back to the heap. It must be called with a value previously obtained from \&\fBOPENSSL_secure_malloc()\fR. If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to calling \fBOPENSSL_free()\fR. It exists for consistency with \fBOPENSSL_secure_malloc()\fR , and is a macro that expands to \fBCRYPTO_secure_free()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters.. .PP \&\fBOPENSSL_secure_clear_free()\fR is similar to \fBOPENSSL_secure_free()\fR except that it has an additional \f(CW\*(C`num\*(C'\fR parameter which is used to clear the memory if it was not allocated from the secure heap. If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to calling \fBOPENSSL_clear_free()\fR. .PP \&\fBOPENSSL_secure_actual_size()\fR tells the actual size allocated to the pointer; implementations may allocate more space than initially requested, in order to \*(L"round up\*(R" and reduce secure heap fragmentation. .PP \&\fBOPENSSL_secure_allocated()\fR tells if a pointer is allocated in the secure heap. .PP \&\fBCRYPTO_secure_used()\fR returns the number of bytes allocated in the secure heap. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCRYPTO_secure_malloc_init()\fR returns 0 on failure, 1 if successful, and 2 if successful but the heap could not be protected by memory mapping. .PP \&\fBCRYPTO_secure_malloc_initialized()\fR returns 1 if the secure heap is available (that is, if \fBCRYPTO_secure_malloc_init()\fR has been called, but \fBCRYPTO_secure_malloc_done()\fR has not been called or failed) or 0 if not. .PP \&\fBOPENSSL_secure_malloc()\fR and \fBOPENSSL_secure_zalloc()\fR return a pointer into the secure heap of the requested size, or \f(CW\*(C`NULL\*(C'\fR if memory could not be allocated. .PP \&\fBCRYPTO_secure_allocated()\fR returns 1 if the pointer is in the secure heap, or 0 if not. .PP \&\fBCRYPTO_secure_malloc_done()\fR returns 1 if the secure memory area is released, or 0 if not. .PP \&\fBOPENSSL_secure_free()\fR and \fBOPENSSL_secure_clear_free()\fR return no values. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOPENSSL_malloc\fR\|(3), \&\fBBN_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBOPENSSL_secure_clear_free()\fR function was added in OpenSSL 1.1.0g. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!4f//ASYNC_WAIT_CTX_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ASYNC_WAIT_CTX_NEW 3" .TH ASYNC_WAIT_CTX_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd \- functions to manage waiting for asynchronous jobs to complete .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); \& void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); \& int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, \& OSSL_ASYNC_FD fd, \& void *custom_data, \& void (*cleanup)(ASYNC_WAIT_CTX *, const void *, \& OSSL_ASYNC_FD, void *)); \& int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, \& OSSL_ASYNC_FD *fd, void **custom_data); \& int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, \& size_t *numfds); \& int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, \& size_t *numaddfds, OSSL_ASYNC_FD *delfd, \& size_t *numdelfds); \& int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" For an overview of how asynchronous operations are implemented in OpenSSL see \&\fBASYNC_start_job\fR\|(3). An \s-1ASYNC_WAIT_CTX\s0 object represents an asynchronous \&\*(L"session\*(R", i.e. a related set of crypto operations. For example in \s-1SSL\s0 terms this would have a one-to-one correspondence with an \s-1SSL\s0 connection. .PP Application code must create an \s-1ASYNC_WAIT_CTX\s0 using the \fBASYNC_WAIT_CTX_new()\fR function prior to calling \fBASYNC_start_job()\fR (see \fBASYNC_start_job\fR\|(3)). When the job is started it is associated with the \s-1ASYNC_WAIT_CTX\s0 for the duration of that job. An \s-1ASYNC_WAIT_CTX\s0 should only be used for one \s-1ASYNC_JOB\s0 at any one time, but can be reused after an \s-1ASYNC_JOB\s0 has finished for a subsequent \&\s-1ASYNC_JOB.\s0 When the session is complete (e.g. the \s-1SSL\s0 connection is closed), application code cleans up with \fBASYNC_WAIT_CTX_free()\fR. .PP ASYNC_WAIT_CTXs can have \*(L"wait\*(R" file descriptors associated with them. Calling \&\fBASYNC_WAIT_CTX_get_all_fds()\fR and passing in a pointer to an \s-1ASYNC_WAIT_CTX\s0 in the \fBctx\fR parameter will return the wait file descriptors associated with that job in \fB*fd\fR. The number of file descriptors returned will be stored in \&\fB*numfds\fR. It is the caller's responsibility to ensure that sufficient memory has been allocated in \fB*fd\fR to receive all the file descriptors. Calling \&\fBASYNC_WAIT_CTX_get_all_fds()\fR with a \s-1NULL\s0 \fBfd\fR value will return no file descriptors but will still populate \fB*numfds\fR. Therefore, application code is typically expected to call this function twice: once to get the number of fds, and then again when sufficient memory has been allocated. If only one asynchronous engine is being used then normally this call will only ever return one fd. If multiple asynchronous engines are being used then more could be returned. .PP The function \fBASYNC_WAIT_CTX_get_changed_fds()\fR can be used to detect if any fds have changed since the last call time \fBASYNC_start_job()\fR returned an \s-1ASYNC_PAUSE\s0 result (or since the \s-1ASYNC_WAIT_CTX\s0 was created if no \s-1ASYNC_PAUSE\s0 result has been received). The \fBnumaddfds\fR and \fBnumdelfds\fR parameters will be populated with the number of fds added or deleted respectively. \fB*addfd\fR and \fB*delfd\fR will be populated with the list of added and deleted fds respectively. Similarly to \fBASYNC_WAIT_CTX_get_all_fds()\fR either of these can be \s-1NULL,\s0 but if they are not \&\s-1NULL\s0 then the caller is responsible for ensuring sufficient memory is allocated. .PP Implementors of async aware code (e.g. engines) are encouraged to return a stable fd for the lifetime of the \s-1ASYNC_WAIT_CTX\s0 in order to reduce the \*(L"churn\*(R" of regularly changing fds \- although no guarantees of this are provided to applications. .PP Applications can wait for the file descriptor to be ready for \*(L"read\*(R" using a system function call such as select or poll (being ready for \*(L"read\*(R" indicates that the job should be resumed). If no file descriptor is made available then an application will have to periodically \*(L"poll\*(R" the job by attempting to restart it to see if it is ready to continue. .PP Async aware code (e.g. engines) can get the current \s-1ASYNC_WAIT_CTX\s0 from the job via \fBASYNC_get_wait_ctx\fR\|(3) and provide a file descriptor to use for waiting on by calling \fBASYNC_WAIT_CTX_set_wait_fd()\fR. Typically this would be done by an engine immediately prior to calling \fBASYNC_pause_job()\fR and not by end user code. An existing association with a file descriptor can be obtained using \&\fBASYNC_WAIT_CTX_get_fd()\fR and cleared using \fBASYNC_WAIT_CTX_clear_fd()\fR. Both of these functions requires a \fBkey\fR value which is unique to the async aware code. This could be any unique value but a good candidate might be the \&\fB\s-1ENGINE\s0 *\fR for the engine. The \fBcustom_data\fR parameter can be any value, and will be returned in a subsequent call to \fBASYNC_WAIT_CTX_get_fd()\fR. The \&\fBASYNC_WAIT_CTX_set_wait_fd()\fR function also expects a pointer to a \*(L"cleanup\*(R" routine. This can be \s-1NULL\s0 but if provided will automatically get called when the \s-1ASYNC_WAIT_CTX\s0 is freed, and gives the engine the opportunity to close the fd or any other resources. Note: The \*(L"cleanup\*(R" routine does not get called if the fd is cleared directly via a call to \fBASYNC_WAIT_CTX_clear_fd()\fR. .PP An example of typical usage might be an async capable engine. User code would initiate cryptographic operations. The engine would initiate those operations asynchronously and then call \fBASYNC_WAIT_CTX_set_wait_fd()\fR followed by \&\fBASYNC_pause_job()\fR to return control to the user code. The user code can then perform other tasks or wait for the job to be ready by calling \*(L"select\*(R" or other similar function on the wait file descriptor. The engine can signal to the user code that the job should be resumed by making the wait file descriptor \&\*(L"readable\*(R". Once resumed the engine should clear the wake signal on the wait file descriptor. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASYNC_WAIT_CTX_new()\fR returns a pointer to the newly allocated \s-1ASYNC_WAIT_CTX\s0 or \&\s-1NULL\s0 on error. .PP ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, ASYNC_WAIT_CTX_get_changed_fds and ASYNC_WAIT_CTX_clear_fd all return 1 on success or 0 on error. .SH "NOTES" .IX Header "NOTES" On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to async.h. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBASYNC_start_job\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBASYNC_WAIT_CTX_new()\fR, \fBASYNC_WAIT_CTX_free()\fR, \fBASYNC_WAIT_CTX_set_wait_fd()\fR, \&\fBASYNC_WAIT_CTX_get_fd()\fR, \fBASYNC_WAIT_CTX_get_all_fds()\fR, \&\fBASYNC_WAIT_CTX_get_changed_fds()\fR and \fBASYNC_WAIT_CTX_clear_fd()\fR were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!22SSL_do_handshake.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_DO_HANDSHAKE 3" .TH SSL_DO_HANDSHAKE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_do_handshake \- perform a TLS/SSL handshake .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_do_handshake(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the connection is in client mode, the handshake will be started. The handshake routines may have to be explicitly set in advance using either \&\fBSSL_set_connect_state\fR\|(3) or \&\fBSSL_set_accept_state\fR\|(3). .SH "NOTES" .IX Header "NOTES" The behaviour of \fBSSL_do_handshake()\fR depends on the underlying \s-1BIO.\s0 .PP If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_do_handshake()\fR will only return once the handshake has been finished or an error occurred. .PP If the underlying \s-1BIO\s0 is \fBnonblocking\fR, \fBSSL_do_handshake()\fR will also return when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_do_handshake()\fR to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the return value of \fBSSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fBSSL_do_handshake()\fR. The action depends on the underlying \s-1BIO.\s0 When using a nonblocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "0" 4 The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .IP "1" 4 .IX Item "1" The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been established. .IP "<0" 4 .IX Item "<0" The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation for nonblocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), \&\fBSSL_accept\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), \&\fBSSL_set_connect_state\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!Y Y X509_CRL_get0_by_serial.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_CRL_GET0_BY_SERIAL 3" .TH X509_CRL_GET0_BY_SERIAL 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate, X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate, X509_CRL_add0_revoked, X509_CRL_sort \- CRL revoked entry utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_CRL_get0_by_serial(X509_CRL *crl, \& X509_REVOKED **ret, ASN1_INTEGER *serial); \& int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); \& \& STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); \& \& const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *r); \& const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *r); \& \& int X509_REVOKED_set_serialNumber(X509_REVOKED *r, ASN1_INTEGER *serial); \& int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); \& \& int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); \& \& int X509_CRL_sort(X509_CRL *crl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_CRL_get0_by_serial()\fR attempts to find a revoked entry in \fBcrl\fR for serial number \fBserial\fR. If it is successful it sets \fB*ret\fR to the internal pointer of the matching entry, as a result \fB*ret\fR must not be freed up after the call. .PP \&\fBX509_CRL_get0_by_cert()\fR is similar to \fBX509_get0_by_serial()\fR except it looks for a revoked entry using the serial number of certificate \fBx\fR. .PP \&\fBX509_CRL_get_REVOKED()\fR returns an internal pointer to a stack of all revoked entries for \fBcrl\fR. .PP \&\fBX509_REVOKED_get0_serialNumber()\fR returns an internal pointer to the serial number of \fBr\fR. .PP \&\fBX509_REVOKED_get0_revocationDate()\fR returns an internal pointer to the revocation date of \fBr\fR. .PP \&\fBX509_REVOKED_set_serialNumber()\fR sets the serial number of \fBr\fR to \fBserial\fR. The supplied \fBserial\fR pointer is not used internally so it should be freed up after use. .PP \&\fBX509_REVOKED_set_revocationDate()\fR sets the revocation date of \fBr\fR to \&\fBtm\fR. The supplied \fBtm\fR pointer is not used internally so it should be freed up after use. .PP \&\fBX509_CRL_add0_revoked()\fR appends revoked entry \fBrev\fR to \s-1CRL\s0 \fBcrl\fR. The pointer \fBrev\fR is used internally so it must not be freed up after the call: it is freed when the parent \s-1CRL\s0 is freed. .PP \&\fBX509_CRL_sort()\fR sorts the revoked entries of \fBcrl\fR into ascending serial number order. .SH "NOTES" .IX Header "NOTES" Applications can determine the number of revoked entries returned by \&\fBX509_CRL_get_revoked()\fR using \fBsk_X509_REVOKED_num()\fR and examine each one in turn using \fBsk_X509_REVOKED_value()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_CRL_get0_by_serial()\fR and \fBX509_CRL_get0_by_cert()\fR return 0 for failure, 1 on success except if the revoked entry has the reason \f(CW\*(C`removeFromCRL\*(C'\fR (8), in which case 2 is returned. .PP \&\fBX509_REVOKED_set_serialNumber()\fR, \fBX509_REVOKED_set_revocationDate()\fR, \&\fBX509_CRL_add0_revoked()\fR and \fBX509_CRL_sort()\fR return 1 for success and 0 for failure. .PP \&\fBX509_REVOKED_get0_serialNumber()\fR returns an \fB\s-1ASN1_INTEGER\s0\fR pointer. .PP \&\fBX509_REVOKED_get0_revocationDate()\fR returns an \fB\s-1ASN1_TIME\s0\fR value. .PP \&\fBX509_CRL_get_REVOKED()\fR returns a \s-1STACK\s0 of revoked entries. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), \&\fBERR_get_error\fR\|(3), \&\fBX509_get0_signature\fR\|(3), \&\fBX509_get_ext_d2i\fR\|(3), \&\fBX509_get_extension_flags\fR\|(3), \&\fBX509_get_pubkey\fR\|(3), \&\fBX509_get_subject_name\fR\|(3), \&\fBX509_get_version\fR\|(3), \&\fBX509_NAME_add_entry_by_txt\fR\|(3), \&\fBX509_NAME_ENTRY_get_object\fR\|(3), \&\fBX509_NAME_get_index_by_NID\fR\|(3), \&\fBX509_NAME_print_ex\fR\|(3), \&\fBX509_new\fR\|(3), \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!{SSL_set_session.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SET_SESSION 3" .TH SSL_SET_SESSION 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_set_session \- set a TLS/SSL session to be used during TLS/SSL connect .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_set_session(SSL *ssl, SSL_SESSION *session); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_set_session()\fR sets \fBsession\fR to be used when the \s-1TLS/SSL\s0 connection is to be established. \fBSSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 clients. When the session is set, the reference count of \fBsession\fR is incremented by 1. If the session is not reused, the reference count is decremented again during \fBSSL_connect()\fR. Whether the session was reused can be queried with the \fBSSL_session_reused\fR\|(3) call. .PP If there is already a session set inside \fBssl\fR (because it was set with \&\fBSSL_set_session()\fR before or because the same \fBssl\fR was already used for a connection), \fBSSL_SESSION_free()\fR will be called for that session. If that old session is still \fBopen\fR, it is considered bad and will be removed from the session cache (if used). A session is considered open, if \fBSSL_shutdown\fR\|(3) was not called for the connection (or at least \fBSSL_set_shutdown\fR\|(3) was used to set the \s-1SSL_SENT_SHUTDOWN\s0 state). .SH "NOTES" .IX Header "NOTES" \&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created from this \s-1SSL_CTX\s0 object). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "0" 4 The operation failed; check the error stack to find out the reason. .IP "1" 4 .IX Item "1" The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_SESSION_free\fR\|(3), \&\fBSSL_get_session\fR\|(3), \&\fBSSL_session_reused\fR\|(3), \&\fBSSL_CTX_set_session_cache_mode\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!d{${$DH_generate_parameters.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DH_GENERATE_PARAMETERS 3" .TH DH_GENERATE_PARAMETERS 3 "2023-12-04" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DH_generate_parameters_ex, DH_generate_parameters, DH_check, DH_check_params, DH_check_ex, DH_check_params_ex, DH_check_pub_key_ex \&\- generate and check Diffie\-Hellman parameters .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb); \& \& int DH_check(DH *dh, int *codes); \& int DH_check_params(DH *dh, int *codes); \& \& int DH_check_ex(const DH *dh); \& int DH_check_params_ex(const DH *dh); \& int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key); .Ve .PP Deprecated: .PP .Vb 4 \& #if OPENSSL_API_COMPAT < 0x00908000L \& DH *DH_generate_parameters(int prime_len, int generator, \& void (*callback)(int, int, void *), void *cb_arg); \& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can be shared among a group of users, and stores them in the provided \fB\s-1DH\s0\fR structure. The pseudo-random number generator must be seeded before calling it. The parameters generated by \fBDH_generate_parameters_ex()\fR should not be used in signature schemes. .PP \&\fBprime_len\fR is the length in bits of the safe prime to be generated. \&\fBgenerator\fR is a small number > 1, typically 2 or 5. .PP A callback function may be used to provide feedback about the progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be called as described in \fBBN_generate_prime\fR\|(3) while a random prime number is generated, and when a prime has been found, \fBBN_GENCB_call(cb, 3, 0)\fR is called. See \fBBN_generate_prime_ex\fR\|(3) for information on the \fBBN_GENCB_call()\fR function. .PP \&\fBDH_generate_parameters()\fR is similar to \fBDH_generate_prime_ex()\fR but expects an old-style callback function; see \&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. .PP \&\fBDH_check_params()\fR confirms that the \fBp\fR and \fBg\fR are likely enough to be valid. This is a lightweight check, if a more thorough check is needed, use \&\fBDH_check()\fR. The value of \fB*codes\fR is updated with any problems found. If \fB*codes\fR is zero then no problems were found, otherwise the following bits may be set: .IP "\s-1DH_CHECK_P_NOT_PRIME\s0" 4 .IX Item "DH_CHECK_P_NOT_PRIME" The parameter \fBp\fR has been determined to not being an odd prime. Note that the lack of this bit doesn't guarantee that \fBp\fR is a prime. .IP "\s-1DH_NOT_SUITABLE_GENERATOR\s0" 4 .IX Item "DH_NOT_SUITABLE_GENERATOR" The generator \fBg\fR is not suitable. Note that the lack of this bit doesn't guarantee that \fBg\fR is suitable, unless \fBp\fR is known to be a strong prime. .IP "\s-1DH_MODULUS_TOO_LARGE\s0" 4 .IX Item "DH_MODULUS_TOO_LARGE" The modulus is too large. .PP \&\fBDH_check()\fR confirms that the Diffie-Hellman parameters \fBdh\fR are valid. The value of \fB*codes\fR is updated with any problems found. If \fB*codes\fR is zero then no problems were found, otherwise the following bits may be set: .IP "\s-1DH_CHECK_P_NOT_PRIME\s0" 4 .IX Item "DH_CHECK_P_NOT_PRIME" The parameter \fBp\fR is not prime. .IP "\s-1DH_CHECK_P_NOT_SAFE_PRIME\s0" 4 .IX Item "DH_CHECK_P_NOT_SAFE_PRIME" The parameter \fBp\fR is not a safe prime and no \fBq\fR value is present. .IP "\s-1DH_UNABLE_TO_CHECK_GENERATOR\s0" 4 .IX Item "DH_UNABLE_TO_CHECK_GENERATOR" The generator \fBg\fR cannot be checked for suitability. .IP "\s-1DH_NOT_SUITABLE_GENERATOR\s0" 4 .IX Item "DH_NOT_SUITABLE_GENERATOR" The generator \fBg\fR is not suitable. .IP "\s-1DH_CHECK_Q_NOT_PRIME\s0" 4 .IX Item "DH_CHECK_Q_NOT_PRIME" The parameter \fBq\fR is not prime. .IP "\s-1DH_CHECK_INVALID_Q_VALUE\s0" 4 .IX Item "DH_CHECK_INVALID_Q_VALUE" The parameter \fBq\fR is invalid. .IP "\s-1DH_CHECK_INVALID_J_VALUE\s0" 4 .IX Item "DH_CHECK_INVALID_J_VALUE" The parameter \fBj\fR is invalid. .PP \&\fBDH_check_ex()\fR, \fBDH_check_params()\fR and \fBDH_check_pub_key_ex()\fR are similar to \&\fBDH_check()\fR and \fBDH_check_params()\fR respectively, but the error reasons are added to the thread's error queue instead of provided as return values from the function. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDH_generate_parameters_ex()\fR, \fBDH_check()\fR and \fBDH_check_params()\fR return 1 if the check could be performed, 0 otherwise. .PP \&\fBDH_generate_parameters()\fR returns a pointer to the \s-1DH\s0 structure or \s-1NULL\s0 if the parameter generation fails. .PP \&\fBDH_check_ex()\fR, \fBDH_check_params()\fR and \fBDH_check_pub_key_ex()\fR return 1 if the check is successful, 0 for failed. .PP The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \&\fBDH_free\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBDH_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use \&\fBDH_generate_parameters_ex()\fR instead. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!t%% BF_encrypt.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BF_ENCRYPT 3" .TH BF_ENCRYPT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options \- Blowfish encryption .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void BF_set_key(BF_KEY *key, int len, const unsigned char *data); \& \& void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, \& BF_KEY *key, int enc); \& void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, \& long length, BF_KEY *schedule, \& unsigned char *ivec, int enc); \& void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, \& long length, BF_KEY *schedule, \& unsigned char *ivec, int *num, int enc); \& void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, \& long length, BF_KEY *schedule, \& unsigned char *ivec, int *num); \& const char *BF_options(void); \& \& void BF_encrypt(BF_LONG *data, const BF_KEY *key); \& void BF_decrypt(BF_LONG *data, const BF_KEY *key); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This library implements the Blowfish cipher, which was invented and described by Counterpane (see http://www.counterpane.com/blowfish.html ). .PP Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. It uses a variable size key, but typically, 128 bit (16 byte) keys are considered good for strong encryption. Blowfish can be used in the same modes as \s-1DES\s0 (see \fBdes_modes\fR\|(7)). Blowfish is currently one of the faster block ciphers. It is quite a bit faster than \s-1DES,\s0 and much faster than \s-1IDEA\s0 or \s-1RC2.\s0 .PP Blowfish consists of a key setup phase and the actual encryption or decryption phase. .PP \&\fBBF_set_key()\fR sets up the \fB\s-1BF_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key at \fBdata\fR. .PP \&\fBBF_ecb_encrypt()\fR is the basic Blowfish encryption and decryption function. It encrypts or decrypts the first 64 bits of \fBin\fR using the key \fBkey\fR, putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. The vector pointed at by \&\fBin\fR and \fBout\fR must be 64 bits in length, no less. If they are larger, everything after the first 64 bits is ignored. .PP The mode functions \fBBF_cbc_encrypt()\fR, \fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR all operate on variable length data. They all take an initialization vector \&\fBivec\fR which needs to be passed along into the next call of the same function for the same message. \fBivec\fR may be initialized with anything, but the recipient needs to know what it was initialized with, or it won't be able to decrypt. Some programs and protocols simplify this, like \s-1SSH,\s0 where \&\fBivec\fR is simply initialized to zero. \&\fBBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while \&\fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR are used to encrypt a variable number of bytes (the amount does not have to be an exact multiple of 8). The purpose of the latter two is to simulate stream ciphers, and therefore, they need the parameter \fBnum\fR, which is a pointer to an integer where the current offset in \fBivec\fR is stored between calls. This integer must be initialized to zero when \fBivec\fR is initialized. .PP \&\fBBF_cbc_encrypt()\fR is the Cipher Block Chaining function for Blowfish. It encrypts or decrypts the 64 bits chunks of \fBin\fR using the key \fBschedule\fR, putting the result in \fBout\fR. \fBenc\fR decides if encryption (\s-1BF_ENCRYPT\s0) or decryption (\s-1BF_DECRYPT\s0) shall be performed. \fBivec\fR must point at an 8 byte long initialization vector. .PP \&\fBBF_cfb64_encrypt()\fR is the \s-1CFB\s0 mode for Blowfish with 64 bit feedback. It encrypts or decrypts the bytes in \fBin\fR using the key \fBschedule\fR, putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. \fBivec\fR must point at an 8 byte long initialization vector. \fBnum\fR must point at an integer which must be initially zero. .PP \&\fBBF_ofb64_encrypt()\fR is the \s-1OFB\s0 mode for Blowfish with 64 bit feedback. It uses the same parameters as \fBBF_cfb64_encrypt()\fR, which must be initialized the same way. .PP \&\fBBF_encrypt()\fR and \fBBF_decrypt()\fR are the lowest level functions for Blowfish encryption. They encrypt/decrypt the first 64 bits of the vector pointed by \&\fBdata\fR, using the key \fBkey\fR. These functions should not be used unless you implement 'modes' of Blowfish. The alternative is to use \fBBF_ecb_encrypt()\fR. If you still want to use these functions, you should be aware that they take each 32\-bit chunk in host-byte order, which is little-endian on little-endian platforms and big-endian on big-endian ones. .SH "RETURN VALUES" .IX Header "RETURN VALUES" None of the functions presented here return any value. .SH "NOTE" .IX Header "NOTE" Applications should use the higher level functions \&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these functions directly. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_EncryptInit\fR\|(3), \&\fBdes_modes\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!I5(5( DH_get0_pqg.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DH_GET0_PQG 3" .TH DH_GET0_PQG 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, DH_get0_p, DH_get0_q, DH_get0_g, DH_get0_priv_key, DH_get0_pub_key, DH_clear_flags, DH_test_flags, DH_set_flags, DH_get0_engine, DH_get_length, DH_set_length \- Routines for getting and setting data in a DH object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void DH_get0_pqg(const DH *dh, \& const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); \& int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); \& void DH_get0_key(const DH *dh, \& const BIGNUM **pub_key, const BIGNUM **priv_key); \& int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); \& const BIGNUM *DH_get0_p(const DH *dh); \& const BIGNUM *DH_get0_q(const DH *dh); \& const BIGNUM *DH_get0_g(const DH *dh); \& const BIGNUM *DH_get0_priv_key(const DH *dh); \& const BIGNUM *DH_get0_pub_key(const DH *dh); \& void DH_clear_flags(DH *dh, int flags); \& int DH_test_flags(const DH *dh, int flags); \& void DH_set_flags(DH *dh, int flags); \& ENGINE *DH_get0_engine(DH *d); \& long DH_get_length(const DH *dh); \& int DH_set_length(DH *dh, long length); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A \s-1DH\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. Note that the \fBq\fR parameter is optional. It also contains a public key (\fBpub_key\fR) and (optionally) a private key (\fBpriv_key\fR). .PP The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fBDH_get0_pqg()\fR. If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set to \s-1NULL.\s0 Otherwise they are set to pointers to their respective values. These point directly to the internal representations of the values and therefore should not be freed directly. Any of the out parameters \fBp\fR, \fBq\fR, and \fBg\fR can be \s-1NULL,\s0 in which case no value will be returned for that parameter. .PP The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fBDH_set0_pqg()\fR and passing the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling this function transfers the memory management of the values to the \s-1DH\s0 object, and therefore the values that have been passed in should not be freed directly after this function has been called. The \fBq\fR parameter may be \s-1NULL.\s0 .PP To get the public and private key values use the \fBDH_get0_key()\fR function. A pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not been set yet, although if the private key has been set then the public key must be. The values point to the internal representation of the public key and private key values. This memory should not be freed directly. Any of the out parameters \fBpub_key\fR and \fBpriv_key\fR can be \s-1NULL,\s0 in which case no value will be returned for that parameter. .PP The public and private key values can be set using \fBDH_set0_key()\fR. Either parameter may be \s-1NULL,\s0 which means the corresponding \s-1DH\s0 field is left untouched. As with \fBDH_set0_pqg()\fR this function transfers the memory management of the key values to the \s-1DH\s0 object, and therefore they should not be freed directly after this function has been called. .PP Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be retrieved separately by the corresponding function \fBDH_get0_p()\fR, \fBDH_get0_q()\fR, \&\fBDH_get0_g()\fR, \fBDH_get0_priv_key()\fR, and \fBDH_get0_pub_key()\fR, respectively. .PP \&\fBDH_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DH\s0 object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. \fBDH_test_flags()\fR tests to see whether the flags passed in the \fBflags\fR parameter are currently set in the \s-1DH\s0 object. Multiple flags can be tested in one go. All flags that are currently set are returned, or zero if none of the flags are set. \fBDH_clear_flags()\fR clears the specified flags within the \s-1DH\s0 object. .PP \&\fBDH_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DH\s0 object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. .PP The \fBDH_get_length()\fR and \fBDH_set_length()\fR functions get and set the optional length parameter associated with this \s-1DH\s0 object. If the length is nonzero then it is used, otherwise it is ignored. The \fBlength\fR parameter indicates the length of the secret exponent (private key) in bits. .SH "NOTES" .IX Header "NOTES" Values retrieved with \fBDH_get0_key()\fR are owned by the \s-1DH\s0 object used in the call and may therefore \fInot\fR be passed to \fBDH_set0_key()\fR. If needed, duplicate the received value using \fBBN_dup()\fR and pass the duplicate. The same applies to \fBDH_get0_pqg()\fR and \fBDH_set0_pqg()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDH_set0_pqg()\fR and \fBDH_set0_key()\fR return 1 on success or 0 on failure. .PP \&\fBDH_get0_p()\fR, \fBDH_get0_q()\fR, \fBDH_get0_g()\fR, \fBDH_get0_priv_key()\fR, and \fBDH_get0_pub_key()\fR return the respective value, or \s-1NULL\s0 if it is unset. .PP \&\fBDH_test_flags()\fR returns the current state of the flags in the \s-1DH\s0 object. .PP \&\fBDH_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DH\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 has been set. .PP \&\fBDH_get_length()\fR returns the length of the secret exponent (private key) in bits, or zero if no such length has been explicitly set. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_generate_parameters\fR\|(3), \fBDH_generate_key\fR\|(3), \&\fBDH_set_method\fR\|(3), \fBDH_size\fR\|(3), \fBDH_meth_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!}22BN_generate_prime.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_GENERATE_PRIME 3" .TH BN_GENERATE_PRIME 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_generate_prime_ex, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free, BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, \& const BIGNUM *rem, BN_GENCB *cb); \& \& int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); \& \& int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, \& int do_trial_division, BN_GENCB *cb); \& \& int BN_GENCB_call(BN_GENCB *cb, int a, int b); \& \& BN_GENCB *BN_GENCB_new(void); \& \& void BN_GENCB_free(BN_GENCB *cb); \& \& void BN_GENCB_set_old(BN_GENCB *gencb, \& void (*callback)(int, int, void *), void *cb_arg); \& \& void BN_GENCB_set(BN_GENCB *gencb, \& int (*callback)(int, int, BN_GENCB *), void *cb_arg); \& \& void *BN_GENCB_get_arg(BN_GENCB *cb); .Ve .PP Deprecated: .PP .Vb 4 \& #if OPENSSL_API_COMPAT < 0x00908000L \& BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add, \& BIGNUM *rem, void (*callback)(int, int, void *), \& void *cb_arg); \& \& int BN_is_prime(const BIGNUM *a, int checks, \& void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg); \& \& int BN_is_prime_fasttest(const BIGNUM *a, int checks, \& void (*callback)(int, int, void *), BN_CTX *ctx, \& void *cb_arg, int do_trial_division); \& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBN_generate_prime_ex()\fR generates a pseudo-random prime number of at least bit length \fBbits\fR. The returned number is probably prime with a negligible error. If \fBadd\fR is \fB\s-1NULL\s0\fR the returned prime number will have exact bit length \fBbits\fR with the top most two bits set. .PP If \fBret\fR is not \fB\s-1NULL\s0\fR, it will be used to store the number. .PP If \fBcb\fR is not \fB\s-1NULL\s0\fR, it is used as follows: .IP "\(bu" 2 \&\fBBN_GENCB_call(cb, 0, i)\fR is called after generating the i\-th potential prime number. .IP "\(bu" 2 While the number is being tested for primality, \&\fBBN_GENCB_call(cb, 1, j)\fR is called as described below. .IP "\(bu" 2 When a prime has been found, \fBBN_GENCB_call(cb, 2, i)\fR is called. .IP "\(bu" 2 The callers of \fBBN_generate_prime_ex()\fR may call \fBBN_GENCB_call(cb, i, j)\fR with other values as described in their respective man pages; see \*(L"\s-1SEE ALSO\*(R"\s0. .PP The prime may have to fulfill additional requirements for use in Diffie-Hellman key exchange: .PP If \fBadd\fR is not \fB\s-1NULL\s0\fR, the prime will fulfill the condition p % \fBadd\fR == \fBrem\fR (p % \fBadd\fR == 1 if \fBrem\fR == \fB\s-1NULL\s0\fR) in order to suit a given generator. .PP If \fBsafe\fR is true, it will be a safe prime (i.e. a prime p so that (p\-1)/2 is also prime). If \fBsafe\fR is true, and \fBrem\fR == \fB\s-1NULL\s0\fR the condition will be p % \fBadd\fR == 3. It is recommended that \fBadd\fR is a multiple of 4. .PP The random generator must be seeded prior to calling \fBBN_generate_prime_ex()\fR. If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. .PP \&\fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR test if the number \fBp\fR is prime. The following tests are performed until one of them shows that \&\fBp\fR is composite; if \fBp\fR passes all these tests, it is considered prime. .PP \&\fBBN_is_prime_fasttest_ex()\fR, when called with \fBdo_trial_division == 1\fR, first attempts trial division by a number of small primes; if no divisors are found by this test and \fBcb\fR is not \fB\s-1NULL\s0\fR, \&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. If \fBdo_trial_division == 0\fR, this test is skipped. .PP Both \fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR perform a Miller-Rabin probabilistic primality test with \fBnchecks\fR iterations. If \&\fBnchecks == BN_prime_checks\fR, a number of iterations is used that yields a false positive rate of at most 2^\-64 for random input. The error rate depends on the size of the prime and goes down for bigger primes. The rate is 2^\-80 starting at 308 bits, 2^\-112 at 852 bits, 2^\-128 at 1080 bits, 2^\-192 at 3747 bits and 2^\-256 at 6394 bits. .PP When the source of the prime is not random or not trusted, the number of checks needs to be much higher to reach the same level of assurance: It should equal half of the targeted security level in bits (rounded up to the next integer if necessary). For instance, to reach the 128 bit security level, \fBnchecks\fR should be set to 64. .PP If \fBcb\fR is not \fB\s-1NULL\s0\fR, \fBBN_GENCB_call(cb, 1, j)\fR is called after the j\-th iteration (j = 0, 1, ...). \fBctx\fR is a preallocated \fB\s-1BN_CTX\s0\fR (to save the overhead of allocating and freeing the structure in a loop), or \fB\s-1NULL\s0\fR. .PP \&\fBBN_GENCB_call()\fR calls the callback function held in the \fB\s-1BN_GENCB\s0\fR structure and passes the ints \fBa\fR and \fBb\fR as arguments. There are two types of \&\fB\s-1BN_GENCB\s0\fR structure that are supported: \*(L"new\*(R" style and \*(L"old\*(R" style. New programs should prefer the \*(L"new\*(R" style, whilst the \*(L"old\*(R" style is provided for backwards compatibility purposes. .PP A \fB\s-1BN_GENCB\s0\fR structure should be created through a call to \fBBN_GENCB_new()\fR, and freed through a call to \fBBN_GENCB_free()\fR. .PP For \*(L"new\*(R" style callbacks a \s-1BN_GENCB\s0 structure should be initialised with a call to \fBBN_GENCB_set()\fR, where \fBgencb\fR is a \fB\s-1BN_GENCB\s0 *\fR, \fBcallback\fR is of type \fBint (*callback)(int, int, \s-1BN_GENCB\s0 *)\fR and \fBcb_arg\fR is a \fBvoid *\fR. \&\*(L"Old\*(R" style callbacks are the same except they are initialised with a call to \fBBN_GENCB_set_old()\fR and \fBcallback\fR is of type \&\fBvoid (*callback)(int, int, void *)\fR. .PP A callback is invoked through a call to \fBBN_GENCB_call\fR. This will check the type of the callback and will invoke \fBcallback(a, b, gencb)\fR for new style callbacks or \fBcallback(a, b, cb_arg)\fR for old style. .PP It is possible to obtain the argument associated with a \s-1BN_GENCB\s0 structure (set via a call to BN_GENCB_set or BN_GENCB_set_old) using BN_GENCB_get_arg. .PP \&\fBBN_generate_prime()\fR (deprecated) works in the same way as \&\fBBN_generate_prime_ex()\fR but expects an old-style callback function directly in the \fBcallback\fR parameter, and an argument to pass to it in the \fBcb_arg\fR. \fBBN_is_prime()\fR and \fBBN_is_prime_fasttest()\fR can similarly be compared to \fBBN_is_prime_ex()\fR and \&\fBBN_is_prime_fasttest_ex()\fR, respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBN_generate_prime_ex()\fR return 1 on success or 0 on error. .PP \&\fBBN_is_prime_ex()\fR, \fBBN_is_prime_fasttest_ex()\fR, \fBBN_is_prime()\fR and \&\fBBN_is_prime_fasttest()\fR return 0 if the number is composite, 1 if it is prime with an error probability of less than 0.25^\fBnchecks\fR, and \&\-1 on error. .PP \&\fBBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise. .PP BN_GENCB_new returns a pointer to a \s-1BN_GENCB\s0 structure on success, or \fB\s-1NULL\s0\fR otherwise. .PP BN_GENCB_get_arg returns the argument previously associated with a \s-1BN_GENCB\s0 structure. .PP Callback functions should return 1 on success or 0 on error. .PP The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "REMOVED FUNCTIONALITY" .IX Header "REMOVED FUNCTIONALITY" As of OpenSSL 1.1.0 it is no longer possible to create a \s-1BN_GENCB\s0 structure directly, as in: .PP .Vb 1 \& BN_GENCB callback; .Ve .PP Instead applications should create a \s-1BN_GENCB\s0 structure using BN_GENCB_new: .PP .Vb 6 \& BN_GENCB *callback; \& callback = BN_GENCB_new(); \& if (!callback) \& /* error */ \& ... \& BN_GENCB_free(callback); .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDH_generate_parameters\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \&\fBRSA_generate_key\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \&\s-1\fBRAND\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \fBBN_GENCB_new()\fR, \fBBN_GENCB_free()\fR, and \fBBN_GENCB_get_arg()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!\\&**RAND_DRBG_generate.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RAND_DRBG_GENERATE 3" .TH RAND_DRBG_GENERATE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RAND_DRBG_generate, RAND_DRBG_bytes \&\- generate random bytes using the given drbg instance .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int RAND_DRBG_generate(RAND_DRBG *drbg, \& unsigned char *out, size_t outlen, \& int prediction_resistance, \& const unsigned char *adin, size_t adinlen); \& \& int RAND_DRBG_bytes(RAND_DRBG *drbg, \& unsigned char *out, size_t outlen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBRAND_DRBG_generate()\fR generates \fBoutlen\fR random bytes using the given \&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR. .PP Before generating the output, the \s-1DRBG\s0 instance checks whether the maximum number of generate requests (\fIreseed interval\fR) or the maximum timespan (\fIreseed time interval\fR) since its last seeding have been reached. If this is the case, the \s-1DRBG\s0 reseeds automatically. Additionally, an immediate reseeding can be requested by setting the \&\fBprediction_resistance\fR flag to 1. See \s-1NOTES\s0 section for more details. .PP The caller can optionally provide additional data to be used for reseeding by passing a pointer \fBadin\fR to a buffer of length \fBadinlen\fR. This additional data is mixed into the internal state of the random generator but does not contribute to the entropy count. The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and \&\fBadinlen\fR to 0; .PP \&\fBRAND_DRBG_bytes()\fR generates \fBoutlen\fR random bytes using the given \&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR. This function is a wrapper around the \fBRAND_DRBG_generate()\fR call, which collects some additional data from low entropy sources (e.g., a high resolution timer) and calls RAND_DRBG_generate(drbg, out, outlen, 0, adin, adinlen). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_DRBG_generate()\fR and \fBRAND_DRBG_bytes()\fR return 1 on success, and 0 on failure. .SH "NOTES" .IX Header "NOTES" The \fIreseed interval\fR and \fIreseed time interval\fR of the \fBdrbg\fR are set to reasonable default values, which in general do not have to be adjusted. If necessary, they can be changed using \fBRAND_DRBG_set_reseed_interval\fR\|(3) and \fBRAND_DRBG_set_reseed_time_interval\fR\|(3), respectively. .PP A request for prediction resistance can only be satisfied by pulling fresh entropy from one of the approved entropy sources listed in section 5.5.2 of [\s-1NIST SP 800\-90C\s0]. Since the default \s-1DRBG\s0 implementation does not have access to such an approved entropy source, a request for prediction resistance will always fail. In other words, prediction resistance is currently not supported yet by the \s-1DRBG.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRAND_bytes\fR\|(3), \&\fBRAND_DRBG_set_reseed_interval\fR\|(3), \&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3), \&\s-1\fBRAND_DRBG\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!=X,,EVP_PKEY_set1_RSA.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_SET1_RSA 3" .TH EVP_PKEY_SET1_RSA 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine, EVP_PKEY_get0_engine \- EVP_PKEY assignment functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key); \& int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key); \& int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key); \& int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); \& \& RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); \& DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); \& DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey); \& EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); \& \& const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); \& const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); \& const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); \& RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); \& DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); \& DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey); \& EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); \& \& int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key); \& int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key); \& int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key); \& int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); \& int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); \& int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); \& \& int EVP_PKEY_id(const EVP_PKEY *pkey); \& int EVP_PKEY_base_id(const EVP_PKEY *pkey); \& int EVP_PKEY_type(int type); \& int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); \& \& ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); \& int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and \&\fBEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR. .PP \&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and \&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or \&\fB\s-1NULL\s0\fR if the key is not of the correct type. .PP \&\fBEVP_PKEY_get0_hmac()\fR, \fBEVP_PKEY_get0_poly1305()\fR, \fBEVP_PKEY_get0_siphash()\fR, \&\fBEVP_PKEY_get0_RSA()\fR, \fBEVP_PKEY_get0_DSA()\fR, \fBEVP_PKEY_get0_DH()\fR and \fBEVP_PKEY_get0_EC_KEY()\fR also return the referenced key in \fBpkey\fR or \fB\s-1NULL\s0\fR if the key is not of the correct type but the reference count of the returned key is \fBnot\fR incremented and so must not be freed up after use. .PP \&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, \&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR and \&\fBEVP_PKEY_assign_SIPHASH()\fR also set the referenced key to \fBkey\fR however these use the supplied \fBkey\fR internally and so \fBkey\fR will be freed when the parent \fBpkey\fR is freed. .PP \&\fBEVP_PKEY_base_id()\fR returns the type of \fBpkey\fR. For example an \s-1RSA\s0 key will return \fB\s-1EVP_PKEY_RSA\s0\fR. .PP \&\fBEVP_PKEY_id()\fR returns the actual \s-1OID\s0 associated with \fBpkey\fR. Historically keys using the same algorithm could use different OIDs. For example an \s-1RSA\s0 key could use the OIDs corresponding to the NIDs \fBNID_rsaEncryption\fR (equivalent to \&\fB\s-1EVP_PKEY_RSA\s0\fR) or \fBNID_rsa\fR (equivalent to \fB\s-1EVP_PKEY_RSA2\s0\fR). The use of alternative non-standard OIDs is now rare so \fB\s-1EVP_PKEY_RSA2\s0\fR et al are not often seen in practice. .PP \&\fBEVP_PKEY_type()\fR returns the underlying type of the \s-1NID\s0 \fBtype\fR. For example EVP_PKEY_type(\s-1EVP_PKEY_RSA2\s0) will return \fB\s-1EVP_PKEY_RSA\s0\fR. .PP \&\fBEVP_PKEY_get0_engine()\fR returns a reference to the \s-1ENGINE\s0 handling \fBpkey\fR. .PP \&\fBEVP_PKEY_set1_engine()\fR sets the \s-1ENGINE\s0 handling \fBpkey\fR to \fBengine\fR. It must be called after the key algorithm and components are set up. If \fBengine\fR does not include an \fB\s-1EVP_PKEY_METHOD\s0\fR for \fBpkey\fR an error occurs. .PP \&\fBEVP_PKEY_set_alias_type()\fR allows modifying a \s-1EVP_PKEY\s0 to use a different set of algorithms than the default. This is currently used to support \s-1SM2\s0 keys, which use an identical encoding to \s-1ECDSA.\s0 .SH "NOTES" .IX Header "NOTES" In accordance with the OpenSSL naming convention the key obtained from or assigned to the \fBpkey\fR using the \fB1\fR functions must be freed as well as \fBpkey\fR. .PP \&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, \&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR and \fBEVP_PKEY_assign_SIPHASH()\fR are implemented as macros. .PP Most applications wishing to know a key type will simply call \&\fBEVP_PKEY_base_id()\fR and will not care about the actual type: which will be identical in almost all cases. .PP Previous versions of this document suggested using EVP_PKEY_type(pkey\->type) to determine the type of a key. Since \fB\s-1EVP_PKEY\s0\fR is now opaque this is no longer possible: the equivalent is EVP_PKEY_base_id(pkey). .PP \&\fBEVP_PKEY_set1_engine()\fR is typically used by an \s-1ENGINE\s0 returning an \s-1HSM\s0 key as part of its routine to load a private key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and \&\fBEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure. .PP \&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and \&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, \&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR and \fBEVP_PKEY_assign_SIPHASH()\fR return 1 for success and 0 for failure. .PP \&\fBEVP_PKEY_base_id()\fR, \fBEVP_PKEY_id()\fR and \fBEVP_PKEY_type()\fR return a key type or \fBNID_undef\fR (equivalently \fB\s-1EVP_PKEY_NONE\s0\fR) on error. .PP \&\fBEVP_PKEY_set1_engine()\fR returns 1 for success and 0 for failure. .PP \&\fBEVP_PKEY_set_alias_type()\fR returns 1 for success and 0 for error. .SH "EXAMPLES" .IX Header "EXAMPLES" After loading an \s-1ECC\s0 key, it is possible to convert it to using \s-1SM2\s0 algorithms with EVP_PKEY_set_alias_type: .PP .Vb 1 \& EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!Pw6w6OCSP_resp_find_status.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OCSP_RESP_FIND_STATUS 3" .TH OCSP_RESP_FIND_STATUS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OCSP_resp_get0_certs, OCSP_resp_get0_signer, OCSP_resp_get0_id, OCSP_resp_get1_id, OCSP_resp_get0_produced_at, OCSP_resp_get0_signature, OCSP_resp_get0_tbs_sigalg, OCSP_resp_get0_respdata, OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity, OCSP_basic_verify \&\- OCSP response utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, \& int *reason, \& ASN1_GENERALIZEDTIME **revtime, \& ASN1_GENERALIZEDTIME **thisupd, \& ASN1_GENERALIZEDTIME **nextupd); \& \& int OCSP_resp_count(OCSP_BASICRESP *bs); \& OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); \& int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); \& int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, \& ASN1_GENERALIZEDTIME **revtime, \& ASN1_GENERALIZEDTIME **thisupd, \& ASN1_GENERALIZEDTIME **nextupd); \& \& const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( \& const OCSP_BASICRESP* single); \& \& const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); \& const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); \& const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); \& const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); \& \& int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, \& STACK_OF(X509) *extra_certs); \& \& int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, \& const ASN1_OCTET_STRING **pid, \& const X509_NAME **pname); \& int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, \& ASN1_OCTET_STRING **pid, \& X509_NAME **pname); \& \& int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, \& ASN1_GENERALIZEDTIME *nextupd, \& long sec, long maxsec); \& \& int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, \& X509_STORE *st, unsigned long flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBOCSP_resp_find_status()\fR searches \fBbs\fR for an \s-1OCSP\s0 response for \fBid\fR. If it is successful the fields of the response are returned in \fB*status\fR, \fB*reason\fR, \&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. The \fB*status\fR value will be one of \&\fBV_OCSP_CERTSTATUS_GOOD\fR, \fBV_OCSP_CERTSTATUS_REVOKED\fR or \&\fBV_OCSP_CERTSTATUS_UNKNOWN\fR. The \fB*reason\fR and \fB*revtime\fR fields are only set if the status is \fBV_OCSP_CERTSTATUS_REVOKED\fR. If set the \fB*reason\fR field will be set to the revocation reason which will be one of \&\fB\s-1OCSP_REVOKED_STATUS_NOSTATUS\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_UNSPECIFIED\s0\fR, \&\fB\s-1OCSP_REVOKED_STATUS_KEYCOMPROMISE\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_CACOMPROMISE\s0\fR, \&\fB\s-1OCSP_REVOKED_STATUS_AFFILIATIONCHANGED\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_SUPERSEDED\s0\fR, \&\fB\s-1OCSP_REVOKED_STATUS_CESSATIONOFOPERATION\s0\fR, \&\fB\s-1OCSP_REVOKED_STATUS_CERTIFICATEHOLD\s0\fR or \fB\s-1OCSP_REVOKED_STATUS_REMOVEFROMCRL\s0\fR. .PP \&\fBOCSP_resp_count()\fR returns the number of \fB\s-1OCSP_SINGLERESP\s0\fR structures in \fBbs\fR. .PP \&\fBOCSP_resp_get0()\fR returns the \fB\s-1OCSP_SINGLERESP\s0\fR structure in \fBbs\fR corresponding to index \fBidx\fR. Where \fBidx\fR runs from 0 to OCSP_resp_count(bs) \- 1. .PP \&\fBOCSP_resp_find()\fR searches \fBbs\fR for \fBid\fR and returns the index of the first matching entry after \fBlast\fR or starting from the beginning if \fBlast\fR is \-1. .PP \&\fBOCSP_single_get0_status()\fR extracts the fields of \fBsingle\fR in \fB*reason\fR, \&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. .PP \&\fBOCSP_resp_get0_produced_at()\fR extracts the \fBproducedAt\fR field from the single response \fBbs\fR. .PP \&\fBOCSP_resp_get0_signature()\fR returns the signature from \fBbs\fR. .PP \&\fBOCSP_resp_get0_tbs_sigalg()\fR returns the \fBsignatureAlgorithm\fR from \fBbs\fR. .PP \&\fBOCSP_resp_get0_respdata()\fR returns the \fBtbsResponseData\fR from \fBbs\fR. .PP \&\fBOCSP_resp_get0_certs()\fR returns any certificates included in \fBbs\fR. .PP \&\fBOCSP_resp_get0_signer()\fR attempts to retrieve the certificate that directly signed \fBbs\fR. The \s-1OCSP\s0 protocol does not require that this certificate is included in the \fBcerts\fR field of the response, so additional certificates can be supplied in \fBextra_certs\fR if the certificates that may have signed the response are known via some out-of-band mechanism. .PP \&\fBOCSP_resp_get0_id()\fR gets the responder id of \fBbs\fR. If the responder \s-1ID\s0 is a name then <*pname> is set to the name and \fB*pid\fR is set to \s-1NULL.\s0 If the responder \s-1ID\s0 is by key \s-1ID\s0 then \fB*pid\fR is set to the key \s-1ID\s0 and \fB*pname\fR is set to \s-1NULL.\s0 \fBOCSP_resp_get1_id()\fR leaves ownership of \fB*pid\fR and \fB*pname\fR with the caller, who is responsible for freeing them. Both functions return 1 in case of success and 0 in case of failure. If \fBOCSP_resp_get1_id()\fR returns 0, no freeing of the results is necessary. .PP \&\fBOCSP_check_validity()\fR checks the validity of \fBthisupd\fR and \fBnextupd\fR values which will be typically obtained from \fBOCSP_resp_find_status()\fR or \&\fBOCSP_single_get0_status()\fR. If \fBsec\fR is nonzero it indicates how many seconds leeway should be allowed in the check. If \fBmaxsec\fR is positive it indicates the maximum age of \fBthisupd\fR in seconds. .PP \&\fBOCSP_basic_verify()\fR checks that the basic response message \fBbs\fR is correctly signed and that the signer certificate can be validated. It takes \fBst\fR as the trusted store and \fBcerts\fR as a set of untrusted intermediate certificates. The function first tries to find the signer certificate of the response in . It also searches the certificates the responder may have included in \fBbs\fR unless the \fBflags\fR contain \fB\s-1OCSP_NOINTERN\s0\fR. It fails if the signer certificate cannot be found. Next, the function checks the signature of \fBbs\fR and fails on error unless the \fBflags\fR contain \fB\s-1OCSP_NOSIGS\s0\fR. Then the function already returns success if the \fBflags\fR contain \fB\s-1OCSP_NOVERIFY\s0\fR or if the signer certificate was found in \fBcerts\fR and the \fBflags\fR contain \fB\s-1OCSP_TRUSTOTHER\s0\fR. Otherwise the function continues by validating the signer certificate. To this end, all certificates in \fBcert\fR and in \fBbs\fR are considered as untrusted certificates for the construction of the validation path for the signer certificate unless the \fB\s-1OCSP_NOCHAIN\s0\fR flag is set. After successful path validation the function returns success if the \fB\s-1OCSP_NOCHECKS\s0\fR flag is set. Otherwise it verifies that the signer certificate meets the \s-1OCSP\s0 issuer criteria including potential delegation. If this does not succeed and the \&\fBflags\fR do not contain \fB\s-1OCSP_NOEXPLICIT\s0\fR the function checks for explicit trust for \s-1OCSP\s0 signing in the root \s-1CA\s0 certificate. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOCSP_resp_find_status()\fR returns 1 if \fBid\fR is found in \fBbs\fR and 0 otherwise. .PP \&\fBOCSP_resp_count()\fR returns the total number of \fB\s-1OCSP_SINGLERESP\s0\fR fields in \&\fBbs\fR. .PP \&\fBOCSP_resp_get0()\fR returns a pointer to an \fB\s-1OCSP_SINGLERESP\s0\fR structure or \&\fB\s-1NULL\s0\fR if \fBidx\fR is out of range. .PP \&\fBOCSP_resp_find()\fR returns the index of \fBid\fR in \fBbs\fR (which may be 0) or \-1 if \&\fBid\fR was not found. .PP \&\fBOCSP_single_get0_status()\fR returns the status of \fBsingle\fR or \-1 if an error occurred. .PP \&\fBOCSP_resp_get0_signer()\fR returns 1 if the signing certificate was located, or 0 on error. .PP \&\fBOCSP_basic_verify()\fR returns 1 on success, 0 on error, or \-1 on fatal error such as malloc failure. .SH "NOTES" .IX Header "NOTES" Applications will typically call \fBOCSP_resp_find_status()\fR using the certificate \&\s-1ID\s0 of interest and then check its validity using \fBOCSP_check_validity()\fR. They can then take appropriate action based on the status of the certificate. .PP An \s-1OCSP\s0 response for a certificate contains \fBthisUpdate\fR and \fBnextUpdate\fR fields. Normally the current time should be between these two values. To account for clock skew the \fBmaxsec\fR field can be set to nonzero in \&\fBOCSP_check_validity()\fR. Some responders do not set the \fBnextUpdate\fR field, this would otherwise mean an ancient response would be considered valid: the \&\fBmaxsec\fR parameter to \fBOCSP_check_validity()\fR can be used to limit the permitted age of responses. .PP The values written to \fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR by \&\fBOCSP_resp_find_status()\fR and \fBOCSP_single_get0_status()\fR are internal pointers which \fB\s-1MUST NOT\s0\fR be freed up by the calling application. Any or all of these parameters can be set to \s-1NULL\s0 if their value is not required. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \&\fBOCSP_cert_to_id\fR\|(3), \&\fBOCSP_request_add1_nonce\fR\|(3), \&\fBOCSP_REQUEST_new\fR\|(3), \&\fBOCSP_response_status\fR\|(3), \&\fBOCSP_sendreq_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!MuOMMX509_SIG_get0.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_SIG_GET0 3" .TH X509_SIG_GET0 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_SIG_get0, X509_SIG_getm \- DigestInfo functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, \& const ASN1_OCTET_STRING **pdigest); \& void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, \& ASN1_OCTET_STRING **pdigest, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_SIG_get0()\fR returns pointers to the algorithm identifier and digest value in \fBsig\fR. \fBX509_SIG_getm()\fR is identical to \fBX509_SIG_get0()\fR except the pointers returned are not constant and can be modified: for example to initialise them. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_SIG_get0()\fR and \fBX509_SIG_getm()\fR return no values. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!x- B88OCSP_request_add1_nonce.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OCSP_REQUEST_ADD1_NONCE 3" .TH OCSP_REQUEST_ADD1_NONCE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce \- OCSP nonce functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); \& int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); \& int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); \& int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *resp); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBOCSP_request_add1_nonce()\fR adds a nonce of value \fBval\fR and length \fBlen\fR to \&\s-1OCSP\s0 request \fBreq\fR. If \fBval\fR is \fB\s-1NULL\s0\fR a random nonce is used. If \fBlen\fR is zero or negative a default length will be used (currently 16 bytes). .PP \&\fBOCSP_basic_add1_nonce()\fR is identical to \fBOCSP_request_add1_nonce()\fR except it adds a nonce to \s-1OCSP\s0 basic response \fBresp\fR. .PP \&\fBOCSP_check_nonce()\fR compares the nonce value in \fBreq\fR and \fBresp\fR. .PP \&\fBOCSP_copy_nonce()\fR copies any nonce value present in \fBreq\fR to \fBresp\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOCSP_request_add1_nonce()\fR and \fBOCSP_basic_add1_nonce()\fR return 1 for success and 0 for failure. .PP \&\fBOCSP_copy_nonce()\fR returns 1 if a nonce was successfully copied, 2 if no nonce was present in \fBreq\fR and 0 if an error occurred. .PP \&\fBOCSP_check_nonce()\fR returns the result of the nonce comparison between \fBreq\fR and \fBresp\fR. The return value indicates the result of the comparison. If nonces are present and equal 1 is returned. If the nonces are absent 2 is returned. If a nonce is present in the response only 3 is returned. If nonces are present and unequal 0 is returned. If the nonce is present in the request only then \-1 is returned. .SH "NOTES" .IX Header "NOTES" For most purposes the nonce value in a request is set to a random value so the \fBval\fR parameter in \fBOCSP_request_add1_nonce()\fR is usually \s-1NULL.\s0 .PP An \s-1OCSP\s0 nonce is typically added to an \s-1OCSP\s0 request to thwart replay attacks by checking the same nonce value appears in the response. .PP Some responders may include a nonce in all responses even if one is not supplied. .PP Some responders cache \s-1OCSP\s0 responses and do not sign each response for performance reasons. As a result they do not support nonces. .PP The return values of \fBOCSP_check_nonce()\fR can be checked to cover each case. A positive return value effectively indicates success: nonces are both present and match, both absent or present in the response only. A nonzero return additionally covers the case where the nonce is present in the request only: this will happen if the responder doesn't support nonces. A zero return value indicates present and mismatched nonces: this should be treated as an error condition. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \&\fBOCSP_cert_to_id\fR\|(3), \&\fBOCSP_REQUEST_new\fR\|(3), \&\fBOCSP_resp_find_status\fR\|(3), \&\fBOCSP_response_status\fR\|(3), \&\fBOCSP_sendreq_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!++EC_GROUP_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EC_GROUP_NEW 3" .TH EC_GROUP_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EC_GROUP_get_ecparameters, EC_GROUP_get_ecpkparameters, EC_GROUP_new, EC_GROUP_new_from_ecparameters, EC_GROUP_new_from_ecpkparameters, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp, EC_GROUP_new_curve_GF2m, EC_GROUP_new_by_curve_name, EC_GROUP_set_curve, EC_GROUP_get_curve, EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m, EC_get_builtin_curves \- Functions for creating and destroying EC_GROUP objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); \& EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) \& EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) \& void EC_GROUP_free(EC_GROUP *group); \& void EC_GROUP_clear_free(EC_GROUP *group); \& \& EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, \& const BIGNUM *b, BN_CTX *ctx); \& EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, \& const BIGNUM *b, BN_CTX *ctx); \& EC_GROUP *EC_GROUP_new_by_curve_name(int nid); \& \& int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, \& const BIGNUM *b, BN_CTX *ctx); \& int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, \& BN_CTX *ctx); \& int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, \& const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); \& int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, \& BIGNUM *a, BIGNUM *b, BN_CTX *ctx); \& int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, \& const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); \& int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, \& BIGNUM *a, BIGNUM *b, BN_CTX *ctx); \& \& ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params) \& ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params) \& \& size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" Within the library there are two forms of elliptic curve that are of interest. The first form is those defined over the prime field Fp. The elements of Fp are the integers 0 to p\-1, where p is a prime number. This gives us a revised elliptic curve equation as follows: .PP y^2 mod p = x^3 +ax + b mod p .PP The second form is those defined over a binary field F2^m where the elements of the field are integers of length at most m bits. For this form the elliptic curve equation is modified to: .PP y^2 + xy = x^3 + ax^2 + b (where b != 0) .PP Operations in a binary field are performed relative to an \fBirreducible polynomial\fR. All such curves with OpenSSL use a trinomial or a pentanomial for this parameter. .PP A new curve can be constructed by calling \fBEC_GROUP_new()\fR, using the implementation provided by \fBmeth\fR (see \fBEC_GFp_simple_method\fR\|(3)). It is then necessary to call \fBEC_GROUP_set_curve()\fR to set the curve parameters. \&\fBEC_GROUP_new_from_ecparameters()\fR will create a group from the specified \&\fBparams\fR and \fBEC_GROUP_new_from_ecpkparameters()\fR will create a group from the specific \s-1PK\s0 \fBparams\fR. .PP \&\fBEC_GROUP_set_curve()\fR sets the curve parameters \fBp\fR, \fBa\fR and \fBb\fR. For a curve over Fp \fBp\fR is the prime for the field. For a curve over F2^m \fBp\fR represents the irreducible polynomial \- each bit represents a term in the polynomial. Therefore, there will either be three or five bits set dependent on whether the polynomial is a trinomial or a pentanomial. In either case, \fBa\fR and \fBb\fR represents the coefficients a and b from the relevant equation introduced above. .PP \&\fBEC_group_get_curve()\fR obtains the previously set curve parameters. .PP \&\fBEC_GROUP_set_curve_GFp()\fR and \fBEC_GROUP_set_curve_GF2m()\fR are synonyms for \&\fBEC_GROUP_set_curve()\fR. They are defined for backwards compatibility only and should not be used. .PP \&\fBEC_GROUP_get_curve_GFp()\fR and \fBEC_GROUP_get_curve_GF2m()\fR are synonyms for \&\fBEC_GROUP_get_curve()\fR. They are defined for backwards compatibility only and should not be used. .PP The functions \fBEC_GROUP_new_curve_GFp()\fR and \fBEC_GROUP_new_curve_GF2m()\fR are shortcuts for calling \fBEC_GROUP_new()\fR and then the \fBEC_GROUP_set_curve()\fR function. An appropriate default implementation method will be used. .PP Whilst the library can be used to create any curve using the functions described above, there are also a number of predefined curves that are available. In order to obtain a list of all of the predefined curves, call the function \&\fBEC_get_builtin_curves()\fR. The parameter \fBr\fR should be an array of EC_builtin_curve structures of size \fBnitems\fR. The function will populate the \&\fBr\fR array with information about the builtin curves. If \fBnitems\fR is less than the total number of curves available, then the first \fBnitems\fR curves will be returned. Otherwise the total number of curves will be provided. The return value is the total number of curves available (whether that number has been populated in \fBr\fR or not). Passing a \s-1NULL\s0 \fBr\fR, or setting \fBnitems\fR to 0 will do nothing other than return the total number of curves available. The EC_builtin_curve structure is defined as follows: .PP .Vb 4 \& typedef struct { \& int nid; \& const char *comment; \& } EC_builtin_curve; .Ve .PP Each EC_builtin_curve item has a unique integer id (\fBnid\fR), and a human readable comment string describing the curve. .PP In order to construct a builtin curve use the function \&\fBEC_GROUP_new_by_curve_name()\fR and provide the \fBnid\fR of the curve to be constructed. .PP \&\fBEC_GROUP_free()\fR frees the memory associated with the \s-1EC_GROUP.\s0 If \fBgroup\fR is \s-1NULL\s0 nothing is done. .PP \&\fBEC_GROUP_clear_free()\fR destroys any sensitive data held within the \s-1EC_GROUP\s0 and then frees its memory. If \fBgroup\fR is \s-1NULL\s0 nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All EC_GROUP_new* functions return a pointer to the newly constructed group, or \&\s-1NULL\s0 on error. .PP \&\fBEC_get_builtin_curves()\fR returns the number of builtin curves that are available. .PP \&\fBEC_GROUP_set_curve_GFp()\fR, \fBEC_GROUP_get_curve_GFp()\fR, \fBEC_GROUP_set_curve_GF2m()\fR, \&\fBEC_GROUP_get_curve_GF2m()\fR return 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBEC_GROUP_copy\fR\|(3), \&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! SSL_pending.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_PENDING 3" .TH SSL_PENDING 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_pending, SSL_has_pending \- check for readable bytes buffered in an SSL object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_pending(const SSL *ssl); \& int SSL_has_pending(const SSL *s); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" Data is received in whole blocks known as records from the peer. A whole record is processed (e.g. decrypted) in one go and is buffered by OpenSSL until it is read by the application via a call to \fBSSL_read_ex\fR\|(3) or \fBSSL_read\fR\|(3). .PP \&\fBSSL_pending()\fR returns the number of bytes which have been processed, buffered and are available inside \fBssl\fR for immediate read. .PP If the \fB\s-1SSL\s0\fR object's \fIread_ahead\fR flag is set (see \&\fBSSL_CTX_set_read_ahead\fR\|(3)), additional protocol bytes (beyond the current record) may have been read containing more \s-1TLS/SSL\s0 records. This also applies to \&\s-1DTLS\s0 and pipelining (see \fBSSL_CTX_set_split_send_fragment\fR\|(3)). These additional bytes will be buffered by OpenSSL but will remain unprocessed until they are needed. As these bytes are still in an unprocessed state \fBSSL_pending()\fR will ignore them. Therefore, it is possible for no more bytes to be readable from the underlying \s-1BIO\s0 (because OpenSSL has already read them) and for \fBSSL_pending()\fR to return 0, even though readable application data bytes are available (because the data is in unprocessed buffered records). .PP \&\fBSSL_has_pending()\fR returns 1 if \fBs\fR has buffered data (whether processed or unprocessed) and 0 otherwise. Note that it is possible for \fBSSL_has_pending()\fR to return 1, and then a subsequent call to \fBSSL_read_ex()\fR or \fBSSL_read()\fR to return no data because the unprocessed buffered data when processed yielded no application data (for example this can happen during renegotiation). It is also possible in this scenario for \fBSSL_has_pending()\fR to continue to return 1 even after an \&\fBSSL_read_ex()\fR or \fBSSL_read()\fR call because the buffered and unprocessed data is not yet processable (e.g. because OpenSSL has only received a partial record so far). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_pending()\fR returns the number of buffered and processed application data bytes that are pending and are available for immediate read. \fBSSL_has_pending()\fR returns 1 if there is buffered record data in the \s-1SSL\s0 object and 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_CTX_set_read_ahead\fR\|(3), \&\fBSSL_CTX_set_split_send_fragment\fR\|(3), \fBssl\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_has_pending()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!S"SSL_SESSION_get_protocol_version.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_PROTOCOL_VERSION 3" .TH SSL_SESSION_GET_PROTOCOL_VERSION 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_SESSION_get_protocol_version, SSL_SESSION_set_protocol_version \&\- get and set the session protocol version .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); \& int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_SESSION_get_protocol_version()\fR returns the protocol version number used by session \fBs\fR. .PP \&\fBSSL_SESSION_set_protocol_version()\fR sets the protocol version associated with the \&\s-1SSL_SESSION\s0 object \fBs\fR to the value \fBversion\fR. This value should be a version constant such as \fB\s-1TLS1_3_VERSION\s0\fR etc. For example, this could be used to set up a session based \s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_SESSION_get_protocol_version()\fR returns a number indicating the protocol version used for the session; this number matches the constants \fIe.g.\fR \&\fB\s-1TLS1_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR or \fB\s-1TLS1_3_VERSION\s0\fR. .PP Note that the \fBSSL_SESSION_get_protocol_version()\fR function does \fBnot\fR perform a null check on the provided session \fBs\fR pointer. .PP \&\fBSSL_SESSION_set_protocol_version()\fR returns 1 on success or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_SESSION_get_protocol_version()\fR function was added in OpenSSL 1.1.0. The \fBSSL_SESSION_set_protocol_version()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!D&&X509_NAME_print_ex.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_NAME_PRINT_EX 3" .TH X509_NAME_PRINT_EX 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, X509_NAME_oneline \- X509_NAME printing routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags); \& int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, unsigned long flags); \& char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); \& int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each line (for multiline formats) is indented by \fBindent\fR spaces. The output format can be extensively customised by use of the \fBflags\fR parameter. .PP \&\fBX509_NAME_print_ex_fp()\fR is identical to \fBX509_NAME_print_ex()\fR except the output is written to \s-1FILE\s0 pointer \fBfp\fR. .PP \&\fBX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR. If \fBbuf\fR is \fB\s-1NULL\s0\fR then a buffer is dynamically allocated and returned, and \&\fBsize\fR is ignored. Otherwise, at most \fBsize\fR bytes will be written, including the ending '\e0', and \fBbuf\fR is returned. .PP \&\fBX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR characters. Multiple lines are used if the output (including indent) exceeds 80 characters. .SH "NOTES" .IX Header "NOTES" The functions \fBX509_NAME_oneline()\fR and \fBX509_NAME_print()\fR produce a non standard output form, they don't handle multi character fields and have various quirks and inconsistencies. Their use is strongly discouraged in new applications and they could be deprecated in a future release. .PP Although there are a large number of possible flags for most purposes \&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice. As noted on the \fBASN1_STRING_print_ex\fR\|(3) manual page for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR should be unset: so for example \&\fB\s-1XN_FLAG_ONELINE &\s0 ~ASN1_STRFLGS_ESC_MSB\fR would be used. .PP The complete set of the flags supported by \fBX509_NAME_print_ex()\fR is listed below. .PP Several options can be ored together. .PP The options \fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR, \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR, \&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR determine the field separators to use. Two distinct separators are used between distinct RelativeDistinguishedName components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN.\s0 Multi-valued RDNs are currently very rare so the second separator will hardly ever be used. .PP \&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators. \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR uses comma and plus with spaces: this is more readable that plain comma and plus. \&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR uses spaced semicolon and plus. \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR uses spaced newline and plus respectively. .PP If \fB\s-1XN_FLAG_DN_REV\s0\fR is set the whole \s-1DN\s0 is printed in reversed order. .PP The fields \fB\s-1XN_FLAG_FN_SN\s0\fR, \fB\s-1XN_FLAG_FN_LN\s0\fR, \fB\s-1XN_FLAG_FN_OID\s0\fR, \&\fB\s-1XN_FLAG_FN_NONE\s0\fR determine how a field name is displayed. It will use the short name (e.g. \s-1CN\s0) the long name (e.g. commonName) always use \s-1OID\s0 numerical form (normally OIDs are only used if the field name is not recognised) and no field name respectively. .PP If \fB\s-1XN_FLAG_SPC_EQ\s0\fR is set then spaces will be placed around the '=' character separating field names and values. .PP If \fB\s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR is set then the encoding of unknown fields is printed instead of the values. .PP If \fB\s-1XN_FLAG_FN_ALIGN\s0\fR is set then field names are padded to 20 characters: this is only of use for multiline format. .PP Additionally all the options supported by \fBASN1_STRING_print_ex()\fR can be used to control how each field value is displayed. .PP In addition a number options can be set for commonly used formats. .PP \&\fB\s-1XN_FLAG_RFC2253\s0\fR sets options which produce an output compatible with \s-1RFC2253\s0 it is equivalent to: \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1XN_FLAG_SEP_COMMA_PLUS\s0 | \s-1XN_FLAG_DN_REV\s0 | \s-1XN_FLAG_FN_SN\s0 | \s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR .PP \&\fB\s-1XN_FLAG_ONELINE\s0\fR is a more readable one line format which is the same as: \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1ASN1_STRFLGS_ESC_QUOTE\s0 | \s-1XN_FLAG_SEP_CPLUS_SPC\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_SN\s0\fR .PP \&\fB\s-1XN_FLAG_MULTILINE\s0\fR is a multiline format which is the same as: \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | \s-1XN_FLAG_SEP_MULTILINE\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_LN\s0 | \s-1XN_FLAG_FN_ALIGN\s0\fR .PP \&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fBX509_NAME_print()\fR: in fact it calls \fBX509_NAME_print()\fR internally. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_NAME_oneline()\fR returns a valid string on success or \s-1NULL\s0 on error. .PP \&\fBX509_NAME_print()\fR returns 1 on success or 0 on error. .PP \&\fBX509_NAME_print_ex()\fR and \fBX509_NAME_print_ex_fp()\fR return 1 on success or 0 on error if the \fB\s-1XN_FLAG_COMPAT\s0\fR is set, which is the same as \fBX509_NAME_print()\fR. Otherwise, it returns \-1 on error or other values on success. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBASN1_STRING_print_ex\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!PiM||RSA_private_encrypt.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RSA_PRIVATE_ENCRYPT 3" .TH RSA_PRIVATE_ENCRYPT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RSA_private_encrypt, RSA_public_decrypt \- low\-level signature operations .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int RSA_private_encrypt(int flen, unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); \& \& int RSA_public_decrypt(int flen, unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions handle \s-1RSA\s0 signatures at a low-level. .PP \&\fBRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a message digest with an algorithm identifier) using the private key \&\fBrsa\fR and stores the signature in \fBto\fR. \fBto\fR must point to \&\fBRSA_size(rsa)\fR bytes of memory. .PP \&\fBpadding\fR denotes one of the following modes: .IP "\s-1RSA_PKCS1_PADDING\s0" 4 .IX Item "RSA_PKCS1_PADDING" \&\s-1PKCS\s0 #1 v1.5 padding. This function does not handle the \&\fBalgorithmIdentifier\fR specified in \s-1PKCS\s0 #1. When generating or verifying \s-1PKCS\s0 #1 signatures, \fBRSA_sign\fR\|(3) and \fBRSA_verify\fR\|(3) should be used. .IP "\s-1RSA_NO_PADDING\s0" 4 .IX Item "RSA_NO_PADDING" Raw \s-1RSA\s0 signature. This mode should \fIonly\fR be used to implement cryptographically sound padding modes in the application code. Signing user data directly with \s-1RSA\s0 is insecure. .PP \&\fBRSA_public_decrypt()\fR recovers the message digest from the \fBflen\fR bytes long signature at \fBfrom\fR using the signer's public key \&\fBrsa\fR. \fBto\fR must point to a memory section large enough to hold the message digest (which is smaller than \fBRSA_size(rsa) \- 11\fR). \fBpadding\fR is the padding mode that was used to sign the data. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRSA_private_encrypt()\fR returns the size of the signature (i.e., RSA_size(rsa)). \fBRSA_public_decrypt()\fR returns the size of the recovered message digest. .PP On error, \-1 is returned; the error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! X]88SSL_alert_type_string.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_ALERT_TYPE_STRING 3" .TH SSL_ALERT_TYPE_STRING 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const char *SSL_alert_type_string(int value); \& const char *SSL_alert_type_string_long(int value); \& \& const char *SSL_alert_desc_string(int value); \& const char *SSL_alert_desc_string_long(int value); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_alert_type_string()\fR returns a one letter string indicating the type of the alert specified by \fBvalue\fR. .PP \&\fBSSL_alert_type_string_long()\fR returns a string indicating the type of the alert specified by \fBvalue\fR. .PP \&\fBSSL_alert_desc_string()\fR returns a two letter string as a short form describing the reason of the alert specified by \fBvalue\fR. .PP \&\fBSSL_alert_desc_string_long()\fR returns a string describing the reason of the alert specified by \fBvalue\fR. .SH "NOTES" .IX Header "NOTES" When one side of an \s-1SSL/TLS\s0 communication wants to inform the peer about a special situation, it sends an alert. The alert is sent as a special message and does not influence the normal data stream (unless its contents results in the communication being canceled). .PP A warning alert is sent, when a non-fatal error condition occurs. The \&\*(L"close notify\*(R" alert is sent as a warning alert. Other examples for non-fatal errors are certificate errors (\*(L"certificate expired\*(R", \&\*(L"unsupported certificate\*(R"), for which a warning alert may be sent. (The sending party may however decide to send a fatal error.) The receiving side may cancel the connection on reception of a warning alert on it discretion. .PP Several alert messages must be sent as fatal alert messages as specified by the \s-1TLS RFC. A\s0 fatal alert always leads to a connection abort. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following strings can occur for \fBSSL_alert_type_string()\fR or \&\fBSSL_alert_type_string_long()\fR: .ie n .IP """W""/""warning""" 4 .el .IP "``W''/``warning''" 4 .IX Item "W/warning" .PD 0 .ie n .IP """F""/""fatal""" 4 .el .IP "``F''/``fatal''" 4 .IX Item "F/fatal" .ie n .IP """U""/""unknown""" 4 .el .IP "``U''/``unknown''" 4 .IX Item "U/unknown" .PD This indicates that no support is available for this alert type. Probably \fBvalue\fR does not contain a correct alert message. .PP The following strings can occur for \fBSSL_alert_desc_string()\fR or \&\fBSSL_alert_desc_string_long()\fR: .ie n .IP """\s-1CN""/\s0""close notify""" 4 .el .IP "``\s-1CN''/\s0``close notify''" 4 .IX Item "CN/close notify" The connection shall be closed. This is a warning alert. .ie n .IP """\s-1UM""/\s0""unexpected message""" 4 .el .IP "``\s-1UM''/\s0``unexpected message''" 4 .IX Item "UM/unexpected message" An inappropriate message was received. This alert is always fatal and should never be observed in communication between proper implementations. .ie n .IP """\s-1BM""/\s0""bad record mac""" 4 .el .IP "``\s-1BM''/\s0``bad record mac''" 4 .IX Item "BM/bad record mac" This alert is returned if a record is received with an incorrect \&\s-1MAC.\s0 This message is always fatal. .ie n .IP """\s-1DF""/\s0""decompression failure""" 4 .el .IP "``\s-1DF''/\s0``decompression failure''" 4 .IX Item "DF/decompression failure" The decompression function received improper input (e.g. data that would expand to excessive length). This message is always fatal. .ie n .IP """\s-1HF""/\s0""handshake failure""" 4 .el .IP "``\s-1HF''/\s0``handshake failure''" 4 .IX Item "HF/handshake failure" Reception of a handshake_failure alert message indicates that the sender was unable to negotiate an acceptable set of security parameters given the options available. This is a fatal error. .ie n .IP """\s-1NC""/\s0""no certificate""" 4 .el .IP "``\s-1NC''/\s0``no certificate''" 4 .IX Item "NC/no certificate" A client, that was asked to send a certificate, does not send a certificate (SSLv3 only). .ie n .IP """\s-1BC""/\s0""bad certificate""" 4 .el .IP "``\s-1BC''/\s0``bad certificate''" 4 .IX Item "BC/bad certificate" A certificate was corrupt, contained signatures that did not verify correctly, etc .ie n .IP """\s-1UC""/\s0""unsupported certificate""" 4 .el .IP "``\s-1UC''/\s0``unsupported certificate''" 4 .IX Item "UC/unsupported certificate" A certificate was of an unsupported type. .ie n .IP """\s-1CR""/\s0""certificate revoked""" 4 .el .IP "``\s-1CR''/\s0``certificate revoked''" 4 .IX Item "CR/certificate revoked" A certificate was revoked by its signer. .ie n .IP """\s-1CE""/\s0""certificate expired""" 4 .el .IP "``\s-1CE''/\s0``certificate expired''" 4 .IX Item "CE/certificate expired" A certificate has expired or is not currently valid. .ie n .IP """\s-1CU""/\s0""certificate unknown""" 4 .el .IP "``\s-1CU''/\s0``certificate unknown''" 4 .IX Item "CU/certificate unknown" Some other (unspecified) issue arose in processing the certificate, rendering it unacceptable. .ie n .IP """\s-1IP""/\s0""illegal parameter""" 4 .el .IP "``\s-1IP''/\s0``illegal parameter''" 4 .IX Item "IP/illegal parameter" A field in the handshake was out of range or inconsistent with other fields. This is always fatal. .ie n .IP """\s-1DC""/\s0""decryption failed""" 4 .el .IP "``\s-1DC''/\s0``decryption failed''" 4 .IX Item "DC/decryption failed" A TLSCiphertext decrypted in an invalid way: either it wasn't an even multiple of the block length or its padding values, when checked, weren't correct. This message is always fatal. .ie n .IP """\s-1RO""/\s0""record overflow""" 4 .el .IP "``\s-1RO''/\s0``record overflow''" 4 .IX Item "RO/record overflow" A TLSCiphertext record was received which had a length more than 2^14+2048 bytes, or a record decrypted to a TLSCompressed record with more than 2^14+1024 bytes. This message is always fatal. .ie n .IP """\s-1CA""/\s0""unknown \s-1CA""\s0" 4 .el .IP "``\s-1CA''/\s0``unknown \s-1CA''\s0" 4 .IX Item "CA/unknown CA" A valid certificate chain or partial chain was received, but the certificate was not accepted because the \s-1CA\s0 certificate could not be located or couldn't be matched with a known, trusted \s-1CA.\s0 This message is always fatal. .ie n .IP """\s-1AD""/\s0""access denied""" 4 .el .IP "``\s-1AD''/\s0``access denied''" 4 .IX Item "AD/access denied" A valid certificate was received, but when access control was applied, the sender decided not to proceed with negotiation. This message is always fatal. .ie n .IP """\s-1DE""/\s0""decode error""" 4 .el .IP "``\s-1DE''/\s0``decode error''" 4 .IX Item "DE/decode error" A message could not be decoded because some field was out of the specified range or the length of the message was incorrect. This message is always fatal. .ie n .IP """\s-1CY""/\s0""decrypt error""" 4 .el .IP "``\s-1CY''/\s0``decrypt error''" 4 .IX Item "CY/decrypt error" A handshake cryptographic operation failed, including being unable to correctly verify a signature, decrypt a key exchange, or validate a finished message. .ie n .IP """\s-1ER""/\s0""export restriction""" 4 .el .IP "``\s-1ER''/\s0``export restriction''" 4 .IX Item "ER/export restriction" A negotiation not in compliance with export restrictions was detected; for example, attempting to transfer a 1024 bit ephemeral \s-1RSA\s0 key for the \s-1RSA_EXPORT\s0 handshake method. This message is always fatal. .ie n .IP """\s-1PV""/\s0""protocol version""" 4 .el .IP "``\s-1PV''/\s0``protocol version''" 4 .IX Item "PV/protocol version" The protocol version the client has attempted to negotiate is recognized, but not supported. (For example, old protocol versions might be avoided for security reasons). This message is always fatal. .ie n .IP """\s-1IS""/\s0""insufficient security""" 4 .el .IP "``\s-1IS''/\s0``insufficient security''" 4 .IX Item "IS/insufficient security" Returned instead of handshake_failure when a negotiation has failed specifically because the server requires ciphers more secure than those supported by the client. This message is always fatal. .ie n .IP """\s-1IE""/\s0""internal error""" 4 .el .IP "``\s-1IE''/\s0``internal error''" 4 .IX Item "IE/internal error" An internal error unrelated to the peer or the correctness of the protocol makes it impossible to continue (such as a memory allocation failure). This message is always fatal. .ie n .IP """\s-1US""/\s0""user canceled""" 4 .el .IP "``\s-1US''/\s0``user canceled''" 4 .IX Item "US/user canceled" This handshake is being canceled for some reason unrelated to a protocol failure. If the user cancels an operation after the handshake is complete, just closing the connection by sending a close_notify is more appropriate. This alert should be followed by a close_notify. This message is generally a warning. .ie n .IP """\s-1NR""/\s0""no renegotiation""" 4 .el .IP "``\s-1NR''/\s0``no renegotiation''" 4 .IX Item "NR/no renegotiation" Sent by the client in response to a hello request or by the server in response to a client hello after initial handshaking. Either of these would normally lead to renegotiation; when that is not appropriate, the recipient should respond with this alert; at that point, the original requester can decide whether to proceed with the connection. One case where this would be appropriate would be where a server has spawned a process to satisfy a request; the process might receive security parameters (key length, authentication, etc.) at startup and it might be difficult to communicate changes to these parameters after that point. This message is always a warning. .ie n .IP """\s-1UP""/\s0""unknown \s-1PSK\s0 identity""" 4 .el .IP "``\s-1UP''/\s0``unknown \s-1PSK\s0 identity''" 4 .IX Item "UP/unknown PSK identity" Sent by the server to indicate that it does not recognize a \s-1PSK\s0 identity or an \s-1SRP\s0 identity. .ie n .IP """\s-1UK""/\s0""unknown""" 4 .el .IP "``\s-1UK''/\s0``unknown''" 4 .IX Item "UK/unknown" This indicates that no description is available for this alert type. Probably \fBvalue\fR does not contain a correct alert message. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_info_callback\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!Qu00BIO_meth_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_METH_NEW 3" .TH BIO_METH_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_get_new_index, BIO_meth_new, BIO_meth_free, BIO_meth_get_read_ex, BIO_meth_set_read_ex, BIO_meth_get_write_ex, BIO_meth_set_write_ex, BIO_meth_get_write, BIO_meth_set_write, BIO_meth_get_read, BIO_meth_set_read, BIO_meth_get_puts, BIO_meth_set_puts, BIO_meth_get_gets, BIO_meth_set_gets, BIO_meth_get_ctrl, BIO_meth_set_ctrl, BIO_meth_get_create, BIO_meth_set_create, BIO_meth_get_destroy, BIO_meth_set_destroy, BIO_meth_get_callback_ctrl, BIO_meth_set_callback_ctrl \- Routines to build up BIO methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int BIO_get_new_index(void); \& \& BIO_METHOD *BIO_meth_new(int type, const char *name); \& \& void BIO_meth_free(BIO_METHOD *biom); \& \& int (*BIO_meth_get_write_ex(const BIO_METHOD *biom))(BIO *, const char *, size_t, \& size_t *); \& int (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int); \& int BIO_meth_set_write_ex(BIO_METHOD *biom, \& int (*bwrite)(BIO *, const char *, size_t, size_t *)); \& int BIO_meth_set_write(BIO_METHOD *biom, \& int (*write)(BIO *, const char *, int)); \& \& int (*BIO_meth_get_read_ex(const BIO_METHOD *biom))(BIO *, char *, size_t, size_t *); \& int (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int); \& int BIO_meth_set_read_ex(BIO_METHOD *biom, \& int (*bread)(BIO *, char *, size_t, size_t *)); \& int BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int)); \& \& int (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *); \& int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *)); \& \& int (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int); \& int BIO_meth_set_gets(BIO_METHOD *biom, \& int (*gets)(BIO *, char *, int)); \& \& long (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *); \& int BIO_meth_set_ctrl(BIO_METHOD *biom, \& long (*ctrl)(BIO *, int, long, void *)); \& \& int (*BIO_meth_get_create(const BIO_METHOD *bion))(BIO *); \& int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *)); \& \& int (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *); \& int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *)); \& \& long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *); \& int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, \& long (*callback_ctrl)(BIO *, int, BIO_info_cb *)); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fB\s-1BIO_METHOD\s0\fR type is a structure used for the implementation of new \s-1BIO\s0 types. It provides a set of functions used by OpenSSL for the implementation of the various \s-1BIO\s0 capabilities. See the bio page for more information. .PP \&\fBBIO_meth_new()\fR creates a new \fB\s-1BIO_METHOD\s0\fR structure. It should be given a unique integer \fBtype\fR and a string that represents its \fBname\fR. Use \fBBIO_get_new_index()\fR to get the value for \fBtype\fR. .PP The set of standard OpenSSL provided \s-1BIO\s0 types is provided in \fBbio.h\fR. Some examples include \fB\s-1BIO_TYPE_BUFFER\s0\fR and \fB\s-1BIO_TYPE_CIPHER\s0\fR. Filter BIOs should have a type which have the \*(L"filter\*(R" bit set (\fB\s-1BIO_TYPE_FILTER\s0\fR). Source/sink BIOs should have the \*(L"source/sink\*(R" bit set (\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR). File descriptor based BIOs (e.g. socket, fd, connect, accept etc) should additionally have the \&\*(L"descriptor\*(R" bit set (\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR). See the BIO_find_type page for more information. .PP \&\fBBIO_meth_free()\fR destroys a \fB\s-1BIO_METHOD\s0\fR structure and frees up any memory associated with it. .PP \&\fBBIO_meth_get_write_ex()\fR and \fBBIO_meth_set_write_ex()\fR get and set the function used for writing arbitrary length data to the \s-1BIO\s0 respectively. This function will be called in response to the application calling \fBBIO_write_ex()\fR or \&\fBBIO_write()\fR. The parameters for the function have the same meaning as for \&\fBBIO_write_ex()\fR. Older code may call \fBBIO_meth_get_write()\fR and \&\fBBIO_meth_set_write()\fR instead. Applications should not call both \&\fBBIO_meth_set_write_ex()\fR and \fBBIO_meth_set_write()\fR or call \fBBIO_meth_get_write()\fR when the function was set with \fBBIO_meth_set_write_ex()\fR. .PP \&\fBBIO_meth_get_read_ex()\fR and \fBBIO_meth_set_read_ex()\fR get and set the function used for reading arbitrary length data from the \s-1BIO\s0 respectively. This function will be called in response to the application calling \fBBIO_read_ex()\fR or \fBBIO_read()\fR. The parameters for the function have the same meaning as for \fBBIO_read_ex()\fR. Older code may call \fBBIO_meth_get_read()\fR and \fBBIO_meth_set_read()\fR instead. Applications should not call both \fBBIO_meth_set_read_ex()\fR and \fBBIO_meth_set_read()\fR or call \fBBIO_meth_get_read()\fR when the function was set with \&\fBBIO_meth_set_read_ex()\fR. .PP \&\fBBIO_meth_get_puts()\fR and \fBBIO_meth_set_puts()\fR get and set the function used for writing a \s-1NULL\s0 terminated string to the \s-1BIO\s0 respectively. This function will be called in response to the application calling \fBBIO_puts()\fR. The parameters for the function have the same meaning as for \fBBIO_puts()\fR. .PP \&\fBBIO_meth_get_gets()\fR and \fBBIO_meth_set_gets()\fR get and set the function typically used for reading a line of data from the \s-1BIO\s0 respectively (see the \fBBIO_gets\fR\|(3) page for more information). This function will be called in response to the application calling \fBBIO_gets()\fR. The parameters for the function have the same meaning as for \fBBIO_gets()\fR. .PP \&\fBBIO_meth_get_ctrl()\fR and \fBBIO_meth_set_ctrl()\fR get and set the function used for processing ctrl messages in the \s-1BIO\s0 respectively. See the BIO_ctrl page for more information. This function will be called in response to the application calling \fBBIO_ctrl()\fR. The parameters for the function have the same meaning as for \&\fBBIO_ctrl()\fR. .PP \&\fBBIO_meth_get_create()\fR and \fBBIO_meth_set_create()\fR get and set the function used for creating a new instance of the \s-1BIO\s0 respectively. This function will be called in response to the application calling \fBBIO_new()\fR and passing in a pointer to the current \s-1BIO_METHOD.\s0 The \fBBIO_new()\fR function will allocate the memory for the new \s-1BIO,\s0 and a pointer to this newly allocated structure will be passed as a parameter to the function. .PP \&\fBBIO_meth_get_destroy()\fR and \fBBIO_meth_set_destroy()\fR get and set the function used for destroying an instance of a \s-1BIO\s0 respectively. This function will be called in response to the application calling \fBBIO_free()\fR. A pointer to the \s-1BIO\s0 to be destroyed is passed as a parameter. The destroy function should be used for \s-1BIO\s0 specific clean up. The memory for the \s-1BIO\s0 itself should not be freed by this function. .PP \&\fBBIO_meth_get_callback_ctrl()\fR and \fBBIO_meth_set_callback_ctrl()\fR get and set the function used for processing callback ctrl messages in the \s-1BIO\s0 respectively. See the \fBBIO_callback_ctrl\fR\|(3) page for more information. This function will be called in response to the application calling \fBBIO_callback_ctrl()\fR. The parameters for the function have the same meaning as for \fBBIO_callback_ctrl()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_get_new_index()\fR returns the new \s-1BIO\s0 type value or \-1 if an error occurred. .PP BIO_meth_new(int type, const char *name) returns a valid \fB\s-1BIO_METHOD\s0\fR or \s-1NULL\s0 if an error occurred. .PP The \fBBIO_meth_set\fR functions return 1 on success or 0 on error. .PP The \fBBIO_meth_get\fR functions return the corresponding function pointers. .SH "SEE ALSO" .IX Header "SEE ALSO" bio, BIO_find_type, BIO_ctrl, BIO_read_ex, BIO_new .SH "HISTORY" .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!//SSL_SESSION_get0_hostname.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_HOSTNAME 3" .TH SSL_SESSION_GET0_HOSTNAME 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_SESSION_get0_hostname, SSL_SESSION_set1_hostname, SSL_SESSION_get0_alpn_selected, SSL_SESSION_set1_alpn_selected \&\- get and set SNI and ALPN data associated with a session .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); \& int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); \& \& void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, \& const unsigned char **alpn, \& size_t *len); \& int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn, \& size_t len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_SESSION_get0_hostname()\fR retrieves the \s-1SNI\s0 value that was sent by the client when the session was created if it was accepted by the server and TLSv1.2 or below was negotiated. Otherwise \s-1NULL\s0 is returned. Note that in TLSv1.3 the \&\s-1SNI\s0 hostname is negotiated with each handshake including resumption handshakes and is therefore never associated with the session. .PP The value returned is a pointer to memory maintained within \fBs\fR and should not be free'd. .PP \&\fBSSL_SESSION_set1_hostname()\fR sets the \s-1SNI\s0 value for the hostname to a copy of the string provided in hostname. .PP \&\fBSSL_SESSION_get0_alpn_selected()\fR retrieves the selected \s-1ALPN\s0 protocol for this session and its associated length in bytes. The returned value of \fB*alpn\fR is a pointer to memory maintained within \fBs\fR and should not be free'd. .PP \&\fBSSL_SESSION_set1_alpn_selected()\fR sets the \s-1ALPN\s0 protocol for this session to the value in \fBalpn\fR which should be of length \fBlen\fR bytes. A copy of the input value is made, and the caller retains ownership of the memory pointed to by \&\fBalpn\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_SESSION_get0_hostname()\fR returns either a string or \s-1NULL\s0 based on if there is the \s-1SNI\s0 value sent by client. .PP \&\fBSSL_SESSION_set1_hostname()\fR returns 1 on success or 0 on error. .PP \&\fBSSL_SESSION_set1_alpn_selected()\fR returns 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBd2i_SSL_SESSION\fR\|(3), \&\fBSSL_SESSION_get_time\fR\|(3), \&\fBSSL_SESSION_free\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_SESSION_set1_hostname()\fR, \fBSSL_SESSION_get0_alpn_selected()\fR and \&\fBSSL_SESSION_set1_alpn_selected()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!.CCOPENSSL_init_crypto.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OPENSSL_INIT_CRYPTO 3" .TH OPENSSL_INIT_CRYPTO 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, OPENSSL_thread_stop \- OpenSSL initialisation and deinitialisation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void OPENSSL_cleanup(void); \& int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); \& int OPENSSL_atexit(void (*handler)(void)); \& void OPENSSL_thread_stop(void); \& \& OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); \& int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, \& const char* filename); \& int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init, \& unsigned long flags); \& int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init, \& const char* name); \& void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" During normal operation OpenSSL (libcrypto) will allocate various resources at start up that must, subsequently, be freed on close down of the library. Additionally some resources are allocated on a per thread basis (if the application is multi-threaded), and these resources must be freed prior to the thread closing. .PP As of version 1.1.0 OpenSSL will automatically allocate all resources that it needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required. .PP However, there may be situations when explicit initialisation is desirable or needed, for example when some nondefault initialisation is required. The function \fBOPENSSL_init_crypto()\fR can be used for this purpose for libcrypto (see also \fBOPENSSL_init_ssl\fR\|(3) for the libssl equivalent). .PP Numerous internal OpenSSL functions call \fBOPENSSL_init_crypto()\fR. Therefore, in order to perform nondefault initialisation, \&\fBOPENSSL_init_crypto()\fR \s-1MUST\s0 be called by application code prior to any other OpenSSL function calls. .PP The \fBopts\fR parameter specifies which aspects of libcrypto should be initialised. Valid options are: .IP "\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0" 4 .IX Item "OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS" Suppress automatic loading of the libcrypto error strings. This option is not a default option. Once selected subsequent calls to \&\fBOPENSSL_init_crypto()\fR with the option \&\fB\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. .IP "\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0" 4 .IX Item "OPENSSL_INIT_LOAD_CRYPTO_STRINGS" Automatic loading of the libcrypto error strings. With this option the library will automatically load the libcrypto error strings. This option is a default option. Once selected subsequent calls to \&\fBOPENSSL_init_crypto()\fR with the option \&\fB\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. .IP "\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0" 4 .IX Item "OPENSSL_INIT_ADD_ALL_CIPHERS" With this option the library will automatically load and make available all libcrypto ciphers. This option is a default option. Once selected subsequent calls to \fBOPENSSL_init_crypto()\fR with the option \&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. .IP "\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0" 4 .IX Item "OPENSSL_INIT_ADD_ALL_DIGESTS" With this option the library will automatically load and make available all libcrypto digests. This option is a default option. Once selected subsequent calls to \fBOPENSSL_init_crypto()\fR with the option \&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_DIGESTS\s0\fR will be ignored. .IP "\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0" 4 .IX Item "OPENSSL_INIT_NO_ADD_ALL_CIPHERS" With this option the library will suppress automatic loading of libcrypto ciphers. This option is not a default option. Once selected subsequent calls to \fBOPENSSL_init_crypto()\fR with the option \&\fB\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0\fR will be ignored. .IP "\s-1OPENSSL_INIT_NO_ADD_ALL_DIGESTS\s0" 4 .IX Item "OPENSSL_INIT_NO_ADD_ALL_DIGESTS" With this option the library will suppress automatic loading of libcrypto digests. This option is not a default option. Once selected subsequent calls to \fBOPENSSL_init_crypto()\fR with the option \&\fB\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0\fR will be ignored. .IP "\s-1OPENSSL_INIT_LOAD_CONFIG\s0" 4 .IX Item "OPENSSL_INIT_LOAD_CONFIG" With this option an OpenSSL configuration file will be automatically loaded and used by calling \fBOPENSSL_config()\fR. This is not a default option for libcrypto. As of OpenSSL 1.1.1 this is a default option for libssl (see \&\fBOPENSSL_init_ssl\fR\|(3) for further details about libssl initialisation). See the description of \fBOPENSSL_INIT_new()\fR, below. .IP "\s-1OPENSSL_INIT_NO_LOAD_CONFIG\s0" 4 .IX Item "OPENSSL_INIT_NO_LOAD_CONFIG" With this option the loading of OpenSSL configuration files will be suppressed. It is the equivalent of calling \fBOPENSSL_no_config()\fR. This is not a default option. .IP "\s-1OPENSSL_INIT_ASYNC\s0" 4 .IX Item "OPENSSL_INIT_ASYNC" With this option the library with automatically initialise the libcrypto async sub-library (see \fBASYNC_start_job\fR\|(3)). This is a default option. .IP "\s-1OPENSSL_INIT_ENGINE_RDRAND\s0" 4 .IX Item "OPENSSL_INIT_ENGINE_RDRAND" With this option the library will automatically load and initialise the \&\s-1RDRAND\s0 engine (if available). This not a default option. .IP "\s-1OPENSSL_INIT_ENGINE_DYNAMIC\s0" 4 .IX Item "OPENSSL_INIT_ENGINE_DYNAMIC" With this option the library will automatically load and initialise the dynamic engine. This not a default option. .IP "\s-1OPENSSL_INIT_ENGINE_OPENSSL\s0" 4 .IX Item "OPENSSL_INIT_ENGINE_OPENSSL" With this option the library will automatically load and initialise the openssl engine. This not a default option. .IP "\s-1OPENSSL_INIT_ENGINE_CRYPTODEV\s0" 4 .IX Item "OPENSSL_INIT_ENGINE_CRYPTODEV" With this option the library will automatically load and initialise the cryptodev engine (if available). This not a default option. .IP "\s-1OPENSSL_INIT_ENGINE_CAPI\s0" 4 .IX Item "OPENSSL_INIT_ENGINE_CAPI" With this option the library will automatically load and initialise the \&\s-1CAPI\s0 engine (if available). This not a default option. .IP "\s-1OPENSSL_INIT_ENGINE_PADLOCK\s0" 4 .IX Item "OPENSSL_INIT_ENGINE_PADLOCK" With this option the library will automatically load and initialise the padlock engine (if available). This not a default option. .IP "\s-1OPENSSL_INIT_ENGINE_AFALG\s0" 4 .IX Item "OPENSSL_INIT_ENGINE_AFALG" With this option the library will automatically load and initialise the \&\s-1AFALG\s0 engine. This not a default option. .IP "\s-1OPENSSL_INIT_ENGINE_ALL_BUILTIN\s0" 4 .IX Item "OPENSSL_INIT_ENGINE_ALL_BUILTIN" With this option the library will automatically load and initialise all the built in engines listed above with the exception of the openssl and afalg engines. This not a default option. .IP "\s-1OPENSSL_INIT_ATFORK\s0" 4 .IX Item "OPENSSL_INIT_ATFORK" With this option the library will register its fork handlers. See \fBOPENSSL_fork_prepare\fR\|(3) for details. .IP "\s-1OPENSSL_INIT_NO_ATEXIT\s0" 4 .IX Item "OPENSSL_INIT_NO_ATEXIT" By default OpenSSL will attempt to clean itself up when the process exits via an \&\*(L"atexit\*(R" handler. Using this option suppresses that behaviour. This means that the application will have to clean up OpenSSL explicitly using \&\fBOPENSSL_cleanup()\fR. .PP Multiple options may be combined together in a single call to \&\fBOPENSSL_init_crypto()\fR. For example: .PP .Vb 2 \& OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS \& | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL); .Ve .PP The \fBOPENSSL_cleanup()\fR function deinitialises OpenSSL (both libcrypto and libssl). All resources allocated by OpenSSL are freed. Typically there should be no need to call this function directly as it is initiated automatically on application exit. This is done via the standard C library \&\fBatexit()\fR function. In the event that the application will close in a manner that will not call the registered \fBatexit()\fR handlers then the application should call \fBOPENSSL_cleanup()\fR directly. Developers of libraries using OpenSSL are discouraged from calling this function and should instead, typically, rely on auto-deinitialisation. This is to avoid error conditions where both an application and a library it depends on both use OpenSSL, and the library deinitialises it before the application has finished using it. .PP Once \fBOPENSSL_cleanup()\fR has been called the library cannot be reinitialised. Attempts to call \fBOPENSSL_init_crypto()\fR will fail and an \s-1ERR_R_INIT_FAIL\s0 error will be added to the error stack. Note that because initialisation has failed OpenSSL error strings will not be available, only an error code. This code can be put through the openssl errstr command line application to produce a human readable error (see \fBerrstr\fR\|(1)). .PP The \fBOPENSSL_atexit()\fR function enables the registration of a function to be called during \fBOPENSSL_cleanup()\fR. Stop handlers are called after deinitialisation of resources local to a thread, but before other process wide resources are freed. In the event that multiple stop handlers are registered, no guarantees are made about the order of execution. .PP The \fBOPENSSL_thread_stop()\fR function deallocates resources associated with the current thread. Typically this function will be called automatically by the library when the thread exits. This should only be called directly if resources should be freed at an earlier time, or under the circumstances described in the \s-1NOTES\s0 section below. .PP The \fB\s-1OPENSSL_INIT_LOAD_CONFIG\s0\fR flag will load a configuration file, as with \&\fBCONF_modules_load_file\fR\|(3) with \s-1NULL\s0 filename and application name and the \&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR, \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR and \&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR flags. The filename, application name, and flags can be customized by providing a non-null \fB\s-1OPENSSL_INIT_SETTINGS\s0\fR object. The object can be allocated via \fB\fBOPENSSL_init_new()\fB\fR. The \fB\fBOPENSSL_INIT_set_config_filename()\fB\fR function can be used to specify a nondefault filename, which is copied and need not refer to persistent storage. Similarly, \fBOPENSSL_INIT_set_config_appname()\fR can be used to specify a nondefault application name. Finally, OPENSSL_INIT_set_file_flags can be used to specify nondefault flags. If the \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR flag is not included, any errors in the configuration file will cause an error return from \fBOPENSSL_init_crypto\fR or indirectly \fBOPENSSL_init_ssl\fR\|(3). The object can be released with \fBOPENSSL_INIT_free()\fR when done. .SH "NOTES" .IX Header "NOTES" Resources local to a thread are deallocated automatically when the thread exits (e.g. in a pthreads environment, when \fBpthread_exit()\fR is called). On Windows platforms this is done in response to a \s-1DLL_THREAD_DETACH\s0 message being sent to the libcrypto32.dll entry point. Some windows functions may cause threads to exit without sending this message (for example \fBExitProcess()\fR). If the application uses such functions, then the application must free up OpenSSL resources directly via a call to \fBOPENSSL_thread_stop()\fR on each thread. Similarly this message will also not be sent if OpenSSL is linked statically, and therefore applications using static linking should also call \fBOPENSSL_thread_stop()\fR on each thread. Additionally if OpenSSL is loaded dynamically via \fBLoadLibrary()\fR and the threads are not destroyed until after \fBFreeLibrary()\fR is called then each thread should call \fBOPENSSL_thread_stop()\fR prior to the \fBFreeLibrary()\fR call. .PP On Linux/Unix where OpenSSL has been loaded via \fBdlopen()\fR and the application is multi-threaded and if \fBdlclose()\fR is subsequently called prior to the threads being destroyed then OpenSSL will not be able to deallocate resources associated with those threads. The application should either call \fBOPENSSL_thread_stop()\fR on each thread prior to the \fBdlclose()\fR call, or alternatively the original \fBdlopen()\fR call should use the \s-1RTLD_NODELETE\s0 flag (where available on the platform). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The functions OPENSSL_init_crypto, \fBOPENSSL_atexit()\fR and \&\fBOPENSSL_INIT_set_config_appname()\fR return 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOPENSSL_init_ssl\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBOPENSSL_init_crypto()\fR, \fBOPENSSL_cleanup()\fR, \fBOPENSSL_atexit()\fR, \&\fBOPENSSL_thread_stop()\fR, \fBOPENSSL_INIT_new()\fR, \fBOPENSSL_INIT_set_config_appname()\fR and \fBOPENSSL_INIT_free()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!:Q0Q0X509_STORE_CTX_set_verify_cb.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_SET_VERIFY_CB 3" .TH X509_STORE_CTX_SET_VERIFY_CB 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_STORE_CTX_get_cleanup, X509_STORE_CTX_get_lookup_crls, X509_STORE_CTX_get_lookup_certs, X509_STORE_CTX_get_check_policy, X509_STORE_CTX_get_cert_crl, X509_STORE_CTX_get_check_crl, X509_STORE_CTX_get_get_crl, X509_STORE_CTX_get_check_revocation, X509_STORE_CTX_get_check_issued, X509_STORE_CTX_get_get_issuer, X509_STORE_CTX_get_verify_cb, X509_STORE_CTX_set_verify_cb, X509_STORE_CTX_verify_cb \&\- get and set verification callback .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); \& \& X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); \& \& void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, \& X509_STORE_CTX_verify_cb verify_cb); \& \& X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx); \& X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); \& X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx); \& X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx); \& X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx); \& X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx); \& X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx); \& X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx); \& X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); \& X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_STORE_CTX_set_verify_cb()\fR sets the verification callback of \fBctx\fR to \&\fBverify_cb\fR overwriting any existing callback. .PP The verification callback can be used to customise the operation of certificate verification, either by overriding error conditions or logging errors for debugging purposes. .PP However, a verification callback is \fBnot\fR essential and the default operation is often sufficient. .PP The \fBok\fR parameter to the callback indicates the value the callback should return to retain the default behaviour. If it is zero then an error condition is indicated. If it is 1 then no error occurred. If the flag \&\fBX509_V_FLAG_NOTIFY_POLICY\fR is set then \fBok\fR is set to 2 to indicate the policy checking is complete. .PP The \fBctx\fR parameter to the callback is the \fBX509_STORE_CTX\fR structure that is performing the verification operation. A callback can examine this structure and receive additional information about the error, for example by calling \fBX509_STORE_CTX_get_current_cert()\fR. Additional application data can be passed to the callback via the \fBex_data\fR mechanism. .PP \&\fBX509_STORE_CTX_get_verify_cb()\fR returns the value of the current callback for the specific \fBctx\fR. .PP \&\fBX509_STORE_CTX_get_get_issuer()\fR, \&\fBX509_STORE_CTX_get_check_issued()\fR, \fBX509_STORE_CTX_get_check_revocation()\fR, \&\fBX509_STORE_CTX_get_get_crl()\fR, \fBX509_STORE_CTX_get_check_crl()\fR, \&\fBX509_STORE_CTX_get_cert_crl()\fR, \fBX509_STORE_CTX_get_check_policy()\fR, \&\fBX509_STORE_CTX_get_lookup_certs()\fR, \fBX509_STORE_CTX_get_lookup_crls()\fR and \fBX509_STORE_CTX_get_cleanup()\fR return the function pointers cached from the corresponding \fBX509_STORE\fR, please see \&\fBX509_STORE_set_verify\fR\|(3) for more information. .SH "WARNINGS" .IX Header "WARNINGS" In general a verification callback should \fB\s-1NOT\s0\fR unconditionally return 1 in all circumstances because this will allow verification to succeed no matter what the error. This effectively removes all security from the application because \fBany\fR certificate (including untrusted generated ones) will be accepted. .SH "NOTES" .IX Header "NOTES" The verification callback can be set and inherited from the parent structure performing the operation. In some cases (such as S/MIME verification) the \&\fBX509_STORE_CTX\fR structure is created and destroyed internally and the only way to set a custom verification callback is by inheriting it from the associated \fBX509_STORE\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_STORE_CTX_set_verify_cb()\fR does not return a value. .SH "EXAMPLES" .IX Header "EXAMPLES" Default callback operation: .PP .Vb 3 \& int verify_callback(int ok, X509_STORE_CTX *ctx) { \& return ok; \& } .Ve .PP Simple example, suppose a certificate in the chain is expired and we wish to continue after this error: .PP .Vb 7 \& int verify_callback(int ok, X509_STORE_CTX *ctx) { \& /* Tolerate certificate expiration */ \& if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED) \& return 1; \& /* Otherwise don\*(Aqt override */ \& return ok; \& } .Ve .PP More complex example, we don't wish to continue after \fBany\fR certificate has expired just one specific case: .PP .Vb 4 \& int verify_callback(int ok, X509_STORE_CTX *ctx) \& { \& int err = X509_STORE_CTX_get_error(ctx); \& X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx); \& \& if (err == X509_V_ERR_CERT_HAS_EXPIRED) { \& if (check_is_acceptable_expired_cert(err_cert) \& return 1; \& } \& return ok; \& } .Ve .PP Full featured logging callback. In this case the \fBbio_err\fR is assumed to be a global logging \fB\s-1BIO\s0\fR, an alternative would to store a \s-1BIO\s0 in \fBctx\fR using \&\fBex_data\fR. .PP .Vb 4 \& int verify_callback(int ok, X509_STORE_CTX *ctx) \& { \& X509 *err_cert; \& int err, depth; \& \& err_cert = X509_STORE_CTX_get_current_cert(ctx); \& err = X509_STORE_CTX_get_error(ctx); \& depth = X509_STORE_CTX_get_error_depth(ctx); \& \& BIO_printf(bio_err, "depth=%d ", depth); \& if (err_cert) { \& X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), \& 0, XN_FLAG_ONELINE); \& BIO_puts(bio_err, "\en"); \& } \& else \& BIO_puts(bio_err, "\en"); \& if (!ok) \& BIO_printf(bio_err, "verify error:num=%d:%s\en", err, \& X509_verify_cert_error_string(err)); \& switch (err) { \& case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: \& BIO_puts(bio_err, "issuer= "); \& X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), \& 0, XN_FLAG_ONELINE); \& BIO_puts(bio_err, "\en"); \& break; \& case X509_V_ERR_CERT_NOT_YET_VALID: \& case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: \& BIO_printf(bio_err, "notBefore="); \& ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); \& BIO_printf(bio_err, "\en"); \& break; \& case X509_V_ERR_CERT_HAS_EXPIRED: \& case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: \& BIO_printf(bio_err, "notAfter="); \& ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); \& BIO_printf(bio_err, "\en"); \& break; \& case X509_V_ERR_NO_EXPLICIT_POLICY: \& policies_print(bio_err, ctx); \& break; \& } \& if (err == X509_V_OK && ok == 2) \& /* print out policies */ \& \& BIO_printf(bio_err, "verify return:%d\en", ok); \& return(ok); \& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_STORE_CTX_get_error\fR\|(3) \&\fBX509_STORE_set_verify_cb_func\fR\|(3) \&\fBX509_STORE_CTX_get_ex_new_index\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \&\fBX509_STORE_CTX_get_get_issuer()\fR, \&\fBX509_STORE_CTX_get_check_issued()\fR, \fBX509_STORE_CTX_get_check_revocation()\fR, \&\fBX509_STORE_CTX_get_get_crl()\fR, \fBX509_STORE_CTX_get_check_crl()\fR, \&\fBX509_STORE_CTX_get_cert_crl()\fR, \fBX509_STORE_CTX_get_check_policy()\fR, \&\fBX509_STORE_CTX_get_lookup_certs()\fR, \fBX509_STORE_CTX_get_lookup_crls()\fR and \fBX509_STORE_CTX_get_cleanup()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2009\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! SSL_CTX_set_session_id_context.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SESSION_ID_CONTEXT 3" .TH SSL_CTX_SET_SESSION_ID_CONTEXT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only) .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, \& unsigned int sid_ctx_len); \& int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, \& unsigned int sid_ctx_len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length \&\fBsid_ctx_len\fR within which a session can be reused for the \fBctx\fR object. .PP \&\fBSSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length \&\fBsid_ctx_len\fR within which a session can be reused for the \fBssl\fR object. .SH "NOTES" .IX Header "NOTES" Sessions are generated within a certain context. When exporting/importing sessions with \fBi2d_SSL_SESSION\fR/\fBd2i_SSL_SESSION\fR it would be possible, to re-import a session generated from another context (e.g. another application), which might lead to malfunctions. Therefore, each application must set its own session id context \fBsid_ctx\fR which is used to distinguish the contexts and is stored in exported sessions. The \fBsid_ctx\fR can be any kind of binary data with a given length, it is therefore possible to use e.g. the name of the application and/or the hostname and/or service name ... .PP The session id context becomes part of the session. The session id context is set by the \s-1SSL/TLS\s0 server. The \fBSSL_CTX_set_session_id_context()\fR and \&\fBSSL_set_session_id_context()\fR functions are therefore only useful on the server side. .PP OpenSSL clients will check the session id context returned by the server when reusing a session. .PP The maximum length of the \fBsid_ctx\fR is limited to \&\fB\s-1SSL_MAX_SID_CTX_LENGTH\s0\fR. .SH "WARNINGS" .IX Header "WARNINGS" If the session id context is not set on an \s-1SSL/TLS\s0 server and client certificates are used, stored sessions will not be reused but a fatal error will be flagged and the handshake will fail. .PP If a server returns a different session id context to an OpenSSL client when reusing a session, an error will be flagged and the handshake will fail. OpenSSL servers will always return the correct session id context, as an OpenSSL server checks the session id context itself before reusing a session as described above. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_session_id_context()\fR and \fBSSL_set_session_id_context()\fR return the following values: .IP "0" 4 The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded the maximum allowed length of \fB\s-1SSL_MAX_SID_CTX_LENGTH\s0\fR. The error is logged to the error stack. .IP "1" 4 .IX Item "1" The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!-h+LL EVP_rc2_cbc.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_RC2_CBC 3" .TH EVP_RC2_CBC 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_rc2_cbc, EVP_rc2_cfb, EVP_rc2_cfb64, EVP_rc2_ecb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc \&\- EVP RC2 cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_CIPHER *EVP_rc2_cbc(void) \& const EVP_CIPHER *EVP_rc2_cfb(void) \& const EVP_CIPHER *EVP_rc2_cfb64(void) \& const EVP_CIPHER *EVP_rc2_ecb(void) \& const EVP_CIPHER *EVP_rc2_ofb(void) \& const EVP_CIPHER *EVP_rc2_40_cbc(void) \& const EVP_CIPHER *EVP_rc2_64_cbc(void) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1RC2\s0 encryption algorithm for \s-1EVP.\s0 .IP "\fBEVP_rc2_cbc()\fR, \fBEVP_rc2_cfb()\fR, \fBEVP_rc2_cfb64()\fR, \fBEVP_rc2_ecb()\fR, \fBEVP_rc2_ofb()\fR" 4 .IX Item "EVP_rc2_cbc(), EVP_rc2_cfb(), EVP_rc2_cfb64(), EVP_rc2_ecb(), EVP_rc2_ofb()" \&\s-1RC2\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length cipher with an additional parameter called \*(L"effective key bits\*(R" or \*(L"effective key length\*(R". By default both are set to 128 bits. .IP "\fBEVP_rc2_40_cbc()\fR, \fBEVP_rc2_64_cbc()\fR" 4 .IX Item "EVP_rc2_40_cbc(), EVP_rc2_64_cbc()" \&\s-1RC2\s0 algorithm in \s-1CBC\s0 mode with a default key length and effective key length of 40 and 64 bits. .Sp \&\s-1WARNING:\s0 these functions are obsolete. Their usage should be replaced with the \&\fBEVP_rc2_cbc()\fR, \fBEVP_CIPHER_CTX_set_key_length()\fR and \fBEVP_CIPHER_CTX_ctrl()\fR functions to set the key length and effective key length. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!'ű BIO_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_NEW 3" .TH BIO_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all \&\- BIO allocation and freeing functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& BIO * BIO_new(const BIO_METHOD *type); \& int BIO_up_ref(BIO *a); \& int BIO_free(BIO *a); \& void BIO_vfree(BIO *a); \& void BIO_free_all(BIO *a); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR. .PP \&\fBBIO_up_ref()\fR increments the reference count associated with the \s-1BIO\s0 object. .PP \&\fBBIO_free()\fR frees up a single \s-1BIO,\s0 \fBBIO_vfree()\fR also frees up a single \s-1BIO\s0 but it does not return a value. If \fBa\fR is \s-1NULL\s0 nothing is done. Calling \fBBIO_free()\fR may also have some effect on the underlying I/O structure, for example it may close the file being referred to under certain circumstances. For more details see the individual \&\s-1BIO_METHOD\s0 descriptions. .PP \&\fBBIO_free_all()\fR frees up an entire \s-1BIO\s0 chain, it does not halt if an error occurs freeing up an individual \s-1BIO\s0 in the chain. If \fBa\fR is \s-1NULL\s0 nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_new()\fR returns a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails. .PP \&\fBBIO_up_ref()\fR and \fBBIO_free()\fR return 1 for success and 0 for failure. .PP \&\fBBIO_free_all()\fR and \fBBIO_vfree()\fR do not return values. .SH "NOTES" .IX Header "NOTES" If \fBBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting in a memory leak. .PP Calling \fBBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling \fBBIO_free()\fR on it other than the discarded return value. .SH "HISTORY" .IX Header "HISTORY" \&\fBBIO_set()\fR was removed in OpenSSL 1.1.0 as \s-1BIO\s0 type is now opaque. .SH "EXAMPLES" .IX Header "EXAMPLES" Create a memory \s-1BIO:\s0 .PP .Vb 1 \& BIO *mem = BIO_new(BIO_s_mem()); .Ve .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!!s??X509_STORE_CTX_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_NEW 3" .TH X509_STORE_CTX_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted, X509_STORE_CTX_get_num_untrusted, X509_STORE_CTX_set_default, X509_STORE_CTX_set_verify, X509_STORE_CTX_verify_fn, X509_STORE_CTX_set_purpose, X509_STORE_CTX_set_trust, X509_STORE_CTX_purpose_inherit \&\- X509_STORE_CTX initialisation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& X509_STORE_CTX *X509_STORE_CTX_new(void); \& void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); \& void X509_STORE_CTX_free(X509_STORE_CTX *ctx); \& \& int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, \& X509 *x509, STACK_OF(X509) *chain); \& \& void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); \& \& void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x); \& STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); \& void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain); \& void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); \& \& X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); \& void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); \& int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); \& \& STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); \& void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); \& \& int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); \& \& typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); \& void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); \& \& int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); \& int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); \& int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, \& int purpose, int trust); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use by \fBX509_verify_cert()\fR. .PP \&\fBX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure. .PP \&\fBX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure. The context can then be reused with a new call to \fBX509_STORE_CTX_init()\fR. .PP \&\fBX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR is no longer valid. If \fBctx\fR is \s-1NULL\s0 nothing is done. .PP \&\fBX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation. It must be called before each call to \fBX509_verify_cert()\fR, i.e. a \fBctx\fR is only good for one call to \fBX509_verify_cert()\fR; if you want to verify a second certificate with the same \fBctx\fR then you must call \fBX509_STORE_CTX_cleanup()\fR and then \fBX509_STORE_CTX_init()\fR again before the second call to \&\fBX509_verify_cert()\fR. The trusted certificate store is set to \fBstore\fR, the end entity certificate to be verified is set to \fBx509\fR and a set of additional certificates (which will be untrusted but may be used to build the chain) in \&\fBchain\fR. Any or all of the \fBstore\fR, \fBx509\fR and \fBchain\fR parameters can be \&\fB\s-1NULL\s0\fR. .PP \&\fBX509_STORE_CTX_set0_trusted_stack()\fR sets the set of trusted certificates of \&\fBctx\fR to \fBsk\fR. This is an alternative way of specifying trusted certificates instead of using an \fBX509_STORE\fR. .PP \&\fBX509_STORE_CTX_set_cert()\fR sets the certificate to be verified in \fBctx\fR to \&\fBx\fR. .PP \&\fBX509_STORE_CTX_set0_verified_chain()\fR sets the validated chain used by \fBctx\fR to be \fBchain\fR. Ownership of the chain is transferred to \fBctx\fR and should not be free'd by the caller. \&\fBX509_STORE_CTX_get0_chain()\fR returns the internal pointer used by the \&\fBctx\fR that contains the validated chain. .PP \&\fBX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate verification to \fBsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be used where additional \*(L"useful\*(R" CRLs are supplied as part of a protocol, for example in a PKCS#7 structure. .PP \&\fBX509_STORE_CTX_get0_param()\fR retrieves an internal pointer to the verification parameters associated with \fBctx\fR. .PP \&\fBX509_STORE_CTX_get0_untrusted()\fR retrieves an internal pointer to the stack of untrusted certificates associated with \fBctx\fR. .PP \&\fBX509_STORE_CTX_set0_untrusted()\fR sets the internal point to the stack of untrusted certificates associated with \fBctx\fR to \fBsk\fR. .PP \&\fBX509_STORE_CTX_set0_param()\fR sets the internal verification parameter pointer to \fBparam\fR. After this call \fBparam\fR should not be used. .PP \&\fBX509_STORE_CTX_set_default()\fR looks up and sets the default verification method to \fBname\fR. This uses the function \fBX509_VERIFY_PARAM_lookup()\fR to find an appropriate set of parameters from \fBname\fR. .PP \&\fBX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates that were used in building the chain following a call to \fBX509_verify_cert()\fR. .PP \&\fBX509_STORE_CTX_set_verify()\fR provides the capability for overriding the default verify function. This function is responsible for verifying chain signatures and expiration times. .PP A verify function is defined as an X509_STORE_CTX_verify type which has the following signature: .PP .Vb 1 \& int (*verify)(X509_STORE_CTX *); .Ve .PP This function should receive the current X509_STORE_CTX as a parameter and return 1 on success or 0 on failure. .PP X509 certificates may contain information about what purposes keys contained within them can be used for. For example \*(L"\s-1TLS WWW\s0 Server Authentication\*(R" or \&\*(L"Email Protection\*(R". This \*(L"key usage\*(R" information is held internally to the certificate itself. In addition the trust store containing trusted certificates can declare what purposes we trust different certificates for. This \*(L"trust\*(R" information is not held within the certificate itself but is \*(L"meta\*(R" information held alongside it. This \*(L"meta\*(R" information is associated with the certificate after it is issued and could be determined by a system administrator. For example a certificate might declare that it is suitable for use for both \&\*(L"\s-1TLS WWW\s0 Server Authentication\*(R" and \*(L"\s-1TLS\s0 Client Authentication\*(R", but a system administrator might only trust it for the former. An X.509 certificate extension exists that can record extended key usage information to supplement the purpose information described above. This extended mechanism is arbitrarily extensible and not well suited for a generic library \s-1API\s0; applications that need to validate extended key usage information in certifiates will need to define a custom \*(L"purpose\*(R" (see below) or supply a nondefault verification callback (\fBX509_STORE_set_verify_cb_func\fR\|(3)). .PP \&\fBX509_STORE_CTX_set_purpose()\fR sets the purpose for the target certificate being verified in the \fIctx\fR. Built-in available values for the \fIpurpose\fR argument are \fBX509_PURPOSE_SSL_CLIENT\fR, \fBX509_PURPOSE_SSL_SERVER\fR, \&\fBX509_PURPOSE_NS_SSL_SERVER\fR, \fBX509_PURPOSE_SMIME_SIGN\fR, \&\fBX509_PURPOSE_SMIME_ENCRYPT\fR, \fBX509_PURPOSE_CRL_SIGN\fR, \fBX509_PURPOSE_ANY\fR, \&\fBX509_PURPOSE_OCSP_HELPER\fR and \fBX509_PURPOSE_TIMESTAMP_SIGN\fR. It is also possible to create a custom purpose value. Setting a purpose will ensure that the key usage declared within certificates in the chain being verified is consistent with that purpose as well as, potentially, other checks. Every purpose also has an associated default trust value which will also be set at the same time. During verification this trust setting will be verified to check it is consistent with the trust set by the system administrator for certificates in the chain. .PP \&\fBX509_STORE_CTX_set_trust()\fR sets the trust value for the target certificate being verified in the \fIctx\fR. Built-in available values for the \fItrust\fR argument are \fBX509_TRUST_COMPAT\fR, \fBX509_TRUST_SSL_CLIENT\fR, \&\fBX509_TRUST_SSL_SERVER\fR, \fBX509_TRUST_EMAIL\fR, \fBX509_TRUST_OBJECT_SIGN\fR, \&\fBX509_TRUST_OCSP_SIGN\fR, \fBX509_TRUST_OCSP_REQUEST\fR and \fBX509_TRUST_TSA\fR. It is also possible to create a custom trust value. Since \fBX509_STORE_CTX_set_purpose()\fR also sets the trust value it is normally sufficient to only call that function. If both are called then \fBX509_STORE_CTX_set_trust()\fR should be called after \&\fBX509_STORE_CTX_set_purpose()\fR since the trust setting of the last call will be used. .PP It should not normally be necessary for end user applications to call \&\fBX509_STORE_CTX_purpose_inherit()\fR directly. Typically applications should call \&\fBX509_STORE_CTX_set_purpose()\fR or \fBX509_STORE_CTX_set_trust()\fR instead. Using this function it is possible to set the purpose and trust values for the \fIctx\fR at the same time. Both \fIctx\fR and its internal verification parameter pointer must not be \s-1NULL.\s0 The \fIdef_purpose\fR and \fIpurpose\fR arguments can have the same purpose values as described for \fBX509_STORE_CTX_set_purpose()\fR above. The \fItrust\fR argument can have the same trust values as described in \&\fBX509_STORE_CTX_set_trust()\fR above. Any of the \fIdef_purpose\fR, \fIpurpose\fR or \&\fItrust\fR values may also have the value 0 to indicate that the supplied parameter should be ignored. After calling this function the purpose to be used for verification is set from the \fIpurpose\fR argument unless the purpose was already set in \fIctx\fR before, and the trust is set from the \fItrust\fR argument unless the trust was already set in \fIctx\fR before. If \fItrust\fR is 0 then the trust value will be set from the default trust value for \fIpurpose\fR. If the default trust value for the purpose is \fIX509_TRUST_DEFAULT\fR and \fItrust\fR is 0 then the default trust value associated with the \fIdef_purpose\fR value is used for the trust setting instead. .SH "NOTES" .IX Header "NOTES" The certificates and CRLs in a store are used internally and should \fBnot\fR be freed up until after the associated \fBX509_STORE_CTX\fR is freed. .SH "BUGS" .IX Header "BUGS" The certificates and CRLs in a context are used internally and should \fBnot\fR be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies should be made or reference counts increased instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_STORE_CTX_new()\fR returns a newly allocated context or \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred. .PP \&\fBX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBX509_STORE_CTX_cleanup()\fR, \fBX509_STORE_CTX_free()\fR, \&\fBX509_STORE_CTX_set0_trusted_stack()\fR, \&\fBX509_STORE_CTX_set_cert()\fR, \&\fBX509_STORE_CTX_set0_crls()\fR and \fBX509_STORE_CTX_set0_param()\fR do not return values. .PP \&\fBX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred. .PP \&\fBX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates used. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_verify_cert\fR\|(3) \&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBX509_STORE_CTX_set0_crls()\fR function was added in OpenSSL 1.0.0. The \fBX509_STORE_CTX_get_num_untrusted()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2009\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!g[##EC_POINT_add.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EC_POINT_ADD 3" .TH EC_POINT_ADD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult \- Functions for performing mathematical operations and tests on EC_POINT objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, \& const EC_POINT *b, BN_CTX *ctx); \& int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx); \& int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); \& int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); \& int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx); \& int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); \& int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); \& int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, \& EC_POINT *points[], BN_CTX *ctx); \& int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, \& const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); \& int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, \& const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); \& int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); \& int EC_GROUP_have_precompute_mult(const EC_GROUP *group); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" EC_POINT_add adds the two points \fBa\fR and \fBb\fR and places the result in \fBr\fR. Similarly EC_POINT_dbl doubles the point \fBa\fR and places the result in \fBr\fR. In both cases it is valid for \fBr\fR to be one of \fBa\fR or \fBb\fR. .PP EC_POINT_invert calculates the inverse of the supplied point \fBa\fR. The result is placed back in \fBa\fR. .PP The function EC_POINT_is_at_infinity tests whether the supplied point is at infinity or not. .PP EC_POINT_is_on_curve tests whether the supplied point is on the curve or not. .PP EC_POINT_cmp compares the two supplied points and tests whether or not they are equal. .PP The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the \s-1EC_POINT\s0(s) into the affine co-ordinate system. In the case of EC_POINTs_make_affine the value \fBnum\fR provides the number of points in the array \fBpoints\fR to be forced. .PP EC_POINT_mul is a convenient interface to EC_POINTs_mul: it calculates the value generator * \fBn\fR + \fBq\fR * \fBm\fR and stores the result in \fBr\fR. The value \fBn\fR may be \s-1NULL\s0 in which case the result is just \fBq\fR * \fBm\fR (variable point multiplication). Alternatively, both \fBq\fR and \fBm\fR may be \s-1NULL,\s0 and \fBn\fR non-NULL, in which case the result is just generator * \fBn\fR (fixed point multiplication). When performing a single fixed or variable point multiplication, the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm\fR) is in the range [0, ec_group_order). .PP EC_POINTs_mul calculates the value generator * \fBn\fR + \fBq[0]\fR * \fBm[0]\fR + ... + \fBq[num\-1]\fR * \fBm[num\-1]\fR. As for EC_POINT_mul the value \fBn\fR may be \s-1NULL\s0 or \fBnum\fR may be zero. When performing a fixed point multiplication (\fBn\fR is non-NULL and \fBnum\fR is 0) or a variable point multiplication (\fBn\fR is \s-1NULL\s0 and \fBnum\fR is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm[0]\fR) is in the range [0, ec_group_order). .PP The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See \fBEC_GROUP_copy\fR\|(3) for information about the generator. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following functions return 1 on success or 0 on error: EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_make_affine, EC_POINT_mul, EC_POINTs_mul and EC_GROUP_precompute_mult. .PP EC_POINT_is_at_infinity returns 1 if the point is at infinity, or 0 otherwise. .PP EC_POINT_is_on_curve returns 1 if the point is on the curve, 0 if not, or \-1 on error. .PP EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or \-1 on error. .PP EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), \&\fBEC_POINT_new\fR\|(3), \fBEC_KEY_new\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!|:SSL_CTX_set_timeout.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TIMEOUT 3" .TH SSL_CTX_SET_TIMEOUT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); \& long SSL_CTX_get_timeout(SSL_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_timeout()\fR sets the timeout for newly created sessions for \&\fBctx\fR to \fBt\fR. The timeout value \fBt\fR must be given in seconds. .PP \&\fBSSL_CTX_get_timeout()\fR returns the currently set timeout value for \fBctx\fR. .SH "NOTES" .IX Header "NOTES" Whenever a new session is created, it is assigned a maximum lifetime. This lifetime is specified by storing the creation time of the session and the timeout value valid at this time. If the actual time is later than creation time plus timeout, the session is not reused. .PP Due to this realization, all sessions behave according to the timeout value valid at the time of the session negotiation. Changes of the timeout value do not affect already established sessions. .PP The expiration time of a single session can be modified using the \&\fBSSL_SESSION_get_time\fR\|(3) family of functions. .PP Expired sessions are removed from the internal session cache, whenever \&\fBSSL_CTX_flush_sessions\fR\|(3) is called, either directly by the application or automatically (see \&\fBSSL_CTX_set_session_cache_mode\fR\|(3)) .PP The default value for session timeout is decided on a per protocol basis, see \fBSSL_get_default_timeout\fR\|(3). All currently supported protocols have the same default timeout value of 300 seconds. .PP This timeout value is used as the ticket lifetime hint for stateless session tickets. It is also used as the timeout value within the ticket itself. .PP For TLSv1.3, \s-1RFC8446\s0 limits transmission of this value to 1 week (604800 seconds). .PP For TLSv1.2, tickets generated during an initial handshake use the value as specified. Tickets generated during a resumed handshake have a value of 0 for the ticket lifetime hint. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_timeout()\fR returns the previously set timeout value. .PP \&\fBSSL_CTX_get_timeout()\fR returns the currently set timeout value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_session_cache_mode\fR\|(3), \&\fBSSL_SESSION_get_time\fR\|(3), \&\fBSSL_CTX_flush_sessions\fR\|(3), \&\fBSSL_get_default_timeout\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!]3+3+CMS_get0_RecipientInfos.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CMS_GET0_RECIPIENTINFOS 3" .TH CMS_GET0_RECIPIENTINFOS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt \&\- CMS envelopedData RecipientInfo routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); \& int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); \& \& int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, \& ASN1_OCTET_STRING **keyid, \& X509_NAME **issuer, \& ASN1_INTEGER **sno); \& int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); \& int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); \& \& int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, \& ASN1_OCTET_STRING **pid, \& ASN1_GENERALIZEDTIME **pdate, \& ASN1_OBJECT **potherid, \& ASN1_TYPE **pothertype); \& int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, \& const unsigned char *id, size_t idlen); \& int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, \& unsigned char *key, size_t keylen); \& \& int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); \& int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The function \fBCMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo structures associated with a \s-1CMS\s0 EnvelopedData structure. .PP \&\fBCMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR. It will currently return \s-1CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE, CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS,\s0 or \s-1CMS_RECIPINFO_OTHER.\s0 .PP \&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient identifier associated with a specific CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS.\s0 Either the keyidentifier will be set in \&\fBkeyid\fR or \fBboth\fR issuer name and serial number in \fBissuer\fR and \fBsno\fR. .PP \&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS.\s0 It returns zero if the comparison is successful and non zero if not. .PP \&\fBCMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type \&\s-1CMS_RECIPINFO_TRANS.\s0 .PP \&\fBCMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK.\s0 Any of the remaining parameters can be \s-1NULL\s0 if the application is not interested in the value of a field. Where a field is optional and absent \s-1NULL\s0 will be written to the corresponding parameter. The keyEncryptionAlgorithm field is written to \&\fBpalg\fR, the \fBkeyIdentifier\fR field is written to \fBpid\fR, the \fBdate\fR field if present is written to \fBpdate\fR, if the \fBother\fR field is present the components \&\fBkeyAttrId\fR and \fBkeyAttr\fR are written to parameters \fBpotherid\fR and \&\fBpothertype\fR. .PP \&\fBCMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR parameters against the \fBkeyIdentifier\fR CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_KEK.\s0 It returns zero if the comparison is successful and non zero if not. .PP \&\fBCMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length \&\fBkeylen\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type \&\s-1CMS_RECIPINFO_KEK.\s0 .PP \&\fBCMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure \&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure first. .PP \&\fBCMS_RecipientInfo_encrypt()\fR attempts to encrypt CMS_RecipientInfo structure \&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure first and the content encryption key must be available: for example by a previous call to \fBCMS_RecipientInfo_decrypt()\fR. .SH "NOTES" .IX Header "NOTES" The main purpose of these functions is to enable an application to lookup recipient keys using any appropriate technique when the simpler method of \fBCMS_decrypt()\fR is not appropriate. .PP In typical usage and application will retrieve all CMS_RecipientInfo structures using \fBCMS_get0_RecipientInfos()\fR and check the type of each using \&\fBCMS_RecipientInfo_type()\fR. Depending on the type the CMS_RecipientInfo structure can be ignored or its key identifier data retrieved using an appropriate function. Then if the corresponding secret or private key can be obtained by any appropriate means it can then associated with the structure and \&\fBCMS_RecipientInfo_decrypt()\fR called. If successful \fBCMS_decrypt()\fR can be called with a \s-1NULL\s0 key to decrypt the enveloped content. .PP The \fBCMS_RecipientInfo_encrypt()\fR can be used to add a new recipient to an existing enveloped data structure. Typically an application will first decrypt an appropriate CMS_RecipientInfo structure to make the content encrypt key available, it will then add a new recipient using a function such as \&\fBCMS_add1_recipient_cert()\fR and finally encrypt the content encryption key using \fBCMS_RecipientInfo_encrypt()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or \s-1NULL\s0 if an error occurs. .PP \&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR, \fBCMS_RecipientInfo_set0_pkey()\fR, \&\fBCMS_RecipientInfo_kekri_get0_id()\fR, \fBCMS_RecipientInfo_set0_key()\fR and \&\fBCMS_RecipientInfo_decrypt()\fR return 1 for success or 0 if an error occurs. \&\fBCMS_RecipientInfo_encrypt()\fR return 1 for success or 0 if an error occurs. .PP \&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR and \fBCMS_RecipientInfo_kekri_cmp()\fR return 0 for a successful comparison and non zero otherwise. .PP Any error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!1'   BN_CTX_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_CTX_NEW 3" .TH BN_CTX_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_CTX_new, BN_CTX_secure_new, BN_CTX_free \- allocate and free BN_CTX structures .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& BN_CTX *BN_CTX_new(void); \& \& BN_CTX *BN_CTX_secure_new(void); \& \& void BN_CTX_free(BN_CTX *c); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A \fB\s-1BN_CTX\s0\fR is a structure that holds \fB\s-1BIGNUM\s0\fR temporary variables used by library functions. Since dynamic memory allocation to create \fB\s-1BIGNUM\s0\fRs is rather expensive when used in conjunction with repeated subroutine calls, the \fB\s-1BN_CTX\s0\fR structure is used. .PP \&\fBBN_CTX_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure. \&\fBBN_CTX_secure_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure but uses the secure heap (see \fBCRYPTO_secure_malloc\fR\|(3)) to hold the \&\fB\s-1BIGNUM\s0\fRs. .PP \&\fBBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR and the structure itself. Since \fBBN_CTX_start()\fR is required in order to obtain \fB\s-1BIGNUM\s0\fRs from the \&\fB\s-1BN_CTX\s0\fR, in most cases \fBBN_CTX_end()\fR must be called before the \fB\s-1BN_CTX\s0\fR may be freed by \fBBN_CTX_free()\fR. If \fBc\fR is \s-1NULL,\s0 nothing is done. .PP A given \fB\s-1BN_CTX\s0\fR must only be used by a single thread of execution. No locking is performed, and the internal pool allocator will not properly handle multiple threads of execution. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBN_CTX_new()\fR and \fBBN_CTX_secure_new()\fR return a pointer to the \fB\s-1BN_CTX\s0\fR. If the allocation fails, they return \fB\s-1NULL\s0\fR and sets an error code that can be obtained by \&\fBERR_get_error\fR\|(3). .PP \&\fBBN_CTX_free()\fR has no return values. .SH "REMOVED FUNCTIONALITY" .IX Header "REMOVED FUNCTIONALITY" .Vb 1 \& void BN_CTX_init(BN_CTX *c); .Ve .PP \&\fBBN_CTX_init()\fR is no longer available as of OpenSSL 1.1.0. Applications should replace use of BN_CTX_init with BN_CTX_new instead: .PP .Vb 6 \& BN_CTX *ctx; \& ctx = BN_CTX_new(); \& if (!ctx) \& /* error */ \& ... \& BN_CTX_free(ctx); .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), \&\fBBN_CTX_start\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBBN_CTX_init()\fR was removed in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!W}x 1 1SSL_CTX_set_security_level.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SECURITY_LEVEL 3" .TH SSL_CTX_SET_SECURITY_LEVEL 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, SSL_get_security_level, SSL_CTX_set_security_callback, SSL_set_security_callback, SSL_CTX_get_security_callback, SSL_get_security_callback, SSL_CTX_set0_security_ex_data, SSL_set0_security_ex_data, SSL_CTX_get0_security_ex_data, SSL_get0_security_ex_data \- SSL/TLS security framework .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); \& void SSL_set_security_level(SSL *s, int level); \& \& int SSL_CTX_get_security_level(const SSL_CTX *ctx); \& int SSL_get_security_level(const SSL *s); \& \& void SSL_CTX_set_security_callback(SSL_CTX *ctx, \& int (*cb)(SSL *s, SSL_CTX *ctx, int op, \& int bits, int nid, \& void *other, void *ex)); \& \& void SSL_set_security_callback(SSL *s, int (*cb)(SSL *s, SSL_CTX *ctx, int op, \& int bits, int nid, \& void *other, void *ex)); \& \& int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op, \& int bits, int nid, void *other, \& void *ex); \& int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op, \& int bits, int nid, void *other, \& void *ex); \& \& void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); \& void SSL_set0_security_ex_data(SSL *s, void *ex); \& \& void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); \& void *SSL_get0_security_ex_data(const SSL *s); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The functions \fBSSL_CTX_set_security_level()\fR and \fBSSL_set_security_level()\fR set the security level to \fBlevel\fR. If not set the library default security level is used. .PP The functions \fBSSL_CTX_get_security_level()\fR and \fBSSL_get_security_level()\fR retrieve the current security level. .PP \&\fBSSL_CTX_set_security_callback()\fR, \fBSSL_set_security_callback()\fR, \&\fBSSL_CTX_get_security_callback()\fR and \fBSSL_get_security_callback()\fR get or set the security callback associated with \fBctx\fR or \fBs\fR. If not set a default security callback is used. The meaning of the parameters and the behaviour of the default callbacks is described below. .PP \&\fBSSL_CTX_set0_security_ex_data()\fR, \fBSSL_set0_security_ex_data()\fR, \&\fBSSL_CTX_get0_security_ex_data()\fR and \fBSSL_get0_security_ex_data()\fR set the extra data pointer passed to the \fBex\fR parameter of the callback. This value is passed to the callback verbatim and can be set to any convenient application specific value. .SH "DEFAULT CALLBACK BEHAVIOUR" .IX Header "DEFAULT CALLBACK BEHAVIOUR" If an application doesn't set its own security callback the default callback is used. It is intended to provide sane defaults. The meaning of each level is described below. .IP "\fBLevel 0\fR" 4 .IX Item "Level 0" Everything is permitted. This retains compatibility with previous versions of OpenSSL. .IP "\fBLevel 1\fR" 4 .IX Item "Level 1" The security level corresponds to a minimum of 80 bits of security. Any parameters offering below 80 bits of security are excluded. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys shorter than 1024 bits and \s-1ECC\s0 keys shorter than 160 bits are prohibited. All export cipher suites are prohibited since they all offer less than 80 bits of security. \s-1SSL\s0 version 2 is prohibited. Any cipher suite using \s-1MD5\s0 for the \s-1MAC\s0 is also prohibited. .IP "\fBLevel 2\fR" 4 .IX Item "Level 2" Security level set to 112 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys shorter than 2048 bits and \s-1ECC\s0 keys shorter than 224 bits are prohibited. In addition to the level 1 exclusions any cipher suite using \s-1RC4\s0 is also prohibited. \s-1SSL\s0 version 3 is also not allowed. Compression is disabled. .IP "\fBLevel 3\fR" 4 .IX Item "Level 3" Security level set to 128 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys shorter than 3072 bits and \s-1ECC\s0 keys shorter than 256 bits are prohibited. In addition to the level 2 exclusions cipher suites not offering forward secrecy are prohibited. \s-1TLS\s0 versions below 1.1 are not permitted. Session tickets are disabled. .IP "\fBLevel 4\fR" 4 .IX Item "Level 4" Security level set to 192 bits of security. As a result \s-1RSA, DSA\s0 and \&\s-1DH\s0 keys shorter than 7680 bits and \s-1ECC\s0 keys shorter than 384 bits are prohibited. Cipher suites using \s-1SHA1\s0 for the \s-1MAC\s0 are prohibited. \s-1TLS\s0 versions below 1.2 are not permitted. .IP "\fBLevel 5\fR" 4 .IX Item "Level 5" Security level set to 256 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys shorter than 15360 bits and \s-1ECC\s0 keys shorter than 512 bits are prohibited. .SH "APPLICATION DEFINED SECURITY CALLBACKS" .IX Header "APPLICATION DEFINED SECURITY CALLBACKS" \&\fIDocumentation to be provided.\fR .SH "NOTES" .IX Header "NOTES" The default security level can be configured when OpenSSL is compiled by setting \fB\-DOPENSSL_TLS_SECURITY_LEVEL=level\fR. If not set then 1 is used. .PP The security framework disables or reject parameters inconsistent with the set security level. In the past this was difficult as applications had to set a number of distinct parameters (supported ciphers, supported curves supported signature algorithms) to achieve this end and some cases (\s-1DH\s0 parameter size for example) could not be checked at all. .PP By setting an appropriate security level much of this complexity can be avoided. .PP The bits of security limits affect all relevant parameters including cipher suite encryption algorithms, supported \s-1ECC\s0 curves, supported signature algorithms, \s-1DH\s0 parameter sizes, certificate key sizes and signature algorithms. This limit applies no matter what other custom settings an application has set: so if the cipher suite is set to \fB\s-1ALL\s0\fR then only cipher suites consistent with the security level are permissible. .PP See \s-1SP800\-57\s0 for how the security limits are related to individual algorithms. .PP Some security levels require large key sizes for non-ECC public key algorithms which can severely degrade performance. For example 256 bits of security requires the use of \s-1RSA\s0 keys of at least 15360 bits in size. .PP Some restrictions can be gracefully handled: for example cipher suites offering insufficient security are not sent by the client and will not be selected by the server. Other restrictions such as the peer certificate key size or the \s-1DH\s0 parameter size will abort the handshake with a fatal alert. .PP Attempts to set certificates or parameters with insufficient security are also blocked. For example trying to set a certificate using a 512 bit \s-1RSA\s0 key using \fBSSL_CTX_use_certificate()\fR at level 1. Applications which do not check the return values for errors will misbehave: for example it might appear that a certificate is not set at all because it had been rejected. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_security_level()\fR and \fBSSL_set_security_level()\fR do not return values. .PP \&\fBSSL_CTX_get_security_level()\fR and \fBSSL_get_security_level()\fR return a integer that represents the security level with \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR, respectively. .PP \&\fBSSL_CTX_set_security_callback()\fR and \fBSSL_set_security_callback()\fR do not return values. .PP \&\fBSSL_CTX_get_security_callback()\fR and \fBSSL_get_security_callback()\fR return the pointer to the security callback or \s-1NULL\s0 if the callback is not set. .PP \&\fBSSL_CTX_get0_security_ex_data()\fR and \fBSSL_get0_security_ex_data()\fR return the extra data pointer or \s-1NULL\s0 if the ex data is not set. .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2014\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!8AASSL_CTX_sessions.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SESSIONS 3" .TH SSL_CTX_SESSIONS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_sessions \- access internal session cache .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_sessions()\fR returns a pointer to the lhash databases containing the internal session cache for \fBctx\fR. .SH "NOTES" .IX Header "NOTES" The sessions in the internal session cache are kept in an \&\s-1\fBLHASH\s0\fR\|(3) type database. It is possible to directly access this database e.g. for searching. In parallel, the sessions form a linked list which is maintained separately from the \&\s-1\fBLHASH\s0\fR\|(3) operations, so that the database must not be modified directly but by using the \&\fBSSL_CTX_add_session\fR\|(3) family of functions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_sessions()\fR returns a pointer to the lhash of \fB\s-1SSL_SESSION\s0\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \s-1\fBLHASH\s0\fR\|(3), \&\fBSSL_CTX_add_session\fR\|(3), \&\fBSSL_CTX_set_session_cache_mode\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!PPRPRX509_STORE_CTX_get_error.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_GET_ERROR 3" .TH X509_STORE_CTX_GET_ERROR 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_set_current_cert, X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string \- get or set certificate verification status information .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); \& void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); \& int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); \& void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); \& X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); \& void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); \& X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); \& \& STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); \& \& const char *X509_verify_cert_error_string(long n); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions are typically called after \fBX509_verify_cert()\fR has indicated an error or in a verification callback to determine the nature of an error. .PP \&\fBX509_STORE_CTX_get_error()\fR returns the error code of \fBctx\fR, see the \fB\s-1ERROR CODES\s0\fR section for a full description of all error codes. .PP \&\fBX509_STORE_CTX_set_error()\fR sets the error code of \fBctx\fR to \fBs\fR. For example it might be used in a verification callback to set an error based on additional checks. .PP \&\fBX509_STORE_CTX_get_error_depth()\fR returns the \fBdepth\fR of the error. This is a nonnegative integer representing where in the certificate chain the error occurred. If it is zero it occurred in the end entity certificate, one if it is the certificate which signed the end entity certificate and so on. .PP \&\fBX509_STORE_CTX_set_error_depth()\fR sets the error \fBdepth\fR. This can be used in combination with \fBX509_STORE_CTX_set_error()\fR to set the depth at which an error condition was detected. .PP \&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate in \fBctx\fR which caused the error or \fB\s-1NULL\s0\fR if no certificate is relevant. .PP \&\fBX509_STORE_CTX_set_current_cert()\fR sets the certificate \fBx\fR in \fBctx\fR which caused the error. This value is not intended to remain valid for very long, and remains owned by the caller. It may be examined by a verification callback invoked to handle each error encountered during chain verification and is no longer required after such a callback. If a callback wishes the save the certificate for use after it returns, it needs to increment its reference count via \fBX509_up_ref\fR\|(3). Once such a \fIsaved\fR certificate is no longer needed it can be freed with \&\fBX509_free\fR\|(3). .PP \&\fBX509_STORE_CTX_get0_cert()\fR retrieves an internal pointer to the certificate being verified by the \fBctx\fR. .PP \&\fBX509_STORE_CTX_get1_chain()\fR returns a complete validate chain if a previous call to \fBX509_verify_cert()\fR is successful. If the call to \fBX509_verify_cert()\fR is \fBnot\fR successful the returned chain may be incomplete or invalid. The returned chain persists after the \fBctx\fR structure is freed, when it is no longer needed it should be free up using: .PP .Vb 1 \& sk_X509_pop_free(chain, X509_free); .Ve .PP \&\fBX509_verify_cert_error_string()\fR returns a human readable error string for verification error \fBn\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_STORE_CTX_get_error()\fR returns \fBX509_V_OK\fR or an error code. .PP \&\fBX509_STORE_CTX_get_error_depth()\fR returns a nonnegative error depth. .PP \&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate which caused the error or \fB\s-1NULL\s0\fR if no certificate is relevant to the error. .PP \&\fBX509_verify_cert_error_string()\fR returns a human readable error string for verification error \fBn\fR. .SH "ERROR CODES" .IX Header "ERROR CODES" A list of error codes and messages is shown below. Some of the error codes are defined but currently never returned: these are described as \&\*(L"unused\*(R". .IP "\fBX509_V_OK: ok\fR" 4 .IX Item "X509_V_OK: ok" the operation was successful. .IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate" the issuer certificate of a locally looked up certificate could not be found. This normally means the list of trusted certificates is not complete. .IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate \s-1CRL\s0\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL" the \s-1CRL\s0 of a certificate could not be found. .IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature" the certificate signature could not be decrypted. This means that the actual signature value could not be determined rather than it not matching the expected value, this is only meaningful for \s-1RSA\s0 keys. .IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt \s-1CRL\s0's signature\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature" the \s-1CRL\s0 signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value. Unused. .IP "\fBX509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key" the public key in the certificate SubjectPublicKeyInfo could not be read. .IP "\fBX509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure\fR" 4 .IX Item "X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure" the signature of the certificate is invalid. .IP "\fBX509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4 .IX Item "X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure" the signature of the certificate is invalid. .IP "\fBX509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4 .IX Item "X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid" the certificate is not yet valid: the notBefore date is after the current time. .IP "\fBX509_V_ERR_CERT_HAS_EXPIRED: certificate has expired\fR" 4 .IX Item "X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired" the certificate has expired: that is the notAfter date is before the current time. .IP "\fBX509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4 .IX Item "X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid" the \s-1CRL\s0 is not yet valid. .IP "\fBX509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4 .IX Item "X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired" the \s-1CRL\s0 has expired. .IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4 .IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field" the certificate notBefore field contains an invalid time. .IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field\fR" 4 .IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field" the certificate notAfter field contains an invalid time. .IP "\fBX509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4 .IX Item "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field" the \s-1CRL\s0 lastUpdate field contains an invalid time. .IP "\fBX509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4 .IX Item "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field" the \s-1CRL\s0 nextUpdate field contains an invalid time. .IP "\fBX509_V_ERR_OUT_OF_MEM: out of memory\fR" 4 .IX Item "X509_V_ERR_OUT_OF_MEM: out of memory" an error occurred trying to allocate memory. This should never happen. .IP "\fBX509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate\fR" 4 .IX Item "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate" the passed certificate is self signed and the same certificate cannot be found in the list of trusted certificates. .IP "\fBX509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain\fR" 4 .IX Item "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain" the certificate chain could be built up using the untrusted certificates but the root could not be found locally. .IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate" the issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found. .IP "\fBX509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate" no signatures could be verified because the chain contains only one certificate and it is not self signed. .IP "\fBX509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long\fR" 4 .IX Item "X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long" the certificate chain length is greater than the supplied maximum depth. Unused. .IP "\fBX509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4 .IX Item "X509_V_ERR_CERT_REVOKED: certificate revoked" the certificate has been revoked. .IP "\fBX509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4 .IX Item "X509_V_ERR_INVALID_CA: invalid CA certificate" a \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not consistent with the supplied purpose. .IP "\fBX509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded\fR" 4 .IX Item "X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded" the basicConstraints path-length parameter has been exceeded. .IP "\fBX509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose\fR" 4 .IX Item "X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose" the supplied certificate cannot be used for the specified purpose. .IP "\fBX509_V_ERR_CERT_UNTRUSTED: certificate not trusted\fR" 4 .IX Item "X509_V_ERR_CERT_UNTRUSTED: certificate not trusted" the root \s-1CA\s0 is not marked as trusted for the specified purpose. .IP "\fBX509_V_ERR_CERT_REJECTED: certificate rejected\fR" 4 .IX Item "X509_V_ERR_CERT_REJECTED: certificate rejected" the root \s-1CA\s0 is marked to reject the specified purpose. .IP "\fBX509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch\fR" 4 .IX Item "X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch" the current candidate issuer certificate was rejected because its subject name did not match the issuer name of the current certificate. This is only set if issuer check debugging is enabled it is used for status notification and is \fBnot\fR in itself an error. .IP "\fBX509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch\fR" 4 .IX Item "X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch" the current candidate issuer certificate was rejected because its subject key identifier was present and did not match the authority key identifier current certificate. This is only set if issuer check debugging is enabled it is used for status notification and is \fBnot\fR in itself an error. .IP "\fBX509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch\fR" 4 .IX Item "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch" the current candidate issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of the current certificate. This is only set if issuer check debugging is enabled it is used for status notification and is \fBnot\fR in itself an error. .IP "\fBX509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing\fR" 4 .IX Item "X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing" the current candidate issuer certificate was rejected because its keyUsage extension does not permit certificate signing. This is only set if issuer check debugging is enabled it is used for status notification and is \fBnot\fR in itself an error. .IP "\fBX509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension\fR" 4 .IX Item "X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension" A certificate extension had an invalid value (for example an incorrect encoding) or some value inconsistent with other extensions. .IP "\fBX509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension\fR" 4 .IX Item "X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension" A certificate policies extension had an invalid value (for example an incorrect encoding) or some value inconsistent with other extensions. This error only occurs if policy processing is enabled. .IP "\fBX509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy\fR" 4 .IX Item "X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy" The verification flags were set to require and explicit policy but none was present. .IP "\fBX509_V_ERR_DIFFERENT_CRL_SCOPE: Different \s-1CRL\s0 scope\fR" 4 .IX Item "X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope" The only CRLs that could be found did not match the scope of the certificate. .IP "\fBX509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature\fR" 4 .IX Item "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature" Some feature of a certificate extension is not supported. Unused. .IP "\fBX509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation\fR" 4 .IX Item "X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation" A name constraint violation occurred in the permitted subtrees. .IP "\fBX509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation\fR" 4 .IX Item "X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation" A name constraint violation occurred in the excluded subtrees. .IP "\fBX509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported\fR" 4 .IX Item "X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported" A certificate name constraints extension included a minimum or maximum field: this is not supported. .IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type\fR" 4 .IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type" An unsupported name constraint type was encountered. OpenSSL currently only supports directory name, \s-1DNS\s0 name, email and \s-1URI\s0 types. .IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax\fR" 4 .IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax" The format of the name constraint is not recognised: for example an email address format of a form not mentioned in \s-1RFC3280.\s0 This could be caused by a garbage extension or some new feature not currently supported. .IP "\fBX509_V_ERR_CRL_PATH_VALIDATION_ERROR: \s-1CRL\s0 path validation error\fR" 4 .IX Item "X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error" An error occurred when attempting to verify the \s-1CRL\s0 path. This error can only happen if extended \s-1CRL\s0 checking is enabled. .IP "\fBX509_V_ERR_APPLICATION_VERIFICATION: application verification failure\fR" 4 .IX Item "X509_V_ERR_APPLICATION_VERIFICATION: application verification failure" an application specific error. This will never be returned unless explicitly set by an application. .SH "NOTES" .IX Header "NOTES" The above functions should be used instead of directly referencing the fields in the \fBX509_VERIFY_CTX\fR structure. .PP In versions of OpenSSL before 1.0 the current certificate returned by \&\fBX509_STORE_CTX_get_current_cert()\fR was never \fB\s-1NULL\s0\fR. Applications should check the return value before printing out any debugging information relating to the current certificate. .PP If an unrecognised error code is passed to \fBX509_verify_cert_error_string()\fR the numerical value of the unknown code is returned in a static buffer. This is not thread safe but will never happen unless an invalid code is passed. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_verify_cert\fR\|(3), \&\fBX509_up_ref\fR\|(3), \&\fBX509_free\fR\|(3). .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2009\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!SSL_get_all_async_fds.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_ALL_ASYNC_FDS 3" .TH SSL_GET_ALL_ASYNC_FDS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_waiting_for_async, SSL_get_all_async_fds, SSL_get_changed_async_fds \&\- manage asynchronous operations .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 \& #include \& #include \& \& int SSL_waiting_for_async(SSL *s); \& int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fd, size_t *numfds); \& int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, \& OSSL_ASYNC_FD *delfd, size_t *numdelfds); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_waiting_for_async()\fR determines whether an \s-1SSL\s0 connection is currently waiting for asynchronous operations to complete (see the \s-1SSL_MODE_ASYNC\s0 mode in \&\fBSSL_CTX_set_mode\fR\|(3)). .PP \&\fBSSL_get_all_async_fds()\fR returns a list of file descriptor which can be used in a call to \fBselect()\fR or \fBpoll()\fR to determine whether the current asynchronous operation has completed or not. A completed operation will result in data appearing as \*(L"read ready\*(R" on the file descriptor (no actual data should be read from the file descriptor). This function should only be called if the \s-1SSL\s0 object is currently waiting for asynchronous work to complete (i.e. \&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received \- see \fBSSL_get_error\fR\|(3)). Typically the list will only contain one file descriptor. However, if multiple asynchronous capable engines are in use then more than one is possible. The number of file descriptors returned is stored in \fB*numfds\fR and the file descriptors themselves are in \fB*fds\fR. The \fBfds\fR parameter may be \s-1NULL\s0 in which case no file descriptors are returned but \fB*numfds\fR is still populated. It is the callers responsibility to ensure sufficient memory is allocated at \fB*fds\fR so typically this function is called twice (once with a \s-1NULL\s0 \fBfds\fR parameter and once without). .PP \&\fBSSL_get_changed_async_fds()\fR returns a list of the asynchronous file descriptors that have been added and a list that have been deleted since the last \&\s-1SSL_ERROR_WANT_ASYNC\s0 was received (or since the \s-1SSL\s0 object was created if no \&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received). Similar to \fBSSL_get_all_async_fds()\fR it is the callers responsibility to ensure that \fB*addfd\fR and \fB*delfd\fR have sufficient memory allocated, although they may be \s-1NULL.\s0 The number of added fds and the number of deleted fds are stored in \fB*numaddfds\fR and \fB*numdelfds\fR respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_waiting_for_async()\fR will return 1 if the current \s-1SSL\s0 operation is waiting for an async operation to complete and 0 otherwise. .PP \&\fBSSL_get_all_async_fds()\fR and \fBSSL_get_changed_async_fds()\fR return 1 on success or 0 on error. .SH "NOTES" .IX Header "NOTES" On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to async.h. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_get_error\fR\|(3), \fBSSL_CTX_set_mode\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_waiting_for_async()\fR, \fBSSL_get_all_async_fds()\fR and \fBSSL_get_changed_async_fds()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!'iiBN_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_NEW 3" .TH BN_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_new, BN_secure_new, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& BIGNUM *BN_new(void); \& \& BIGNUM *BN_secure_new(void); \& \& void BN_clear(BIGNUM *a); \& \& void BN_free(BIGNUM *a); \& \& void BN_clear_free(BIGNUM *a); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBN_new()\fR allocates and initializes a \fB\s-1BIGNUM\s0\fR structure. \&\fBBN_secure_new()\fR does the same except that the secure heap \&\fBOPENSSL_secure_malloc\fR\|(3) is used to store the value. .PP \&\fBBN_clear()\fR is used to destroy sensitive data such as keys when they are no longer needed. It erases the memory used by \fBa\fR and sets it to the value 0. If \fBa\fR is \s-1NULL,\s0 nothing is done. .PP \&\fBBN_free()\fR frees the components of the \fB\s-1BIGNUM\s0\fR, and if it was created by \fBBN_new()\fR, also the structure itself. \fBBN_clear_free()\fR additionally overwrites the data before the memory is returned to the system. If \fBa\fR is \s-1NULL,\s0 nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBN_new()\fR and \fBBN_secure_new()\fR return a pointer to the \fB\s-1BIGNUM\s0\fR initialised to the value 0. If the allocation fails, they return \fB\s-1NULL\s0\fR and set an error code that can be obtained by \fBERR_get_error\fR\|(3). .PP \&\fBBN_clear()\fR, \fBBN_free()\fR and \fBBN_clear_free()\fR have no return values. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBOPENSSL_secure_malloc\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBBN_init()\fR was removed in OpenSSL 1.1.0; use \fBBN_new()\fR instead. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!" ""X509_NAME_get_index_by_NID.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_NAME_GET_INDEX_BY_NID 3" .TH X509_NAME_GET_INDEX_BY_NID 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry, X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ \- X509_NAME lookup and enumeration functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); \& int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos); \& \& int X509_NAME_entry_count(const X509_NAME *name); \& X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); \& \& int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); \& int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions allow an \fBX509_NAME\fR structure to be examined. The \&\fBX509_NAME\fR structure is the same as the \fBName\fR type defined in \&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject and issuer names. .PP \&\fBX509_NAME_get_index_by_NID()\fR and \fBX509_NAME_get_index_by_OBJ()\fR retrieve the next index matching \fBnid\fR or \fBobj\fR after \fBlastpos\fR. \fBlastpos\fR should initially be set to \-1. If there are no more entries \-1 is returned. If \fBnid\fR is invalid (doesn't correspond to a valid \s-1OID\s0) then \-2 is returned. .PP \&\fBX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR. .PP \&\fBX509_NAME_get_entry()\fR retrieves the \fBX509_NAME_ENTRY\fR from \fBname\fR corresponding to index \fBloc\fR. Acceptable values for \fBloc\fR run from 0 to (X509_NAME_entry_count(name) \- 1). The value returned is an internal pointer which must not be freed. .PP \&\fBX509_NAME_get_text_by_NID()\fR, \fBX509_NAME_get_text_by_OBJ()\fR retrieve the \*(L"text\*(R" from the first entry in \fBname\fR which matches \fBnid\fR or \&\fBobj\fR, if no such entry exists \-1 is returned. At most \fBlen\fR bytes will be written and the text written to \fBbuf\fR will be null terminated. The length of the output string written is returned excluding the terminating null. If \fBbuf\fR is <\s-1NULL\s0> then the amount of space needed in \fBbuf\fR (excluding the final null) is returned. .SH "NOTES" .IX Header "NOTES" \&\fBX509_NAME_get_text_by_NID()\fR and \fBX509_NAME_get_text_by_OBJ()\fR should be considered deprecated because they have various limitations which make them of minimal use in practice. They can only find the first matching entry and will copy the contents of the field verbatim: this can be highly confusing if the target is a multicharacter string type like a BMPString or a UTF8String. .PP For a more general solution \fBX509_NAME_get_index_by_NID()\fR or \&\fBX509_NAME_get_index_by_OBJ()\fR should be used followed by \&\fBX509_NAME_get_entry()\fR on any matching indices and then the various \fBX509_NAME_ENTRY\fR utility functions on the result. .PP The list of all relevant \fBNID_*\fR and \fBOBJ_* codes\fR can be found in the source code header files and/or . .PP Applications which could pass invalid NIDs to \fBX509_NAME_get_index_by_NID()\fR should check for the return value of \-2. Alternatively the \s-1NID\s0 validity can be determined first by checking OBJ_nid2obj(nid) is not \s-1NULL.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_NAME_get_index_by_NID()\fR and \fBX509_NAME_get_index_by_OBJ()\fR return the index of the next matching entry or \-1 if not found. \&\fBX509_NAME_get_index_by_NID()\fR can also return \-2 if the supplied \&\s-1NID\s0 is invalid. .PP \&\fBX509_NAME_entry_count()\fR returns the total number of entries. .PP \&\fBX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the requested entry or \fB\s-1NULL\s0\fR if the index is invalid. .SH "EXAMPLES" .IX Header "EXAMPLES" Process all entries: .PP .Vb 2 \& int i; \& X509_NAME_ENTRY *e; \& \& for (i = 0; i < X509_NAME_entry_count(nm); i++) { \& e = X509_NAME_get_entry(nm, i); \& /* Do something with e */ \& } .Ve .PP Process all commonName entries: .PP .Vb 2 \& int lastpos = \-1; \& X509_NAME_ENTRY *e; \& \& for (;;) { \& lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos); \& if (lastpos == \-1) \& break; \& e = X509_NAME_get_entry(nm, lastpos); \& /* Do something with e */ \& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!#EVP_PKEY_decrypt.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_DECRYPT 3" .TH EVP_PKEY_DECRYPT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_decrypt_init, EVP_PKEY_decrypt \- decrypt using a public key algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); \& int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, \& unsigned char *out, size_t *outlen, \& const unsigned char *in, size_t inlen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBEVP_PKEY_decrypt_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for a decryption operation. .PP The \fBEVP_PKEY_decrypt()\fR function performs a public key decryption operation using \fBctx\fR. The data to be decrypted is specified using the \fBin\fR and \&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then before the call the \fBoutlen\fR parameter should contain the length of the \&\fBout\fR buffer, if the call is successful the decrypted data is written to \&\fBout\fR and the amount of data written to \fBoutlen\fR. .SH "NOTES" .IX Header "NOTES" After the call to \fBEVP_PKEY_decrypt_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation. .PP The function \fBEVP_PKEY_decrypt()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_decrypt_init()\fR and \fBEVP_PKEY_decrypt()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLES" .IX Header "EXAMPLES" Decrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys): .PP .Vb 2 \& #include \& #include \& \& EVP_PKEY_CTX *ctx; \& ENGINE *eng; \& unsigned char *out, *in; \& size_t outlen, inlen; \& EVP_PKEY *key; \& \& /* \& * NB: assumes key, eng, in, inlen are already set up \& * and that key is an RSA private key \& */ \& ctx = EVP_PKEY_CTX_new(key, eng); \& if (!ctx) \& /* Error occurred */ \& if (EVP_PKEY_decrypt_init(ctx) <= 0) \& /* Error */ \& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) \& /* Error */ \& \& /* Determine buffer length */ \& if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0) \& /* Error */ \& \& out = OPENSSL_malloc(outlen); \& \& if (!out) \& /* malloc failure */ \& \& if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0) \& /* Error */ \& \& /* Decrypted data is outlen bytes written to buffer out */ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_encrypt\fR\|(3), \&\fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_verify\fR\|(3), \&\fBEVP_PKEY_verify_recover\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!@T D DASYNC_start_job.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ASYNC_START_JOB 3" .TH ASYNC_START_JOB 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ASYNC_get_wait_ctx, ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_block_pause, ASYNC_unblock_pause, ASYNC_is_capable \&\- asynchronous job management functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int ASYNC_init_thread(size_t max_size, size_t init_size); \& void ASYNC_cleanup_thread(void); \& \& int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, \& int (*func)(void *), void *args, size_t size); \& int ASYNC_pause_job(void); \& \& ASYNC_JOB *ASYNC_get_current_job(void); \& ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); \& void ASYNC_block_pause(void); \& void ASYNC_unblock_pause(void); \& \& int ASYNC_is_capable(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" OpenSSL implements asynchronous capabilities through an \s-1ASYNC_JOB.\s0 This represents code that can be started and executes until some event occurs. At that point the code can be paused and control returns to user code until some subsequent event indicates that the job can be resumed. .PP The creation of an \s-1ASYNC_JOB\s0 is a relatively expensive operation. Therefore, for efficiency reasons, jobs can be created up front and reused many times. They are held in a pool until they are needed, at which point they are removed from the pool, used, and then returned to the pool when the job completes. If the user application is multi-threaded, then \fBASYNC_init_thread()\fR may be called for each thread that will initiate asynchronous jobs. Before user code exits per-thread resources need to be cleaned up. This will normally occur automatically (see \fBOPENSSL_init_crypto\fR\|(3)) but may be explicitly initiated by using \fBASYNC_cleanup_thread()\fR. No asynchronous jobs must be outstanding for the thread when \fBASYNC_cleanup_thread()\fR is called. Failing to ensure this will result in memory leaks. .PP The \fBmax_size\fR argument limits the number of ASYNC_JOBs that will be held in the pool. If \fBmax_size\fR is set to 0 then no upper limit is set. When an \&\s-1ASYNC_JOB\s0 is needed but there are none available in the pool already then one will be automatically created, as long as the total of ASYNC_JOBs managed by the pool does not exceed \fBmax_size\fR. When the pool is first initialised \&\fBinit_size\fR ASYNC_JOBs will be created immediately. If \fBASYNC_init_thread()\fR is not called before the pool is first used then it will be called automatically with a \fBmax_size\fR of 0 (no upper limit) and an \fBinit_size\fR of 0 (no ASYNC_JOBs created up front). .PP An asynchronous job is started by calling the \fBASYNC_start_job()\fR function. Initially \fB*job\fR should be \s-1NULL.\s0 \fBctx\fR should point to an \s-1ASYNC_WAIT_CTX\s0 object created through the \fBASYNC_WAIT_CTX_new\fR\|(3) function. \fBret\fR should point to a location where the return value of the asynchronous function should be stored on completion of the job. \fBfunc\fR represents the function that should be started asynchronously. The data pointed to by \fBargs\fR and of size \fBsize\fR will be copied and then passed as an argument to \fBfunc\fR when the job starts. ASYNC_start_job will return one of the following values: .IP "\fB\s-1ASYNC_ERR\s0\fR" 4 .IX Item "ASYNC_ERR" An error occurred trying to start the job. Check the OpenSSL error queue (e.g. see \fBERR_print_errors\fR\|(3)) for more details. .IP "\fB\s-1ASYNC_NO_JOBS\s0\fR" 4 .IX Item "ASYNC_NO_JOBS" There are no jobs currently available in the pool. This call can be retried again at a later time. .IP "\fB\s-1ASYNC_PAUSE\s0\fR" 4 .IX Item "ASYNC_PAUSE" The job was successfully started but was \*(L"paused\*(R" before it completed (see \&\fBASYNC_pause_job()\fR below). A handle to the job is placed in \fB*job\fR. Other work can be performed (if desired) and the job restarted at a later time. To restart a job call \fBASYNC_start_job()\fR again passing the job handle in \fB*job\fR. The \&\fBfunc\fR, \fBargs\fR and \fBsize\fR parameters will be ignored when restarting a job. When restarting a job \fBASYNC_start_job()\fR \fBmust\fR be called from the same thread that the job was originally started from. .IP "\fB\s-1ASYNC_FINISH\s0\fR" 4 .IX Item "ASYNC_FINISH" The job completed. \fB*job\fR will be \s-1NULL\s0 and the return value from \fBfunc\fR will be placed in \fB*ret\fR. .PP At any one time there can be a maximum of one job actively running per thread (you can have many that are paused). \fBASYNC_get_current_job()\fR can be used to get a pointer to the currently executing \s-1ASYNC_JOB.\s0 If no job is currently executing then this will return \s-1NULL.\s0 .PP If executing within the context of a job (i.e. having been called directly or indirectly by the function \*(L"func\*(R" passed as an argument to \fBASYNC_start_job()\fR) then \fBASYNC_pause_job()\fR will immediately return control to the calling application with \s-1ASYNC_PAUSE\s0 returned from the \fBASYNC_start_job()\fR call. A subsequent call to ASYNC_start_job passing in the relevant \s-1ASYNC_JOB\s0 in the \&\fB*job\fR parameter will resume execution from the \fBASYNC_pause_job()\fR call. If \&\fBASYNC_pause_job()\fR is called whilst not within the context of a job then no action is taken and \fBASYNC_pause_job()\fR returns immediately. .PP \&\fBASYNC_get_wait_ctx()\fR can be used to get a pointer to the \s-1ASYNC_WAIT_CTX\s0 for the \fBjob\fR. ASYNC_WAIT_CTXs can have a \*(L"wait\*(R" file descriptor associated with them. Applications can wait for the file descriptor to be ready for \*(L"read\*(R" using a system function call such as select or poll (being ready for \*(L"read\*(R" indicates that the job should be resumed). If no file descriptor is made available then an application will have to periodically \*(L"poll\*(R" the job by attempting to restart it to see if it is ready to continue. .PP An example of typical usage might be an async capable engine. User code would initiate cryptographic operations. The engine would initiate those operations asynchronously and then call \fBASYNC_WAIT_CTX_set_wait_fd\fR\|(3) followed by \&\fBASYNC_pause_job()\fR to return control to the user code. The user code can then perform other tasks or wait for the job to be ready by calling \*(L"select\*(R" or other similar function on the wait file descriptor. The engine can signal to the user code that the job should be resumed by making the wait file descriptor \&\*(L"readable\*(R". Once resumed the engine should clear the wake signal on the wait file descriptor. .PP The \fBASYNC_block_pause()\fR function will prevent the currently active job from pausing. The block will remain in place until a subsequent call to \&\fBASYNC_unblock_pause()\fR. These functions can be nested, e.g. if you call \&\fBASYNC_block_pause()\fR twice then you must call \fBASYNC_unblock_pause()\fR twice in order to re-enable pausing. If these functions are called while there is no currently active job then they have no effect. This functionality can be useful to avoid deadlock scenarios. For example during the execution of an \s-1ASYNC_JOB\s0 an application acquires a lock. It then calls some cryptographic function which invokes \fBASYNC_pause_job()\fR. This returns control back to the code that created the \s-1ASYNC_JOB.\s0 If that code then attempts to acquire the same lock before resuming the original job then a deadlock can occur. By calling \&\fBASYNC_block_pause()\fR immediately after acquiring the lock and \&\fBASYNC_unblock_pause()\fR immediately before releasing it then this situation cannot occur. .PP Some platforms cannot support async operations. The \fBASYNC_is_capable()\fR function can be used to detect whether the current platform is async capable or not. .SH "RETURN VALUES" .IX Header "RETURN VALUES" ASYNC_init_thread returns 1 on success or 0 otherwise. .PP ASYNC_start_job returns one of \s-1ASYNC_ERR, ASYNC_NO_JOBS, ASYNC_PAUSE\s0 or \&\s-1ASYNC_FINISH\s0 as described above. .PP ASYNC_pause_job returns 0 if an error occurred or 1 on success. If called when not within the context of an \s-1ASYNC_JOB\s0 then this is counted as success so 1 is returned. .PP ASYNC_get_current_job returns a pointer to the currently executing \s-1ASYNC_JOB\s0 or \&\s-1NULL\s0 if not within the context of a job. .PP \&\fBASYNC_get_wait_ctx()\fR returns a pointer to the \s-1ASYNC_WAIT_CTX\s0 for the job. .PP \&\fBASYNC_is_capable()\fR returns 1 if the current platform is async capable or 0 otherwise. .SH "NOTES" .IX Header "NOTES" On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to async.h. .SH "EXAMPLES" .IX Header "EXAMPLES" The following example demonstrates how to use most of the core async APIs: .PP .Vb 7 \& #ifdef _WIN32 \& # include \& #endif \& #include \& #include \& #include \& #include \& \& int unique = 0; \& \& void cleanup(ASYNC_WAIT_CTX *ctx, const void *key, OSSL_ASYNC_FD r, void *vw) \& { \& OSSL_ASYNC_FD *w = (OSSL_ASYNC_FD *)vw; \& \& close(r); \& close(*w); \& OPENSSL_free(w); \& } \& \& int jobfunc(void *arg) \& { \& ASYNC_JOB *currjob; \& unsigned char *msg; \& int pipefds[2] = {0, 0}; \& OSSL_ASYNC_FD *wptr; \& char buf = \*(AqX\*(Aq; \& \& currjob = ASYNC_get_current_job(); \& if (currjob != NULL) { \& printf("Executing within a job\en"); \& } else { \& printf("Not executing within a job \- should not happen\en"); \& return 0; \& } \& \& msg = (unsigned char *)arg; \& printf("Passed in message is: %s\en", msg); \& \& if (pipe(pipefds) != 0) { \& printf("Failed to create pipe\en"); \& return 0; \& } \& wptr = OPENSSL_malloc(sizeof(OSSL_ASYNC_FD)); \& if (wptr == NULL) { \& printf("Failed to malloc\en"); \& return 0; \& } \& *wptr = pipefds[1]; \& ASYNC_WAIT_CTX_set_wait_fd(ASYNC_get_wait_ctx(currjob), &unique, \& pipefds[0], wptr, cleanup); \& \& /* \& * Normally some external event would cause this to happen at some \& * later point \- but we do it here for demo purposes, i.e. \& * immediately signalling that the job is ready to be woken up after \& * we return to main via ASYNC_pause_job(). \& */ \& write(pipefds[1], &buf, 1); \& \& /* Return control back to main */ \& ASYNC_pause_job(); \& \& /* Clear the wake signal */ \& read(pipefds[0], &buf, 1); \& \& printf ("Resumed the job after a pause\en"); \& \& return 1; \& } \& \& int main(void) \& { \& ASYNC_JOB *job = NULL; \& ASYNC_WAIT_CTX *ctx = NULL; \& int ret; \& OSSL_ASYNC_FD waitfd; \& fd_set waitfdset; \& size_t numfds; \& unsigned char msg[13] = "Hello world!"; \& \& printf("Starting...\en"); \& \& ctx = ASYNC_WAIT_CTX_new(); \& if (ctx == NULL) { \& printf("Failed to create ASYNC_WAIT_CTX\en"); \& abort(); \& } \& \& for (;;) { \& switch (ASYNC_start_job(&job, ctx, &ret, jobfunc, msg, sizeof(msg))) { \& case ASYNC_ERR: \& case ASYNC_NO_JOBS: \& printf("An error occurred\en"); \& goto end; \& case ASYNC_PAUSE: \& printf("Job was paused\en"); \& break; \& case ASYNC_FINISH: \& printf("Job finished with return value %d\en", ret); \& goto end; \& } \& \& /* Wait for the job to be woken */ \& printf("Waiting for the job to be woken up\en"); \& \& if (!ASYNC_WAIT_CTX_get_all_fds(ctx, NULL, &numfds) \& || numfds > 1) { \& printf("Unexpected number of fds\en"); \& abort(); \& } \& ASYNC_WAIT_CTX_get_all_fds(ctx, &waitfd, &numfds); \& FD_ZERO(&waitfdset); \& FD_SET(waitfd, &waitfdset); \& select(waitfd + 1, &waitfdset, NULL, NULL, NULL); \& } \& \& end: \& ASYNC_WAIT_CTX_free(ctx); \& printf("Finishing\en"); \& \& return 0; \& } .Ve .PP The expected output from executing the above example program is: .PP .Vb 8 \& Starting... \& Executing within a job \& Passed in message is: Hello world! \& Job was paused \& Waiting for the job to be woken up \& Resumed the job after a pause \& Job finished with return value 1 \& Finishing .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBERR_print_errors\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, \fBASYNC_get_wait_ctx()\fR, \&\fBASYNC_block_pause()\fR, \fBASYNC_unblock_pause()\fR and \fBASYNC_is_capable()\fR were first added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!]-- DSA_size.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DSA_SIZE 3" .TH DSA_SIZE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DSA_size, DSA_bits, DSA_security_bits \- get DSA signature size, key bits or security bits .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int DSA_size(const DSA *dsa); \& int DSA_bits(const DSA *dsa); \& int DSA_security_bits(const DSA *dsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBDSA_size()\fR returns the maximum size of an \s-1ASN.1\s0 encoded \s-1DSA\s0 signature for key \fBdsa\fR in bytes. It can be used to determine how much memory must be allocated for a \s-1DSA\s0 signature. .PP \&\fBdsa\->q\fR must not be \fB\s-1NULL\s0\fR. .PP \&\fBDSA_bits()\fR returns the number of bits in key \fBdsa\fR: this is the number of bits in the \fBp\fR parameter. .PP \&\fBDSA_security_bits()\fR returns the number of security bits of the given \fBdsa\fR key. See \fBBN_security_bits\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDSA_size()\fR returns the signature size in bytes. .PP \&\fBDSA_bits()\fR returns the number of bits in the key. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDSA_new\fR\|(3), \fBDSA_sign\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!'qX509_get_version.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_GET_VERSION 3" .TH X509_GET_VERSION 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version, X509_CRL_get_version, X509_CRL_set_version \- get or set certificate, certificate request or CRL version .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long X509_get_version(const X509 *x); \& int X509_set_version(X509 *x, long version); \& \& long X509_REQ_get_version(const X509_REQ *req); \& int X509_REQ_set_version(X509_REQ *x, long version); \& \& long X509_CRL_get_version(const X509_CRL *crl); \& int X509_CRL_set_version(X509_CRL *x, long version); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_get_version()\fR returns the numerical value of the version field of certificate \fBx\fR. Note: this is defined by standards (X.509 et al) to be one less than the certificate version. So a version 3 certificate will return 2 and a version 1 certificate will return 0. .PP \&\fBX509_set_version()\fR sets the numerical value of the version field of certificate \&\fBx\fR to \fBversion\fR. .PP Similarly \fBX509_REQ_get_version()\fR, \fBX509_REQ_set_version()\fR, \&\fBX509_CRL_get_version()\fR and \fBX509_CRL_set_version()\fR get and set the version number of certificate requests and CRLs. .SH "NOTES" .IX Header "NOTES" The version field of certificates, certificate requests and CRLs has a \&\s-1DEFAULT\s0 value of \fB\fBv1\fB\|(0)\fR meaning the field should be omitted for version 1. This is handled transparently by these functions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_get_version()\fR, \fBX509_REQ_get_version()\fR and \fBX509_CRL_get_version()\fR return the numerical value of the version field. .PP \&\fBX509_set_version()\fR, \fBX509_REQ_set_version()\fR and \fBX509_CRL_set_version()\fR return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), \&\fBERR_get_error\fR\|(3), \&\fBX509_CRL_get0_by_serial\fR\|(3), \&\fBX509_get0_signature\fR\|(3), \&\fBX509_get_ext_d2i\fR\|(3), \&\fBX509_get_extension_flags\fR\|(3), \&\fBX509_get_pubkey\fR\|(3), \&\fBX509_get_subject_name\fR\|(3), \&\fBX509_NAME_add_entry_by_txt\fR\|(3), \&\fBX509_NAME_ENTRY_get_object\fR\|(3), \&\fBX509_NAME_get_index_by_NID\fR\|(3), \&\fBX509_NAME_print_ex\fR\|(3), \&\fBX509_new\fR\|(3), \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBX509_get_version()\fR, \fBX509_REQ_get_version()\fR and \fBX509_CRL_get_version()\fR are functions in OpenSSL 1.1.0, in previous versions they were macros. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!{// DH_meth_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DH_METH_NEW 3" .TH DH_METH_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DH_meth_new, DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name, DH_meth_get_flags, DH_meth_set_flags, DH_meth_get0_app_data, DH_meth_set0_app_data, DH_meth_get_generate_key, DH_meth_set_generate_key, DH_meth_get_compute_key, DH_meth_set_compute_key, DH_meth_get_bn_mod_exp, DH_meth_set_bn_mod_exp, DH_meth_get_init, DH_meth_set_init, DH_meth_get_finish, DH_meth_set_finish, DH_meth_get_generate_params, DH_meth_set_generate_params \- Routines to build up DH methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& DH_METHOD *DH_meth_new(const char *name, int flags); \& \& void DH_meth_free(DH_METHOD *dhm); \& \& DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); \& \& const char *DH_meth_get0_name(const DH_METHOD *dhm); \& int DH_meth_set1_name(DH_METHOD *dhm, const char *name); \& \& int DH_meth_get_flags(const DH_METHOD *dhm); \& int DH_meth_set_flags(DH_METHOD *dhm, int flags); \& \& void *DH_meth_get0_app_data(const DH_METHOD *dhm); \& int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); \& \& int (*DH_meth_get_generate_key(const DH_METHOD *dhm))(DH *); \& int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key)(DH *)); \& \& int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) \& (unsigned char *key, const BIGNUM *pub_key, DH *dh); \& int DH_meth_set_compute_key(DH_METHOD *dhm, \& int (*compute_key)(unsigned char *key, const BIGNUM *pub_key, DH *dh)); \& \& int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) \& (const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, \& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); \& int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, \& int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, \& const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, \& BN_MONT_CTX *m_ctx)); \& \& int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *); \& int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)); \& \& int (*DH_meth_get_finish(const DH_METHOD *dhm))(DH *); \& int DH_meth_set_finish(DH_METHOD *dhm, int (*finish)(DH *)); \& \& int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) \& (DH *, int, int, BN_GENCB *); \& int DH_meth_set_generate_params(DH_METHOD *dhm, \& int (*generate_params)(DH *, int, int, BN_GENCB *)); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fB\s-1DH_METHOD\s0\fR type is a structure used for the provision of custom \s-1DH\s0 implementations. It provides a set of functions used by OpenSSL for the implementation of the various \s-1DH\s0 capabilities. .PP \&\fBDH_meth_new()\fR creates a new \fB\s-1DH_METHOD\s0\fR structure. It should be given a unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated string, which will be duplicated and stored in the \fB\s-1DH_METHOD\s0\fR object. It is the callers responsibility to free the original string. The flags will be used during the construction of a new \fB\s-1DH\s0\fR object based on this \fB\s-1DH_METHOD\s0\fR. Any new \fB\s-1DH\s0\fR object will have those flags set by default. .PP \&\fBDH_meth_dup()\fR creates a duplicate copy of the \fB\s-1DH_METHOD\s0\fR object passed as a parameter. This might be useful for creating a new \fB\s-1DH_METHOD\s0\fR based on an existing one, but with some differences. .PP \&\fBDH_meth_free()\fR destroys a \fB\s-1DH_METHOD\s0\fR structure and frees up any memory associated with it. .PP \&\fBDH_meth_get0_name()\fR will return a pointer to the name of this \s-1DH_METHOD.\s0 This is a pointer to the internal name string and so should not be freed by the caller. \fBDH_meth_set1_name()\fR sets the name of the \s-1DH_METHOD\s0 to \fBname\fR. The string is duplicated and the copy is stored in the \s-1DH_METHOD\s0 structure, so the caller remains responsible for freeing the memory associated with the name. .PP \&\fBDH_meth_get_flags()\fR returns the current value of the flags associated with this \&\s-1DH_METHOD.\s0 \fBDH_meth_set_flags()\fR provides the ability to set these flags. .PP The functions \fBDH_meth_get0_app_data()\fR and \fBDH_meth_set0_app_data()\fR provide the ability to associate implementation specific data with the \s-1DH_METHOD.\s0 It is the application's responsibility to free this data before the \s-1DH_METHOD\s0 is freed via a call to \fBDH_meth_free()\fR. .PP \&\fBDH_meth_get_generate_key()\fR and \fBDH_meth_set_generate_key()\fR get and set the function used for generating a new \s-1DH\s0 key pair respectively. This function will be called in response to the application calling \fBDH_generate_key()\fR. The parameter for the function has the same meaning as for \fBDH_generate_key()\fR. .PP \&\fBDH_meth_get_compute_key()\fR and \fBDH_meth_set_compute_key()\fR get and set the function used for computing a new \s-1DH\s0 shared secret respectively. This function will be called in response to the application calling \fBDH_compute_key()\fR. The parameters for the function have the same meaning as for \fBDH_compute_key()\fR. .PP \&\fBDH_meth_get_bn_mod_exp()\fR and \fBDH_meth_set_bn_mod_exp()\fR get and set the function used for computing the following value: .PP .Vb 1 \& r = a ^ p mod m .Ve .PP This function will be called by the default OpenSSL function for \&\fBDH_generate_key()\fR. The result is stored in the \fBr\fR parameter. This function may be \s-1NULL\s0 unless using the default generate key function, in which case it must be present. .PP \&\fBDH_meth_get_init()\fR and \fBDH_meth_set_init()\fR get and set the function used for creating a new \s-1DH\s0 instance respectively. This function will be called in response to the application calling \fBDH_new()\fR (if the current default \&\s-1DH_METHOD\s0 is this one) or \fBDH_new_method()\fR. The \fBDH_new()\fR and \fBDH_new_method()\fR functions will allocate the memory for the new \s-1DH\s0 object, and a pointer to this newly allocated structure will be passed as a parameter to the function. This function may be \s-1NULL.\s0 .PP \&\fBDH_meth_get_finish()\fR and \fBDH_meth_set_finish()\fR get and set the function used for destroying an instance of a \s-1DH\s0 object respectively. This function will be called in response to the application calling \fBDH_free()\fR. A pointer to the \s-1DH\s0 to be destroyed is passed as a parameter. The destroy function should be used for \s-1DH\s0 implementation specific clean up. The memory for the \s-1DH\s0 itself should not be freed by this function. This function may be \s-1NULL.\s0 .PP \&\fBDH_meth_get_generate_params()\fR and \fBDH_meth_set_generate_params()\fR get and set the function used for generating \s-1DH\s0 parameters respectively. This function will be called in response to the application calling \fBDH_generate_parameters_ex()\fR (or \&\fBDH_generate_parameters()\fR). The parameters for the function have the same meaning as for \fBDH_generate_parameters_ex()\fR. This function may be \s-1NULL.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDH_meth_new()\fR and \fBDH_meth_dup()\fR return the newly allocated \s-1DH_METHOD\s0 object or \s-1NULL\s0 on failure. .PP \&\fBDH_meth_get0_name()\fR and \fBDH_meth_get_flags()\fR return the name and flags associated with the \s-1DH_METHOD\s0 respectively. .PP All other DH_meth_get_*() functions return the appropriate function pointer that has been set in the \s-1DH_METHOD,\s0 or \s-1NULL\s0 if no such pointer has yet been set. .PP \&\fBDH_meth_set1_name()\fR and all DH_meth_set_*() functions return 1 on success or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_generate_parameters\fR\|(3), \fBDH_generate_key\fR\|(3), \&\fBDH_set_method\fR\|(3), \fBDH_size\fR\|(3), \fBDH_get0_pqg\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!pB..RSA_set_method.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RSA_SET_METHOD 3" .TH RSA_SET_METHOD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RSA_set_default_method, RSA_get_default_method, RSA_set_method, RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags, RSA_new_method \- select RSA method .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void RSA_set_default_method(const RSA_METHOD *meth); \& \& RSA_METHOD *RSA_get_default_method(void); \& \& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); \& \& RSA_METHOD *RSA_get_method(const RSA *rsa); \& \& RSA_METHOD *RSA_PKCS1_OpenSSL(void); \& \& int RSA_flags(const RSA *rsa); \& \& RSA *RSA_new_method(ENGINE *engine); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0 operations. By modifying the method, alternative implementations such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for important information about how these \s-1RSA API\s0 functions are affected by the use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation, as returned by \fBRSA_PKCS1_OpenSSL()\fR. .PP \&\fBRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0 structures created later. \&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1RSA,\s0 so this function is no longer recommended. This function is not thread-safe and should not be called at the same time as other OpenSSL functions. .PP \&\fBRSA_get_default_method()\fR returns a pointer to the current default \&\s-1RSA_METHOD.\s0 However, the meaningfulness of this result is dependent on whether the \s-1ENGINE API\s0 is being used, so this function is no longer recommended. .PP \&\fBRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key \&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the change. It is possible to have \s-1RSA\s0 keys that only work with certain \s-1RSA_METHOD\s0 implementations (e.g. from an \s-1ENGINE\s0 module that supports embedded hardware-protected keys), and in such cases attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected results. .PP \&\fBRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR. This method may or may not be supplied by an \s-1ENGINE\s0 implementation, but if it is, the return value can only be guaranteed to be valid as long as the \&\s-1RSA\s0 key itself is valid and does not have its implementation changed by \&\fBRSA_set_method()\fR. .PP \&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current \&\s-1RSA_METHOD.\s0 See the \s-1BUGS\s0 section. .PP \&\fBRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that \&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1RSA_METHOD\s0 controlled by \fBRSA_set_default_method()\fR is used. .PP \&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method. .PP \&\fBRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that \&\fBmethod\fR will be used for the \s-1RSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, the default method is used. .SH "THE RSA_METHOD STRUCTURE" .IX Header "THE RSA_METHOD STRUCTURE" .Vb 4 \& typedef struct rsa_meth_st \& { \& /* name of the implementation */ \& const char *name; \& \& /* encrypt */ \& int (*rsa_pub_enc)(int flen, unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); \& \& /* verify arbitrary data */ \& int (*rsa_pub_dec)(int flen, unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); \& \& /* sign arbitrary data */ \& int (*rsa_priv_enc)(int flen, unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); \& \& /* decrypt */ \& int (*rsa_priv_dec)(int flen, unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); \& \& /* compute r0 = r0 ^ I mod rsa\->n (May be NULL for some implementations) */ \& int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); \& \& /* compute r = a ^ p mod m (May be NULL for some implementations) */ \& int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, \& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); \& \& /* called at RSA_new */ \& int (*init)(RSA *rsa); \& \& /* called at RSA_free */ \& int (*finish)(RSA *rsa); \& \& /* \& * RSA_FLAG_EXT_PKEY \- rsa_mod_exp is called for private key \& * operations, even if p,q,dmp1,dmq1,iqmp \& * are NULL \& * RSA_METHOD_FLAG_NO_CHECK \- don\*(Aqt check pub/private match \& */ \& int flags; \& \& char *app_data; /* ?? */ \& \& int (*rsa_sign)(int type, \& const unsigned char *m, unsigned int m_length, \& unsigned char *sigret, unsigned int *siglen, const RSA *rsa); \& int (*rsa_verify)(int dtype, \& const unsigned char *m, unsigned int m_length, \& const unsigned char *sigbuf, unsigned int siglen, \& const RSA *rsa); \& /* keygen. If NULL builtin RSA key generation will be used */ \& int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); \& \& } RSA_METHOD; .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRSA_PKCS1_OpenSSL()\fR, \fBRSA_PKCS1_null_method()\fR, \fBRSA_get_default_method()\fR and \fBRSA_get_method()\fR return pointers to the respective RSA_METHODs. .PP \&\fBRSA_set_default_method()\fR returns no value. .PP \&\fBRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation that was replaced. However, this return value should probably be ignored because if it was supplied by an \s-1ENGINE,\s0 the pointer could be invalidated at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a result of the \fBRSA_set_method()\fR function releasing its handle to the \&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR declaration in a future release. .PP \&\fBRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by \fBERR_get_error\fR\|(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. .SH "BUGS" .IX Header "BUGS" The behaviour of \fBRSA_flags()\fR is a mis-feature that is left as-is for now to avoid creating compatibility problems. \s-1RSA\s0 functionality, such as the encryption functions, are controlled by the \fBflags\fR value in the \s-1RSA\s0 key itself, not by the \fBflags\fR value in the \s-1RSA_METHOD\s0 attached to the \s-1RSA\s0 key (which is what this function returns). If the flags element of an \s-1RSA\s0 key is changed, the changes will be honoured by \s-1RSA\s0 functionality but will not be reflected in the return value of the \fBRSA_flags()\fR function \- in effect \&\fBRSA_flags()\fR behaves more like an \fBRSA_default_flags()\fR function (which does not currently exist). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRSA_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBRSA_null_method()\fR, which was a partial attempt to avoid patent issues, was replaced to always return \s-1NULL\s0 in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!vSSSSL_CTX_set_ex_data.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_EX_DATA 3" .TH SSL_CTX_SET_EX_DATA 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_get_ex_data, SSL_CTX_set_ex_data, SSL_get_ex_data, SSL_set_ex_data \&\- Store and retrieve extra data from the SSL_CTX, SSL or SSL_SESSION .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx); \& \& int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg); \& \& void *SSL_get_ex_data(const SSL *s, int idx); \& \& int SSL_set_ex_data(SSL *s, int idx, void *arg); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" SSL*\fB_set_ex_data()\fR functions can be used to store arbitrary user data into the \&\fB\s-1SSL_CTX\s0\fR, or \fB\s-1SSL\s0\fR object. The user must supply a unique index which they can subsequently use to retrieve the data using SSL*\fB_get_ex_data()\fR. .PP For more detailed information see \fBCRYPTO_get_ex_data\fR\|(3) and \&\fBCRYPTO_set_ex_data\fR\|(3) which implement these functions and \&\fBCRYPTO_get_ex_new_index\fR\|(3) for generating a unique index. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The SSL*\fB_set_ex_data()\fR functions return 1 if the item is successfully stored and 0 if it is not. The SSL*\fB_get_ex_data()\fR functions return the ex_data pointer if successful, otherwise \s-1NULL.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBCRYPTO_get_ex_data\fR\|(3), \fBCRYPTO_set_ex_data\fR\|(3), \&\fBCRYPTO_get_ex_new_index\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!f-PEM_bytes_read_bio.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PEM_BYTES_READ_BIO 3" .TH PEM_BYTES_READ_BIO 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" PEM_bytes_read_bio, PEM_bytes_read_bio_secmem \- read a PEM\-encoded data structure from a BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, \& const char *name, BIO *bp, pem_password_cb *cb, \& void *u); \& int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, \& const char *name, BIO *bp, pem_password_cb *cb, \& void *u); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBPEM_bytes_read_bio()\fR reads PEM-formatted (\s-1IETF RFC 1421\s0 and \s-1IETF RFC 7468\s0) data from the \s-1BIO\s0 \&\fIbp\fR for the data type given in \fIname\fR (\s-1RSA PRIVATE KEY, CERTIFICATE,\s0 etc.). If multiple PEM-encoded data structures are present in the same stream, \fBPEM_bytes_read_bio()\fR will skip non-matching data types and continue reading. Non-PEM data present in the stream may cause an error. .PP The \s-1PEM\s0 header may indicate that the following data is encrypted; if so, the data will be decrypted, waiting on user input to supply a passphrase if needed. The password callback \fIcb\fR and rock \fIu\fR are used to obtain the decryption passphrase, if applicable. .PP Some data types have compatibility aliases, such as a file containing X509 \s-1CERTIFICATE\s0 matching a request for the deprecated type \s-1CERTIFICATE.\s0 The actual type indicated by the file is returned in \fI*pnm\fR if \fIpnm\fR is non-NULL. The caller must free the storage pointed to by \fI*pnm\fR. .PP The returned data is the DER-encoded form of the requested type, in \&\fI*pdata\fR with length \fI*plen\fR. The caller must free the storage pointed to by \fI*pdata\fR. .PP \&\fBPEM_bytes_read_bio_secmem()\fR is similar to \fBPEM_bytes_read_bio()\fR, but uses memory from the secure heap for its temporary buffers and the storage returned in \fI*pdata\fR and \fI*pnm\fR. Accordingly, the caller must use \&\fBOPENSSL_secure_free()\fR to free that storage. .SH "NOTES" .IX Header "NOTES" \&\fBPEM_bytes_read_bio_secmem()\fR only enforces that the secure heap is used for storage allocated within the \s-1PEM\s0 processing stack. The \s-1BIO\s0 stack from which input is read may also use temporary buffers, which are not necessarily allocated from the secure heap. In cases where it is desirable to ensure that the contents of the \s-1PEM\s0 file only appears in memory from the secure heap, care is needed in generating the \s-1BIO\s0 passed as \fIbp\fR. In particular, the use of \fBBIO_s_file()\fR indicates the use of the operating system stdio functionality, which includes buffering as a feature; \fBBIO_s_fd()\fR is likely to be more appropriate in such cases. .PP These functions make no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPEM_bytes_read_bio()\fR and \fBPEM_bytes_read_bio_secmem()\fR return 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPEM_read_bio_ex\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" \&\fBPEM_bytes_read_bio_secmem()\fR was introduced in OpenSSL 1.1.1 .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!}D + +EVP_PKEY_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_NEW 3" .TH EVP_PKEY_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free, EVP_PKEY_new_raw_private_key, EVP_PKEY_new_raw_public_key, EVP_PKEY_new_CMAC_key, EVP_PKEY_new_mac_key, EVP_PKEY_get_raw_private_key, EVP_PKEY_get_raw_public_key \&\- public/private key allocation and raw key handling functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& EVP_PKEY *EVP_PKEY_new(void); \& int EVP_PKEY_up_ref(EVP_PKEY *key); \& void EVP_PKEY_free(EVP_PKEY *key); \& \& EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, \& const unsigned char *key, size_t keylen); \& EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, \& const unsigned char *key, size_t keylen); \& EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, \& size_t len, const EVP_CIPHER *cipher); \& EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, \& int keylen); \& \& int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, \& size_t *len); \& int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, \& size_t *len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR structure which is used by OpenSSL to store public and private keys. The reference count is set to \&\fB1\fR. .PP \&\fBEVP_PKEY_up_ref()\fR increments the reference count of \fBkey\fR. .PP \&\fBEVP_PKEY_free()\fR decrements the reference count of \fBkey\fR and, if the reference count is zero, frees it up. If \fBkey\fR is \s-1NULL,\s0 nothing is done. .PP \&\fBEVP_PKEY_new_raw_private_key()\fR allocates a new \fB\s-1EVP_PKEY\s0\fR. If \fBe\fR is non-NULL then the new \fB\s-1EVP_PKEY\s0\fR structure is associated with the engine \fBe\fR. The \&\fBtype\fR argument indicates what kind of key this is. The value should be a \s-1NID\s0 for a public key algorithm that supports raw private keys, i.e. one of \&\fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, \fB\s-1EVP_PKEY_X25519\s0\fR, \&\fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. \fBkey\fR points to the raw private key data for this \fB\s-1EVP_PKEY\s0\fR which should be of length \fBkeylen\fR. The length should be appropriate for the type of the key. The public key data will be automatically derived from the given private key data (if appropriate for the algorithm type). .PP \&\fBEVP_PKEY_new_raw_public_key()\fR works in the same way as \&\fBEVP_PKEY_new_raw_private_key()\fR except that \fBkey\fR points to the raw public key data. The \fB\s-1EVP_PKEY\s0\fR structure will be initialised without any private key information. Algorithm types that support raw public keys are \&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. .PP \&\fBEVP_PKEY_new_CMAC_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR except it is only for the \fB\s-1EVP_PKEY_CMAC\s0\fR algorithm type. In addition to the raw private key data, it also takes a cipher algorithm to be used during creation of a \s-1CMAC\s0 in the \fBcipher\fR argument. The cipher should be a standard encryption only cipher. For example \s-1AEAD\s0 and \s-1XTS\s0 ciphers should not be used. .PP \&\fBEVP_PKEY_new_mac_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR. New applications should use \fBEVP_PKEY_new_raw_private_key()\fR instead. .PP \&\fBEVP_PKEY_get_raw_private_key()\fR fills the buffer provided by \fBpriv\fR with raw private key data. The size of the \fBpriv\fR buffer should be in \fB*len\fR on entry to the function, and on exit \fB*len\fR is updated with the number of bytes actually written. If the buffer \fBpriv\fR is \s-1NULL\s0 then \fB*len\fR is populated with the number of bytes required to hold the key. The calling application is responsible for ensuring that the buffer is large enough to receive the private key data. This function only works for algorithms that support raw private keys. Currently this is: \fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, \&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. .PP \&\fBEVP_PKEY_get_raw_public_key()\fR fills the buffer provided by \fBpub\fR with raw public key data. The size of the \fBpub\fR buffer should be in \fB*len\fR on entry to the function, and on exit \fB*len\fR is updated with the number of bytes actually written. If the buffer \fBpub\fR is \s-1NULL\s0 then \fB*len\fR is populated with the number of bytes required to hold the key. The calling application is responsible for ensuring that the buffer is large enough to receive the public key data. This function only works for algorithms that support raw public keys. Currently this is: \fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \&\fB\s-1EVP_PKEY_ED448\s0\fR. .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions which require a general private key without reference to any particular algorithm. .PP The structure returned by \fBEVP_PKEY_new()\fR is empty. To add a private or public key to this empty structure use the appropriate functions described in \&\fBEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or EVP_PKEY_set1_EC_KEY. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_new()\fR, \fBEVP_PKEY_new_raw_private_key()\fR, \fBEVP_PKEY_new_raw_public_key()\fR, \&\fBEVP_PKEY_new_CMAC_key()\fR and \fBEVP_PKEY_new_mac_key()\fR return either the newly allocated \fB\s-1EVP_PKEY\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBEVP_PKEY_up_ref()\fR, \fBEVP_PKEY_get_raw_private_key()\fR and \&\fBEVP_PKEY_get_raw_public_key()\fR return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or EVP_PKEY_set1_EC_KEY .SH "HISTORY" .IX Header "HISTORY" The \&\fBEVP_PKEY_new()\fR and \fBEVP_PKEY_free()\fR functions exist in all versions of OpenSSL. .PP The \fBEVP_PKEY_up_ref()\fR function was added in OpenSSL 1.1.0. .PP The \&\fBEVP_PKEY_new_raw_private_key()\fR, \fBEVP_PKEY_new_raw_public_key()\fR, \&\fBEVP_PKEY_new_CMAC_key()\fR, \fBEVP_PKEY_new_raw_private_key()\fR and \&\fBEVP_PKEY_get_raw_public_key()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!K߄ X509_cmp.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_CMP 3" .TH X509_CMP 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_cmp, X509_NAME_cmp, X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, X509_CRL_cmp, X509_CRL_match \&\- compare X509 certificates and related values .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_cmp(const X509 *a, const X509 *b); \& int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); \& int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); \& int X509_issuer_name_cmp(const X509 *a, const X509 *b); \& int X509_subject_name_cmp(const X509 *a, const X509 *b); \& int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); \& int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This set of functions are used to compare X509 objects, including X509 certificates, X509 \s-1CRL\s0 objects and various values in an X509 certificate. .PP The \fBX509_cmp()\fR function compares two \fBX509\fR objects indicated by parameters \&\fBa\fR and \fBb\fR. The comparison is based on the \fBmemcmp\fR result of the hash values of two \fBX509\fR objects and the canonical (\s-1DER\s0) encoding values. .PP The \fBX509_NAME_cmp()\fR function compares two \fBX509_NAME\fR objects indicated by parameters \fBa\fR and \fBb\fR. The comparison is based on the \fBmemcmp\fR result of the canonical (\s-1DER\s0) encoding values of the two objects. \fBi2d_X509_NAME\fR\|(3) has a more detailed description of the \s-1DER\s0 encoding of the \fBX509_NAME\fR structure. .PP The \fBX509_issuer_and_serial_cmp()\fR function compares the serial number and issuer values in the given \fBX509\fR objects \fBa\fR and \fBb\fR. .PP The \fBX509_issuer_name_cmp()\fR, \fBX509_subject_name_cmp()\fR and \fBX509_CRL_cmp()\fR functions are effectively wrappers of the \fBX509_NAME_cmp()\fR function. These functions compare issuer names and subject names of the objects, or issuers of \fBX509_CRL\fR objects, respectively. .IX Xref "509" .PP The \fBX509_CRL_match()\fR function compares two \fBX509_CRL\fR objects. Unlike the \&\fBX509_CRL_cmp()\fR function, this function compares the whole \s-1CRL\s0 content instead of just the issuer name. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Like common memory comparison functions, the \fBX509\fR comparison functions return an integer less than, equal to, or greater than zero if object \fBa\fR is found to be less than, to match, or be greater than object \fBb\fR, respectively. .PP \&\fBX509_NAME_cmp()\fR, \fBX509_issuer_and_serial_cmp()\fR, \fBX509_issuer_name_cmp()\fR, \&\fBX509_subject_name_cmp()\fR and \fBX509_CRL_cmp()\fR may return \fB\-2\fR to indicate an error. .SH "NOTES" .IX Header "NOTES" These functions in fact utilize the underlying \fBmemcmp\fR of the C library to do the comparison job. Data to be compared varies from \s-1DER\s0 encoding data, hash value or \fB\s-1ASN1_STRING\s0\fR. The sign of the comparison can be used to order the objects but it does not have a special meaning in some cases. .PP \&\fBX509_NAME_cmp()\fR and wrappers utilize the value \fB\-2\fR to indicate errors in some circumstances, which could cause confusion for the applications. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBi2d_X509_NAME\fR\|(3), \fBi2d_X509\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!X&&HMAC.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "HMAC 3" .TH HMAC 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags, HMAC_CTX_get_md, HMAC_size \&\- HMAC message authentication code .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& unsigned char *HMAC(const EVP_MD *evp_md, const void *key, \& int key_len, const unsigned char *d, size_t n, \& unsigned char *md, unsigned int *md_len); \& \& HMAC_CTX *HMAC_CTX_new(void); \& int HMAC_CTX_reset(HMAC_CTX *ctx); \& \& int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, \& const EVP_MD *md, ENGINE *impl); \& int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); \& int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); \& \& void HMAC_CTX_free(HMAC_CTX *ctx); \& \& int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); \& void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); \& const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); \& \& size_t HMAC_size(const HMAC_CTX *e); .Ve .PP Deprecated: .PP .Vb 4 \& #if OPENSSL_API_COMPAT < 0x10100000L \& int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, \& const EVP_MD *md); \& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1HMAC\s0 is a \s-1MAC\s0 (message authentication code), i.e. a keyed hash function used for message authentication, which is based on a hash function. .PP \&\s-1\fBHMAC\s0()\fR computes the message authentication code of the \fBn\fR bytes at \&\fBd\fR using the hash function \fBevp_md\fR and the key \fBkey\fR which is \&\fBkey_len\fR bytes long. .PP It places the result in \fBmd\fR (which must have space for the output of the hash function, which is no more than \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. The size of the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR. Note: passing a \s-1NULL\s0 value for \fBmd\fR to use the static array is not thread safe. .PP \&\fBevp_md\fR is a message digest such as \fBEVP_sha1()\fR, \fBEVP_ripemd160()\fR etc. \s-1HMAC\s0 does not support variable output length digests such as \fBEVP_shake128()\fR and \&\fBEVP_shake256()\fR. .PP \&\fBHMAC_CTX_new()\fR creates a new \s-1HMAC_CTX\s0 in heap memory. .PP \&\fBHMAC_CTX_reset()\fR zeros an existing \fB\s-1HMAC_CTX\s0\fR and associated resources, making it suitable for new computations as if it was newly created with \fBHMAC_CTX_new()\fR. .PP \&\fBHMAC_CTX_free()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR, releases any associated resources and finally frees the \fB\s-1HMAC_CTX\s0\fR itself. .PP The following functions may be used if the message is not completely stored in memory: .PP \&\fBHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use the hash function \fBevp_md\fR and key \fBkey\fR. If both are \s-1NULL,\s0 or if \fBkey\fR is \s-1NULL\s0 and \fBevp_md\fR is the same as the previous call, then the existing key is reused. \fBctx\fR must have been created with \fBHMAC_CTX_new()\fR before the first use of an \fB\s-1HMAC_CTX\s0\fR in this function. .PP If \fBHMAC_Init_ex()\fR is called with \fBkey\fR \s-1NULL\s0 and \fBevp_md\fR is not the same as the previous digest used by \fBctx\fR then an error is returned because reuse of an existing key with a different digest is not supported. .PP \&\fBHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes long. .PP \&\fBHMAC_Update()\fR can be called repeatedly with chunks of the message to be authenticated (\fBlen\fR bytes at \fBdata\fR). .PP \&\fBHMAC_Final()\fR places the message authentication code in \fBmd\fR, which must have space for the hash function output. .PP \&\fBHMAC_CTX_copy()\fR copies all of the internal state from \fBsctx\fR into \fBdctx\fR. .PP \&\fBHMAC_CTX_set_flags()\fR applies the specified flags to the internal EVP_MD_CTXs. These flags have the same meaning as for \fBEVP_MD_CTX_set_flags\fR\|(3). .PP \&\fBHMAC_CTX_get_md()\fR returns the \s-1EVP_MD\s0 that has previously been set for the supplied \s-1HMAC_CTX.\s0 .PP \&\fBHMAC_size()\fR returns the length in bytes of the underlying hash function output. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\s-1\fBHMAC\s0()\fR returns a pointer to the message authentication code or \s-1NULL\s0 if an error occurred. .PP \&\fBHMAC_CTX_new()\fR returns a pointer to a new \fB\s-1HMAC_CTX\s0\fR on success or \&\fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBHMAC_CTX_reset()\fR, \fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR, \fBHMAC_Final()\fR and \&\fBHMAC_CTX_copy()\fR return 1 for success or 0 if an error occurred. .PP \&\fBHMAC_CTX_get_md()\fR return the \s-1EVP_MD\s0 previously set for the supplied \s-1HMAC_CTX\s0 or \&\s-1NULL\s0 if no \s-1EVP_MD\s0 has been set. .PP \&\fBHMAC_size()\fR returns the length in bytes of the underlying hash function output or zero on error. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1RFC 2104\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\s-1\fBSHA1\s0\fR\|(3), \fBevp\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" \&\fBHMAC_CTX_init()\fR was replaced with \fBHMAC_CTX_reset()\fR in OpenSSL 1.1.0. .PP \&\fBHMAC_CTX_cleanup()\fR existed in OpenSSL before version 1.1.0. .PP \&\fBHMAC_CTX_new()\fR, \fBHMAC_CTX_free()\fR and \fBHMAC_CTX_get_md()\fR are new in OpenSSL 1.1.0. .PP \&\fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR and \fBHMAC_Final()\fR did not return values in OpenSSL before version 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!tqqi2d_PKCS7_bio_stream.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "I2D_PKCS7_BIO_STREAM 3" .TH I2D_PKCS7_BIO_STREAM 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" i2d_PKCS7_bio_stream \- output PKCS7 structure in BER format .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBi2d_PKCS7_bio_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1BER\s0 format. .PP It is otherwise identical to the function \fBSMIME_write_PKCS7()\fR. .SH "NOTES" .IX Header "NOTES" This function is effectively a version of the \fBd2i_PKCS7_bio()\fR supporting streaming. .SH "BUGS" .IX Header "BUGS" The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBi2d_PKCS7_bio_stream()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), \&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) \&\fBPKCS7_decrypt\fR\|(3), \&\fBSMIME_write_PKCS7\fR\|(3), \&\fBPEM_write_bio_PKCS7_stream\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBi2d_PKCS7_bio_stream()\fR function was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!?)PEM_read_bio_ex.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PEM_READ_BIO_EX 3" .TH PEM_READ_BIO_EX 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" PEM_read_bio_ex, PEM_FLAG_SECURE, PEM_FLAG_EAY_COMPATIBLE, PEM_FLAG_ONLY_B64 \- read PEM format files with custom processing .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& #define PEM_FLAG_SECURE 0x1 \& #define PEM_FLAG_EAY_COMPATIBLE 0x2 \& #define PEM_FLAG_ONLY_B64 0x4 \& int PEM_read_bio_ex(BIO *in, char **name, char **header, \& unsigned char **data, long *len, unsigned int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBPEM_read_bio_ex()\fR reads in \s-1PEM\s0 formatted data from an input \s-1BIO,\s0 outputting the name of the type of contained data, the header information regarding the possibly encrypted data, and the binary data payload (after base64 decoding). It should generally only be used to implement PEM_read_bio_\-family functions for specific data types or other usage, but is exposed to allow greater flexibility over how processing is performed, if needed. .PP If \s-1PEM_FLAG_SECURE\s0 is set, the intermediate buffers used to read in lines of input are allocated from the secure heap. .PP If \s-1PEM_FLAG_EAY_COMPATIBLE\s0 is set, a simple algorithm is used to remove whitespace and control characters from the end of each line, so as to be compatible with the historical behavior of \fBPEM_read_bio()\fR. .PP If \s-1PEM_FLAG_ONLY_B64\s0 is set, all characters are required to be valid base64 characters (or newlines); non\-base64 characters are treated as end of input. .PP If neither \s-1PEM_FLAG_EAY_COMPATIBLE\s0 or \s-1PEM_FLAG_ONLY_B64\s0 is set, control characters are ignored. .PP If both \s-1PEM_FLAG_EAY_COMPATIBLE\s0 and \s-1PEM_FLAG_ONLY_B64\s0 are set, an error is returned; these options are not compatible with each other. .SH "NOTES" .IX Header "NOTES" The caller must release the storage allocated for *name, *header, and *data. If \s-1PEM_FLAG_SECURE\s0 was set, use \fBOPENSSL_secure_free()\fR; otherwise, \&\fBOPENSSL_free()\fR is used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPEM_read_bio_ex()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPEM_bytes_read_bio\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBPEM_read_bio_ex()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!:++ SCT_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SCT_NEW 3" .TH SCT_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SCT_new, SCT_new_from_base64, SCT_free, SCT_LIST_free, SCT_get_version, SCT_set_version, SCT_get_log_entry_type, SCT_set_log_entry_type, SCT_get0_log_id, SCT_set0_log_id, SCT_set1_log_id, SCT_get_timestamp, SCT_set_timestamp, SCT_get_signature_nid, SCT_set_signature_nid, SCT_get0_signature, SCT_set0_signature, SCT_set1_signature, SCT_get0_extensions, SCT_set0_extensions, SCT_set1_extensions, SCT_get_source, SCT_set_source \&\- A Certificate Transparency Signed Certificate Timestamp .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef enum { \& CT_LOG_ENTRY_TYPE_NOT_SET = \-1, \& CT_LOG_ENTRY_TYPE_X509 = 0, \& CT_LOG_ENTRY_TYPE_PRECERT = 1 \& } ct_log_entry_type_t; \& \& typedef enum { \& SCT_VERSION_NOT_SET = \-1, \& SCT_VERSION_V1 = 0 \& } sct_version_t; \& \& typedef enum { \& SCT_SOURCE_UNKNOWN, \& SCT_SOURCE_TLS_EXTENSION, \& SCT_SOURCE_X509V3_EXTENSION, \& SCT_SOURCE_OCSP_STAPLED_RESPONSE \& } sct_source_t; \& \& SCT *SCT_new(void); \& SCT *SCT_new_from_base64(unsigned char version, \& const char *logid_base64, \& ct_log_entry_type_t entry_type, \& uint64_t timestamp, \& const char *extensions_base64, \& const char *signature_base64); \& \& void SCT_free(SCT *sct); \& void SCT_LIST_free(STACK_OF(SCT) *a); \& \& sct_version_t SCT_get_version(const SCT *sct); \& int SCT_set_version(SCT *sct, sct_version_t version); \& \& ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); \& int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); \& \& size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); \& int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); \& int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len); \& \& uint64_t SCT_get_timestamp(const SCT *sct); \& void SCT_set_timestamp(SCT *sct, uint64_t timestamp); \& \& int SCT_get_signature_nid(const SCT *sct); \& int SCT_set_signature_nid(SCT *sct, int nid); \& \& size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); \& void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); \& int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len); \& \& size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); \& void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); \& int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len); \& \& sct_source_t SCT_get_source(const SCT *sct); \& int SCT_set_source(SCT *sct, sct_source_t source); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" Signed Certificate Timestamps (SCTs) are defined by \s-1RFC 6962,\s0 Section 3.2. They constitute a promise by a Certificate Transparency (\s-1CT\s0) log to publicly record a certificate. By cryptographically verifying that a log did indeed issue an \s-1SCT,\s0 some confidence can be gained that the certificate is publicly known. .PP An internal representation of an \s-1SCT\s0 can be created in one of two ways. The first option is to create a blank \s-1SCT,\s0 using \fBSCT_new()\fR, and then populate it using: .IP "\(bu" 2 \&\fBSCT_set_version()\fR to set the \s-1SCT\s0 version. .Sp Only \s-1SCT_VERSION_V1\s0 is currently supported. .IP "\(bu" 2 \&\fBSCT_set_log_entry_type()\fR to set the type of certificate the \s-1SCT\s0 was issued for: .Sp \&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate. \&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate. .IP "\(bu" 2 \&\fBSCT_set0_log_id()\fR or \fBSCT_set1_log_id()\fR to set the LogID of the \s-1CT\s0 log that the \s-1SCT\s0 came from. .Sp The former takes ownership, whereas the latter makes a copy. See \s-1RFC 6962,\s0 Section 3.2 for the definition of LogID. .IP "\(bu" 2 \&\fBSCT_set_timestamp()\fR to set the time the \s-1SCT\s0 was issued (epoch time in milliseconds). .IP "\(bu" 2 \&\fBSCT_set_signature_nid()\fR to set the \s-1NID\s0 of the signature. .IP "\(bu" 2 \&\fBSCT_set0_signature()\fR or \fBSCT_set1_signature()\fR to set the raw signature value. .Sp The former takes ownership, whereas the latter makes a copy. .IP "\(bu" 2 \&\fBSCT_set0_extensions()\fR or \fBSCT_set1_extensions\fR to provide \s-1SCT\s0 extensions. .Sp The former takes ownership, whereas the latter makes a copy. .PP Alternatively, the \s-1SCT\s0 can be pre-populated from the following data using \&\fBSCT_new_from_base64()\fR: .IP "\(bu" 2 The \s-1SCT\s0 version (only \s-1SCT_VERSION_V1\s0 is currently supported). .IP "\(bu" 2 The LogID (see \s-1RFC 6962,\s0 Section 3.2), base64 encoded. .IP "\(bu" 2 The type of certificate the \s-1SCT\s0 was issued for: \&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate. \&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate. .IP "\(bu" 2 The time that the \s-1SCT\s0 was issued (epoch time in milliseconds). .IP "\(bu" 2 The \s-1SCT\s0 extensions, base64 encoded. .IP "\(bu" 2 The \s-1SCT\s0 signature, base64 encoded. .PP \&\fBSCT_set_source()\fR can be used to record where the \s-1SCT\s0 was found (\s-1TLS\s0 extension, X.509 certificate extension or \s-1OCSP\s0 response). This is not required for verifying the \s-1SCT.\s0 .SH "NOTES" .IX Header "NOTES" Some of the setters return int, instead of void. These will all return 1 on success, 0 on failure. They will not make changes on failure. .PP All of the setters will reset the validation status of the \s-1SCT\s0 to \&\s-1SCT_VALIDATION_STATUS_NOT_SET\s0 (see \fBSCT_validate\fR\|(3)). .PP \&\fBSCT_set_source()\fR will call \fBSCT_set_log_entry_type()\fR if the type of certificate the \s-1SCT\s0 was issued for can be inferred from where the \s-1SCT\s0 was found. For example, an \s-1SCT\s0 found in an X.509 extension must have been issued for a pre\- certificate. .PP \&\fBSCT_set_source()\fR will not refuse unknown values. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSCT_set_version()\fR returns 1 if the specified version is supported, 0 otherwise. .PP \&\fBSCT_set_log_entry_type()\fR returns 1 if the specified log entry type is supported, 0 otherwise. .PP \&\fBSCT_set0_log_id()\fR and \fBSCT_set1_log_id\fR return 1 if the specified LogID is a valid \s-1SHA\-256\s0 hash, 0 otherwise. Additionally, \fBSCT_set1_log_id\fR returns 0 if malloc fails. .PP \&\fBSCT_set_signature_nid\fR returns 1 if the specified \s-1NID\s0 is supported, 0 otherwise. .PP \&\fBSCT_set1_extensions\fR and \fBSCT_set1_signature\fR return 1 if the supplied buffer is copied successfully, 0 otherwise (i.e. if malloc fails). .PP \&\fBSCT_set_source\fR returns 1 on success, 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBct\fR\|(7), \&\fBSCT_validate\fR\|(3), \&\fBOBJ_nid2obj\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!% EVP_md5.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_MD5 3" .TH EVP_MD5 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_md5, EVP_md5_sha1 \&\- MD5 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_MD *EVP_md5(void); \& const EVP_MD *EVP_md5_sha1(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1MD5\s0 is a cryptographic hash function standardized in \s-1RFC 1321\s0 and designed by Ronald Rivest. .PP The \s-1CMU\s0 Software Engineering Institute considers \s-1MD5\s0 unsuitable for further use since its security has been severely compromised. .IP "\fBEVP_md5()\fR" 4 .IX Item "EVP_md5()" The \s-1MD5\s0 algorithm which produces a 128\-bit output from a given input. .IP "\fBEVP_md5_sha1()\fR" 4 .IX Item "EVP_md5_sha1()" A hash algorithm of \s-1SSL\s0 v3 that combines \s-1MD5\s0 with \s-1SHA\-1\s0 as described in \s-1RFC 6101.\s0 .Sp \&\s-1WARNING:\s0 this algorithm is not intended for non-SSL usage. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1IETF RFC 1321.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!.e11RAND_DRBG_get0_master.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RAND_DRBG_GET0_MASTER 3" .TH RAND_DRBG_GET0_MASTER 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RAND_DRBG_get0_master, RAND_DRBG_get0_public, RAND_DRBG_get0_private \&\- get access to the global RAND_DRBG instances .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& RAND_DRBG *RAND_DRBG_get0_master(void); \& RAND_DRBG *RAND_DRBG_get0_public(void); \& RAND_DRBG *RAND_DRBG_get0_private(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The default \s-1RAND API\s0 implementation (\fBRAND_OpenSSL()\fR) utilizes three shared \s-1DRBG\s0 instances which are accessed via the \s-1RAND API:\s0 .PP The and \s-1DRBG\s0 are thread-local instances, which are used by \fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR, respectively. The \s-1DRBG\s0 is a global instance, which is not intended to be used directly, but is used internally to reseed the other two instances. .PP These functions here provide access to the shared \s-1DRBG\s0 instances. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_DRBG_get0_master()\fR returns a pointer to the \s-1DRBG\s0 instance. .PP \&\fBRAND_DRBG_get0_public()\fR returns a pointer to the \s-1DRBG\s0 instance. .PP \&\fBRAND_DRBG_get0_private()\fR returns a pointer to the \s-1DRBG\s0 instance. .SH "NOTES" .IX Header "NOTES" It is not thread-safe to access the \s-1DRBG\s0 instance. The and \s-1DRBG\s0 instance can be accessed safely, because they are thread-local. Note however, that changes to these two instances apply only to the current thread. .PP For that reason it is recommended not to change the settings of these three instances directly. Instead, an application should change the default settings for new \s-1DRBG\s0 instances at initialization time, before creating additional threads. .PP During initialization, it is possible to change the reseed interval and reseed time interval. It is also possible to exchange the reseeding callbacks entirely. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRAND_DRBG_set_callbacks\fR\|(3), \&\fBRAND_DRBG_set_reseed_defaults\fR\|(3), \&\fBRAND_DRBG_set_reseed_interval\fR\|(3), \&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3), \&\fBRAND_DRBG_set_callbacks\fR\|(3), \&\fBRAND_DRBG_generate\fR\|(3), \&\s-1\fBRAND_DRBG\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!=CTLOG_STORE_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CTLOG_STORE_NEW 3" .TH CTLOG_STORE_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CTLOG_STORE_new, CTLOG_STORE_free, CTLOG_STORE_load_default_file, CTLOG_STORE_load_file \- Create and populate a Certificate Transparency log list .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& CTLOG_STORE *CTLOG_STORE_new(void); \& void CTLOG_STORE_free(CTLOG_STORE *store); \& \& int CTLOG_STORE_load_default_file(CTLOG_STORE *store); \& int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A \s-1CTLOG_STORE\s0 is a container for a list of CTLOGs (Certificate Transparency logs). The list can be loaded from one or more files and then searched by LogID (see \s-1RFC 6962,\s0 Section 3.2, for the definition of a LogID). .PP \&\fBCTLOG_STORE_new()\fR creates an empty list of \s-1CT\s0 logs. This is then populated by \fBCTLOG_STORE_load_default_file()\fR or \fBCTLOG_STORE_load_file()\fR. \&\fBCTLOG_STORE_load_default_file()\fR loads from the default file, which is named \&\*(L"ct_log_list.cnf\*(R" in \s-1OPENSSLDIR\s0 (see the output of version). This can be overridden using an environment variable named \*(L"\s-1CTLOG_FILE\*(R".\s0 \&\fBCTLOG_STORE_load_file()\fR loads from a caller-specified file path instead. Both of these functions append any loaded \s-1CT\s0 logs to the \s-1CTLOG_STORE.\s0 .PP The expected format of the file is: .PP .Vb 1 \& enabled_logs=foo,bar \& \& [foo] \& description = Log 1 \& key = \& \& [bar] \& description = Log 2 \& key = .Ve .PP Once a \s-1CTLOG_STORE\s0 is no longer required, it should be passed to \&\fBCTLOG_STORE_free()\fR. This will delete all of the CTLOGs stored within, along with the \s-1CTLOG_STORE\s0 itself. .SH "NOTES" .IX Header "NOTES" If there are any invalid \s-1CT\s0 logs in a file, they are skipped and the remaining valid logs will still be added to the \s-1CTLOG_STORE. A CT\s0 log will be considered invalid if it is missing a \*(L"key\*(R" or \*(L"description\*(R" field. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Both \fBCTLOG_STORE_load_default_file\fR and \fBCTLOG_STORE_load_file\fR return 1 if all \s-1CT\s0 logs in the file are successfully parsed and loaded, 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBct\fR\|(7), \&\fBCTLOG_STORE_get0_log_by_id\fR\|(3), \&\fBSSL_CTX_set_ctlog_list_file\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!i^t%SSL_CTX_set_record_padding_callback.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_RECORD_PADDING_CALLBACK 3" .TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_record_padding_callback, SSL_set_record_padding_callback, SSL_CTX_set_record_padding_callback_arg, SSL_set_record_padding_callback_arg, SSL_CTX_get_record_padding_callback_arg, SSL_get_record_padding_callback_arg, SSL_CTX_set_block_padding, SSL_set_block_padding \- install callback to specify TLS 1.3 record padding .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); \& void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); \& \& void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); \& void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); \& \& void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); \& void *SSL_get_record_padding_callback_arg(const SSL *ssl); \& \& int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); \& int SSL_set_block_padding(SSL *ssl, size_t block_size); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_record_padding_callback()\fR or \fBSSL_set_record_padding_callback()\fR can be used to assign a callback function \fIcb\fR to specify the padding for \s-1TLS 1.3\s0 records. The value set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fBSSL_new()\fR. .PP \&\fBSSL_CTX_set_record_padding_callback_arg()\fR and \fBSSL_set_record_padding_callback_arg()\fR assign a value \fBarg\fR that is passed to the callback when it is invoked. The value set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fBSSL_new()\fR. .PP \&\fBSSL_CTX_get_record_padding_callback_arg()\fR and \fBSSL_get_record_padding_callback_arg()\fR retrieve the \fBarg\fR value that is passed to the callback. .PP \&\fBSSL_CTX_set_block_padding()\fR and \fBSSL_set_block_padding()\fR pads the record to a multiple of the \fBblock_size\fR. A \fBblock_size\fR of 0 or 1 disables block padding. The limit of \&\fBblock_size\fR is \s-1SSL3_RT_MAX_PLAIN_LENGTH.\s0 .PP The callback is invoked for every record before encryption. The \fBtype\fR parameter is the \s-1TLS\s0 record type that is being processed; may be one of \s-1SSL3_RT_APPLICATION_DATA, SSL3_RT_HANDSHAKE,\s0 or \s-1SSL3_RT_ALERT.\s0 The \fBlen\fR parameter is the current plaintext length of the record before encryption. The \fBarg\fR parameter is the value set via \fBSSL_CTX_set_record_padding_callback_arg()\fR or \fBSSL_set_record_padding_callback_arg()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The \fBSSL_CTX_get_record_padding_callback_arg()\fR and \fBSSL_get_record_padding_callback_arg()\fR functions return the \fBarg\fR value assigned in the corresponding set functions. .PP The \fBSSL_CTX_set_block_padding()\fR and \fBSSL_set_block_padding()\fR functions return 1 on success or 0 if \fBblock_size\fR is too large. .PP The \fBcb\fR returns the number of padding bytes to add to the record. A return of 0 indicates no padding will be added. A return value that causes the record to exceed the maximum record size (\s-1SSL3_RT_MAX_PLAIN_LENGTH\s0) will pad out to the maximum record size. .SH "NOTES" .IX Header "NOTES" The default behavior is to add no padding to the record. .PP A user-supplied padding callback function will override the behavior set by \&\fBSSL_set_block_padding()\fR or \fBSSL_CTX_set_block_padding()\fR. Setting the user-supplied callback to \s-1NULL\s0 will restore the configured block padding behavior. .PP These functions only apply to \s-1TLS 1.3\s0 records being written. .PP Padding bytes are not added in constant-time. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The record padding \s-1API\s0 was added for \s-1TLS 1.3\s0 support in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!w == BN_add_word.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_ADD_WORD 3" .TH BN_ADD_WORD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic functions on BIGNUMs with integers .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int BN_add_word(BIGNUM *a, BN_ULONG w); \& \& int BN_sub_word(BIGNUM *a, BN_ULONG w); \& \& int BN_mul_word(BIGNUM *a, BN_ULONG w); \& \& BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); \& \& BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions perform arithmetic operations on BIGNUMs with unsigned integers. They are much more efficient than the normal \s-1BIGNUM\s0 arithmetic operations. .PP \&\fBBN_add_word()\fR adds \fBw\fR to \fBa\fR (\f(CW\*(C`a+=w\*(C'\fR). .PP \&\fBBN_sub_word()\fR subtracts \fBw\fR from \fBa\fR (\f(CW\*(C`a\-=w\*(C'\fR). .PP \&\fBBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=w\*(C'\fR). .PP \&\fBBN_div_word()\fR divides \fBa\fR by \fBw\fR (\f(CW\*(C`a/=w\*(C'\fR) and returns the remainder. .PP \&\fBBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%w\*(C'\fR). .PP For \fBBN_div_word()\fR and \fBBN_mod_word()\fR, \fBw\fR must not be 0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBN_add_word()\fR, \fBBN_sub_word()\fR and \fBBN_mul_word()\fR return 1 for success, 0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .PP \&\fBBN_mod_word()\fR and \fBBN_div_word()\fR return \fBa\fR%\fBw\fR on success and \&\fB(\s-1BN_ULONG\s0)\-1\fR if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!_c++SSL_CTX_use_psk_identity_hint.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_USE_PSK_IDENTITY_HINT 3" .TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_psk_server_cb_func, SSL_psk_find_session_cb_func, SSL_CTX_use_psk_identity_hint, SSL_use_psk_identity_hint, SSL_CTX_set_psk_server_callback, SSL_set_psk_server_callback, SSL_CTX_set_psk_find_session_callback, SSL_set_psk_find_session_callback \&\- set PSK identity hint to use .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, \& const unsigned char *identity, \& size_t identity_len, \& SSL_SESSION **sess); \& \& \& void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, \& SSL_psk_find_session_cb_func cb); \& void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); \& \& typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, \& const char *identity, \& unsigned char *psk, \& unsigned int max_psk_len); \& \& int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); \& int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); \& \& void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); \& void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A server application wishing to use TLSv1.3 PSKs should set a callback using either \fBSSL_CTX_set_psk_find_session_callback()\fR or \&\fBSSL_set_psk_find_session_callback()\fR as appropriate. .PP The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR and an identity in \fBidentity\fR of length \fBidentity_len\fR. The callback function should identify an \s-1SSL_SESSION\s0 object that provides the \s-1PSK\s0 details and store it in \fB*sess\fR. The \s-1SSL_SESSION\s0 object should, as a minimum, set the master key, the ciphersuite and the protocol version. See \&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) for details. .PP It is also possible for the callback to succeed but not supply a \s-1PSK.\s0 In this case no \s-1PSK\s0 will be used but the handshake will continue. To do this the callback should return successfully and ensure that \fB*sess\fR is \&\s-1NULL.\s0 .PP Identity hints are not relevant for TLSv1.3. A server application wishing to use \&\s-1PSK\s0 ciphersuites for TLSv1.2 and below may call \fBSSL_CTX_use_psk_identity_hint()\fR to set the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity hint \fBhint\fR for \s-1SSL\s0 context object \fBctx\fR. \fBSSL_use_psk_identity_hint()\fR sets the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity hint \fBhint\fR for the \s-1SSL\s0 connection object \fBssl\fR. If \fBhint\fR is \&\fB\s-1NULL\s0\fR the current hint from \fBctx\fR or \fBssl\fR is deleted. .PP In the case where \s-1PSK\s0 identity hint is \fB\s-1NULL\s0\fR, the server does not send the ServerKeyExchange message to the client. .PP A server application wishing to use PSKs for TLSv1.2 and below must provide a callback function which is called when the server receives the ClientKeyExchange message from the client. The purpose of the callback function is to validate the received \s-1PSK\s0 identity and to fetch the pre-shared key used during the connection setup phase. The callback is set using the functions \&\fBSSL_CTX_set_psk_server_callback()\fR or \fBSSL_set_psk_server_callback()\fR. The callback function is given the connection in parameter \fBssl\fR, \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity sent by the client in parameter \fBidentity\fR, and a buffer \fBpsk\fR of length \fBmax_psk_len\fR bytes where the pre-shared key is to be stored. .PP The callback for use in TLSv1.2 will also work in TLSv1.3 although it is recommended to use \fBSSL_CTX_set_psk_find_session_callback()\fR or \fBSSL_set_psk_find_session_callback()\fR for this purpose instead. If TLSv1.3 has been negotiated then OpenSSL will first check to see if a callback has been set via \fBSSL_CTX_set_psk_find_session_callback()\fR or \fBSSL_set_psk_find_session_callback()\fR and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via \fBSSL_CTX_set_psk_server_callback()\fR or \&\fBSSL_set_psk_server_callback()\fR and use that. In this case the handshake digest will default to \s-1SHA\-256\s0 for any returned \s-1PSK.\s0 TLSv1.3 early data exchanges are possible in \s-1PSK\s0 connections only with the \fBSSL_psk_find_session_cb_func\fR callback, and are not possible with the \fBSSL_psk_server_cb_func\fR callback. .SH "NOTES" .IX Header "NOTES" A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption has occurred so that \fBSSL_session_reused\fR\|(3) will return true. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fB\fBSSL_CTX_use_psk_identity_hint()\fB\fR and \fB\fBSSL_use_psk_identity_hint()\fB\fR return 1 on success, 0 otherwise. .PP Return values from the TLSv1.2 and below server callback are interpreted as follows: .IP "0" 4 \&\s-1PSK\s0 identity was not found. An \*(L"unknown_psk_identity\*(R" alert message will be sent and the connection setup fails. .IP ">0" 4 .IX Item ">0" \&\s-1PSK\s0 identity was found and the server callback has provided the \s-1PSK\s0 successfully in parameter \fBpsk\fR. Return value is the length of \&\fBpsk\fR in bytes. It is an error to return a value greater than \&\fBmax_psk_len\fR. .Sp If the \s-1PSK\s0 identity was not found but the callback instructs the protocol to continue anyway, the callback must provide some random data to \fBpsk\fR and return the length of the random data, so the connection will fail with decryption_error before it will be finished completely. .PP The \fBSSL_psk_find_session_cb_func\fR callback should return 1 on success or 0 on failure. In the event of failure the connection setup fails. .SH "NOTES" .IX Header "NOTES" There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or below) and TLSv1.3. However, the \s-1RFC\s0 has this note of caution: .PP \&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output in both versions, only limited analysis has been done. Implementations can ensure safety from cross-protocol related output by not reusing PSKs between \&\s-1TLS 1.3\s0 and \s-1TLS 1.2.\*(R"\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3), \&\fBSSL_set_psk_use_session_callback\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBSSL_CTX_set_psk_find_session_callback()\fR and \fBSSL_set_psk_find_session_callback()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!E+==OSSL_STORE_LOADER.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OSSL_STORE_LOADER 3" .TH OSSL_STORE_LOADER 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OSSL_STORE_LOADER, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, OSSL_STORE_LOADER_get0_engine, OSSL_STORE_LOADER_get0_scheme, OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_ctrl, OSSL_STORE_LOADER_set_expect, OSSL_STORE_LOADER_set_find, OSSL_STORE_LOADER_set_load, OSSL_STORE_LOADER_set_eof, OSSL_STORE_LOADER_set_error, OSSL_STORE_LOADER_set_close, OSSL_STORE_LOADER_free, OSSL_STORE_register_loader, OSSL_STORE_unregister_loader, OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, OSSL_STORE_expect_fn, OSSL_STORE_find_fn, OSSL_STORE_load_fn, OSSL_STORE_eof_fn, OSSL_STORE_error_fn, OSSL_STORE_close_fn \- Types and functions to manipulate, register and unregister STORE loaders for different URI schemes .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef struct ossl_store_loader_st OSSL_STORE_LOADER; \& \& OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); \& const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER \& *store_loader); \& const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER \& *store_loader); \& \& /* struct ossl_store_loader_ctx_st is defined differently by each loader */ \& typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; \& \& typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const char *uri, \& const UI_METHOD *ui_method, \& void *ui_data); \& int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *store_loader, \& OSSL_STORE_open_fn store_open_function); \& typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, \& va_list args); \& int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *store_loader, \& OSSL_STORE_ctrl_fn store_ctrl_function); \& typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected); \& int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, \& OSSL_STORE_expect_fn expect_function); \& typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx, \& OSSL_STORE_SEARCH *criteria); \& int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, \& OSSL_STORE_find_fn find_function); \& typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, \& UI_METHOD *ui_method, \& void *ui_data); \& int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *store_loader, \& OSSL_STORE_load_fn store_load_function); \& typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); \& int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *store_loader, \& OSSL_STORE_eof_fn store_eof_function); \& typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); \& int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *store_loader, \& OSSL_STORE_error_fn store_error_function); \& typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); \& int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *store_loader, \& OSSL_STORE_close_fn store_close_function); \& void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *store_loader); \& \& int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); \& OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions help applications and engines to create loaders for schemes they support. .SS "Types" .IX Subsection "Types" \&\fB\s-1OSSL_STORE_LOADER\s0\fR is the type to hold a loader. It contains a scheme and the functions needed to implement \&\fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR, \fBOSSL_STORE_error()\fR and \&\fBOSSL_STORE_close()\fR for this scheme. .PP \&\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR is a type template, to be defined by each loader using \fBstruct ossl_store_loader_ctx_st { ... }\fR. .PP \&\fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, \fBOSSL_STORE_expect_fn\fR, \&\fBOSSL_STORE_find_fn\fR, \fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR, and \fBOSSL_STORE_close_fn\fR are the function pointer types used within a \s-1STORE\s0 loader. The functions pointed at define the functionality of the given loader. .IP "\fBOSSL_STORE_open_fn\fR" 4 .IX Item "OSSL_STORE_open_fn" This function takes a \s-1URI\s0 and is expected to interpret it in the best manner possible according to the scheme the loader implements, it also takes a \fB\s-1UI_METHOD\s0\fR and associated data, to be used any time something needs to be prompted for. Furthermore, this function is expected to initialize what needs to be initialized, to create a private data store (\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR, see above), and to return it. If something goes wrong, this function is expected to return \s-1NULL.\s0 .IP "\fBOSSL_STORE_ctrl_fn\fR" 4 .IX Item "OSSL_STORE_ctrl_fn" This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer, a command number \&\fBcmd\fR and a \fBva_list\fR \fBargs\fR and is used to manipulate loader specific parameters. .Sp Loader specific command numbers must begin at \fB\s-1OSSL_STORE_C_CUSTOM_START\s0\fR. Any number below that is reserved for future globally known command numbers. .Sp This function is expected to return 1 on success, 0 on error. .IP "\fBOSSL_STORE_expect_fn\fR" 4 .IX Item "OSSL_STORE_expect_fn" This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1OSSL_STORE_INFO\s0\fR identity \fBexpected\fR, and is used to tell the loader what object type is expected. \&\fBexpected\fR may be zero to signify that no specific object type is expected. .Sp This function is expected to return 1 on success, 0 on error. .IP "\fBOSSL_STORE_find_fn\fR" 4 .IX Item "OSSL_STORE_find_fn" This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \&\fB\s-1OSSL_STORE_SEARCH\s0\fR search criterion, and is used to tell the loader what to search for. .Sp When called with the loader context being \fB\s-1NULL\s0\fR, this function is expected to return 1 if the loader supports the criterion, otherwise 0. .Sp When called with the loader context being something other than \fB\s-1NULL\s0\fR, this function is expected to return 1 on success, 0 on error. .IP "\fBOSSL_STORE_load_fn\fR" 4 .IX Item "OSSL_STORE_load_fn" This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1UI_METHOD\s0\fR with associated data. It's expected to load the next available data, mold it into a data structure that can be wrapped in a \fB\s-1OSSL_STORE_INFO\s0\fR using one of the \&\s-1\fBOSSL_STORE_INFO\s0\fR\|(3) functions. If no more data is available or an error occurs, this function is expected to return \s-1NULL.\s0 The \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_error_fn\fR functions must indicate if it was in fact the end of data or if an error occurred. .Sp Note that this function retrieves \fIone\fR data item only. .IP "\fBOSSL_STORE_eof_fn\fR" 4 .IX Item "OSSL_STORE_eof_fn" This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to return 1 to indicate that the end of available data has been reached. It is otherwise expected to return 0. .IP "\fBOSSL_STORE_error_fn\fR" 4 .IX Item "OSSL_STORE_error_fn" This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to return 1 to indicate that an error occurred in a previous call to the \&\fBOSSL_STORE_load_fn\fR function. It is otherwise expected to return 0. .IP "\fBOSSL_STORE_close_fn\fR" 4 .IX Item "OSSL_STORE_close_fn" This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to close or shut down what needs to be closed, and finally free the contents of the \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer. It returns 1 on success and 0 on error. .SS "Functions" .IX Subsection "Functions" \&\fBOSSL_STORE_LOADER_new()\fR creates a new \fB\s-1OSSL_STORE_LOADER\s0\fR. It takes an \fB\s-1ENGINE\s0\fR \fBe\fR and a string \fBscheme\fR. \&\fBscheme\fR must \fIalways\fR be set. Both \fBe\fR and \fBscheme\fR are used as is and must therefore be alive as long as the created loader is. .PP \&\fBOSSL_STORE_LOADER_get0_engine()\fR returns the engine of the \fBstore_loader\fR. \&\fBOSSL_STORE_LOADER_get0_scheme()\fR returns the scheme of the \fBstore_loader\fR. .PP \&\fBOSSL_STORE_LOADER_set_open()\fR sets the opener function for the \&\fBstore_loader\fR. .PP \&\fBOSSL_STORE_LOADER_set_ctrl()\fR sets the control function for the \&\fBstore_loader\fR. .PP \&\fBOSSL_STORE_LOADER_set_expect()\fR sets the expect function for the \&\fBstore_loader\fR. .PP \&\fBOSSL_STORE_LOADER_set_load()\fR sets the loader function for the \&\fBstore_loader\fR. .PP \&\fBOSSL_STORE_LOADER_set_eof()\fR sets the end of file checker function for the \&\fBstore_loader\fR. .PP \&\fBOSSL_STORE_LOADER_set_close()\fR sets the closing function for the \&\fBstore_loader\fR. .PP \&\fBOSSL_STORE_LOADER_free()\fR frees the given \fBstore_loader\fR. .PP \&\fBOSSL_STORE_register_loader()\fR register the given \fBstore_loader\fR and thereby makes it available for use with \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, \&\fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR. .PP \&\fBOSSL_STORE_unregister_loader()\fR unregister the store loader for the given \&\fBscheme\fR. .SH "NOTES" .IX Header "NOTES" The \fBfile:\fR scheme has built in support. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The functions with the types \fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, \&\fBOSSL_STORE_expect_fn\fR, \&\fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_close_fn\fR have the same return values as \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_expect()\fR, \&\fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR, respectively. .PP \&\fBOSSL_STORE_LOADER_new()\fR returns a pointer to a \fB\s-1OSSL_STORE_LOADER\s0\fR on success, or \fB\s-1NULL\s0\fR on failure. .PP \&\fBOSSL_STORE_LOADER_set_open()\fR, \fBOSSL_STORE_LOADER_set_ctrl()\fR, \&\fBOSSL_STORE_LOADER_set_load()\fR, \fBOSSL_STORE_LOADER_set_eof()\fR and \&\fBOSSL_STORE_LOADER_set_close()\fR return 1 on success, or 0 on failure. .PP \&\fBOSSL_STORE_register_loader()\fR returns 1 on success, or 0 on failure. .PP \&\fBOSSL_STORE_unregister_loader()\fR returns the unregistered loader on success, or \fB\s-1NULL\s0\fR on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1\fBOSSL_STORE_LOADER\s0()\fR, \s-1\fBOSSL_STORE_LOADER_CTX\s0()\fR, \fBOSSL_STORE_LOADER_new()\fR, \&\fBOSSL_STORE_LOADER_set0_scheme()\fR, \fBOSSL_STORE_LOADER_set_open()\fR, \&\fBOSSL_STORE_LOADER_set_ctrl()\fR, \fBOSSL_STORE_LOADER_set_load()\fR, \&\fBOSSL_STORE_LOADER_set_eof()\fR, \fBOSSL_STORE_LOADER_set_close()\fR, \&\fBOSSL_STORE_LOADER_free()\fR, \fBOSSL_STORE_register_loader()\fR, \&\fBOSSL_STORE_unregister_loader()\fR, \fBOSSL_STORE_open_fn()\fR, \fBOSSL_STORE_ctrl_fn()\fR, \&\fBOSSL_STORE_load_fn()\fR, \fBOSSL_STORE_eof_fn()\fR and \fBOSSL_STORE_close_fn()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!g`dllOPENSSL_LH_stats.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OPENSSL_LH_STATS 3" .TH OPENSSL_LH_STATS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio, OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio \- LHASH statistics .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void OPENSSL_LH_stats(LHASH *table, FILE *out); \& void OPENSSL_LH_node_stats(LHASH *table, FILE *out); \& void OPENSSL_LH_node_usage_stats(LHASH *table, FILE *out); \& \& void OPENSSL_LH_stats_bio(LHASH *table, BIO *out); \& void OPENSSL_LH_node_stats_bio(LHASH *table, BIO *out); \& void OPENSSL_LH_node_usage_stats_bio(LHASH *table, BIO *out); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fB\s-1LHASH\s0\fR structure records statistics about most aspects of accessing the hash table. .PP \&\fBOPENSSL_LH_stats()\fR prints out statistics on the size of the hash table, how many entries are in it, and the number and result of calls to the routines in this library. .PP \&\fBOPENSSL_LH_node_stats()\fR prints the number of entries for each 'bucket' in the hash table. .PP \&\fBOPENSSL_LH_node_usage_stats()\fR prints out a short summary of the state of the hash table. It prints the 'load' and the 'actual load'. The load is the average number of data items per 'bucket' in the hash table. The \&'actual load' is the average number of items per 'bucket', but only for buckets which contain entries. So the 'actual load' is the average number of searches that will need to find an item in the hash table, while the 'load' is the average number that will be done to record a miss. .PP \&\fBOPENSSL_LH_stats_bio()\fR, \fBOPENSSL_LH_node_stats_bio()\fR and \fBOPENSSL_LH_node_usage_stats_bio()\fR are the same as the above, except that the output goes to a \fB\s-1BIO\s0\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions do not return values. .SH "NOTE" .IX Header "NOTE" These calls should be made under a read lock. Refer to \&\*(L"\s-1NOTE\*(R"\s0 in \s-1\fBOPENSSL_LH_COMPFUNC\s0\fR\|(3) for more details about the locks required when using the \s-1LHASH\s0 data structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBbio\fR\|(7), \s-1\fBOPENSSL_LH_COMPFUNC\s0\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! ,uu EVP_bf_cbc.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_BF_CBC 3" .TH EVP_BF_CBC 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_bf_cbc, EVP_bf_cfb, EVP_bf_cfb64, EVP_bf_ecb, EVP_bf_ofb \&\- EVP Blowfish cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_CIPHER *EVP_bf_cbc(void) \& const EVP_CIPHER *EVP_bf_cfb(void) \& const EVP_CIPHER *EVP_bf_cfb64(void) \& const EVP_CIPHER *EVP_bf_ecb(void) \& const EVP_CIPHER *EVP_bf_ofb(void) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The Blowfish encryption algorithm for \s-1EVP.\s0 .PP This is a variable key length cipher. .IP "\fBEVP_bf_cbc()\fR, \fBEVP_bf_cfb()\fR, \fBEVP_bf_cfb64()\fR, \fBEVP_bf_ecb()\fR, \fBEVP_bf_ofb()\fR" 4 .IX Item "EVP_bf_cbc(), EVP_bf_cfb(), EVP_bf_cfb64(), EVP_bf_ecb(), EVP_bf_ofb()" Blowfish encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!a CTLOG_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CTLOG_NEW 3" .TH CTLOG_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CTLOG_new, CTLOG_new_from_base64, CTLOG_free, CTLOG_get0_name, CTLOG_get0_log_id, CTLOG_get0_public_key \- encapsulates information about a Certificate Transparency log .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); \& int CTLOG_new_from_base64(CTLOG ** ct_log, \& const char *pkey_base64, const char *name); \& void CTLOG_free(CTLOG *log); \& const char *CTLOG_get0_name(const CTLOG *log); \& void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, \& size_t *log_id_len); \& EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBCTLOG_new()\fR returns a new \s-1CTLOG\s0 that represents the Certificate Transparency (\s-1CT\s0) log with the given public key. A name must also be provided that can be used to help users identify this log. Ownership of the public key is transferred. .PP \&\fBCTLOG_new_from_base64()\fR also creates a new \s-1CTLOG,\s0 but takes the public key in base64\-encoded \s-1DER\s0 form and sets the ct_log pointer to point to the new \s-1CTLOG.\s0 The base64 will be decoded and the public key parsed. .PP Regardless of whether \fBCTLOG_new()\fR or \fBCTLOG_new_from_base64()\fR is used, it is the caller's responsibility to pass the \s-1CTLOG\s0 to \fBCTLOG_free()\fR once it is no longer needed. This will delete it and, if created by \fBCTLOG_new()\fR, the \s-1EVP_PKEY\s0 that was passed to it. .PP \&\fBCTLOG_get0_name()\fR returns the name of the log, as provided when the \s-1CTLOG\s0 was created. Ownership of the string remains with the \s-1CTLOG.\s0 .PP \&\fBCTLOG_get0_log_id()\fR sets *log_id to point to a string containing that log's LogID (see \s-1RFC 6962\s0). It sets *log_id_len to the length of that LogID. For a v1 \s-1CT\s0 log, the LogID will be a \s-1SHA\-256\s0 hash (i.e. 32 bytes long). Ownership of the string remains with the \s-1CTLOG.\s0 .PP \&\fBCTLOG_get0_public_key()\fR returns the public key of the \s-1CT\s0 log. Ownership of the \&\s-1EVP_PKEY\s0 remains with the \s-1CTLOG.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCTLOG_new()\fR will return \s-1NULL\s0 if an error occurs. .PP \&\fBCTLOG_new_from_base64()\fR will return 1 on success, 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBct\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!:U##SSL_CTX_set1_sigalgs.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET1_SIGALGS 3" .TH SSL_CTX_SET1_SIGALGS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list, SSL_set1_sigalgs_list, SSL_CTX_set1_client_sigalgs, SSL_set1_client_sigalgs, SSL_CTX_set1_client_sigalgs_list, SSL_set1_client_sigalgs_list \- set supported signature algorithms .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_CTX_set1_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen); \& long SSL_set1_sigalgs(SSL *ssl, const int *slist, long slistlen); \& long SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str); \& long SSL_set1_sigalgs_list(SSL *ssl, const char *str); \& \& long SSL_CTX_set1_client_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen); \& long SSL_set1_client_sigalgs(SSL *ssl, const int *slist, long slistlen); \& long SSL_CTX_set1_client_sigalgs_list(SSL_CTX *ctx, const char *str); \& long SSL_set1_client_sigalgs_list(SSL *ssl, const char *str); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set1_sigalgs()\fR and \fBSSL_set1_sigalgs()\fR set the supported signature algorithms for \fBctx\fR or \fBssl\fR. The array \fBslist\fR of length \fBslistlen\fR must consist of pairs of NIDs corresponding to digest and public key algorithms. .PP \&\fBSSL_CTX_set1_sigalgs_list()\fR and \fBSSL_set1_sigalgs_list()\fR set the supported signature algorithms for \fBctx\fR or \fBssl\fR. The \fBstr\fR parameter must be a null terminated string consisting of a colon separated list of elements, where each element is either a combination of a public key algorithm and a digest separated by \fB+\fR, or a \s-1TLS 1\s0.3\-style named SignatureScheme such as rsa_pss_pss_sha256. .PP \&\fBSSL_CTX_set1_client_sigalgs()\fR, \fBSSL_set1_client_sigalgs()\fR, \&\fBSSL_CTX_set1_client_sigalgs_list()\fR and \fBSSL_set1_client_sigalgs_list()\fR set signature algorithms related to client authentication, otherwise they are identical to \fBSSL_CTX_set1_sigalgs()\fR, \fBSSL_set1_sigalgs()\fR, \&\fBSSL_CTX_set1_sigalgs_list()\fR and \fBSSL_set1_sigalgs_list()\fR. .PP All these functions are implemented as macros. The signature algorithm parameter (integer array or string) is not freed: the application should free it, if necessary. .SH "NOTES" .IX Header "NOTES" If an application wishes to allow the setting of signature algorithms as one of many user configurable options it should consider using the more flexible \s-1SSL_CONF API\s0 instead. .PP The signature algorithms set by a client are used directly in the supported signature algorithm in the client hello message. .PP The supported signature algorithms set by a server are not sent to the client but are used to determine the set of shared signature algorithms and (if server preferences are set with \s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0) their order. .PP The client authentication signature algorithms set by a server are sent in a certificate request message if client authentication is enabled, otherwise they are unused. .PP Similarly client authentication signature algorithms set by a client are used to determined the set of client authentication shared signature algorithms. .PP Signature algorithms will neither be advertised nor used if the security level prohibits them (for example \s-1SHA1\s0 if the security level is 4 or more). .PP Currently the NID_md5, NID_sha1, NID_sha224, NID_sha256, NID_sha384 and NID_sha512 digest NIDs are supported and the public key algorithm NIDs \&\s-1EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_DSA\s0 and \s-1EVP_PKEY_EC.\s0 .PP The short or long name values for digests can be used in a string (for example \*(L"\s-1MD5\*(R", \*(L"SHA1\*(R", \*(L"SHA224\*(R", \*(L"SHA256\*(R", \*(L"SHA384\*(R", \*(L"SHA512\*(R"\s0) and the public key algorithm strings \*(L"\s-1RSA\*(R",\s0 \*(L"RSA-PSS\*(R", \*(L"\s-1DSA\*(R"\s0 or \*(L"\s-1ECDSA\*(R".\s0 .PP The \s-1TLS 1.3\s0 signature scheme names (such as \*(L"rsa_pss_pss_sha256\*(R") can also be used with the \fB_list\fR forms of the \s-1API.\s0 .PP The use of \s-1MD5\s0 as a digest is strongly discouraged due to security weaknesses. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All these functions return 1 for success and 0 for failure. .SH "EXAMPLES" .IX Header "EXAMPLES" Set supported signature algorithms to \s-1SHA256\s0 with \s-1ECDSA\s0 and \s-1SHA256\s0 with \s-1RSA\s0 using an array: .PP .Vb 1 \& const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA}; \& \& SSL_CTX_set1_sigalgs(ctx, slist, 4); .Ve .PP Set supported signature algorithms to \s-1SHA256\s0 with \s-1ECDSA\s0 and \s-1SHA256\s0 with \s-1RSA\s0 using a string: .PP .Vb 1 \& SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256"); .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_shared_sigalgs\fR\|(3), \&\fBSSL_CONF_CTX_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!RD7  ERR_load_crypto_strings.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ERR_LOAD_CRYPTO_STRINGS 3" .TH ERR_LOAD_CRYPTO_STRINGS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \- load and free error strings .SH "SYNOPSIS" .IX Header "SYNOPSIS" Deprecated: .PP .Vb 1 \& #include \& \& #if OPENSSL_API_COMPAT < 0x10100000L \& void ERR_load_crypto_strings(void); \& void ERR_free_strings(void); \& #endif \& \& #include \& \& #if OPENSSL_API_COMPAT < 0x10100000L \& void SSL_load_error_strings(void); \& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBERR_load_crypto_strings()\fR registers the error strings for all \&\fBlibcrypto\fR functions. \fBSSL_load_error_strings()\fR does the same, but also registers the \fBlibssl\fR error strings. .PP In versions prior to OpenSSL 1.1.0, \&\fBERR_free_strings()\fR releases any resources created by the above functions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBERR_load_crypto_strings()\fR, \fBSSL_load_error_strings()\fR and \&\fBERR_free_strings()\fR return no values. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_error_string\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBERR_load_crypto_strings()\fR, \fBSSL_load_error_strings()\fR, and \&\fBERR_free_strings()\fR functions were deprecated in OpenSSL 1.1.0 by \&\fBOPENSSL_init_crypto()\fR and \fBOPENSSL_init_ssl()\fR and should not be used. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!23ASN1_STRING_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ASN1_STRING_NEW 3" .TH ASN1_STRING_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- ASN1_STRING allocation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& ASN1_STRING * ASN1_STRING_new(void); \& ASN1_STRING * ASN1_STRING_type_new(int type); \& void ASN1_STRING_free(ASN1_STRING *a); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type is undefined. .PP \&\fBASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of type \fBtype\fR. .PP \&\fBASN1_STRING_free()\fR frees up \fBa\fR. If \fBa\fR is \s-1NULL\s0 nothing is done. .SH "NOTES" .IX Header "NOTES" Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example \&\fBASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASN1_STRING_new()\fR and \fBASN1_STRING_type_new()\fR return a valid \&\s-1ASN1_STRING\s0 structure or \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBASN1_STRING_free()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!Hs;; RSA_print.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RSA_PRINT 3" .TH RSA_PRINT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RSA_print, RSA_print_fp, DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, DHparams_print, DHparams_print_fp \- print cryptographic parameters .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int RSA_print(BIO *bp, RSA *x, int offset); \& int RSA_print_fp(FILE *fp, RSA *x, int offset); \& \& #include \& \& int DSAparams_print(BIO *bp, DSA *x); \& int DSAparams_print_fp(FILE *fp, DSA *x); \& int DSA_print(BIO *bp, DSA *x, int offset); \& int DSA_print_fp(FILE *fp, DSA *x, int offset); \& \& #include \& \& int DHparams_print(BIO *bp, DH *x); \& int DHparams_print_fp(FILE *fp, DH *x); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A human-readable hexadecimal output of the components of the \s-1RSA\s0 key, \s-1DSA\s0 parameters or key or \s-1DH\s0 parameters is printed to \fBbp\fR or \fBfp\fR. .PP The output lines are indented by \fBoffset\fR spaces. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return 1 on success, 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBN_bn2bin\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!̠SSL_SESSION_get_time.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_TIME 3" .TH SSL_SESSION_GET_TIME 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_set_timeout, SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout \&\- retrieve and manipulate session time and timeout settings .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_SESSION_get_time(const SSL_SESSION *s); \& long SSL_SESSION_set_time(SSL_SESSION *s, long tm); \& long SSL_SESSION_get_timeout(const SSL_SESSION *s); \& long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm); \& \& long SSL_get_time(const SSL_SESSION *s); \& long SSL_set_time(SSL_SESSION *s, long tm); \& long SSL_get_timeout(const SSL_SESSION *s); \& long SSL_set_timeout(SSL_SESSION *s, long tm); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_SESSION_get_time()\fR returns the time at which the session \fBs\fR was established. The time is given in seconds since the Epoch and therefore compatible to the time delivered by the \fBtime()\fR call. .PP \&\fBSSL_SESSION_set_time()\fR replaces the creation time of the session \fBs\fR with the chosen value \fBtm\fR. .PP \&\fBSSL_SESSION_get_timeout()\fR returns the timeout value set for session \fBs\fR in seconds. .PP \&\fBSSL_SESSION_set_timeout()\fR sets the timeout value for session \fBs\fR in seconds to \fBtm\fR. .PP The \fBSSL_get_time()\fR, \fBSSL_set_time()\fR, \fBSSL_get_timeout()\fR, and \fBSSL_set_timeout()\fR functions are synonyms for the SSL_SESSION_*() counterparts. .SH "NOTES" .IX Header "NOTES" Sessions are expired by examining the creation time and the timeout value. Both are set at creation time of the session to the actual time and the default timeout value at creation, respectively, as set by \&\fBSSL_CTX_set_timeout\fR\|(3). Using these functions it is possible to extend or shorten the lifetime of the session. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_SESSION_get_time()\fR and \fBSSL_SESSION_get_timeout()\fR return the currently valid values. .PP \&\fBSSL_SESSION_set_time()\fR and \fBSSL_SESSION_set_timeout()\fR return 1 on success. .PP If any of the function is passed the \s-1NULL\s0 pointer for the session \fBs\fR, 0 is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_timeout\fR\|(3), \&\fBSSL_get_default_timeout\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!q+CMS_get0_type.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CMS_GET0_TYPE 3" .TH CMS_GET0_TYPE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content \- get and set CMS content types and content .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); \& int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); \& const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); \& ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBCMS_get0_type()\fR returns the content type of a CMS_ContentInfo structure as an \s-1ASN1_OBJECT\s0 pointer. An application can then decide how to process the CMS_ContentInfo structure based on this value. .PP \&\fBCMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo structure. It should be called with \s-1CMS\s0 functions (such as CMS_sign, CMS_encrypt) with the \fB\s-1CMS_PARTIAL\s0\fR flag and \fBbefore\fR the structure is finalised, otherwise the results are undefined. .PP \&\s-1ASN1_OBJECT\s0 *\fBCMS_get0_eContentType()\fR returns a pointer to the embedded content type. .PP \&\fBCMS_get0_content()\fR returns a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR pointer containing the embedded content. .SH "NOTES" .IX Header "NOTES" As the \fB0\fR implies \fBCMS_get0_type()\fR, \fBCMS_get0_eContentType()\fR and \&\fBCMS_get0_content()\fR return internal pointers which should \fBnot\fR be freed up. \&\fBCMS_set1_eContentType()\fR copies the supplied \s-1OID\s0 and it \fBshould\fR be freed up after use. .PP The \fB\s-1ASN1_OBJECT\s0\fR values returned can be converted to an integer \fB\s-1NID\s0\fR value using \fBOBJ_obj2nid()\fR. For the currently supported content types the following values are returned: .PP .Vb 6 \& NID_pkcs7_data \& NID_pkcs7_signed \& NID_pkcs7_digest \& NID_id_smime_ct_compressedData: \& NID_pkcs7_encrypted \& NID_pkcs7_enveloped .Ve .PP The return value of \fBCMS_get0_content()\fR is a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR content pointer. That means that for example: .PP .Vb 1 \& ASN1_OCTET_STRING **pconf = CMS_get0_content(cms); .Ve .PP \&\fB*pconf\fR could be \s-1NULL\s0 if there is no embedded content. Applications can access, modify or create the embedded content in a \fBCMS_ContentInfo\fR structure using this function. Applications usually will not need to modify the embedded content as it is normally set by higher level functions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_get0_type()\fR and \fBCMS_get0_eContentType()\fR return an \s-1ASN1_OBJECT\s0 structure. .PP \&\fBCMS_set1_eContentType()\fR returns 1 for success or 0 if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!x22PKCS12_parse.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PKCS12_PARSE 3" .TH PKCS12_PARSE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" PKCS12_parse \- parse a PKCS#12 structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, \& STACK_OF(X509) **ca); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure. .PP \&\fBp12\fR is the \fB\s-1PKCS12\s0\fR structure to parse. \fBpass\fR is the passphrase to use. If successful the private key will be written to \fB*pkey\fR, the corresponding certificate to \fB*cert\fR and any additional certificates to \fB*ca\fR. .SH "NOTES" .IX Header "NOTES" The parameters \fBpkey\fR and \fBcert\fR cannot be \fB\s-1NULL\s0\fR. \fBca\fR can be <\s-1NULL\s0> in which case additional certificates will be discarded. \fB*ca\fR can also be a valid \s-1STACK\s0 in which case additional certificates are appended to \fB*ca\fR. If \&\fB*ca\fR is \fB\s-1NULL\s0\fR a new \s-1STACK\s0 will be allocated. .PP The \fBfriendlyName\fR and \fBlocalKeyID\fR attributes (if present) on each certificate will be stored in the \fBalias\fR and \fBkeyid\fR attributes of the \&\fBX509\fR structure. .PP The parameter \fBpass\fR is interpreted as a string in the \s-1UTF\-8\s0 encoding. If it is not valid \s-1UTF\-8,\s0 then it is assumed to be \s-1ISO8859\-1\s0 instead. .PP In particular, this means that passwords in the locale character set (or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before use. This may include passwords from local text files, or input from the terminal or command line. Refer to the documentation of \&\fBUI_OpenSSL\fR\|(3), for example. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPKCS12_parse()\fR returns 1 for success and zero if an error occurred. .PP The error can be obtained from \fBERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" Only a single private key and corresponding certificate is returned by this function. More complex PKCS#12 files with multiple private keys will only return the first match. .PP Only \fBfriendlyName\fR and \fBlocalKeyID\fR attributes are currently stored in certificates. Other attributes are discarded. .PP Attributes currently cannot be stored in the private key \fB\s-1EVP_PKEY\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_PKCS12\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!'00BIO_s_connect.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_S_CONNECT 3" .TH BIO_S_CONNECT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_set_conn_address, BIO_get_conn_address, BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port, BIO_set_conn_ip_family, BIO_get_conn_ip_family, BIO_get_conn_hostname, BIO_get_conn_port, BIO_set_nbio, BIO_do_connect \- connect BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const BIO_METHOD * BIO_s_connect(void); \& \& BIO *BIO_new_connect(char *name); \& \& long BIO_set_conn_hostname(BIO *b, char *name); \& long BIO_set_conn_port(BIO *b, char *port); \& long BIO_set_conn_address(BIO *b, BIO_ADDR *addr); \& long BIO_set_conn_ip_family(BIO *b, long family); \& const char *BIO_get_conn_hostname(BIO *b); \& const char *BIO_get_conn_port(BIO *b); \& const BIO_ADDR *BIO_get_conn_address(BIO *b); \& const long BIO_get_conn_ip_family(BIO *b); \& \& long BIO_set_nbio(BIO *b, long n); \& \& int BIO_do_connect(BIO *b); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper round the platform's \s-1TCP/IP\s0 socket connection routines. .PP Using connect BIOs, \s-1TCP/IP\s0 connections can be made and data transferred using only \s-1BIO\s0 routines. In this way any platform specific operations are hidden by the \s-1BIO\s0 abstraction. .PP Read and write operations on a connect \s-1BIO\s0 will perform I/O on the underlying connection. If no connection is established and the port and hostname (see below) is set up properly then a connection is established first. .PP Connect BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR. .PP If the close flag is set on a connect \s-1BIO\s0 then any active connection is shutdown and the socket closed when the \s-1BIO\s0 is freed. .PP Calling \fBBIO_reset()\fR on a connect \s-1BIO\s0 will close any active connection and reset the \s-1BIO\s0 into a state where it can connect to the same host again. .PP \&\fBBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL,\s0 it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). .PP \&\fBBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname. The hostname can be an \s-1IP\s0 address; if the address is an IPv6 one, it must be enclosed with brackets. The hostname can also include the port in the form hostname:port. .PP \&\fBBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the numerical form or a string such as \*(L"http\*(R". A string will be looked up first using \fBgetservbyname()\fR on the host platform but if that fails a standard table of port names will be used. This internal list is http, telnet, socks, https, ssl, ftp, and gopher. .PP \&\fBBIO_set_conn_address()\fR sets the address and port information using a \s-1\fBBIO_ADDR\s0\fR\|(3ssl). .PP \&\fBBIO_set_conn_ip_family()\fR sets the \s-1IP\s0 family. .PP \&\fBBIO_get_conn_hostname()\fR returns the hostname of the connect \s-1BIO\s0 or \&\s-1NULL\s0 if the \s-1BIO\s0 is initialized but no hostname is set. This return value is an internal pointer which should not be modified. .PP \&\fBBIO_get_conn_port()\fR returns the port as a string. This return value is an internal pointer which should not be modified. .PP \&\fBBIO_get_conn_address()\fR returns the address information as a \s-1BIO_ADDR.\s0 This return value is an internal pointer which should not be modified. .PP \&\fBBIO_get_conn_ip_family()\fR returns the \s-1IP\s0 family of the connect \s-1BIO.\s0 .PP \&\fBBIO_set_nbio()\fR sets the non blocking I/O flag to \fBn\fR. If \fBn\fR is zero then blocking I/O is set. If \fBn\fR is 1 then non blocking I/O is set. Blocking I/O is the default. The call to \fBBIO_set_nbio()\fR should be made before the connection is established because non blocking I/O is set during the connect process. .PP \&\fBBIO_new_connect()\fR combines \fBBIO_new()\fR and \fBBIO_set_conn_hostname()\fR into a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR. .PP \&\fBBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 It returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established, the call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs to determine if the call should be retried. .SH "NOTES" .IX Header "NOTES" If blocking I/O is set then a non positive return value from any I/O call is caused by an error condition, although a zero return will normally mean that the connection was closed. .PP If the port name is supplied as part of the hostname then this will override any value set with \fBBIO_set_conn_port()\fR. This may be undesirable if the application does not wish to allow connection to arbitrary ports. This can be avoided by checking for the presence of the ':' character in the passed hostname and either indicating an error or truncating the string at that point. .PP The values returned by \fBBIO_get_conn_hostname()\fR, \fBBIO_get_conn_address()\fR, and \fBBIO_get_conn_port()\fR are updated when a connection attempt is made. Before any connection attempt the values returned are those set by the application itself. .PP Applications do not have to call \fBBIO_do_connect()\fR but may wish to do so to separate the connection process from other I/O processing. .PP If non blocking I/O is set then retries will be requested as appropriate. .PP It addition to \fBBIO_should_read()\fR and \fBBIO_should_write()\fR it is also possible for \fBBIO_should_io_special()\fR to be true during the initial connection process with the reason \s-1BIO_RR_CONNECT.\s0 If this is returned then this is an indication that a connection attempt would block, the application should then take appropriate action to wait until the underlying socket has connected and retry the call. .PP \&\fBBIO_set_conn_hostname()\fR, \fBBIO_set_conn_port()\fR, \fBBIO_get_conn_hostname()\fR, \&\fBBIO_set_conn_address()\fR, \fBBIO_get_conn_port()\fR, \fBBIO_get_conn_address()\fR, \&\fBBIO_set_conn_ip_family()\fR, \fBBIO_get_conn_ip_family()\fR, \&\fBBIO_set_nbio()\fR, and \fBBIO_do_connect()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. .PP \&\fBBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not been initialized. .PP \&\fBBIO_set_conn_address()\fR, \fBBIO_set_conn_port()\fR, and \fBBIO_set_conn_ip_family()\fR always return 1. .PP \&\fBBIO_set_conn_hostname()\fR returns 1 on success and 0 on failure. .PP \&\fBBIO_get_conn_address()\fR returns the address information or \s-1NULL\s0 if none was set. .PP \&\fBBIO_get_conn_hostname()\fR returns the connected hostname or \s-1NULL\s0 if none was set. .PP \&\fBBIO_get_conn_ip_family()\fR returns the address family or \-1 if none was set. .PP \&\fBBIO_get_conn_port()\fR returns a string representing the connected port or \s-1NULL\s0 if not set. .PP \&\fBBIO_set_nbio()\fR always returns 1. .PP \&\fBBIO_do_connect()\fR returns 1 if the connection was successfully established and 0 or \-1 if the connection failed. .SH "EXAMPLES" .IX Header "EXAMPLES" This is example connects to a webserver on the local host and attempts to retrieve a page and copy the result to standard output. .PP .Vb 3 \& BIO *cbio, *out; \& int len; \& char tmpbuf[1024]; \& \& cbio = BIO_new_connect("localhost:http"); \& out = BIO_new_fp(stdout, BIO_NOCLOSE); \& if (BIO_do_connect(cbio) <= 0) { \& fprintf(stderr, "Error connecting to server\en"); \& ERR_print_errors_fp(stderr); \& exit(1); \& } \& BIO_puts(cbio, "GET / HTTP/1.0\en\en"); \& for (;;) { \& len = BIO_read(cbio, tmpbuf, 1024); \& if (len <= 0) \& break; \& BIO_write(out, tmpbuf, len); \& } \& BIO_free(cbio); \& BIO_free(out); .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\s-1\fBBIO_ADDR\s0\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBBIO_set_conn_int_port()\fR, \fBBIO_get_conn_int_port()\fR, \fBBIO_set_conn_ip()\fR, and \fBBIO_get_conn_ip()\fR were removed in OpenSSL 1.1.0. Use \fBBIO_set_conn_address()\fR and \fBBIO_get_conn_address()\fR instead. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!PeN[3[3SSL_CTX_set_session_ticket_cb.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SESSION_TICKET_CB 3" .TH SSL_CTX_SET_SESSION_TICKET_CB 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_session_ticket_cb, SSL_SESSION_get0_ticket_appdata, SSL_SESSION_set1_ticket_appdata, SSL_CTX_generate_session_ticket_fn, SSL_CTX_decrypt_session_ticket_fn \- manage session ticket application data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); \& typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, \& const unsigned char *keyname, \& size_t keyname_len, \& SSL_TICKET_STATUS status, \& void *arg); \& int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, \& SSL_CTX_generate_session_ticket_fn gen_cb, \& SSL_CTX_decrypt_session_ticket_fn dec_cb, \& void *arg); \& int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); \& int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_set_session_ticket_cb()\fR sets the application callbacks \fBgen_cb\fR and \fBdec_cb\fR that are used by a server to set and get application data stored with a session, and placed into a session ticket. Either callback function may be set to \s-1NULL.\s0 The value of \fBarg\fR is passed to the callbacks. .PP \&\fBgen_cb\fR is the application defined callback invoked when a session ticket is about to be created. The application can call \fBSSL_SESSION_set1_ticket_appdata()\fR at this time to add application data to the session ticket. The value of \fBarg\fR is the same as that given to \fBSSL_CTX_set_session_ticket_cb()\fR. The \fBgen_cb\fR callback is defined as type \fBSSL_CTX_generate_session_ticket_fn\fR. .PP \&\fBdec_cb\fR is the application defined callback invoked after session ticket decryption has been attempted and any session ticket application data is available. If ticket decryption was successful then the \fBss\fR argument contains the session data. The \fBkeyname\fR and \fBkeyname_len\fR arguments identify the key used to decrypt the session ticket. The \fBstatus\fR argument is the result of the ticket decryption. See the \s-1NOTES\s0 section below for further details. The value of \fBarg\fR is the same as that given to \fBSSL_CTX_set_session_ticket_cb()\fR. The \&\fBdec_cb\fR callback is defined as type \fBSSL_CTX_decrypt_session_ticket_fn\fR. .PP \&\fBSSL_SESSION_set1_ticket_appdata()\fR sets the application data specified by \&\fBdata\fR and \fBlen\fR into \fBss\fR which is then placed into any generated session tickets. It can be called at any time before a session ticket is created to update the data placed into the session ticket. However, given that sessions and tickets are created by the handshake, the \fBgen_cb\fR is provided to notify the application that a session ticket is about to be generated. .PP \&\fBSSL_SESSION_get0_ticket_appdata()\fR assigns \fBdata\fR to the session ticket application data and assigns \fBlen\fR to the length of the session ticket application data from \fBss\fR. The application data can be set via \&\fBSSL_SESSION_set1_ticket_appdata()\fR or by a session ticket. \s-1NULL\s0 will be assigned to \fBdata\fR and 0 will be assigned to \fBlen\fR if there is no session ticket application data. \fBSSL_SESSION_get0_ticket_appdata()\fR can be called any time after a session has been created. The \fBdec_cb\fR is provided to notify the application that a session ticket has just been decrypted. .SH "NOTES" .IX Header "NOTES" When the \fBdec_cb\fR callback is invoked, the \s-1SSL_SESSION\s0 \fBss\fR has not yet been assigned to the \s-1SSL\s0 \fBs\fR. The \fBstatus\fR indicates the result of the ticket decryption. The callback must check the \fBstatus\fR value before performing any action, as it is called even if ticket decryption fails. .PP The \fBkeyname\fR and \fBkeyname_len\fR arguments to \fBdec_cb\fR may be used to identify the key that was used to encrypt the session ticket. .PP The \fBstatus\fR argument can be any of these values: .IP "\s-1SSL_TICKET_EMPTY\s0" 4 .IX Item "SSL_TICKET_EMPTY" Empty ticket present. No ticket data will be used and a new ticket should be sent to the client. This only occurs in TLSv1.2 or below. In TLSv1.3 it is not valid for a client to send an empty ticket. .IP "\s-1SSL_TICKET_NO_DECRYPT\s0" 4 .IX Item "SSL_TICKET_NO_DECRYPT" The ticket couldn't be decrypted. No ticket data will be used and a new ticket should be sent to the client. .IP "\s-1SSL_TICKET_SUCCESS\s0" 4 .IX Item "SSL_TICKET_SUCCESS" A ticket was successfully decrypted, any session ticket application data should be available. A new ticket should not be sent to the client. .IP "\s-1SSL_TICKET_SUCCESS_RENEW\s0" 4 .IX Item "SSL_TICKET_SUCCESS_RENEW" Same as \fB\s-1SSL_TICKET_SUCCESS\s0\fR, but a new ticket should be sent to the client. .PP The return value can be any of these values: .IP "\s-1SSL_TICKET_RETURN_ABORT\s0" 4 .IX Item "SSL_TICKET_RETURN_ABORT" The handshake should be aborted, either because of an error or because of some policy. Note that in TLSv1.3 a client may send more than one ticket in a single handshake. Therefore, just because one ticket is unacceptable it does not mean that all of them are. For this reason this option should be used with caution. .IP "\s-1SSL_TICKET_RETURN_IGNORE\s0" 4 .IX Item "SSL_TICKET_RETURN_IGNORE" Do not use a ticket (if one was available). Do not send a renewed ticket to the client. .IP "\s-1SSL_TICKET_RETURN_IGNORE_RENEW\s0" 4 .IX Item "SSL_TICKET_RETURN_IGNORE_RENEW" Do not use a ticket (if one was available). Send a renewed ticket to the client. .Sp If the callback does not wish to change the default ticket behaviour then it should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_EMPTY\s0\fR or \&\fB\s-1SSL_TICKET_NO_DECRYPT\s0\fR. .IP "\s-1SSL_TICKET_RETURN_USE\s0" 4 .IX Item "SSL_TICKET_RETURN_USE" Use the ticket. Do not send a renewed ticket to the client. It is an error for the callback to return this value if \fBstatus\fR has a value other than \&\fB\s-1SSL_TICKET_SUCCESS\s0\fR or \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. .Sp If the callback does not wish to change the default ticket behaviour then it should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_SUCCESS\s0\fR. .IP "\s-1SSL_TICKET_RETURN_USE_RENEW\s0" 4 .IX Item "SSL_TICKET_RETURN_USE_RENEW" Use the ticket. Send a renewed ticket to the client. It is an error for the callback to return this value if \fBstatus\fR has a value other than \&\fB\s-1SSL_TICKET_SUCCESS\s0\fR or \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. .Sp If the callback does not wish to change the default ticket behaviour then it should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. .PP If \fBstatus\fR has the value \fB\s-1SSL_TICKET_EMPTY\s0\fR or \fB\s-1SSL_TICKET_NO_DECRYPT\s0\fR then no session data will be available and the callback must not use the \fBss\fR argument. If \fBstatus\fR has the value \fB\s-1SSL_TICKET_SUCCESS\s0\fR or \&\fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR then the application can call \&\fBSSL_SESSION_get0_ticket_appdata()\fR using the session provided in the \fBss\fR argument to retrieve the application data. .PP When the \fBgen_cb\fR callback is invoked, the \fBSSL_get_session()\fR function can be used to retrieve the \s-1SSL_SESSION\s0 for \fBSSL_SESSION_set1_ticket_appdata()\fR. .PP By default, in TLSv1.2 and below, a new session ticket is not issued on a successful resumption and therefore \fBgen_cb\fR will not be called. In TLSv1.3 the default behaviour is to always issue a new ticket on resumption. In both cases this behaviour can be changed if a ticket key callback is in use (see \&\fBSSL_CTX_set_tlsext_ticket_key_cb\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The \fBSSL_CTX_set_session_ticket_cb()\fR, \fBSSL_SESSION_set1_ticket_appdata()\fR and \&\fBSSL_SESSION_get0_ticket_appdata()\fR functions return 1 on success and 0 on failure. .PP The \fBgen_cb\fR callback must return 1 to continue the connection. A return of 0 will terminate the connection with an \s-1INTERNAL_ERROR\s0 alert. .PP The \fBdec_cb\fR callback must return a value as described in \s-1NOTES\s0 above. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_get_session\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_CTX_set_session_ticket_cb()\fR, \fBSSL_SESSION_set1_ticket_appdata()\fR and \fBSSL_SESSION_get_ticket_appdata()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!Q))EVP_PKEY_CTX_set_hkdf_md.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_HKDF_MD 3" .TH EVP_PKEY_CTX_SET_HKDF_MD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt, EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info, EVP_PKEY_CTX_hkdf_mode \- HMAC\-based Extract\-and\-Expand key derivation algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *pctx, int mode); \& \& int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); \& \& int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *pctx, unsigned char *salt, \& int saltlen); \& \& int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *pctx, unsigned char *key, \& int keylen); \& \& int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *pctx, unsigned char *info, \& int infolen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1EVP_PKEY_HKDF\s0 algorithm implements the \s-1HKDF\s0 key derivation function. \&\s-1HKDF\s0 follows the \*(L"extract-then-expand\*(R" paradigm, where the \s-1KDF\s0 logically consists of two modules. The first stage takes the input keying material and \*(L"extracts\*(R" from it a fixed-length pseudorandom key K. The second stage \&\*(L"expands\*(R" the key K into several additional pseudorandom keys (the output of the \s-1KDF\s0). .PP \&\fBEVP_PKEY_CTX_hkdf_mode()\fR sets the mode for the \s-1HKDF\s0 operation. There are three modes that are currently defined: .IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND\s0" 4 .IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND" This is the default mode. Calling \fBEVP_PKEY_derive\fR\|(3) on an \s-1EVP_PKEY_CTX\s0 set up for \s-1HKDF\s0 will perform an extract followed by an expand operation in one go. The derived key returned will be the result after the expand operation. The intermediate fixed-length pseudorandom key K is not returned. .Sp In this mode the digest, key, salt and info values must be set before a key is derived or an error occurs. .IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY\s0" 4 .IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY" In this mode calling \fBEVP_PKEY_derive\fR\|(3) will just perform the extract operation. The value returned will be the intermediate fixed-length pseudorandom key K. .Sp The digest, key and salt values must be set before a key is derived or an error occurs. .IP "\s-1EVP_PKEY_HKDEF_MODE_EXPAND_ONLY\s0" 4 .IX Item "EVP_PKEY_HKDEF_MODE_EXPAND_ONLY" In this mode calling \fBEVP_PKEY_derive\fR\|(3) will just perform the expand operation. The input key should be set to the intermediate fixed-length pseudorandom key K returned from a previous extract operation. .Sp The digest, key and info values must be set before a key is derived or an error occurs. .PP \&\fBEVP_PKEY_CTX_set_hkdf_md()\fR sets the message digest associated with the \s-1HKDF.\s0 .PP \&\fBEVP_PKEY_CTX_set1_hkdf_salt()\fR sets the salt to \fBsaltlen\fR bytes of the buffer \fBsalt\fR. Any existing value is replaced. .PP \&\fBEVP_PKEY_CTX_set1_hkdf_key()\fR sets the key to \fBkeylen\fR bytes of the buffer \&\fBkey\fR. Any existing value is replaced. .PP \&\fBEVP_PKEY_CTX_add1_hkdf_info()\fR sets the info value to \fBinfolen\fR bytes of the buffer \fBinfo\fR. If a value is already set, it is appended to the existing value. .SH "STRING CTRLS" .IX Header "STRING CTRLS" \&\s-1HKDF\s0 also supports string based control operations via \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest algorithm to use. The \fBtype\fR parameter \*(L"mode\*(R" uses the values \*(L"\s-1EXTRACT_AND_EXPAND\*(R", \&\*(L"EXTRACT_ONLY\*(R"\s0 and \*(L"\s-1EXPAND_ONLY\*(R"\s0 to determine the mode to use. The \fBtype\fR parameters \*(L"salt\*(R", \*(L"key\*(R" and \*(L"info\*(R" use the supplied \fBvalue\fR parameter as a \fBseed\fR, \fBkey\fR or \fBinfo\fR value. The names \*(L"hexsalt\*(R", \*(L"hexkey\*(R" and \*(L"hexinfo\*(R" are similar except they take a hex string which is converted to binary. .SH "NOTES" .IX Header "NOTES" All these functions are implemented as macros. .PP A context for \s-1HKDF\s0 can be obtained by calling: .PP .Vb 1 \& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); .Ve .PP The total length of the info buffer cannot exceed 1024 bytes in length: this should be more than enough for any normal use of \s-1HKDF.\s0 .PP The output length of an \s-1HKDF\s0 expand operation is specified via the length parameter to the \fBEVP_PKEY_derive\fR\|(3) function. Since the \s-1HKDF\s0 output length is variable, passing a \fB\s-1NULL\s0\fR buffer as a means to obtain the requisite length is not meaningful with \s-1HKDF\s0 in any mode that performs an expand operation. Instead, the caller must allocate a buffer of the desired length, and pass that buffer to \fBEVP_PKEY_derive\fR\|(3) along with (a pointer initialized to) the desired length. Passing a \fB\s-1NULL\s0\fR buffer to obtain the length is allowed when using \s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY.\s0 .PP Optimised versions of \s-1HKDF\s0 can be implemented in an \s-1ENGINE.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" All these functions return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLES" .IX Header "EXAMPLES" This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R", salt value \*(L"salt\*(R" and info value \*(L"label\*(R": .PP .Vb 4 \& EVP_PKEY_CTX *pctx; \& unsigned char out[10]; \& size_t outlen = sizeof(out); \& pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); \& \& if (EVP_PKEY_derive_init(pctx) <= 0) \& /* Error */ \& if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) \& /* Error */ \& if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0) \& /* Error */ \& if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0) \& /* Error */ \& if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 5) <= 0) \& /* Error */ \& if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) \& /* Error */ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1RFC 5869\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!񫅝&& CMS_sign.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CMS_SIGN 3" .TH CMS_SIGN 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CMS_sign \- create a CMS SignedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, \& BIO *data, unsigned int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBCMS_sign()\fR creates and returns a \s-1CMS\s0 SignedData structure. \fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponding private key. \&\fBcerts\fR is an optional additional set of certificates to include in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain). Any or all of these parameters can be \fB\s-1NULL\s0\fR, see \fB\s-1NOTES\s0\fR below. .PP The data to be signed is read from \s-1BIO\s0 \fBdata\fR. .PP \&\fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" Any of the following flags (ored together) can be passed in the \fBflags\fR parameter. .PP Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended to the data. .PP If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the CMS_ContentInfo structure, the signer's certificate must still be supplied in the \fBsigncert\fR parameter though. This can reduce the size of the signature if the signers certificate can be obtained by other means: for example a previously signed message. .PP The data being signed is included in the CMS_ContentInfo structure, unless \&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is used for CMS_ContentInfo detached signatures which are used in S/MIME plaintext signed messages for example. .PP Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. .PP The SignedData structure includes several \s-1CMS\s0 signedAttributes including the signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are omitted. .PP If present the SMIMECapabilities attribute indicates support for the following algorithms in preference order: 256 bit \s-1AES,\s0 Gost R3411\-94, Gost 28147\-89, 192 bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is not loaded. .PP OpenSSL will by default identify signing certificates using issuer name and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key identifier value instead. An error occurs if the signing certificate does not have a subject key identifier extension. .PP If the flags \fB\s-1CMS_STREAM\s0\fR is set then the returned \fBCMS_ContentInfo\fR structure is just initialized ready to perform the signing operation. The signing is however \fBnot\fR performed and the data to be signed is not read from the \fBdata\fR parameter. Signing is deferred until after the data has been written. In this way data can be signed in a single pass. .PP If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is output to which additional signers and capabilities can be added before finalization. .PP If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is \&\fBnot\fR complete and outputting its contents via a function that does not properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable results. .PP Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, \&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using \&\fBBIO_new_CMS()\fR. .PP If a signer is specified it will use the default digest for the signing algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. .PP If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only \s-1CMS\s0 structure is output. .PP The function \fBCMS_sign()\fR is a basic \s-1CMS\s0 signing function whose output will be suitable for many purposes. For finer control of the output format the \&\fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be \fB\s-1NULL\s0\fR and the \&\fB\s-1CMS_PARTIAL\s0\fR flag set. Then one or more signers can be added using the function \fBCMS_add1_signer()\fR, non default digests can be used and custom attributes added. \fBCMS_final()\fR must then be called to finalize the structure if streaming is not enabled. .SH "BUGS" .IX Header "BUGS" Some attributes such as counter signatures are not supported. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_sign()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fB\s-1CMS_STREAM\s0\fR flag is only supported for detached data in OpenSSL 0.9.8, it is supported for embedded data in OpenSSL 1.0.0 and later. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!b!crSSL_CTX_set_cert_store.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CERT_STORE 3" .TH SSL_CTX_SET_CERT_STORE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); \& void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store); \& X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_cert_store()\fR sets/replaces the certificate verification storage of \fBctx\fR to/with \fBstore\fR. If another X509_STORE object is currently set in \fBctx\fR, it will be \fBX509_STORE_free()\fRed. .PP \&\fBSSL_CTX_set1_cert_store()\fR sets/replaces the certificate verification storage of \fBctx\fR to/with \fBstore\fR. The \fBstore\fR's reference count is incremented. If another X509_STORE object is currently set in \fBctx\fR, it will be \fBX509_STORE_free()\fRed. .PP \&\fBSSL_CTX_get_cert_store()\fR returns a pointer to the current certificate verification storage. .SH "NOTES" .IX Header "NOTES" In order to verify the certificates presented by the peer, trusted \s-1CA\s0 certificates must be accessed. These \s-1CA\s0 certificates are made available via lookup methods, handled inside the X509_STORE. From the X509_STORE the X509_STORE_CTX used when verifying certificates is created. .PP Typically the trusted certificate store is handled indirectly via using \&\fBSSL_CTX_load_verify_locations\fR\|(3). Using the \fBSSL_CTX_set_cert_store()\fR and \fBSSL_CTX_get_cert_store()\fR functions it is possible to manipulate the X509_STORE object beyond the \&\fBSSL_CTX_load_verify_locations\fR\|(3) call. .PP Currently no detailed documentation on how to use the X509_STORE object is available. Not all members of the X509_STORE are used when the verification takes place. So will e.g. the \fBverify_callback()\fR be overridden with the \fBverify_callback()\fR set via the \&\fBSSL_CTX_set_verify\fR\|(3) family of functions. This document must therefore be updated when documentation about the X509_STORE object and its handling becomes available. .PP \&\fBSSL_CTX_set_cert_store()\fR does not increment the \fBstore\fR's reference count, so it should not be used to assign an X509_STORE that is owned by another \s-1SSL_CTX.\s0 .PP To share X509_STOREs between two SSL_CTXs, use \fBSSL_CTX_get_cert_store()\fR to get the X509_STORE from the first \s-1SSL_CTX,\s0 and then use \&\fBSSL_CTX_set1_cert_store()\fR to assign to the second \s-1SSL_CTX\s0 and increment the reference count of the X509_STORE. .SH "RESTRICTIONS" .IX Header "RESTRICTIONS" The X509_STORE structure used by an \s-1SSL_CTX\s0 is used for verifying peer certificates and building certificate chains, it is also shared by every child \s-1SSL\s0 structure. Applications wanting finer control can use functions such as \fBSSL_CTX_set1_verify_cert_store()\fR instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_cert_store()\fR does not return diagnostic output. .PP \&\fBSSL_CTX_set1_cert_store()\fR does not return diagnostic output. .PP \&\fBSSL_CTX_get_cert_store()\fR returns the current setting. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_load_verify_locations\fR\|(3), \&\fBSSL_CTX_set_verify\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!%-۩##PKCS7_sign_add_signer.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PKCS7_SIGN_ADD_SIGNER 3" .TH PKCS7_SIGN_ADD_SIGNER 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" PKCS7_sign_add_signer, PKCS7_add_certificate, PKCS7_add_crl \- add information to PKCS7 structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, \& EVP_PKEY *pkey, const EVP_MD *md, int flags); \& int PKCS7_add_certificate(PKCS7 *p7, X509 *cert); \& int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBPKCS7_sign_add_signer()\fR adds a signer with certificate \fIsigncert\fR and private key \fIpkey\fR using message digest \fImd\fR to a \s-1PKCS7\s0 signed data structure \fIp7\fR. .PP The \fB\s-1PKCS7\s0\fR structure should be obtained from an initial call to \fBPKCS7_sign()\fR with the flag \fB\s-1PKCS7_PARTIAL\s0\fR set or in the case or re-signing a valid PKCS#7 signed data structure. .PP If the \fImd\fR parameter is \s-1NULL\s0 then the default digest for the public key algorithm will be used. .PP Unless the \fB\s-1PKCS7_REUSE_DIGEST\s0\fR flag is set the returned \fB\s-1PKCS7\s0\fR structure is not complete and must be finalized either by streaming (if applicable) or a call to \fBPKCS7_final()\fR. .SH "NOTES" .IX Header "NOTES" The main purpose of this function is to provide finer control over a PKCS#7 signed data structure where the simpler \fBPKCS7_sign()\fR function defaults are not appropriate. For example if multiple signers or non default digest algorithms are needed. .PP Any of the following flags (ored together) can be passed in the \fIflags\fR parameter. .PP If \fB\s-1PKCS7_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content digest value from the \fB\s-1PKCS7\s0\fR structure: to add a signer to an existing structure. An error occurs if a matching digest value cannot be found to copy. The returned \fB\s-1PKCS7\s0\fR structure will be valid and finalized when this flag is set. .PP If \fB\s-1PKCS7_PARTIAL\s0\fR is set in addition to \fB\s-1PKCS7_REUSE_DIGEST\s0\fR then the \&\fB\s-1PKCS7_SIGNER_INO\s0\fR structure will not be finalized so additional attributes can be added. In this case an explicit call to \fBPKCS7_SIGNER_INFO_sign()\fR is needed to finalize it. .PP If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the \&\fB\s-1PKCS7\s0\fR structure, the signer's certificate must still be supplied in the \&\fIsigncert\fR parameter though. This can reduce the size of the signature if the signers certificate can be obtained by other means: for example a previously signed message. .PP The signedData structure includes several PKCS#7 authenticatedAttributes including the signing time, the PKCS#7 content type and the supported list of ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are omitted. .PP If present the SMIMECapabilities attribute indicates support for the following algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of these algorithms is disabled then it will not be included. .PP \&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \fB\s-1PKCS7_SIGNER_INFO\s0\fR structure just added, which can be used to set additional attributes before it is finalized. .PP \&\fBPKCS7_add_certificate()\fR adds to the \fB\s-1PKCS7\s0\fR structure \fIp7\fR the certificate \&\fIcert\fR, which may be an end-entity (signer) certificate or a \s-1CA\s0 certificate useful for chain building. This is done internally by \fBPKCS7_sign_ex\fR\|(3) and similar signing functions. It may have to be used before calling \fBPKCS7_verify\fR\|(3) in order to provide any missing certificate(s) needed for verification. .PP \&\fBPKCS7_add_crl()\fR adds the \s-1CRL\s0 \fIcrl\fR to the \fB\s-1PKCS7\s0\fR structure \fIp7\fR. This may be called to provide certificate status information to be included when signing or to use when verifying the \fB\s-1PKCS7\s0\fR structure. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \fB\s-1PKCS7_SIGNER_INFO\s0\fR structure just added or \s-1NULL\s0 if an error occurs. .PP \&\fBPKCS7_add_certificate()\fR and \fBPKCS7_add_crl()\fR return 1 on success, 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBPKCS7_sign_ex\fR\|(3), \&\fBPKCS7_final\fR\|(3), \fBPKCS7_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBPPKCS7_sign_add_signer()\fR function was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2007\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!e+ + X509_EXTENSION_set_object.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_EXTENSION_SET_OBJECT 3" .TH X509_EXTENSION_SET_OBJECT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_EXTENSION_set_object, X509_EXTENSION_set_critical, X509_EXTENSION_set_data, X509_EXTENSION_create_by_NID, X509_EXTENSION_create_by_OBJ, X509_EXTENSION_get_object, X509_EXTENSION_get_critical, X509_EXTENSION_get_data \- extension utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 3 \& int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); \& int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); \& int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); \& \& X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, \& int nid, int crit, \& ASN1_OCTET_STRING *data); \& X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, \& const ASN1_OBJECT *obj, int crit, \& ASN1_OCTET_STRING *data); \& \& ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); \& int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); \& ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_EXTENSION_set_object()\fR sets the extension type of \fBex\fR to \fBobj\fR. The \&\fBobj\fR pointer is duplicated internally so \fBobj\fR should be freed up after use. .PP \&\fBX509_EXTENSION_set_critical()\fR sets the criticality of \fBex\fR to \fBcrit\fR. If \&\fBcrit\fR is zero the extension in non-critical otherwise it is critical. .PP \&\fBX509_EXTENSION_set_data()\fR sets the data in extension \fBex\fR to \fBdata\fR. The \&\fBdata\fR pointer is duplicated internally. .PP \&\fBX509_EXTENSION_create_by_NID()\fR creates an extension of type \fBnid\fR, criticality \fBcrit\fR using data \fBdata\fR. The created extension is returned and written to \fB*ex\fR reusing or allocating a new extension if necessary so \fB*ex\fR should either be \fB\s-1NULL\s0\fR or a valid \fBX509_EXTENSION\fR structure it must \&\fBnot\fR be an uninitialised pointer. .PP \&\fBX509_EXTENSION_create_by_OBJ()\fR is identical to \fBX509_EXTENSION_create_by_NID()\fR except it creates and extension using \fBobj\fR instead of a \s-1NID.\s0 .PP \&\fBX509_EXTENSION_get_object()\fR returns the extension type of \fBex\fR as an \&\fB\s-1ASN1_OBJECT\s0\fR pointer. The returned pointer is an internal value which must not be freed up. .PP \&\fBX509_EXTENSION_get_critical()\fR returns the criticality of extension \fBex\fR it returns \fB1\fR for critical and \fB0\fR for non-critical. .PP \&\fBX509_EXTENSION_get_data()\fR returns the data of extension \fBex\fR. The returned pointer is an internal value which must not be freed up. .SH "NOTES" .IX Header "NOTES" These functions manipulate the contents of an extension directly. Most applications will want to parse or encode and add an extension: they should use the extension encode and decode functions instead such as \&\fBX509_add1_ext_i2d()\fR and \fBX509_get_ext_d2i()\fR. .PP The \fBdata\fR associated with an extension is the extension encoding in an \&\fB\s-1ASN1_OCTET_STRING\s0\fR structure. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_EXTENSION_set_object()\fR \fBX509_EXTENSION_set_critical()\fR and \&\fBX509_EXTENSION_set_data()\fR return \fB1\fR for success and \fB0\fR for failure. .PP \&\fBX509_EXTENSION_create_by_NID()\fR and \fBX509_EXTENSION_create_by_OBJ()\fR return an \fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs. .PP \&\fBX509_EXTENSION_get_object()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR pointer. .PP \&\fBX509_EXTENSION_get_critical()\fR returns \fB0\fR for non-critical and \fB1\fR for critical. .PP \&\fBX509_EXTENSION_get_data()\fR returns an \fB\s-1ASN1_OCTET_STRING\s0\fR pointer. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509V3_get_d2i\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!FlPlPDES_random_key.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DES_RANDOM_KEY 3" .TH DES_RANDOM_KEY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, DES_fcrypt, DES_crypt \- DES encryption .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void DES_random_key(DES_cblock *ret); \& \& int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); \& int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); \& int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); \& void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); \& \& void DES_set_odd_parity(DES_cblock *key); \& int DES_is_weak_key(const_DES_cblock *key); \& \& void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, \& DES_key_schedule *ks, int enc); \& void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output, \& DES_key_schedule *ks1, DES_key_schedule *ks2, int enc); \& void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, \& DES_key_schedule *ks1, DES_key_schedule *ks2, \& DES_key_schedule *ks3, int enc); \& \& void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, \& long length, DES_key_schedule *schedule, DES_cblock *ivec, \& int enc); \& void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, \& int numbits, long length, DES_key_schedule *schedule, \& DES_cblock *ivec, int enc); \& void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, \& int numbits, long length, DES_key_schedule *schedule, \& DES_cblock *ivec); \& void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, \& long length, DES_key_schedule *schedule, DES_cblock *ivec, \& int enc); \& void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, \& long length, DES_key_schedule *schedule, DES_cblock *ivec, \& int *num, int enc); \& void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, \& long length, DES_key_schedule *schedule, DES_cblock *ivec, \& int *num); \& \& void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, \& long length, DES_key_schedule *schedule, DES_cblock *ivec, \& const_DES_cblock *inw, const_DES_cblock *outw, int enc); \& \& void DES_ede2_cbc_encrypt(const unsigned char *input, unsigned char *output, \& long length, DES_key_schedule *ks1, \& DES_key_schedule *ks2, DES_cblock *ivec, int enc); \& void DES_ede2_cfb64_encrypt(const unsigned char *in, unsigned char *out, \& long length, DES_key_schedule *ks1, \& DES_key_schedule *ks2, DES_cblock *ivec, \& int *num, int enc); \& void DES_ede2_ofb64_encrypt(const unsigned char *in, unsigned char *out, \& long length, DES_key_schedule *ks1, \& DES_key_schedule *ks2, DES_cblock *ivec, int *num); \& \& void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, \& long length, DES_key_schedule *ks1, \& DES_key_schedule *ks2, DES_key_schedule *ks3, \& DES_cblock *ivec, int enc); \& void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, \& long length, DES_key_schedule *ks1, \& DES_key_schedule *ks2, DES_key_schedule *ks3, \& DES_cblock *ivec, int *num, int enc); \& void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, \& long length, DES_key_schedule *ks1, \& DES_key_schedule *ks2, DES_key_schedule *ks3, \& DES_cblock *ivec, int *num); \& \& DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, \& long length, DES_key_schedule *schedule, \& const_DES_cblock *ivec); \& DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], \& long length, int out_count, DES_cblock *seed); \& void DES_string_to_key(const char *str, DES_cblock *key); \& void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); \& \& char *DES_fcrypt(const char *buf, const char *salt, char *ret); \& char *DES_crypt(const char *buf, const char *salt); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This library contains a fast implementation of the \s-1DES\s0 encryption algorithm. .PP There are two phases to the use of \s-1DES\s0 encryption. The first is the generation of a \fIDES_key_schedule\fR from a key, the second is the actual encryption. A \s-1DES\s0 key is of type \fIDES_cblock\fR. This type consists of 8 bytes with odd parity. The least significant bit in each byte is the parity bit. The key schedule is an expanded form of the key; it is used to speed the encryption process. .PP \&\fBDES_random_key()\fR generates a random key. The random generator must be seeded when calling this function. If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. If the function fails, 0 is returned. .PP Before a \s-1DES\s0 key can be used, it must be converted into the architecture dependent \fIDES_key_schedule\fR via the \&\fBDES_set_key_checked()\fR or \fBDES_set_key_unchecked()\fR function. .PP \&\fBDES_set_key_checked()\fR will check that the key passed is of odd parity and is not a weak or semi-weak key. If the parity is wrong, then \-1 is returned. If the key is a weak key, then \-2 is returned. If an error is returned, the key schedule is not generated. .PP \&\fBDES_set_key()\fR works like \&\fBDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is nonzero, otherwise like \fBDES_set_key_unchecked()\fR. These functions are available for compatibility; it is recommended to use a function that does not depend on a global variable. .PP \&\fBDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd. .PP \&\fBDES_is_weak_key()\fR returns 1 if the passed key is a weak key, 0 if it is ok. .PP The following routines mostly operate on an input and output stream of \&\fIDES_cblock\fRs. .PP \&\fBDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or decrypts a single 8\-byte \fIDES_cblock\fR in \fIelectronic code book\fR (\s-1ECB\s0) mode. It always transforms the input data, pointed to by \&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument. If the \fIencrypt\fR argument is nonzero (\s-1DES_ENCRYPT\s0), the \fIinput\fR (cleartext) is encrypted in to the \fIoutput\fR (ciphertext) using the key_schedule specified by the \fIschedule\fR argument, previously set via \&\fIDES_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now ciphertext) is decrypted into the \fIoutput\fR (now cleartext). Input and output may overlap. \fBDES_ecb_encrypt()\fR does not return a value. .PP \&\fBDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using three-key Triple-DES encryption in \s-1ECB\s0 mode. This involves encrypting the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and then encrypting with \fIks3\fR. This routine greatly reduces the chances of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR, \&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption using \s-1ECB\s0 mode and \fIks1\fR as the key. .PP The macro \fBDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES encryption by using \fIks1\fR for the final encryption. .PP \&\fBDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR (\s-1CBC\s0) mode of \s-1DES.\s0 If the \fIencrypt\fR argument is nonzero, the routine cipher-block-chain encrypts the cleartext data pointed to by the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR argument, using the key schedule provided by the \fIschedule\fR argument, and initialization vector provided by the \fIivec\fR argument. If the \&\fIlength\fR argument is not an integral multiple of eight bytes, the last block is copied to a temporary area and zero filled. The output is always an integral multiple of eight bytes. .PP \&\fBDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES.\s0 It uses \fIinw\fR and \&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret (unlike the iv) and are as such, part of the key. So the key is sort of 24 bytes. This is much better than \s-1CBC DES.\s0 .PP \&\fBDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is \&\f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL.\s0 .PP The \fBDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR. This form of Triple-DES is used by the \s-1RSAREF\s0 library. .PP \&\fBDES_pcbc_encrypt()\fR encrypts/decrypts using the propagating cipher block chaining mode used by Kerberos v4. Its parameters are the same as \&\fBDES_ncbc_encrypt()\fR. .PP \&\fBDES_cfb_encrypt()\fR encrypts/decrypts using cipher feedback mode. This method takes an array of characters as input and outputs an array of characters. It does not require any padding to 8 character groups. Note: the \fIivec\fR variable is changed and the new changed value needs to be passed to the next call to this function. Since this function runs a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only suggested for use when sending a small number of characters. .PP \&\fBDES_cfb64_encrypt()\fR implements \s-1CFB\s0 mode of \s-1DES\s0 with 64\-bit feedback. Why is this useful you ask? Because this routine will allow you to encrypt an arbitrary number of bytes, without 8 byte padding. Each call to this routine will encrypt the input bytes to output and then update ivec and num. num contains 'how far' we are though ivec. If this does not make much sense, read more about \s-1CFB\s0 mode of \s-1DES.\s0 .PP \&\fBDES_ede3_cfb64_encrypt()\fR and \fBDES_ede2_cfb64_encrypt()\fR is the same as \&\fBDES_cfb64_encrypt()\fR except that Triple-DES is used. .PP \&\fBDES_ofb_encrypt()\fR encrypts using output feedback mode. This method takes an array of characters as input and outputs an array of characters. It does not require any padding to 8 character groups. Note: the \fIivec\fR variable is changed and the new changed value needs to be passed to the next call to this function. Since this function runs a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only suggested for use when sending a small number of characters. .PP \&\fBDES_ofb64_encrypt()\fR is the same as \fBDES_cfb64_encrypt()\fR using Output Feed Back mode. .PP \&\fBDES_ede3_ofb64_encrypt()\fR and \fBDES_ede2_ofb64_encrypt()\fR is the same as \&\fBDES_ofb64_encrypt()\fR, using Triple-DES. .PP The following functions are included in the \s-1DES\s0 library for compatibility with the \s-1MIT\s0 Kerberos library. .PP \&\fBDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream (via \s-1CBC\s0 encryption). The last 4 bytes of the checksum are returned and the complete 8 bytes are placed in \fIoutput\fR. This function is used by Kerberos v4. Other applications should use \&\fBEVP_DigestInit\fR\|(3) etc. instead. .PP \&\fBDES_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte checksum from the input bytes. The algorithm can be iterated over the input, depending on \fIout_count\fR, 1, 2, 3 or 4 times. If \fIoutput\fR is non-NULL, the 8 bytes generated by each pass are written into \&\fIoutput\fR. .PP The following are DES-based transformations: .PP \&\fBDES_fcrypt()\fR is a fast version of the Unix \fBcrypt\fR\|(3) function. This version takes only a small amount of space relative to other fast \&\fBcrypt()\fR implementations. This is different to the normal \fBcrypt()\fR in that the third parameter is the buffer that the return value is written into. It needs to be at least 14 bytes long. This function is thread safe, unlike the normal \fBcrypt()\fR. .PP \&\fBDES_crypt()\fR is a faster replacement for the normal system \fBcrypt()\fR. This function calls \fBDES_fcrypt()\fR with a static array passed as the third parameter. This mostly emulates the normal non-thread-safe semantics of \fBcrypt\fR\|(3). The \fBsalt\fR must be two \s-1ASCII\s0 characters. .PP The values returned by \fBDES_fcrypt()\fR and \fBDES_crypt()\fR are terminated by \s-1NUL\s0 character. .PP \&\fBDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from buffer \fIbuf\fR. The data is encrypted via \fIpcbc_encrypt\fR (default) using \fIsched\fR for the key and \fIiv\fR as a starting vector. The actual data send down \fIfd\fR consists of 4 bytes (in network byte order) containing the length of the following encrypted data. The encrypted data then follows, padded with random data out to a multiple of 8 bytes. .SH "BUGS" .IX Header "BUGS" \&\fBDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fBDES_ncbc_encrypt()\fR instead. .PP \&\fBDES_cfb_encrypt()\fR and \fBDES_ofb_encrypt()\fR operates on input of 8 bits. What this means is that if you set numbits to 12, and length to 2, the first 12 bits will come from the 1st input byte and the low half of the second input byte. The second 12 bits will have the low 8 bits taken from the 3rd input byte and the top 4 bits taken from the 4th input byte. The same holds for output. This function has been implemented this way because most people will be using a multiple of 8 and because once you get into pulling bytes input bytes apart things get ugly! .PP \&\fBDES_string_to_key()\fR is available for backward compatibility with the \&\s-1MIT\s0 library. New applications should use a cryptographic hash function. The same applies for \fBDES_string_to_2key()\fR. .SH "NOTES" .IX Header "NOTES" The \fBdes\fR library was written to be source code compatible with the \s-1MIT\s0 Kerberos library. .PP Applications should use the higher level functions \&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these functions directly. .PP Single-key \s-1DES\s0 is insecure due to its short key size. \s-1ECB\s0 mode is not suitable for most applications; see \fBdes_modes\fR\|(7). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDES_set_key()\fR, \fBDES_key_sched()\fR, \fBDES_set_key_checked()\fR and \fBDES_is_weak_key()\fR return 0 on success or negative values on error. .PP \&\fBDES_cbc_cksum()\fR and \fBDES_quad_cksum()\fR return 4\-byte integer representing the last 4 bytes of the checksum of the input. .PP \&\fBDES_fcrypt()\fR returns a pointer to the caller-provided buffer and \fBDES_crypt()\fR \- to a static buffer on success; otherwise they return \s-1NULL.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBdes_modes\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The requirement that the \fBsalt\fR parameter to \fBDES_crypt()\fR and \fBDES_fcrypt()\fR be two \s-1ASCII\s0 characters was first enforced in OpenSSL 1.1.0. Previous versions tried to use the letter uppercase \fBA\fR if both character were not present, and could crash when given non-ASCII on some platforms. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!FERR_load_strings.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ERR_LOAD_STRINGS 3" .TH ERR_LOAD_STRINGS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ERR_load_strings, ERR_PACK, ERR_get_next_error_library \- load arbitrary error strings .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int ERR_load_strings(int lib, ERR_STRING_DATA *str); \& \& int ERR_get_next_error_library(void); \& \& unsigned long ERR_PACK(int lib, int func, int reason); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBERR_load_strings()\fR registers error strings for library number \fBlib\fR. .PP \&\fBstr\fR is an array of error string data: .PP .Vb 5 \& typedef struct ERR_string_data_st \& { \& unsigned long error; \& char *string; \& } ERR_STRING_DATA; .Ve .PP The error code is generated from the library number and a function and reason code: \fBerror\fR = \s-1ERR_PACK\s0(\fBlib\fR, \fBfunc\fR, \fBreason\fR). \&\s-1\fBERR_PACK\s0()\fR is a macro. .PP The last entry in the array is {0,0}. .PP \&\fBERR_get_next_error_library()\fR can be used to assign library numbers to user libraries at runtime. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBERR_load_strings()\fR returns 1 for success and 0 for failure. \s-1\fBERR_PACK\s0()\fR returns the error code. \&\fBERR_get_next_error_library()\fR returns zero on failure, otherwise a new library number. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_load_strings\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!mmSSL_set_connect_state.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SET_CONNECT_STATE 3" .TH SSL_SET_CONNECT_STATE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_set_connect_state, SSL_set_accept_state, SSL_is_server \&\- functions for manipulating and examining the client or server mode of an SSL object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_set_connect_state(SSL *ssl); \& \& void SSL_set_accept_state(SSL *ssl); \& \& int SSL_is_server(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_set_connect_state()\fR sets \fBssl\fR to work in client mode. .PP \&\fBSSL_set_accept_state()\fR sets \fBssl\fR to work in server mode. .PP \&\fBSSL_is_server()\fR checks if \fBssl\fR is working in server mode. .SH "NOTES" .IX Header "NOTES" When the \s-1SSL_CTX\s0 object was created with \fBSSL_CTX_new\fR\|(3), it was either assigned a dedicated client method, a dedicated server method, or a generic method, that can be used for both client and server connections. (The method might have been changed with \&\fBSSL_CTX_set_ssl_version\fR\|(3) or \&\fBSSL_set_ssl_method\fR\|(3).) .PP When beginning a new handshake, the \s-1SSL\s0 engine must know whether it must call the connect (client) or accept (server) routines. Even though it may be clear from the method chosen, whether client or server mode was requested, the handshake routines must be explicitly set. .PP When using the \fBSSL_connect\fR\|(3) or \&\fBSSL_accept\fR\|(3) routines, the correct handshake routines are automatically set. When performing a transparent negotiation using \fBSSL_write_ex\fR\|(3), \fBSSL_write\fR\|(3), \fBSSL_read_ex\fR\|(3), or \fBSSL_read\fR\|(3), the handshake routines must be explicitly set in advance using either \&\fBSSL_set_connect_state()\fR or \fBSSL_set_accept_state()\fR. .PP If \fBSSL_is_server()\fR is called before \fBSSL_set_connect_state()\fR or \&\fBSSL_set_accept_state()\fR is called (either automatically or explicitly), the result depends on what method was used when \s-1SSL_CTX\s0 was created with \&\fBSSL_CTX_new\fR\|(3). If a generic method or a dedicated server method was passed to \fBSSL_CTX_new\fR\|(3), \fBSSL_is_server()\fR returns 1; otherwise, it returns 0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_set_connect_state()\fR and \fBSSL_set_accept_state()\fR do not return diagnostic information. .PP \&\fBSSL_is_server()\fR returns 1 if \fBssl\fR is working in server mode or 0 for client mode. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_CTX_new\fR\|(3), \&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), \&\fBSSL_write_ex\fR\|(3), \fBSSL_write\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \&\fBSSL_do_handshake\fR\|(3), \&\fBSSL_CTX_set_ssl_version\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!9i BN_zero.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_ZERO 3" .TH BN_ZERO 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- BIGNUM assignment operations .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void BN_zero(BIGNUM *a); \& int BN_one(BIGNUM *a); \& \& const BIGNUM *BN_value_one(void); \& \& int BN_set_word(BIGNUM *a, BN_ULONG w); \& unsigned BN_ULONG BN_get_word(BIGNUM *a); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fB\s-1BN_ULONG\s0\fR is a macro that will be an unsigned integral type optimized for the most efficient implementation on the local platform. .PP \&\fBBN_zero()\fR, \fBBN_one()\fR and \fBBN_set_word()\fR set \fBa\fR to the values 0, 1 and \&\fBw\fR respectively. \fBBN_zero()\fR and \fBBN_one()\fR are macros. .PP \&\fBBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant is useful for use in comparisons and assignment. .PP \&\fBBN_get_word()\fR returns \fBa\fR, if it can be represented as a \fB\s-1BN_ULONG\s0\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBN_get_word()\fR returns the value \fBa\fR, or all-bits-set if \fBa\fR cannot be represented as a single integer. .PP \&\fBBN_one()\fR and \fBBN_set_word()\fR return 1 on success, 0 otherwise. \&\fBBN_value_one()\fR returns the constant. \&\fBBN_zero()\fR never fails and returns no value. .SH "BUGS" .IX Header "BUGS" If a \fB\s-1BIGNUM\s0\fR is equal to the value of all-bits-set, it will collide with the error condition returned by \fBBN_get_word()\fR which uses that as an error value. .PP \&\fB\s-1BN_ULONG\s0\fR should probably be a typedef. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBN_bn2bin\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" In OpenSSL 0.9.8, \fBBN_zero()\fR was changed to not return a value; previous versions returned an int. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!(]]SSL_CTX_set_num_tickets.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_NUM_TICKETS 3" .TH SSL_CTX_SET_NUM_TICKETS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_set_num_tickets, SSL_get_num_tickets, SSL_CTX_set_num_tickets, SSL_CTX_get_num_tickets \&\- control the number of TLSv1.3 session tickets that are issued .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_set_num_tickets(SSL *s, size_t num_tickets); \& size_t SSL_get_num_tickets(SSL *s); \& int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); \& size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_num_tickets()\fR and \fBSSL_set_num_tickets()\fR can be called for a server application and set the number of TLSv1.3 session tickets that will be sent to the client after a full handshake. Set the desired value (which could be 0) in the \fBnum_tickets\fR argument. Typically these functions should be called before the start of the handshake. .PP The default number of tickets is 2. Following a resumption the number of tickets issued will never be more than 1 regardless of the value set via \&\fBSSL_set_num_tickets()\fR or \fBSSL_CTX_set_num_tickets()\fR. If \fBnum_tickets\fR is set to 0 then no tickets will be issued for either a normal connection or a resumption. .PP Tickets are also issued on receipt of a post-handshake certificate from the client following a request by the server using \&\fBSSL_verify_client_post_handshake\fR\|(3). These new tickets will be associated with the updated client identity (i.e. including their certificate and verification status). The number of tickets issued will normally be the same as was used for the initial handshake. If the initial handshake was a full handshake then \fBSSL_set_num_tickets()\fR can be called again prior to calling \&\fBSSL_verify_client_post_handshake()\fR to update the number of tickets that will be sent. .PP \&\fBSSL_CTX_get_num_tickets()\fR and \fBSSL_get_num_tickets()\fR return the number of tickets set by a previous call to \fBSSL_CTX_set_num_tickets()\fR or \&\fBSSL_set_num_tickets()\fR, or 2 if no such call has been made. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_num_tickets()\fR and \fBSSL_set_num_tickets()\fR return 1 on success or 0 on failure. .PP \&\fBSSL_CTX_get_num_tickets()\fR and \fBSSL_get_num_tickets()\fR return the number of tickets that have been previously set. .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!TǙ CT_POLICY_EVAL_CTX_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CT_POLICY_EVAL_CTX_NEW 3" .TH CT_POLICY_EVAL_CTX_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free, CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert, CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set1_issuer, CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE, CT_POLICY_EVAL_CTX_get_time, CT_POLICY_EVAL_CTX_set_time \- Encapsulates the data required to evaluate whether SCTs meet a Certificate Transparency policy .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); \& void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); \& X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); \& int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); \& X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); \& int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); \& const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); \& void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, \& CTLOG_STORE *log_store); \& uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); \& void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A \fB\s-1CT_POLICY_EVAL_CTX\s0\fR is used by functions that evaluate whether Signed Certificate Timestamps (SCTs) fulfil a Certificate Transparency (\s-1CT\s0) policy. This policy may be, for example, that at least one valid \s-1SCT\s0 is available. To determine this, an \s-1SCT\s0's timestamp and signature must be verified. This requires: .IP "\(bu" 2 the public key of the log that issued the \s-1SCT\s0 .IP "\(bu" 2 the certificate that the \s-1SCT\s0 was issued for .IP "\(bu" 2 the issuer certificate (if the \s-1SCT\s0 was issued for a pre-certificate) .IP "\(bu" 2 the current time .PP The above requirements are met using the setters described below. .PP \&\fBCT_POLICY_EVAL_CTX_new()\fR creates an empty policy evaluation context. This should then be populated using: .IP "\(bu" 2 \&\fBCT_POLICY_EVAL_CTX_set1_cert()\fR to provide the certificate the SCTs were issued for .Sp Increments the reference count of the certificate. .IP "\(bu" 2 \&\fBCT_POLICY_EVAL_CTX_set1_issuer()\fR to provide the issuer certificate .Sp Increments the reference count of the certificate. .IP "\(bu" 2 \&\fBCT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE()\fR to provide a list of logs that are trusted as sources of SCTs .Sp Holds a pointer to the \s-1CTLOG_STORE,\s0 so the \s-1CTLOG_STORE\s0 must outlive the \&\s-1CT_POLICY_EVAL_CTX.\s0 .IP "\(bu" 2 \&\fBCT_POLICY_EVAL_CTX_set_time()\fR to set the time SCTs should be compared with to determine if they are valid .Sp The \s-1SCT\s0 timestamp will be compared to this time to check whether the \s-1SCT\s0 was issued in the future. \s-1RFC6962\s0 states that \*(L"\s-1TLS\s0 clients \s-1MUST\s0 reject SCTs whose timestamp is in the future\*(R". By default, this will be set to 5 minutes in the future (e.g. (\fBtime()\fR + 300) * 1000), to allow for clock drift. .Sp The time should be in milliseconds since the Unix epoch. .PP Each setter has a matching getter for accessing the current value. .PP When no longer required, the \fB\s-1CT_POLICY_EVAL_CTX\s0\fR should be passed to \&\fBCT_POLICY_EVAL_CTX_free()\fR to delete it. .SH "NOTES" .IX Header "NOTES" The issuer certificate only needs to be provided if at least one of the SCTs was issued for a pre-certificate. This will be the case for SCTs embedded in a certificate (i.e. those in an X.509 extension), but may not be the case for SCTs found in the \s-1TLS SCT\s0 extension or \s-1OCSP\s0 response. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCT_POLICY_EVAL_CTX_new()\fR will return \s-1NULL\s0 if malloc fails. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBct\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!wI BIO_read.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_READ 3" .TH BIO_READ 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, BIO_gets, BIO_puts \&\- BIO I/O functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); \& int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); \& \& int BIO_read(BIO *b, void *data, int dlen); \& int BIO_gets(BIO *b, char *buf, int size); \& int BIO_write(BIO *b, const void *data, int dlen); \& int BIO_puts(BIO *b, const char *buf); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_read_ex()\fR attempts to read \fBdlen\fR bytes from \s-1BIO\s0 \fBb\fR and places the data in \fBdata\fR. If any bytes were successfully read then the number of bytes read is stored in \fB*readbytes\fR. .PP \&\fBBIO_write_ex()\fR attempts to write \fBdlen\fR bytes from \fBdata\fR to \s-1BIO\s0 \fBb\fR. If successful then the number of bytes written is stored in \fB*written\fR. .PP \&\fBBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places the data in \fBbuf\fR. .PP \&\fBBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data in \fBbuf\fR. Usually this operation will attempt to read a line of data from the \s-1BIO\s0 of maximum length \fBsize\-1\fR. There are exceptions to this, however; for example, \fBBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and return the digest and other BIOs may not support \fBBIO_gets()\fR at all. The returned string is always NUL-terminated and the '\en' is preserved if present in the input data. .PP \&\fBBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR. .PP \&\fBBIO_puts()\fR attempts to write a NUL-terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR return 1 if data was successfully read or written, and 0 otherwise. .PP All other functions return either the amount of data successfully read or written (if the return value is positive) or that no data was successfully read or written if the result is 0 or \-1. If the return value is \-2 then the operation is not implemented in the specific \s-1BIO\s0 type. The trailing \&\s-1NUL\s0 is not included in the length returned by \fBBIO_gets()\fR. .SH "NOTES" .IX Header "NOTES" A 0 or \-1 return is not necessarily an indication of an error. In particular when the source/sink is nonblocking or of a certain type it may merely be an indication that no data is currently available and that the application should retry the operation later. .PP One technique sometimes used with blocking sockets is to use a system call (such as \fBselect()\fR, \fBpoll()\fR or equivalent) to determine when data is available and then call \fBread()\fR to read the data. The equivalent with BIOs (that is call \&\fBselect()\fR on the underlying I/O structure and then call \fBBIO_read()\fR to read the data) should \fBnot\fR be used because a single call to \fBBIO_read()\fR can cause several reads (and writes in the case of \s-1SSL\s0 BIOs) on the underlying I/O structure and may block as a result. Instead \fBselect()\fR (or equivalent) should be combined with non blocking I/O so successive reads will request a retry instead of blocking. .PP See \fBBIO_should_retry\fR\|(3) for details of how to determine the cause of a retry and other I/O issues. .PP If the \fBBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to work around this by adding a buffering \s-1BIO\s0 \fBBIO_f_buffer\fR\|(3) to the chain. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBIO_should_retry\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBBIO_gets()\fR on 1.1.0 and older when called on \fBBIO_fd()\fR based \s-1BIO\s0 does not keep the '\en' at the end of the line in the buffer. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! a33SSL_CTX_set0_CA_list.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET0_CA_LIST 3" .TH SSL_CTX_SET0_CA_LIST 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_get_client_CA_list, SSL_CTX_get_client_CA_list, SSL_CTX_add_client_CA, SSL_add_client_CA, SSL_set0_CA_list, SSL_CTX_set0_CA_list, SSL_get0_CA_list, SSL_CTX_get0_CA_list, SSL_add1_to_CA_list, SSL_CTX_add1_to_CA_list, SSL_get0_peer_CA_list \&\- get or set CA list .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); \& void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); \& STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); \& STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); \& int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); \& int SSL_add_client_CA(SSL *ssl, X509 *cacert); \& \& void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); \& void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); \& const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); \& const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); \& int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); \& int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); \& \& const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The functions described here set and manage the list of \s-1CA\s0 names that are sent between two communicating peers. .PP For \s-1TLS\s0 versions 1.2 and earlier the list of \s-1CA\s0 names is only sent from the server to the client when requesting a client certificate. So any list of \s-1CA\s0 names set is never sent from client to server and the list of \s-1CA\s0 names retrieved by \fBSSL_get0_peer_CA_list()\fR is always \fB\s-1NULL\s0\fR. .PP For \s-1TLS 1.3\s0 the list of \s-1CA\s0 names is sent using the \fBcertificate_authorities\fR extension and may be sent by a client (in the ClientHello message) or by a server (when requesting a certificate). .PP In most cases it is not necessary to set \s-1CA\s0 names on the client side. The list of \s-1CA\s0 names that are acceptable to the client will be sent in plaintext to the server. This has privacy implications and may also have performance implications if the list is large. This optional capability was introduced as part of TLSv1.3 and therefore setting \s-1CA\s0 names on the client side will have no impact if that protocol version has been disabled. Most servers do not need this and so this should be avoided unless required. .PP The \*(L"client \s-1CA\s0 list\*(R" functions below only have an effect when called on the server side. .PP \&\fBSSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when requesting a client certificate for \fBctx\fR. Ownership of \fBlist\fR is transferred to \fBctx\fR and it should not be freed by the caller. .PP \&\fBSSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when requesting a client certificate for the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. Ownership of \fBlist\fR is transferred to \fBs\fR and it should not be freed by the caller. .PP \&\fBSSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for \&\fBctx\fR using \fBSSL_CTX_set_client_CA_list()\fR. The returned list should not be freed by the caller. .PP \&\fBSSL_get_client_CA_list()\fR returns the list of client CAs explicitly set for \fBssl\fR using \fBSSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with \&\fBSSL_CTX_set_client_CA_list()\fR, when in server mode. In client mode, SSL_get_client_CA_list returns the list of client CAs sent from the server, if any. The returned list should not be freed by the caller. .PP \&\fBSSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the list of CAs sent to the client when requesting a client certificate for \&\fBctx\fR. .PP \&\fBSSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the list of CAs sent to the client when requesting a client certificate for the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. .PP \&\fBSSL_get0_peer_CA_list()\fR retrieves the list of \s-1CA\s0 names (if any) the peer has sent. This can be called on either the server or the client side. The returned list should not be freed by the caller. .PP The \*(L"generic \s-1CA\s0 list\*(R" functions below are very similar to the \*(L"client \s-1CA\s0 list\*(R" functions except that they have an effect on both the server and client sides. The lists of \s-1CA\s0 names managed are separate \- so you cannot (for example) set \s-1CA\s0 names using the \*(L"client \s-1CA\s0 list\*(R" functions and then get them using the \&\*(L"generic \s-1CA\s0 list\*(R" functions. Where a mix of the two types of functions has been used on the server side then the \*(L"client \s-1CA\s0 list\*(R" functions take precedence. Typically, on the server side, the \*(L"client \s-1CA\s0 list \*(R" functions should be used in preference. As noted above in most cases it is not necessary to set \s-1CA\s0 names on the client side. .PP \&\fBSSL_CTX_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \&\fBname_list\fR. Ownership of \fBname_list\fR is transferred to \fBctx\fR and it should not be freed by the caller. .PP \&\fBSSL_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \fBname_list\fR overriding any list set in the parent \fB\s-1SSL_CTX\s0\fR of \fBs\fR. Ownership of \&\fBname_list\fR is transferred to \fBs\fR and it should not be freed by the caller. .PP \&\fBSSL_CTX_get0_CA_list()\fR retrieves any previously set list of CAs set for \&\fBctx\fR. The returned list should not be freed by the caller. .PP \&\fBSSL_get0_CA_list()\fR retrieves any previously set list of CAs set for \&\fBs\fR or if none are set the list from the parent \fB\s-1SSL_CTX\s0\fR is retrieved. The returned list should not be freed by the caller. .PP \&\fBSSL_CTX_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the list of CAs sent to peer for \fBctx\fR. .PP \&\fBSSL_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the list of CAs sent to the peer for \fBs\fR, overriding the setting in the parent \&\fB\s-1SSL_CTX\s0\fR. .SH "NOTES" .IX Header "NOTES" When a \s-1TLS/SSL\s0 server requests a client certificate (see \&\fB\fBSSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept certificates, to the client. .PP This list must explicitly be set using \fBSSL_CTX_set_client_CA_list()\fR or \&\fBSSL_CTX_set0_CA_list()\fR for \fBctx\fR and \fBSSL_set_client_CA_list()\fR or \&\fBSSL_set0_CA_list()\fR for the specific \fBssl\fR. The list specified overrides the previous setting. The CAs listed do not become trusted (\fBlist\fR only contains the names, not the complete certificates); use \&\fBSSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification. .PP If the list of acceptable CAs is compiled in a file, the \&\fBSSL_load_client_CA_file\fR\|(3) function can be used to help to import the necessary data. .PP \&\fBSSL_CTX_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR, \fBSSL_add_client_CA()\fR and \&\fBSSL_add1_to_CA_list()\fR can be used to add additional items the list of CAs. If no list was specified before using \fBSSL_CTX_set_client_CA_list()\fR, \&\fBSSL_CTX_set0_CA_list()\fR, \fBSSL_set_client_CA_list()\fR or \fBSSL_set0_CA_list()\fR, a new \s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR, \&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR, \fBSSL_CTX_set0_CA_list()\fR and \fBSSL_set0_CA_list()\fR do not return a value. .PP \&\fBSSL_CTX_get_client_CA_list()\fR, \fBSSL_get_client_CA_list()\fR, \fBSSL_CTX_get0_CA_list()\fR and \fBSSL_get0_CA_list()\fR return a stack of \s-1CA\s0 names or \fB\s-1NULL\s0\fR is no \s-1CA\s0 names are set. .PP \&\fBSSL_CTX_add_client_CA()\fR,\fBSSL_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR and \&\fBSSL_add1_to_CA_list()\fR return 1 for success and 0 for failure. .PP \&\fBSSL_get0_peer_CA_list()\fR returns a stack of \s-1CA\s0 names sent by the peer or \&\fB\s-1NULL\s0\fR or an empty stack if no list was sent. .SH "EXAMPLES" .IX Header "EXAMPLES" Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: .PP .Vb 1 \& SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_load_client_CA_file\fR\|(3), \&\fBSSL_CTX_load_verify_locations\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!SEVP_SealInit.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_SEALINIT 3" .TH EVP_SEALINIT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP envelope encryption .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, \& unsigned char **ek, int *ekl, unsigned char *iv, \& EVP_PKEY **pubk, int npubk); \& int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl, unsigned char *in, int inl); \& int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1EVP\s0 envelope routines are a high-level interface to envelope encryption. They generate a random key and \s-1IV\s0 (if required) then \&\*(L"envelope\*(R" it by using public key encryption. Data can then be encrypted using this key. .PP \&\fBEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption with cipher \fBtype\fR using a random secret key and \s-1IV.\s0 \fBtype\fR is normally supplied by a function such as \fBEVP_aes_256_cbc()\fR. The secret key is encrypted using one or more public keys, this allows the same encrypted data to be decrypted using any of the corresponding private keys. \fBek\fR is an array of buffers where the public key encrypted secret key will be written, each buffer must contain enough room for the corresponding encrypted key: that is \&\fBek[i]\fR must have room for \fBEVP_PKEY_size(pubk[i])\fR bytes. The actual size of each encrypted secret key is written to the array \fBekl\fR. \fBpubk\fR is an array of \fBnpubk\fR public keys. .PP The \fBiv\fR parameter is a buffer where the generated \s-1IV\s0 is written to. It must contain enough room for the corresponding cipher's \s-1IV,\s0 as determined by (for example) EVP_CIPHER_iv_length(type). .PP If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored and can be \fB\s-1NULL\s0\fR. .PP \&\fBEVP_SealUpdate()\fR and \fBEVP_SealFinal()\fR have exactly the same properties as the \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal()\fR routines, as documented on the \fBEVP_EncryptInit\fR\|(3) manual page. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful. .PP \&\fBEVP_SealUpdate()\fR and \fBEVP_SealFinal()\fR return 1 for success and 0 for failure. .SH "NOTES" .IX Header "NOTES" Because a random secret key is generated the random number generator must be seeded when \fBEVP_SealInit()\fR is called. If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. .PP The public key must be \s-1RSA\s0 because it is the only OpenSSL public key algorithm that supports key transport. .PP Envelope encryption is the usual method of using public key encryption on large amounts of data, this is because public key encryption is slow but symmetric encryption is fast. So symmetric encryption is used for bulk encryption and the small random symmetric key used is transferred using public key encryption. .PP It is possible to call \fBEVP_SealInit()\fR twice in the same way as \&\fBEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0 and (after setting any cipher parameters) it should be called again with \fBtype\fR set to \s-1NULL.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_OpenInit\fR\|(3), \&\s-1\fBRAND\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!țFFCMS_get1_ReceiptRequest.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CMS_GET1_RECEIPTREQUEST 3" .TH CMS_GET1_RECEIPTREQUEST 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values \- CMS signed receipt request functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, \& int allorfirst, \& STACK_OF(GENERAL_NAMES) *receiptList, \& STACK_OF(GENERAL_NAMES) *receiptsTo); \& int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); \& int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); \& void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid, \& int *pallorfirst, \& STACK_OF(GENERAL_NAMES) **plist, \& STACK_OF(GENERAL_NAMES) **prto); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBCMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The \&\fBsignedContentIdentifier\fR field is set using \fBid\fR and \fBidlen\fR, or it is set to 32 bytes of pseudo random data if \fBid\fR is \s-1NULL.\s0 If \fBreceiptList\fR is \s-1NULL\s0 the allOrFirstTier option in \fBreceiptsFrom\fR is used and set to the value of the \fBallorfirst\fR parameter. If \fBreceiptList\fR is not \s-1NULL\s0 the \fBreceiptList\fR option in \fBreceiptsFrom\fR is used. The \fBreceiptsTo\fR parameter specifies the \&\fBreceiptsTo\fR field value. .PP The \fBCMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR to SignerInfo structure \fBsi\fR. .PP int \fBCMS_get1_ReceiptRequest()\fR looks for a signed receipt request in \fBsi\fR, if any is found it is decoded and written to \fBprr\fR. .PP \&\fBCMS_ReceiptRequest_get0_values()\fR retrieves the values of a receipt request. The signedContentIdentifier is copied to \fBpcid\fR. If the \fBallOrFirstTier\fR option of \fBreceiptsFrom\fR is used its value is copied to \fBpallorfirst\fR otherwise the \fBreceiptList\fR field is copied to \fBplist\fR. The \fBreceiptsTo\fR parameter is copied to \fBprto\fR. .SH "NOTES" .IX Header "NOTES" For more details of the meaning of the fields see \s-1RFC2634.\s0 .PP The contents of a signed receipt should only be considered meaningful if the corresponding CMS_ContentInfo structure can be successfully verified using \&\fBCMS_verify()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or \&\s-1NULL\s0 if an error occurred. .PP \&\fBCMS_add1_ReceiptRequest()\fR returns 1 for success or 0 if an error occurred. .PP \&\fBCMS_get1_ReceiptRequest()\fR returns 1 is a signed receipt request is found and decoded. It returns 0 if a signed receipt request is not present and \-1 if it is present but malformed. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), \&\fBCMS_sign_receipt\fR\|(3), \fBCMS_verify\fR\|(3) \&\fBCMS_verify_receipt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!&Z!Z!SSL_CTX_set_cipher_list.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CIPHER_LIST 3" .TH SSL_CTX_SET_CIPHER_LIST 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_cipher_list, SSL_set_cipher_list, SSL_CTX_set_ciphersuites, SSL_set_ciphersuites \&\- choose list of available SSL_CIPHERs .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); \& int SSL_set_cipher_list(SSL *ssl, const char *str); \& \& int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); \& int SSL_set_ciphersuites(SSL *s, const char *str); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_cipher_list()\fR sets the list of available ciphers (TLSv1.2 and below) for \fBctx\fR using the control string \fBstr\fR. The format of the string is described in \fBciphers\fR\|(1). The list of ciphers is inherited by all \&\fBssl\fR objects created from \fBctx\fR. This function does not impact TLSv1.3 ciphersuites. Use \fBSSL_CTX_set_ciphersuites()\fR to configure those. .PP \&\fBSSL_set_cipher_list()\fR sets the list of ciphers (TLSv1.2 and below) only for \&\fBssl\fR. .PP \&\fBSSL_CTX_set_ciphersuites()\fR is used to configure the available TLSv1.3 ciphersuites for \fBctx\fR. This is a simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are: .IP "\s-1TLS_AES_128_GCM_SHA256\s0" 4 .IX Item "TLS_AES_128_GCM_SHA256" .PD 0 .IP "\s-1TLS_AES_256_GCM_SHA384\s0" 4 .IX Item "TLS_AES_256_GCM_SHA384" .IP "\s-1TLS_CHACHA20_POLY1305_SHA256\s0" 4 .IX Item "TLS_CHACHA20_POLY1305_SHA256" .IP "\s-1TLS_AES_128_CCM_SHA256\s0" 4 .IX Item "TLS_AES_128_CCM_SHA256" .IP "\s-1TLS_AES_128_CCM_8_SHA256\s0" 4 .IX Item "TLS_AES_128_CCM_8_SHA256" .PD .PP An empty list is permissible. The default value for the this setting is: .PP \&\*(L"\s-1TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256\*(R"\s0 .PP \&\fBSSL_set_ciphersuites()\fR is the same as \fBSSL_CTX_set_ciphersuites()\fR except it configures the ciphersuites for \fBssl\fR. .SH "NOTES" .IX Header "NOTES" The control string \fBstr\fR for \fBSSL_CTX_set_cipher_list()\fR and \&\fBSSL_set_cipher_list()\fR should be universally usable and not depend on details of the library configuration (ciphers compiled in). Thus no syntax checking takes place. Items that are not recognized, because the corresponding ciphers are not compiled in or because they are mistyped, are simply ignored. Failure is only flagged if no ciphers could be collected at all. .PP It should be noted, that inclusion of a cipher to be used into the list is a necessary condition. On the client side, the inclusion into the list is also sufficient unless the security level excludes it. On the server side, additional restrictions apply. All ciphers have additional requirements. \&\s-1ADH\s0 ciphers don't need a certificate, but DH-parameters must have been set. All other ciphers need a corresponding certificate and key. .PP A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is available. \&\s-1RSA\s0 ciphers using \s-1DHE\s0 need a certificate and key and additional DH-parameters (see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP A \s-1DSA\s0 cipher can only be chosen, when a \s-1DSA\s0 certificate is available. \&\s-1DSA\s0 ciphers always use \s-1DH\s0 key exchange and therefore need DH-parameters (see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP When these conditions are not met for any cipher in the list (e.g. a client only supports export \s-1RSA\s0 ciphers with an asymmetric key length of 512 bits and the server is not configured to use temporary \s-1RSA\s0 keys), the \*(L"no shared cipher\*(R" (\s-1SSL_R_NO_SHARED_CIPHER\s0) error is generated and the handshake will fail. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_cipher_list()\fR and \fBSSL_set_cipher_list()\fR return 1 if any cipher could be selected and 0 on complete failure. .PP \&\fBSSL_CTX_set_ciphersuites()\fR and \fBSSL_set_ciphersuites()\fR return 1 if the requested ciphersuite list was configured, and 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_ciphers\fR\|(3), \&\fBSSL_CTX_use_certificate\fR\|(3), \&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), \&\fBciphers\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!4ZVVX509_ALGOR_dup.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_ALGOR_DUP 3" .TH X509_ALGOR_DUP 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp, X509_ALGOR_copy \- AlgorithmIdentifier functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *alg); \& int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); \& void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, \& const void **ppval, const X509_ALGOR *alg); \& void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); \& int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); \& int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_ALGOR_dup()\fR returns a copy of \fBalg\fR. .PP \&\fBX509_ALGOR_set0()\fR sets the algorithm \s-1OID\s0 of \fBalg\fR to \fBaobj\fR and the associated parameter type to \fBptype\fR with value \fBpval\fR. If \fBptype\fR is \&\fBV_ASN1_UNDEF\fR the parameter is omitted, otherwise \fBptype\fR and \fBpval\fR have the same meaning as the \fBtype\fR and \fBvalue\fR parameters to \fBASN1_TYPE_set()\fR. All the supplied parameters are used internally so must \fB\s-1NOT\s0\fR be freed after this call. .PP \&\fBX509_ALGOR_get0()\fR is the inverse of \fBX509_ALGOR_set0()\fR: it returns the algorithm \s-1OID\s0 in \fB*paobj\fR and the associated parameter in \fB*pptype\fR and \fB*ppval\fR from the \fBAlgorithmIdentifier\fR \fBalg\fR. .PP \&\fBX509_ALGOR_set_md()\fR sets the \fBAlgorithmIdentifier\fR \fBalg\fR to appropriate values for the message digest \fBmd\fR. .PP \&\fBX509_ALGOR_cmp()\fR compares \fBa\fR and \fBb\fR and returns 0 if they have identical encodings and nonzero otherwise. .PP \&\fBX509_ALGOR_copy()\fR copies the source values into the dest structs; making a duplicate of each (and free any thing pointed to from within *dest). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_ALGOR_dup()\fR returns a valid \fBX509_ALGOR\fR structure or \s-1NULL\s0 if an error occurred. .PP \&\fBX509_ALGOR_set0()\fR and \fBX509_ALGOR_copy()\fR return 1 on success or 0 on error. .PP \&\fBX509_ALGOR_get0()\fR and \fBX509_ALGOR_set_md()\fR return no values. .PP \&\fBX509_ALGOR_cmp()\fR returns 0 if the two parameters have identical encodings and nonzero otherwise. .SH "HISTORY" .IX Header "HISTORY" The \fBX509_ALGOR_copy()\fR was added in 1.1.1e. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ßMX509_get_subject_name.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_GET_SUBJECT_NAME 3" .TH X509_GET_SUBJECT_NAME 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_get_subject_name, X509_set_subject_name, X509_get_issuer_name, X509_set_issuer_name, X509_REQ_get_subject_name, X509_REQ_set_subject_name, X509_CRL_get_issuer, X509_CRL_set_issuer_name \- get and set issuer or subject names .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& X509_NAME *X509_get_subject_name(const X509 *x); \& int X509_set_subject_name(X509 *x, X509_NAME *name); \& \& X509_NAME *X509_get_issuer_name(const X509 *x); \& int X509_set_issuer_name(X509 *x, X509_NAME *name); \& \& X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); \& int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); \& \& X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); \& int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_get_subject_name()\fR returns the subject name of certificate \fBx\fR. The returned value is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed. .PP \&\fBX509_set_subject_name()\fR sets the issuer name of certificate \fBx\fR to \&\fBname\fR. The \fBname\fR parameter is copied internally and should be freed up when it is no longer needed. .PP \&\fBX509_get_issuer_name()\fR and \fBX509_set_issuer_name()\fR are identical to \&\fBX509_get_subject_name()\fR and \fBX509_set_subject_name()\fR except the get and set the issuer name of \fBx\fR. .PP Similarly \fBX509_REQ_get_subject_name()\fR, \fBX509_REQ_set_subject_name()\fR, \&\fBX509_CRL_get_issuer()\fR and \fBX509_CRL_set_issuer_name()\fR get or set the subject or issuer names of certificate requests of CRLs respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_get_subject_name()\fR, \fBX509_get_issuer_name()\fR, \fBX509_REQ_get_subject_name()\fR and \fBX509_CRL_get_issuer()\fR return an \fBX509_NAME\fR pointer. .PP \&\fBX509_set_subject_name()\fR, \fBX509_set_issuer_name()\fR, \fBX509_REQ_set_subject_name()\fR and \fBX509_CRL_set_issuer_name()\fR return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), \&\fBERR_get_error\fR\|(3), \fBd2i_X509\fR\|(3) \&\fBX509_CRL_get0_by_serial\fR\|(3), \&\fBX509_get0_signature\fR\|(3), \&\fBX509_get_ext_d2i\fR\|(3), \&\fBX509_get_extension_flags\fR\|(3), \&\fBX509_get_pubkey\fR\|(3), \&\fBX509_NAME_add_entry_by_txt\fR\|(3), \&\fBX509_NAME_ENTRY_get_object\fR\|(3), \&\fBX509_NAME_get_index_by_NID\fR\|(3), \&\fBX509_NAME_print_ex\fR\|(3), \&\fBX509_new\fR\|(3), \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBX509_REQ_get_subject_name()\fR is a function in OpenSSL 1.1.0 and a macro in earlier versions. .PP \&\fBX509_CRL_get_issuer()\fR is a function in OpenSSL 1.1.0. It was previously added in OpenSSL 1.0.0 as a macro. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!mg,g,OSSL_STORE_open.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OSSL_STORE_OPEN 3" .TH OSSL_STORE_OPEN 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, OSSL_STORE_open, OSSL_STORE_ctrl, OSSL_STORE_load, OSSL_STORE_eof, OSSL_STORE_error, OSSL_STORE_close \- Types and functions to read objects from a URI .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef struct ossl_store_ctx_st OSSL_STORE_CTX; \& \& typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, \& void *); \& \& OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, \& void *ui_data, \& OSSL_STORE_post_process_info_fn post_process, \& void *post_process_data); \& int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); \& OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); \& int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); \& int OSSL_STORE_error(OSSL_STORE_CTX *ctx); \& int OSSL_STORE_close(OSSL_STORE_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions help the application to fetch supported objects (see \&\*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3) for information on which those are) from a given \s-1URI\s0 (see \*(L"\s-1SUPPORTED SCHEMES\*(R"\s0 for more information on the supported \s-1URI\s0 schemes). The general method to do so is to \*(L"open\*(R" the \s-1URI\s0 using \fBOSSL_STORE_open()\fR, read each available and supported object using \fBOSSL_STORE_load()\fR as long as \&\fBOSSL_STORE_eof()\fR hasn't been reached, and finish it off with \fBOSSL_STORE_close()\fR. .PP The retrieved information is stored in a \fB\s-1OSSL_STORE_INFO\s0\fR, which is further described in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3). .SS "Types" .IX Subsection "Types" \&\fB\s-1OSSL_STORE_CTX\s0\fR is a context variable that holds all the internal information for \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \&\fBOSSL_STORE_close()\fR to work together. .SS "Functions" .IX Subsection "Functions" \&\fBOSSL_STORE_open()\fR takes a uri or path \fIuri\fR, password \s-1UI\s0 method \&\fIui_method\fR with associated data \fIui_data\fR, and post processing callback \fIpost_process\fR with associated data \fIpost_process_data\fR, opens a channel to the data located at that \s-1URI\s0 and returns a \&\fB\s-1OSSL_STORE_CTX\s0\fR with all necessary internal information. The given \fIui_method\fR and \fIui_data\fR will be reused by all functions that use \fB\s-1OSSL_STORE_CTX\s0\fR when interaction is needed, for instance to provide a password. The given \fIpost_process\fR and \fIpost_process_data\fR will be reused by \&\fBOSSL_STORE_load()\fR to manipulate or drop the value to be returned. The \fIpost_process\fR function drops values by returning \s-1NULL,\s0 which will cause \fBOSSL_STORE_load()\fR to start its process over with loading the next object, until \fIpost_process\fR returns something other than \&\s-1NULL,\s0 or the end of data is reached as indicated by \fBOSSL_STORE_eof()\fR. .PP \&\fBOSSL_STORE_ctrl()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, and command number \fIcmd\fR and more arguments not specified here. The available loader specific command numbers and arguments they each take depends on the loader that's used and is documented together with that loader. .PP There are also global controls available: .IP "\fB\s-1OSSL_STORE_C_USE_SECMEM\s0\fR" 4 .IX Item "OSSL_STORE_C_USE_SECMEM" Controls if the loader should attempt to use secure memory for any allocated \fB\s-1OSSL_STORE_INFO\s0\fR and its contents. This control expects one argument, a pointer to an \fBint\fR that is expected to have the value 1 (yes) or 0 (no). Any other value is an error. .PP \&\fBOSSL_STORE_load()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, tries to load the next available object and return it wrapped with \fB\s-1OSSL_STORE_INFO\s0\fR. .PP \&\fBOSSL_STORE_eof()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if we've reached the end of data. .PP \&\fBOSSL_STORE_error()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if an error occurred in the last \fBOSSL_STORE_load()\fR call. Note that it may still be meaningful to try and load more objects, unless \&\fBOSSL_STORE_eof()\fR shows that the end of data has been reached. .PP \&\fBOSSL_STORE_close()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, closes the channel that was opened by \fBOSSL_STORE_open()\fR and frees all other information that was stored in the \&\fB\s-1OSSL_STORE_CTX\s0\fR, as well as the \fB\s-1OSSL_STORE_CTX\s0\fR itself. If \fIctx\fR is \s-1NULL\s0 it does nothing. .SH "SUPPORTED SCHEMES" .IX Header "SUPPORTED SCHEMES" The basic supported scheme is \fBfile:\fR. Any other scheme can be added dynamically, using \&\fBOSSL_STORE_register_loader()\fR. .SH "NOTES" .IX Header "NOTES" A string without a scheme prefix (that is, a non-URI string) is implicitly interpreted as using the \fIfile:\fR scheme. .PP There are some tools that can be used together with \&\fBOSSL_STORE_open()\fR to determine if any failure is caused by an unparsable \&\s-1URI,\s0 or if it's a different error (such as memory allocation failures); if the \s-1URI\s0 was parsable but the scheme unregistered, the top error will have the reason \f(CW\*(C`OSSL_STORE_R_UNREGISTERED_SCHEME\*(C'\fR. .PP These functions make no direct assumption regarding the pass phrase received from the password callback. The loaders may make assumptions, however. For example, the \fBfile:\fR scheme loader inherits the assumptions made by OpenSSL functionality that handles the different file types; this is mostly relevant for PKCS#12 objects. See \fBpassphrase\-encoding\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_STORE_open()\fR returns a pointer to a \fB\s-1OSSL_STORE_CTX\s0\fR on success, or \&\s-1NULL\s0 on failure. .PP \&\fBOSSL_STORE_load()\fR returns a pointer to a \fB\s-1OSSL_STORE_INFO\s0\fR on success, or \&\s-1NULL\s0 on error or when end of data is reached. Use \fBOSSL_STORE_error()\fR and \fBOSSL_STORE_eof()\fR to determine the meaning of a returned \s-1NULL.\s0 .PP \&\fBOSSL_STORE_eof()\fR returns 1 if the end of data has been reached, otherwise 0. .PP \&\fBOSSL_STORE_error()\fR returns 1 if an error occurred in an \fBOSSL_STORE_load()\fR call, otherwise 0. .PP \&\fBOSSL_STORE_ctrl()\fR and \fBOSSL_STORE_close()\fR returns 1 on success, or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBossl_store\fR\|(7), \s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \fBOSSL_STORE_register_loader\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" \&\s-1\fBOSSL_STORE_CTX\s0()\fR, \fBOSSL_STORE_post_process_info_fn()\fR, \fBOSSL_STORE_open()\fR, \&\fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR were added in OpenSSL 1.1.1. .PP Handling of \s-1NULL\s0 \fIctx\fR argument for \fBOSSL_STORE_close()\fR was introduced in OpenSSL 1.1.1h. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!!R5%5% BIO_f_md.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_F_MD 3" .TH BIO_F_MD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest BIO filter .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 \& #include \& #include \& \& const BIO_METHOD *BIO_f_md(void); \& int BIO_set_md(BIO *b, EVP_MD *md); \& int BIO_get_md(BIO *b, EVP_MD **mdp); \& int BIO_get_md_ctx(BIO *b, EVP_MD_CTX **mdcp); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_f_md()\fR returns the message digest \s-1BIO\s0 method. This is a filter \&\s-1BIO\s0 that digests any data passed through it, it is a \s-1BIO\s0 wrapper for the digest routines \fBEVP_DigestInit()\fR, \fBEVP_DigestUpdate()\fR and \fBEVP_DigestFinal()\fR. .PP Any data written or read through a digest \s-1BIO\s0 using \fBBIO_read_ex()\fR and \&\fBBIO_write_ex()\fR is digested. .PP \&\fBBIO_gets()\fR, if its \fBsize\fR parameter is large enough finishes the digest calculation and returns the digest value. \fBBIO_puts()\fR is not supported. .PP \&\fBBIO_reset()\fR reinitialises a digest \s-1BIO.\s0 .PP \&\fBBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this must be called to initialize a digest \s-1BIO\s0 before any data is passed through it. It is a \fBBIO_ctrl()\fR macro. .PP \&\fBBIO_get_md()\fR places the a pointer to the digest BIOs digest method in \fBmdp\fR, it is a \fBBIO_ctrl()\fR macro. .PP \&\fBBIO_get_md_ctx()\fR returns the digest BIOs context into \fBmdcp\fR. .SH "NOTES" .IX Header "NOTES" The context returned by \fBBIO_get_md_ctx()\fR can be used in calls to \fBEVP_DigestFinal()\fR and also the signature routines \fBEVP_SignFinal()\fR and \fBEVP_VerifyFinal()\fR. .PP The context returned by \fBBIO_get_md_ctx()\fR is an internal context structure. Changes made to this context will affect the digest \&\s-1BIO\s0 itself and the context pointer will become invalid when the digest \&\s-1BIO\s0 is freed. .PP After the digest has been retrieved from a digest \s-1BIO\s0 it must be reinitialized by calling \fBBIO_reset()\fR, or \fBBIO_set_md()\fR before any more data is passed through it. .PP If an application needs to call \fBBIO_gets()\fR or \fBBIO_puts()\fR through a chain containing digest BIOs then this can be done by prepending a buffering \s-1BIO.\s0 .PP Calling \fBBIO_get_md_ctx()\fR will return the context and initialize the \s-1BIO\s0 state. This allows applications to initialize the context externally if the standard calls such as \fBBIO_set_md()\fR are not sufficiently flexible. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_f_md()\fR returns the digest \s-1BIO\s0 method. .PP \&\fBBIO_set_md()\fR, \fBBIO_get_md()\fR and \fBBIO_md_ctx()\fR return 1 for success and 0 for failure. .SH "EXAMPLES" .IX Header "EXAMPLES" The following example creates a \s-1BIO\s0 chain containing an \s-1SHA1\s0 and \s-1MD5\s0 digest \s-1BIO\s0 and passes the string \*(L"Hello World\*(R" through it. Error checking has been omitted for clarity. .PP .Vb 2 \& BIO *bio, *mdtmp; \& char message[] = "Hello World"; \& \& bio = BIO_new(BIO_s_null()); \& mdtmp = BIO_new(BIO_f_md()); \& BIO_set_md(mdtmp, EVP_sha1()); \& /* \& * For BIO_push() we want to append the sink BIO and keep a note of \& * the start of the chain. \& */ \& bio = BIO_push(mdtmp, bio); \& mdtmp = BIO_new(BIO_f_md()); \& BIO_set_md(mdtmp, EVP_md5()); \& bio = BIO_push(mdtmp, bio); \& /* Note: mdtmp can now be discarded */ \& BIO_write(bio, message, strlen(message)); .Ve .PP The next example digests data by reading through a chain instead: .PP .Vb 3 \& BIO *bio, *mdtmp; \& char buf[1024]; \& int rdlen; \& \& bio = BIO_new_file(file, "rb"); \& mdtmp = BIO_new(BIO_f_md()); \& BIO_set_md(mdtmp, EVP_sha1()); \& bio = BIO_push(mdtmp, bio); \& mdtmp = BIO_new(BIO_f_md()); \& BIO_set_md(mdtmp, EVP_md5()); \& bio = BIO_push(mdtmp, bio); \& do { \& rdlen = BIO_read(bio, buf, sizeof(buf)); \& /* Might want to do something with the data here */ \& } while (rdlen > 0); .Ve .PP This next example retrieves the message digests from a \s-1BIO\s0 chain and outputs them. This could be used with the examples above. .PP .Vb 4 \& BIO *mdtmp; \& unsigned char mdbuf[EVP_MAX_MD_SIZE]; \& int mdlen; \& int i; \& \& mdtmp = bio; /* Assume bio has previously been set up */ \& do { \& EVP_MD *md; \& \& mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD); \& if (!mdtmp) \& break; \& BIO_get_md(mdtmp, &md); \& printf("%s digest", OBJ_nid2sn(EVP_MD_type(md))); \& mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE); \& for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]); \& printf("\en"); \& mdtmp = BIO_next(mdtmp); \& } while (mdtmp); \& \& BIO_free_all(bio); .Ve .SH "BUGS" .IX Header "BUGS" The lack of support for \fBBIO_puts()\fR and the non standard behaviour of \&\fBBIO_gets()\fR could be regarded as anomalous. It could be argued that \fBBIO_gets()\fR and \fBBIO_puts()\fR should be passed to the next \s-1BIO\s0 in the chain and digest the data passed through and that digests should be retrieved using a separate \fBBIO_ctrl()\fR call. .SH "HISTORY" .IX Header "HISTORY" Before OpenSSL 1.0.0., the call to \fBBIO_get_md_ctx()\fR would only work if the \&\s-1BIO\s0 was initialized first. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!33SSL_CIPHER_get_name.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CIPHER_GET_NAME 3" .TH SSL_CIPHER_GET_NAME 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CIPHER_get_name, SSL_CIPHER_standard_name, OPENSSL_cipher_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description, SSL_CIPHER_get_cipher_nid, SSL_CIPHER_get_digest_nid, SSL_CIPHER_get_handshake_digest, SSL_CIPHER_get_kx_nid, SSL_CIPHER_get_auth_nid, SSL_CIPHER_is_aead, SSL_CIPHER_find, SSL_CIPHER_get_id, SSL_CIPHER_get_protocol_id \&\- get SSL_CIPHER properties .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); \& const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher); \& const char *OPENSSL_cipher_name(const char *stdname); \& int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); \& char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); \& char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size); \& int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); \& int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); \& const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); \& int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); \& int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); \& int SSL_CIPHER_is_aead(const SSL_CIPHER *c); \& const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); \& uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); \& uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the \&\fBcipher\fR is \s-1NULL,\s0 it returns \*(L"(\s-1NONE\s0)\*(R". .PP \&\fBSSL_CIPHER_standard_name()\fR returns a pointer to the standard \s-1RFC\s0 name of \&\fBcipher\fR. If the \fBcipher\fR is \s-1NULL,\s0 it returns \*(L"(\s-1NONE\s0)\*(R". If the \fBcipher\fR has no standard name, it returns \fB\s-1NULL\s0\fR. If \fBcipher\fR was defined in both SSLv3 and \s-1TLS,\s0 it returns the \s-1TLS\s0 name. .PP \&\fBOPENSSL_cipher_name()\fR returns a pointer to the OpenSSL name of \fBstdname\fR. If the \fBstdname\fR is \s-1NULL,\s0 or \fBstdname\fR has no corresponding OpenSSL name, it returns \*(L"(\s-1NONE\s0)\*(R". Where both exist, \fBstdname\fR should be the \s-1TLS\s0 name rather than the SSLv3 name. .PP \&\fBSSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. If \fBcipher\fR is \s-1NULL, 0\s0 is returned. .PP \&\fBSSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol version that first defined the cipher. It returns \*(L"(\s-1NONE\s0)\*(R" if \fBcipher\fR is \s-1NULL.\s0 .PP \&\fBSSL_CIPHER_get_cipher_nid()\fR returns the cipher \s-1NID\s0 corresponding to \fBc\fR. If there is no cipher (e.g. for cipher suites with no encryption) then \&\fBNID_undef\fR is returned. .PP \&\fBSSL_CIPHER_get_digest_nid()\fR returns the digest \s-1NID\s0 corresponding to the \s-1MAC\s0 used by \fBc\fR during record encryption/decryption. If there is no digest (e.g. for \s-1AEAD\s0 cipher suites) then \fBNID_undef\fR is returned. .PP \&\fBSSL_CIPHER_get_handshake_digest()\fR returns an \s-1EVP_MD\s0 for the digest used during the \s-1SSL/TLS\s0 handshake when using the \s-1SSL_CIPHER\s0 \fBc\fR. Note that this may be different to the digest used to calculate the \s-1MAC\s0 for encrypted records. .PP \&\fBSSL_CIPHER_get_kx_nid()\fR returns the key exchange \s-1NID\s0 corresponding to the method used by \fBc\fR. If there is no key exchange, then \fBNID_undef\fR is returned. If any appropriate key exchange algorithm can be used (as in the case of \s-1TLS 1.3\s0 cipher suites) \fBNID_kx_any\fR is returned. Examples (not comprehensive): .PP .Vb 4 \& NID_kx_rsa \& NID_kx_ecdhe \& NID_kx_dhe \& NID_kx_psk .Ve .PP \&\fBSSL_CIPHER_get_auth_nid()\fR returns the authentication \s-1NID\s0 corresponding to the method used by \fBc\fR. If there is no authentication, then \fBNID_undef\fR is returned. If any appropriate authentication algorithm can be used (as in the case of \&\s-1TLS 1.3\s0 cipher suites) \fBNID_auth_any\fR is returned. Examples (not comprehensive): .PP .Vb 3 \& NID_auth_rsa \& NID_auth_ecdsa \& NID_auth_psk .Ve .PP \&\fBSSL_CIPHER_is_aead()\fR returns 1 if the cipher \fBc\fR is \s-1AEAD\s0 (e.g. \s-1GCM\s0 or ChaCha20/Poly1305), and 0 if it is not \s-1AEAD.\s0 .PP \&\fBSSL_CIPHER_find()\fR returns a \fB\s-1SSL_CIPHER\s0\fR structure which has the cipher \s-1ID\s0 stored in \fBptr\fR. The \fBptr\fR parameter is a two element array of \fBchar\fR, which stores the two-byte \s-1TLS\s0 cipher \s-1ID\s0 (as allocated by \s-1IANA\s0) in network byte order. This parameter is usually retrieved from a \s-1TLS\s0 packet by using functions like \&\fBSSL_client_hello_get0_ciphers\fR\|(3). \fBSSL_CIPHER_find()\fR returns \s-1NULL\s0 if an error occurs or the indicated cipher is not found. .PP \&\fBSSL_CIPHER_get_id()\fR returns the OpenSSL-specific \s-1ID\s0 of the given cipher \fBc\fR. That \s-1ID\s0 is not the same as the IANA-specific \s-1ID.\s0 .PP \&\fBSSL_CIPHER_get_protocol_id()\fR returns the two-byte \s-1ID\s0 used in the \s-1TLS\s0 protocol of the given cipher \fBc\fR. .PP \&\fBSSL_CIPHER_description()\fR returns a textual description of the cipher used into the buffer \fBbuf\fR of length \fBlen\fR provided. If \fBbuf\fR is provided, it must be at least 128 bytes, otherwise a buffer will be allocated using \&\fBOPENSSL_malloc()\fR. If the provided buffer is too small, or the allocation fails, \&\fB\s-1NULL\s0\fR is returned. .PP The string returned by \fBSSL_CIPHER_description()\fR consists of several fields separated by whitespace: .IP "" 4 .IX Item "" Textual representation of the cipher name. .IP "" 4 .IX Item "" The minimum protocol version that the ciphersuite supports, such as \fBTLSv1.2\fR. Note that this is not always the same as the protocol version in which the ciphersuite was first defined because some ciphersuites are backwards compatible with earlier protocol versions. .IP "Kx=" 4 .IX Item "Kx=" Key exchange method such as \fB\s-1RSA\s0\fR, \fB\s-1ECDHE\s0\fR, etc. .IP "Au=" 4 .IX Item "Au=" Authentication method such as \fB\s-1RSA\s0\fR, \fBNone\fR, etc.. None is the representation of anonymous ciphers. .IP "Enc=" 4 .IX Item "Enc=" Encryption method, with number of secret bits, such as \fB\s-1AESGCM\s0(128)\fR. .IP "Mac=" 4 .IX Item "Mac=" Message digest, such as \fB\s-1SHA256\s0\fR. .PP Some examples for the output of \fBSSL_CIPHER_description()\fR: .PP .Vb 2 \& ECDHE\-RSA\-AES256\-GCM\-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD \& RSA\-PSK\-AES256\-CBC\-SHA384 TLSv1.0 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384 .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CIPHER_get_name()\fR, \fBSSL_CIPHER_standard_name()\fR, \fBOPENSSL_cipher_name()\fR, \&\fBSSL_CIPHER_get_version()\fR and \fBSSL_CIPHER_description()\fR return the corresponding value in a null-terminated string for a specific cipher or \*(L"(\s-1NONE\s0)\*(R" if the cipher is not found. .PP \&\fBSSL_CIPHER_get_bits()\fR returns a positive integer representing the number of secret bits or 0 if an error occurred. .PP \&\fBSSL_CIPHER_get_cipher_nid()\fR, \fBSSL_CIPHER_get_digest_nid()\fR, \&\fBSSL_CIPHER_get_kx_nid()\fR and \fBSSL_CIPHER_get_auth_nid()\fR return the \s-1NID\s0 value or \&\fBNID_undef\fR if an error occurred. .PP \&\fBSSL_CIPHER_get_handshake_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occurred. .PP \&\fBSSL_CIPHER_is_aead()\fR returns 1 if the cipher is \s-1AEAD\s0 or 0 otherwise. .PP \&\fBSSL_CIPHER_find()\fR returns a valid \fB\s-1SSL_CIPHER\s0\fR structure or \s-1NULL\s0 if an error occurred. .PP \&\fBSSL_CIPHER_get_id()\fR returns a 4\-byte integer representing the OpenSSL-specific \s-1ID.\s0 .PP \&\fBSSL_CIPHER_get_protocol_id()\fR returns a 2\-byte integer representing the \s-1TLS\s0 protocol-specific \s-1ID.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_current_cipher\fR\|(3), \&\fBSSL_get_ciphers\fR\|(3), \fBciphers\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_CIPHER_get_version()\fR function was updated to always return the correct protocol string in OpenSSL 1.1.0. .PP The \fBSSL_CIPHER_description()\fR function was changed to return \fB\s-1NULL\s0\fR on error, rather than a fixed string, in OpenSSL 1.1.0. .PP The \fBSSL_CIPHER_get_handshake_digest()\fR function was added in OpenSSL 1.1.1. .PP The \fBSSL_CIPHER_standard_name()\fR function was globally available in OpenSSL 1.1.1. Before OpenSSL 1.1.1, tracing (\fBenable-ssl-trace\fR argument to Configure) was required to enable this function. .PP The \fBOPENSSL_cipher_name()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!7$$ PKCS7_sign.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PKCS7_SIGN 3" .TH PKCS7_SIGN 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" PKCS7_sign \- create a PKCS#7 signedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, \& BIO *data, int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \&\fIsigncert\fR is the certificate to sign with, \fIpkey\fR is the corresponding private key. \fIcerts\fR is an optional set of extra certificates to include in the PKCS#7 structure (for example any intermediate CAs in the chain). .PP The data to be signed is read from \s-1BIO\s0 \fIdata\fR. .PP \&\fIflags\fR is an optional set of flags. .PP Any of the following flags (ored together) can be passed in the \fIflags\fR .PP Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \f(CW\*(C`text/plain\*(C'\fR are prepended to the data. .PP If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate and the extra \fIcerts\fR will not be included in the \s-1PKCS7\s0 structure. The signer's certificate must still be supplied in the \fIsigncert\fR parameter though. This can reduce the size of the signatures if the signer's certificates can be obtained by other means: for example a previously signed message. .PP The data being signed is included in the \s-1PKCS7\s0 structure, unless \&\fB\s-1PKCS7_DETACHED\s0\fR is set in which case it is omitted. This is used for \s-1PKCS7\s0 detached signatures which are used in S/MIME plaintext signed messages for example. .PP Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. .PP The signedData structure includes several PKCS#7 authenticatedAttributes including the signing time, the PKCS#7 content type and the supported list of ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are omitted. .PP If present the SMIMECapabilities attribute indicates support for the following algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of these algorithms is disabled then it will not be included. .PP If the flags \fB\s-1PKCS7_STREAM\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure is just initialized ready to perform the signing operation. The signing is however \&\fBnot\fR performed and the data to be signed is not read from the \fIdata\fR parameter. Signing is deferred until after the data has been written. In this way data can be signed in a single pass. .PP If the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output to which additional signers and capabilities can be added before finalization. .SH "NOTES" .IX Header "NOTES" If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR complete and outputting its contents via a function that does not properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results. .PP Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream()\fR, \&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using \&\fBBIO_new_PKCS7()\fR. .PP If a signer is specified it will use the default digest for the signing algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. .PP The \fIcerts\fR, \fIsigncert\fR and \fIpkey\fR parameters can all be \&\s-1NULL\s0 if the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set. One or more signers can be added using the function \fBPKCS7_sign_add_signer()\fR. \fBPKCS7_final()\fR must also be called to finalize the structure if streaming is not enabled. Alternative signing digests can also be specified using this method. .PP If \fIsigncert\fR and \fIpkey\fR are \s-1NULL\s0 then a certificates only PKCS#7 structure is output. .PP In versions of OpenSSL before 1.0.0 the \fIsigncert\fR and \fIpkey\fR parameters must not be \s-1NULL.\s0 .SH "BUGS" .IX Header "BUGS" Some advanced attributes such as counter signatures are not supported. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBPKCS7_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fB\s-1PKCS7_PARTIAL\s0\fR flag, and the ability for \fIcerts\fR, \fIsigncert\fR, and \fIpkey\fR parameters to be \s-1NULL\s0 were added in OpenSSL 1.0.0. .PP The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!/z[))$SSL_CTX_set_ct_validation_callback.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CT_VALIDATION_CALLBACK 3" .TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ssl_ct_validation_cb, SSL_enable_ct, SSL_CTX_enable_ct, SSL_disable_ct, SSL_CTX_disable_ct, SSL_set_ct_validation_callback, SSL_CTX_set_ct_validation_callback, SSL_ct_is_enabled, SSL_CTX_ct_is_enabled \- control Certificate Transparency policy .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, \& const STACK_OF(SCT) *scts, void *arg); \& \& int SSL_enable_ct(SSL *s, int validation_mode); \& int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); \& int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, \& void *arg); \& int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, \& ssl_ct_validation_cb callback, \& void *arg); \& void SSL_disable_ct(SSL *s); \& void SSL_CTX_disable_ct(SSL_CTX *ctx); \& int SSL_ct_is_enabled(const SSL *s); \& int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_enable_ct()\fR and \fBSSL_CTX_enable_ct()\fR enable the processing of signed certificate timestamps (SCTs) either for a given \s-1SSL\s0 connection or for all connections that share the given \s-1SSL\s0 context, respectively. This is accomplished by setting a built-in \s-1CT\s0 validation callback. The behaviour of the callback is determined by the \fBvalidation_mode\fR argument, which can be either of \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR or \&\fB\s-1SSL_CT_VALIDATION_STRICT\s0\fR as described below. .PP If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_STRICT\s0\fR, then in a full \&\s-1TLS\s0 handshake with the verification mode set to \fB\s-1SSL_VERIFY_PEER\s0\fR, if the peer presents no valid SCTs the handshake will be aborted. If the verification mode is \fB\s-1SSL_VERIFY_NONE\s0\fR, the handshake will continue despite lack of valid SCTs. However, in that case if the verification status before the built-in callback was \fBX509_V_OK\fR it will be set to \fBX509_V_ERR_NO_VALID_SCTS\fR after the callback. Applications can call \fBSSL_get_verify_result\fR\|(3) to check the status at handshake completion, even after session resumption since the verification status is part of the saved session state. See \fBSSL_set_verify\fR\|(3), <\fBSSL_get_verify_result\fR\|(3)>, \fBSSL_session_reused\fR\|(3). .PP If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR, then the handshake continues, and the verification status is not modified, regardless of the validation status of any SCTs. The application can still inspect the validation status of the SCTs at handshake completion. Note that with session resumption there will not be any SCTs presented during the handshake. Therefore, in applications that delay \s-1SCT\s0 policy enforcement until after handshake completion, such delayed \s-1SCT\s0 checks should only be performed when the session is not resumed. .PP \&\fBSSL_set_ct_validation_callback()\fR and \fBSSL_CTX_set_ct_validation_callback()\fR register a custom callback that may implement a different policy than either of the above. This callback can examine the peer's SCTs and determine whether they are sufficient to allow the connection to continue. The \s-1TLS\s0 handshake is aborted if the verification mode is not \fB\s-1SSL_VERIFY_NONE\s0\fR and the callback returns a non-positive result. .PP An arbitrary callback context argument, \fBarg\fR, can be passed in when setting the callback. This will be passed to the callback whenever it is invoked. Ownership of this context remains with the caller. .PP If no callback is set, SCTs will not be requested and Certificate Transparency validation will not occur. .PP No callback will be invoked when the peer presents no certificate, e.g. by employing an anonymous (aNULL) cipher suite. In that case the handshake continues as it would had no callback been requested. Callbacks are also not invoked when the peer certificate chain is invalid or validated via \s-1\fBDANE\-TA\s0\fR\|(2) or \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records which use a private X.509 \&\s-1PKI,\s0 or no X.509 \s-1PKI\s0 at all, respectively. Clients that require SCTs are expected to not have enabled any aNULL ciphers nor to have specified server verification via \s-1\fBDANE\-TA\s0\fR\|(2) or \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records. .PP \&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR turn off \s-1CT\s0 processing, whether enabled via the built-in or the custom callbacks, by setting a \s-1NULL\s0 callback. These may be implemented as macros. .PP \&\fBSSL_ct_is_enabled()\fR and \fBSSL_CTX_ct_is_enabled()\fR return 1 if \s-1CT\s0 processing is enabled via either \fBSSL_enable_ct()\fR or a non-null custom callback, and 0 otherwise. .SH "NOTES" .IX Header "NOTES" When \s-1SCT\s0 processing is enabled, \s-1OCSP\s0 stapling will be enabled. This is because one possible source of SCTs is the \s-1OCSP\s0 response from a server. .PP The time returned by \fBSSL_SESSION_get_time()\fR will be used to evaluate whether any presented SCTs have timestamps that are in the future (and therefore invalid). .SH "RESTRICTIONS" .IX Header "RESTRICTIONS" Certificate Transparency validation cannot be enabled and so a callback cannot be set if a custom client extension handler has been registered to handle \s-1SCT\s0 extensions (\fBTLSEXT_TYPE_signed_certificate_timestamp\fR). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_enable_ct()\fR, \fBSSL_CTX_enable_ct()\fR, \fBSSL_CTX_set_ct_validation_callback()\fR and \&\fBSSL_set_ct_validation_callback()\fR return 1 if the \fBcallback\fR is successfully set. They return 0 if an error occurs, e.g. a custom client extension handler has been setup to handle SCTs. .PP \&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR do not return a result. .PP \&\fBSSL_CTX_ct_is_enabled()\fR and \fBSSL_ct_is_enabled()\fR return a 1 if a non-null \s-1CT\s0 validation callback is set, or 0 if no callback (or equivalently a \s-1NULL\s0 callback) is set. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), <\fBSSL_get_verify_result\fR\|(3)>, \&\fBSSL_session_reused\fR\|(3), \&\fBSSL_set_verify\fR\|(3), \&\fBSSL_CTX_set_verify\fR\|(3), \&\fBSSL_SESSION_get_time\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!I!!*SSL_CTX_set_stateless_cookie_generate_cb.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3" .TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_stateless_cookie_generate_cb, SSL_CTX_set_stateless_cookie_verify_cb, SSL_CTX_set_cookie_generate_cb, SSL_CTX_set_cookie_verify_cb \&\- Callback functions for stateless TLS1.3 cookies .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CTX_set_stateless_cookie_generate_cb( \& SSL_CTX *ctx, \& int (*gen_stateless_cookie_cb) (SSL *ssl, \& unsigned char *cookie, \& size_t *cookie_len)); \& void SSL_CTX_set_stateless_cookie_verify_cb( \& SSL_CTX *ctx, \& int (*verify_stateless_cookie_cb) (SSL *ssl, \& const unsigned char *cookie, \& size_t cookie_len)); \& \& void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, \& int (*app_gen_cookie_cb) (SSL *ssl, \& unsigned char \& *cookie, \& unsigned int \& *cookie_len)); \& void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, \& int (*app_verify_cookie_cb) (SSL *ssl, \& const unsigned \& char *cookie, \& unsigned int \& cookie_len)); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_stateless_cookie_generate_cb()\fR sets the callback used by \&\fBSSL_stateless\fR\|(3) to generate the application-controlled portion of the cookie provided to clients in the HelloRetryRequest transmitted as a response to a ClientHello with a missing or invalid cookie. \fBgen_stateless_cookie_cb()\fR must write at most \s-1SSL_COOKIE_LENGTH\s0 bytes into \fBcookie\fR, and must write the number of bytes written to \fBcookie_len\fR. If a cookie cannot be generated, a zero return value can be used to abort the handshake. .PP \&\fBSSL_CTX_set_stateless_cookie_verify_cb()\fR sets the callback used by \&\fBSSL_stateless\fR\|(3) to determine whether the application-controlled portion of a ClientHello cookie is valid. The cookie data is pointed to by \fBcookie\fR and is of length \fBcookie_len\fR. A nonzero return value from \fBverify_stateless_cookie_cb()\fR communicates that the cookie is valid. The integrity of the entire cookie, including the application-controlled portion, is automatically verified by \s-1HMAC\s0 before \fBverify_stateless_cookie_cb()\fR is called. .PP \&\fBSSL_CTX_set_cookie_generate_cb()\fR sets the callback used by \fBDTLSv1_listen\fR\|(3) to generate the cookie provided to clients in the HelloVerifyRequest transmitted as a response to a ClientHello with a missing or invalid cookie. \&\fBapp_gen_cookie_cb()\fR must write at most \s-1DTLS1_COOKIE_LENGTH\s0 bytes into \&\fBcookie\fR, and must write the number of bytes written to \fBcookie_len\fR. If a cookie cannot be generated, a zero return value can be used to abort the handshake. .PP \&\fBSSL_CTX_set_cookie_verify_cb()\fR sets the callback used by \fBDTLSv1_listen\fR\|(3) to determine whether the cookie in a ClientHello is valid. The cookie data is pointed to by \fBcookie\fR and is of length \fBcookie_len\fR. A nonzero return value from \fBapp_verify_cookie_cb()\fR communicates that the cookie is valid. The integrity of the cookie is not verified by OpenSSL. This is an application responsibility. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Neither function returns a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_stateless\fR\|(3), \&\fBDTLSv1_listen\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBSSL_CTX_set_stateless_cookie_generate_cb()\fR and \&\fBSSL_CTX_set_stateless_cookie_verify_cb()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!P< SSL_CTX_set_ssl_version.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SSL_VERSION 3" .TH SSL_CTX_SET_SSL_VERSION 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method \&\- choose a new TLS/SSL method .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method); \& int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); \& const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with \&\fBSSL_new\fR\|(3) are not affected, except when \&\fBSSL_clear\fR\|(3) is being called. .PP \&\fBSSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR object. It may be reset, when \fBSSL_clear()\fR is called. .PP \&\fBSSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method set in \fBssl\fR. .SH "NOTES" .IX Header "NOTES" The available \fBmethod\fR choices are described in \&\fBSSL_CTX_new\fR\|(3). .PP When \fBSSL_clear\fR\|(3) is called and no session is connected to an \s-1SSL\s0 object, the method of the \s-1SSL\s0 object is reset to the method currently set in the corresponding \s-1SSL_CTX\s0 object. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur for \fBSSL_CTX_set_ssl_version()\fR and \fBSSL_set_ssl_method()\fR: .IP "0" 4 The new choice failed, check the error stack to find out the reason. .IP "1" 4 .IX Item "1" The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_new\fR\|(3), \fBSSL_new\fR\|(3), \&\fBSSL_clear\fR\|(3), \fBssl\fR\|(7), \&\fBSSL_set_connect_state\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ɨG X509_digest.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_DIGEST 3" .TH X509_DIGEST 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_digest, X509_CRL_digest, X509_pubkey_digest, X509_NAME_digest, X509_REQ_digest, PKCS7_ISSUER_AND_SERIAL_digest \&\- get digest of various objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, \& unsigned int *len); \& \& int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, \& unsigned int *len); \& \& int X509_pubkey_digest(const X509 *data, const EVP_MD *type, \& unsigned char *md, unsigned int *len); \& \& int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, \& unsigned char *md, unsigned int *len); \& \& int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, \& unsigned char *md, unsigned int *len); \& \& #include \& \& int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, \& const EVP_MD *type, unsigned char *md, \& unsigned int *len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_pubkey_digest()\fR returns a digest of the \s-1DER\s0 representation of the public key in the specified X509 \fBdata\fR object. All other functions described here return a digest of the \s-1DER\s0 representation of their entire \fBdata\fR objects. .PP The \fBtype\fR parameter specifies the digest to be used, such as \fBEVP_sha1()\fR. The \fBmd\fR is a pointer to the buffer where the digest will be copied and is assumed to be large enough; the constant \&\fB\s-1EVP_MAX_MD_SIZE\s0\fR is suggested. The \fBlen\fR parameter, if not \s-1NULL,\s0 points to a place where the digest size will be stored. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All functions described here return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_sha1\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!\S@;;EVP_CIPHER_meth_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_CIPHER_METH_NEW 3" .TH EVP_CIPHER_METH_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free, EVP_CIPHER_meth_set_iv_length, EVP_CIPHER_meth_set_flags, EVP_CIPHER_meth_set_impl_ctx_size, EVP_CIPHER_meth_set_init, EVP_CIPHER_meth_set_do_cipher, EVP_CIPHER_meth_set_cleanup, EVP_CIPHER_meth_set_set_asn1_params, EVP_CIPHER_meth_set_get_asn1_params, EVP_CIPHER_meth_set_ctrl, EVP_CIPHER_meth_get_init, EVP_CIPHER_meth_get_do_cipher, EVP_CIPHER_meth_get_cleanup, EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params, EVP_CIPHER_meth_get_ctrl \- Routines to build up EVP_CIPHER methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); \& EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); \& void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); \& \& int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); \& int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); \& int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); \& int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, \& int (*init)(EVP_CIPHER_CTX *ctx, \& const unsigned char *key, \& const unsigned char *iv, \& int enc)); \& int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, \& int (*do_cipher)(EVP_CIPHER_CTX *ctx, \& unsigned char *out, \& const unsigned char *in, \& size_t inl)); \& int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, \& int (*cleanup)(EVP_CIPHER_CTX *)); \& int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, \& int (*set_asn1_parameters)(EVP_CIPHER_CTX *, \& ASN1_TYPE *)); \& int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, \& int (*get_asn1_parameters)(EVP_CIPHER_CTX *, \& ASN1_TYPE *)); \& int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, \& int (*ctrl)(EVP_CIPHER_CTX *, int type, \& int arg, void *ptr)); \& \& int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, \& const unsigned char *key, \& const unsigned char *iv, \& int enc); \& int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, \& unsigned char *out, \& const unsigned char *in, \& size_t inl); \& int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); \& int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, \& ASN1_TYPE *); \& int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, \& ASN1_TYPE *); \& int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, \& int type, int arg, \& void *ptr); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fB\s-1EVP_CIPHER\s0\fR type is a structure for symmetric cipher method implementation. .PP \&\fBEVP_CIPHER_meth_new()\fR creates a new \fB\s-1EVP_CIPHER\s0\fR structure. .PP \&\fBEVP_CIPHER_meth_dup()\fR creates a copy of \fBcipher\fR. .PP \&\fBEVP_CIPHER_meth_free()\fR destroys a \fB\s-1EVP_CIPHER\s0\fR structure. .PP \&\fBEVP_CIPHER_meth_set_iv_length()\fR sets the length of the \s-1IV.\s0 This is only needed when the implemented cipher mode requires it. .PP \&\fBEVP_CIPHER_meth_set_flags()\fR sets the flags to describe optional behaviours in the particular \fBcipher\fR. With the exception of cipher modes, of which only one may be present, several flags can be or'd together. The available flags are: .IP "\s-1EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE\s0" 4 .IX Item "EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE" The cipher mode. .IP "\s-1EVP_CIPH_VARIABLE_LENGTH\s0" 4 .IX Item "EVP_CIPH_VARIABLE_LENGTH" This cipher is of variable length. .IP "\s-1EVP_CIPH_CUSTOM_IV\s0" 4 .IX Item "EVP_CIPH_CUSTOM_IV" Storing and initialising the \s-1IV\s0 is left entirely to the implementation. .IP "\s-1EVP_CIPH_ALWAYS_CALL_INIT\s0" 4 .IX Item "EVP_CIPH_ALWAYS_CALL_INIT" Set this if the implementation's \fBinit()\fR function should be called even if \fBkey\fR is \fB\s-1NULL\s0\fR. .IP "\s-1EVP_CIPH_CTRL_INIT\s0" 4 .IX Item "EVP_CIPH_CTRL_INIT" Set this to have the implementation's \fBctrl()\fR function called with command code \fB\s-1EVP_CTRL_INIT\s0\fR early in its setup. .IP "\s-1EVP_CIPH_CUSTOM_KEY_LENGTH\s0" 4 .IX Item "EVP_CIPH_CUSTOM_KEY_LENGTH" Checking and setting the key length after creating the \fB\s-1EVP_CIPHER\s0\fR is left to the implementation. Whenever someone uses \fBEVP_CIPHER_CTX_set_key_length()\fR on a \&\fB\s-1EVP_CIPHER\s0\fR with this flag set, the implementation's \fBctrl()\fR function will be called with the control code \fB\s-1EVP_CTRL_SET_KEY_LENGTH\s0\fR and the key length in \fBarg\fR. .IP "\s-1EVP_CIPH_NO_PADDING\s0" 4 .IX Item "EVP_CIPH_NO_PADDING" Don't use standard block padding. .IP "\s-1EVP_CIPH_RAND_KEY\s0" 4 .IX Item "EVP_CIPH_RAND_KEY" Making a key with random content is left to the implementation. This is done by calling the implementation's \fBctrl()\fR function with the control code \fB\s-1EVP_CTRL_RAND_KEY\s0\fR and the pointer to the key memory storage in \fBptr\fR. .IP "\s-1EVP_CIPH_CUSTOM_COPY\s0" 4 .IX Item "EVP_CIPH_CUSTOM_COPY" Set this to have the implementation's \fBctrl()\fR function called with command code \fB\s-1EVP_CTRL_COPY\s0\fR at the end of \fBEVP_CIPHER_CTX_copy()\fR. The intended use is for further things to deal with after the implementation specific data block has been copied. The destination \fB\s-1EVP_CIPHER_CTX\s0\fR is passed to the control with the \&\fBptr\fR parameter. The implementation specific data block is reached with \&\fBEVP_CIPHER_CTX_get_cipher_data()\fR. .IP "\s-1EVP_CIPH_FLAG_DEFAULT_ASN1\s0" 4 .IX Item "EVP_CIPH_FLAG_DEFAULT_ASN1" Use the default \s-1EVP\s0 routines to pass \s-1IV\s0 to and from \s-1ASN.1.\s0 .IP "\s-1EVP_CIPH_FLAG_LENGTH_BITS\s0" 4 .IX Item "EVP_CIPH_FLAG_LENGTH_BITS" Signals that the length of the input buffer for encryption / decryption is to be understood as the number of bits instead of bytes for this implementation. This is only useful for \s-1CFB1\s0 ciphers. .IP "\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0" 4 .IX Item "EVP_CIPH_FLAG_CUSTOM_CIPHER" This indicates that the implementation takes care of everything, including padding, buffering and finalization. The \s-1EVP\s0 routines will simply give them control and do nothing more. .IP "\s-1EVP_CIPH_FLAG_AEAD_CIPHER\s0" 4 .IX Item "EVP_CIPH_FLAG_AEAD_CIPHER" This indicates that this is an \s-1AEAD\s0 cipher implementation. .IP "\s-1EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK\s0" 4 .IX Item "EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK" Allow interleaving of crypto blocks, a particular optimization only applicable to certain \s-1TLS\s0 ciphers. .PP \&\fBEVP_CIPHER_meth_set_impl_ctx_size()\fR sets the size of the \s-1EVP_CIPHER\s0's implementation context so that it can be automatically allocated. .PP \&\fBEVP_CIPHER_meth_set_init()\fR sets the cipher init function for \&\fBcipher\fR. The cipher init function is called by \fBEVP_CipherInit()\fR, \&\fBEVP_CipherInit_ex()\fR, \fBEVP_EncryptInit()\fR, \fBEVP_EncryptInit_ex()\fR, \&\fBEVP_DecryptInit()\fR, \fBEVP_DecryptInit_ex()\fR. .PP \&\fBEVP_CIPHER_meth_set_do_cipher()\fR sets the cipher function for \&\fBcipher\fR. The cipher function is called by \fBEVP_CipherUpdate()\fR, \&\fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR, \fBEVP_CipherFinal()\fR, \&\fBEVP_EncryptFinal()\fR, \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptFinal()\fR and \&\fBEVP_DecryptFinal_ex()\fR. .PP \&\fBEVP_CIPHER_meth_set_cleanup()\fR sets the function for \fBcipher\fR to do extra cleanup before the method's private data structure is cleaned out and freed. Note that the cleanup function is passed a \fB\s-1EVP_CIPHER_CTX\s0 *\fR, the private data structure is then available with \&\fBEVP_CIPHER_CTX_get_cipher_data()\fR. This cleanup function is called by \fBEVP_CIPHER_CTX_reset()\fR and \&\fBEVP_CIPHER_CTX_free()\fR. .PP \&\fBEVP_CIPHER_meth_set_set_asn1_params()\fR sets the function for \fBcipher\fR to set the AlgorithmIdentifier \*(L"parameter\*(R" based on the passed cipher. This function is called by \fBEVP_CIPHER_param_to_asn1()\fR. \&\fBEVP_CIPHER_meth_set_get_asn1_params()\fR sets the function for \fBcipher\fR that sets the cipher parameters based on an \s-1ASN.1\s0 AlgorithmIdentifier \&\*(L"parameter\*(R". Both these functions are needed when there is a need for custom data (more or other than the cipher \s-1IV\s0). They are called by \fBEVP_CIPHER_param_to_asn1()\fR and \&\fBEVP_CIPHER_asn1_to_param()\fR respectively if defined. .PP \&\fBEVP_CIPHER_meth_set_ctrl()\fR sets the control function for \fBcipher\fR. .PP \&\fBEVP_CIPHER_meth_get_init()\fR, \fBEVP_CIPHER_meth_get_do_cipher()\fR, \&\fBEVP_CIPHER_meth_get_cleanup()\fR, \fBEVP_CIPHER_meth_get_set_asn1_params()\fR, \&\fBEVP_CIPHER_meth_get_get_asn1_params()\fR and \fBEVP_CIPHER_meth_get_ctrl()\fR are all used to retrieve the method data given with the EVP_CIPHER_meth_set_*() functions above. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_CIPHER_meth_new()\fR and \fBEVP_CIPHER_meth_dup()\fR return a pointer to a newly created \fB\s-1EVP_CIPHER\s0\fR, or \s-1NULL\s0 on failure. All EVP_CIPHER_meth_set_*() functions return 1. All EVP_CIPHER_meth_get_*() functions return pointers to their respective \fBcipher\fR function. .SH "SEE ALSO" .IX Header "SEE ALSO" EVP_EncryptInit .SH "HISTORY" .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!~SSL_SESSION_free.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SESSION_FREE 3" .TH SSL_SESSION_FREE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_SESSION_new, SSL_SESSION_dup, SSL_SESSION_up_ref, SSL_SESSION_free \- create, free and manage SSL_SESSION structures .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& SSL_SESSION *SSL_SESSION_new(void); \& SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src); \& int SSL_SESSION_up_ref(SSL_SESSION *ses); \& void SSL_SESSION_free(SSL_SESSION *session); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_SESSION_new()\fR creates a new \s-1SSL_SESSION\s0 structure and returns a pointer to it. .PP \&\fBSSL_SESSION_dup()\fR copies the contents of the \s-1SSL_SESSION\s0 structure in \fBsrc\fR and returns a pointer to it. .PP \&\fBSSL_SESSION_up_ref()\fR increments the reference count on the given \s-1SSL_SESSION\s0 structure. .PP \&\fBSSL_SESSION_free()\fR decrements the reference count of \fBsession\fR and removes the \fB\s-1SSL_SESSION\s0\fR structure pointed to by \fBsession\fR and frees up the allocated memory, if the reference count has reached 0. If \fBsession\fR is \s-1NULL\s0 nothing is done. .SH "NOTES" .IX Header "NOTES" \&\s-1SSL_SESSION\s0 objects are allocated, when a \s-1TLS/SSL\s0 handshake operation is successfully completed. Depending on the settings, see \&\fBSSL_CTX_set_session_cache_mode\fR\|(3), the \s-1SSL_SESSION\s0 objects are internally referenced by the \s-1SSL_CTX\s0 and linked into its session cache. \s-1SSL\s0 objects may be using the \s-1SSL_SESSION\s0 object; as a session may be reused, several \s-1SSL\s0 objects may be using one \s-1SSL_SESSION\s0 object at the same time. It is therefore crucial to keep the reference count (usage information) correct and not delete a \s-1SSL_SESSION\s0 object that is still used, as this may lead to program failures due to dangling pointers. These failures may also appear delayed, e.g. when an \s-1SSL_SESSION\s0 object was completely freed as the reference count incorrectly became 0, but it is still referenced in the internal session cache and the cache list is processed during a \&\fBSSL_CTX_flush_sessions\fR\|(3) operation. .PP \&\fBSSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for which the reference count was explicitly incremented (e.g. by calling \fBSSL_get1_session()\fR, see \fBSSL_get_session\fR\|(3)) or when the \s-1SSL_SESSION\s0 object was generated outside a \s-1TLS\s0 handshake operation, e.g. by using \fBd2i_SSL_SESSION\fR\|(3). It must not be called on other \s-1SSL_SESSION\s0 objects, as this would cause incorrect reference counts and therefore program failures. .SH "RETURN VALUES" .IX Header "RETURN VALUES" SSL_SESSION_new returns a pointer to the newly allocated \s-1SSL_SESSION\s0 structure or \s-1NULL\s0 on error. .PP SSL_SESSION_up_ref returns 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_session\fR\|(3), \&\fBSSL_CTX_set_session_cache_mode\fR\|(3), \&\fBSSL_CTX_flush_sessions\fR\|(3), \&\fBd2i_SSL_SESSION\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_SESSION_dup()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!GAJK&K& BIO_ADDR.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_ADDR 3" .TH BIO_ADDR 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_ADDR, BIO_ADDR_new, BIO_ADDR_clear, BIO_ADDR_free, BIO_ADDR_rawmake, BIO_ADDR_family, BIO_ADDR_rawaddress, BIO_ADDR_rawport, BIO_ADDR_hostname_string, BIO_ADDR_service_string, BIO_ADDR_path_string \- BIO_ADDR routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 \& #include \& #include \& \& typedef union bio_addr_st BIO_ADDR; \& \& BIO_ADDR *BIO_ADDR_new(void); \& void BIO_ADDR_free(BIO_ADDR *); \& void BIO_ADDR_clear(BIO_ADDR *ap); \& int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, \& const void *where, size_t wherelen, unsigned short port); \& int BIO_ADDR_family(const BIO_ADDR *ap); \& int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l); \& unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap); \& char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric); \& char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); \& char *BIO_ADDR_path_string(const BIO_ADDR *ap); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fB\s-1BIO_ADDR\s0\fR type is a wrapper around all types of socket addresses that OpenSSL deals with, currently transparently supporting \s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX\s0 according to what's available on the platform at hand. .PP \&\fBBIO_ADDR_new()\fR creates a new unfilled \fB\s-1BIO_ADDR\s0\fR, to be used with routines that will fill it with information, such as \&\fBBIO_accept_ex()\fR. .PP \&\fBBIO_ADDR_free()\fR frees a \fB\s-1BIO_ADDR\s0\fR created with \fBBIO_ADDR_new()\fR. .PP \&\fBBIO_ADDR_clear()\fR clears any data held within the provided \fB\s-1BIO_ADDR\s0\fR and sets it back to an uninitialised state. .PP \&\fBBIO_ADDR_rawmake()\fR takes a protocol \fBfamily\fR, a byte array of size \fBwherelen\fR with an address in network byte order pointed at by \fBwhere\fR and a port number in network byte order in \fBport\fR (except for the \fB\s-1AF_UNIX\s0\fR protocol family, where \fBport\fR is meaningless and therefore ignored) and populates the given \fB\s-1BIO_ADDR\s0\fR with them. In case this creates a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBwherelen\fR is expected to be the length of the path string (not including the terminating \&\s-1NUL,\s0 such as the result of a call to \fBstrlen()\fR). \&\fIRead on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below\fR. .PP \&\fBBIO_ADDR_family()\fR returns the protocol family of the given \&\fB\s-1BIO_ADDR\s0\fR. The possible non-error results are one of the constants \s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX.\s0 It will also return \s-1AF_UNSPEC\s0 if the \&\s-1BIO_ADDR\s0 has not been initialised. .PP \&\fBBIO_ADDR_rawaddress()\fR will write the raw address of the given \&\fB\s-1BIO_ADDR\s0\fR in the area pointed at by \fBp\fR if \fBp\fR is non-NULL, and will set \fB*l\fR to be the amount of bytes the raw address takes up if \fBl\fR is non-NULL. A technique to only find out the size of the address is a call with \fBp\fR set to \fB\s-1NULL\s0\fR. The raw address will be in network byte order, most significant byte first. In case this is a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBl\fR gets the length of the path string (not including the terminating \s-1NUL,\s0 such as the result of a call to \fBstrlen()\fR). \&\fIRead on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below\fR. .PP \&\fBBIO_ADDR_rawport()\fR returns the raw port of the given \fB\s-1BIO_ADDR\s0\fR. The raw port will be in network byte order. .PP \&\fBBIO_ADDR_hostname_string()\fR returns a character string with the hostname of the given \fB\s-1BIO_ADDR\s0\fR. If \fBnumeric\fR is 1, the string will contain the numerical form of the address. This only works for \&\fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6.\s0 The returned string has been allocated on the heap and must be freed with \fBOPENSSL_free()\fR. .PP \&\fBBIO_ADDR_service_string()\fR returns a character string with the service name of the port of the given \fB\s-1BIO_ADDR\s0\fR. If \fBnumeric\fR is 1, the string will contain the port number. This only works for \fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6.\s0 The returned string has been allocated on the heap and must be freed with \fBOPENSSL_free()\fR. .PP \&\fBBIO_ADDR_path_string()\fR returns a character string with the path of the given \fB\s-1BIO_ADDR\s0\fR. This only works for \fB\s-1BIO_ADDR\s0\fR of the protocol family \s-1AF_UNIX.\s0 The returned string has been allocated on the heap and must be freed with \fBOPENSSL_free()\fR. .SH "RAW ADDRESSES" .IX Header "RAW ADDRESSES" Both \fBBIO_ADDR_rawmake()\fR and \fBBIO_ADDR_rawaddress()\fR take a pointer to a network byte order address of a specific site. Internally, those are treated as a pointer to \fBstruct in_addr\fR (for \fB\s-1AF_INET\s0\fR), \fBstruct in6_addr\fR (for \fB\s-1AF_INET6\s0\fR) or \fBchar *\fR (for \fB\s-1AF_UNIX\s0\fR), all depending on the protocol family the address is for. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The string producing functions \fBBIO_ADDR_hostname_string()\fR, \&\fBBIO_ADDR_service_string()\fR and \fBBIO_ADDR_path_string()\fR will return \fB\s-1NULL\s0\fR on error and leave an error indication on the OpenSSL error stack. .PP All other functions described here return 0 or \fB\s-1NULL\s0\fR when the information they should return isn't available. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBIO_connect\fR\|(3), \fBBIO_s_connect\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!NaCMS_sign_receipt.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CMS_SIGN_RECEIPT 3" .TH CMS_SIGN_RECEIPT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CMS_sign_receipt \- create a CMS signed receipt .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, \& EVP_PKEY *pkey, STACK_OF(X509) *certs, \& unsigned int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBCMS_sign_receipt()\fR creates and returns a \s-1CMS\s0 signed receipt structure. \fBsi\fR is the \fBCMS_SignerInfo\fR structure containing the signed receipt request. \&\fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponding private key. \fBcerts\fR is an optional additional set of certificates to include in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain). .PP \&\fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" This functions behaves in a similar way to \fBCMS_sign()\fR except the flag values \&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_NOATTR\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR are not supported since they do not make sense in the context of signed receipts. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \&\fBCMS_verify_receipt\fR\|(3), \&\fBCMS_sign\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!aCMS_get0_SignerInfos.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CMS_GET0_SIGNERINFOS 3" .TH CMS_GET0_SIGNERINFOS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CMS_SignerInfo_set1_signer_cert, CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp \&\- CMS signedData signer functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); \& \& int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, \& X509_NAME **issuer, ASN1_INTEGER **sno); \& ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); \& int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); \& void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The function \fBCMS_get0_SignerInfos()\fR returns all the CMS_SignerInfo structures associated with a \s-1CMS\s0 signedData structure. .PP \&\fBCMS_SignerInfo_get0_signer_id()\fR retrieves the certificate signer identifier associated with a specific CMS_SignerInfo structure \fBsi\fR. Either the keyidentifier will be set in \fBkeyid\fR or \fBboth\fR issuer name and serial number in \fBissuer\fR and \fBsno\fR. .PP \&\fBCMS_SignerInfo_get0_signature()\fR retrieves the signature associated with \&\fBsi\fR in a pointer to an \s-1ASN1_OCTET_STRING\s0 structure. This pointer returned corresponds to the internal signature value if \fBsi\fR so it may be read or modified. .PP \&\fBCMS_SignerInfo_cert_cmp()\fR compares the certificate \fBcert\fR against the signer identifier \fBsi\fR. It returns zero if the comparison is successful and non zero if not. .PP \&\fBCMS_SignerInfo_set1_signer_cert()\fR sets the signers certificate of \fBsi\fR to \&\fBsigner\fR. .SH "NOTES" .IX Header "NOTES" The main purpose of these functions is to enable an application to lookup signers certificates using any appropriate technique when the simpler method of \fBCMS_verify()\fR is not appropriate. .PP In typical usage and application will retrieve all CMS_SignerInfo structures using \fBCMS_get0_SignerInfo()\fR and retrieve the identifier information using \&\s-1CMS.\s0 It will then obtain the signer certificate by some unspecified means (or return and error if it cannot be found) and set it using \&\fBCMS_SignerInfo_set1_signer_cert()\fR. .PP Once all signer certificates have been set \fBCMS_verify()\fR can be used. .PP Although \fBCMS_get0_SignerInfos()\fR can return \s-1NULL\s0 if an error occurs \fBor\fR if there are no signers this is not a problem in practice because the only error which can occur is if the \fBcms\fR structure is not of type signedData due to application error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or \s-1NULL\s0 there are no signers or an error occurs. .PP \&\fBCMS_SignerInfo_get0_signer_id()\fR returns 1 for success and 0 for failure. .PP \&\fBCMS_SignerInfo_cert_cmp()\fR returns 0 for a successful comparison and non zero otherwise. .PP \&\fBCMS_SignerInfo_set1_signer_cert()\fR does not return a value. .PP Any error can be obtained from \fBERR_get_error\fR\|(3) .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!EVP_desx_cbc.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_DESX_CBC 3" .TH EVP_DESX_CBC 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_desx_cbc \&\- EVP DES\-X cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_CIPHER *EVP_desx_cbc(void) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The DES-X encryption algorithm for \s-1EVP.\s0 .PP All modes below use a key length of 128 bits and acts on blocks of 128\-bits. .IP "\fBEVP_desx_cbc()\fR" 4 .IX Item "EVP_desx_cbc()" The DES-X algorithm in \s-1CBC\s0 mode. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ɋ}SssBIO_get_data.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_GET_DATA 3" .TH BIO_GET_DATA 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_set_data, BIO_get_data, BIO_set_init, BIO_get_init, BIO_set_shutdown, BIO_get_shutdown \- functions for managing BIO state information .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void BIO_set_data(BIO *a, void *ptr); \& void *BIO_get_data(BIO *a); \& void BIO_set_init(BIO *a, int init); \& int BIO_get_init(BIO *a); \& void BIO_set_shutdown(BIO *a, int shut); \& int BIO_get_shutdown(BIO *a); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions are mainly useful when implementing a custom \s-1BIO.\s0 .PP The \fBBIO_set_data()\fR function associates the custom data pointed to by \fBptr\fR with the \s-1BIO.\s0 This data can subsequently be retrieved via a call to \fBBIO_get_data()\fR. This can be used by custom BIOs for storing implementation specific information. .PP The \fBBIO_set_init()\fR function sets the value of the \s-1BIO\s0's \*(L"init\*(R" flag to indicate whether initialisation has been completed for this \s-1BIO\s0 or not. A nonzero value indicates that initialisation is complete, whilst zero indicates that it is not. Often initialisation will complete during initial construction of the \s-1BIO.\s0 For some BIOs however, initialisation may not complete until after additional steps have occurred (for example through calling custom ctrls). The \fBBIO_get_init()\fR function returns the value of the \*(L"init\*(R" flag. .PP The \fBBIO_set_shutdown()\fR and \fBBIO_get_shutdown()\fR functions set and get the state of this \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. If set then the underlying resource is also closed when the \s-1BIO\s0 is freed. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_get_data()\fR returns a pointer to the implementation specific custom data associated with this \s-1BIO,\s0 or \s-1NULL\s0 if none has been set. .PP \&\fBBIO_get_init()\fR returns the state of the \s-1BIO\s0's init flag. .PP \&\fBBIO_get_shutdown()\fR returns the stat of the \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. .SH "SEE ALSO" .IX Header "SEE ALSO" bio, BIO_meth_new .SH "HISTORY" .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!Fu9u9X509V3_get_d2i.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509V3_GET_D2I 3" .TH X509V3_GET_D2I 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions, X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d, X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i, X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i, X509_REVOKED_add1_ext_i2d \- X509 extension decode and encode functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, \& int *idx); \& int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, \& int crit, unsigned long flags); \& \& void *X509V3_EXT_d2i(X509_EXTENSION *ext); \& X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext); \& \& void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); \& int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, \& unsigned long flags); \& \& void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx); \& int X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit, \& unsigned long flags); \& \& void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *r, int nid, int *crit, int *idx); \& int X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value, int crit, \& unsigned long flags); \& \& const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); \& const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); \& const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509V3_get_ext_d2i()\fR looks for an extension with \s-1OID\s0 \fBnid\fR in the extensions \&\fBx\fR and, if found, decodes it. If \fBidx\fR is \fB\s-1NULL\s0\fR then only one occurrence of an extension is permissible otherwise the first extension after index \fB*idx\fR is returned and \fB*idx\fR updated to the location of the extension. If \fBcrit\fR is not \fB\s-1NULL\s0\fR then \fB*crit\fR is set to a status value: \-2 if the extension occurs multiple times (this is only returned if \fBidx\fR is \fB\s-1NULL\s0\fR), \&\-1 if the extension could not be found, 0 if the extension is found and is not critical and 1 if critical. A pointer to an extension specific structure or \fB\s-1NULL\s0\fR is returned. .PP \&\fBX509V3_add1_i2d()\fR adds extension \fBvalue\fR to \s-1STACK\s0 \fB*x\fR (allocating a new \&\s-1STACK\s0 if necessary) using \s-1OID\s0 \fBnid\fR and criticality \fBcrit\fR according to \fBflags\fR. .PP \&\fBX509V3_EXT_d2i()\fR attempts to decode the \s-1ASN.1\s0 data contained in extension \&\fBext\fR and returns a pointer to an extension specific structure or \fB\s-1NULL\s0\fR if the extension could not be decoded (invalid syntax or not supported). .PP \&\fBX509V3_EXT_i2d()\fR encodes the extension specific structure \fBext\fR with \s-1OID\s0 \fBext_nid\fR and criticality \fBcrit\fR. .PP \&\fBX509_get_ext_d2i()\fR and \fBX509_add1_ext_i2d()\fR operate on the extensions of certificate \fBx\fR, they are otherwise identical to \fBX509V3_get_d2i()\fR and \&\fBX509V3_add_i2d()\fR. .PP \&\fBX509_CRL_get_ext_d2i()\fR and \fBX509_CRL_add1_ext_i2d()\fR operate on the extensions of \s-1CRL\s0 \fBcrl\fR, they are otherwise identical to \fBX509V3_get_d2i()\fR and \&\fBX509V3_add_i2d()\fR. .PP \&\fBX509_REVOKED_get_ext_d2i()\fR and \fBX509_REVOKED_add1_ext_i2d()\fR operate on the extensions of \fBX509_REVOKED\fR structure \fBr\fR (i.e for \s-1CRL\s0 entry extensions), they are otherwise identical to \fBX509V3_get_d2i()\fR and \fBX509V3_add_i2d()\fR. .PP \&\fBX509_get0_extensions()\fR, \fBX509_CRL_get0_extensions()\fR and \&\fBX509_REVOKED_get0_extensions()\fR return a stack of all the extensions of a certificate a \s-1CRL\s0 or a \s-1CRL\s0 entry respectively. .SH "NOTES" .IX Header "NOTES" In almost all cases an extension can occur at most once and multiple occurrences is an error. Therefore, the \fBidx\fR parameter is usually \fB\s-1NULL\s0\fR. .PP The \fBflags\fR parameter may be one of the following values. .PP \&\fBX509V3_ADD_DEFAULT\fR appends a new extension only if the extension does not already exist. An error is returned if the extension does already exist. .PP \&\fBX509V3_ADD_APPEND\fR appends a new extension, ignoring whether the extension already exists. .PP \&\fBX509V3_ADD_REPLACE\fR replaces an extension if it exists otherwise appends a new extension. .PP \&\fBX509V3_ADD_REPLACE_EXISTING\fR replaces an existing extension if it exists otherwise returns an error. .PP \&\fBX509V3_ADD_KEEP_EXISTING\fR appends a new extension only if the extension does not already exist. An error \fBis not\fR returned if the extension does already exist. .PP \&\fBX509V3_ADD_DELETE\fR extension \fBnid\fR is deleted: no new extension is added. .PP If \fBX509V3_ADD_SILENT\fR is ored with \fBflags\fR: any error returned will not be added to the error queue. .PP The function \fBX509V3_get_d2i()\fR will return \fB\s-1NULL\s0\fR if the extension is not found, occurs multiple times or cannot be decoded. It is possible to determine the precise reason by checking the value of \fB*crit\fR. .SH "SUPPORTED EXTENSIONS" .IX Header "SUPPORTED EXTENSIONS" The following sections contain a list of all supported extensions including their name and \s-1NID.\s0 .SS "\s-1PKIX\s0 Certificate Extensions" .IX Subsection "PKIX Certificate Extensions" The following certificate extensions are defined in \s-1PKIX\s0 standards such as \&\s-1RFC5280.\s0 .PP .Vb 3 \& Basic Constraints NID_basic_constraints \& Key Usage NID_key_usage \& Extended Key Usage NID_ext_key_usage \& \& Subject Key Identifier NID_subject_key_identifier \& Authority Key Identifier NID_authority_key_identifier \& \& Private Key Usage Period NID_private_key_usage_period \& \& Subject Alternative Name NID_subject_alt_name \& Issuer Alternative Name NID_issuer_alt_name \& \& Authority Information Access NID_info_access \& Subject Information Access NID_sinfo_access \& \& Name Constraints NID_name_constraints \& \& Certificate Policies NID_certificate_policies \& Policy Mappings NID_policy_mappings \& Policy Constraints NID_policy_constraints \& Inhibit Any Policy NID_inhibit_any_policy \& \& TLS Feature NID_tlsfeature .Ve .SS "Netscape Certificate Extensions" .IX Subsection "Netscape Certificate Extensions" The following are (largely obsolete) Netscape certificate extensions. .PP .Vb 8 \& Netscape Cert Type NID_netscape_cert_type \& Netscape Base Url NID_netscape_base_url \& Netscape Revocation Url NID_netscape_revocation_url \& Netscape CA Revocation Url NID_netscape_ca_revocation_url \& Netscape Renewal Url NID_netscape_renewal_url \& Netscape CA Policy Url NID_netscape_ca_policy_url \& Netscape SSL Server Name NID_netscape_ssl_server_name \& Netscape Comment NID_netscape_comment .Ve .SS "Miscellaneous Certificate Extensions" .IX Subsection "Miscellaneous Certificate Extensions" .Vb 2 \& Strong Extranet ID NID_sxnet \& Proxy Certificate Information NID_proxyCertInfo .Ve .SS "\s-1PKIX CRL\s0 Extensions" .IX Subsection "PKIX CRL Extensions" The following are \s-1CRL\s0 extensions from \s-1PKIX\s0 standards such as \s-1RFC5280.\s0 .PP .Vb 6 \& CRL Number NID_crl_number \& CRL Distribution Points NID_crl_distribution_points \& Delta CRL Indicator NID_delta_crl \& Freshest CRL NID_freshest_crl \& Invalidity Date NID_invalidity_date \& Issuing Distribution Point NID_issuing_distribution_point .Ve .PP The following are \s-1CRL\s0 entry extensions from \s-1PKIX\s0 standards such as \s-1RFC5280.\s0 .PP .Vb 2 \& CRL Reason Code NID_crl_reason \& Certificate Issuer NID_certificate_issuer .Ve .SS "\s-1OCSP\s0 Extensions" .IX Subsection "OCSP Extensions" .Vb 7 \& OCSP Nonce NID_id_pkix_OCSP_Nonce \& OCSP CRL ID NID_id_pkix_OCSP_CrlID \& Acceptable OCSP Responses NID_id_pkix_OCSP_acceptableResponses \& OCSP No Check NID_id_pkix_OCSP_noCheck \& OCSP Archive Cutoff NID_id_pkix_OCSP_archiveCutoff \& OCSP Service Locator NID_id_pkix_OCSP_serviceLocator \& Hold Instruction Code NID_hold_instruction_code .Ve .SS "Certificate Transparency Extensions" .IX Subsection "Certificate Transparency Extensions" The following extensions are used by certificate transparency, \s-1RFC6962\s0 .PP .Vb 2 \& CT Precertificate SCTs NID_ct_precert_scts \& CT Certificate SCTs NID_ct_cert_scts .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509V3_EXT_d2i()\fR and *\fBX509V3_get_d2i()\fR return a pointer to an extension specific structure of \fB\s-1NULL\s0\fR if an error occurs. .PP \&\fBX509V3_EXT_i2d()\fR returns a pointer to an \fBX509_EXTENSION\fR structure or \fB\s-1NULL\s0\fR if an error occurs. .PP \&\fBX509V3_add1_i2d()\fR returns 1 if the operation is successful and 0 if it fails due to a non-fatal error (extension not found, already exists, cannot be encoded) or \-1 due to a fatal error such as a memory allocation failure. .PP \&\fBX509_get0_extensions()\fR, \fBX509_CRL_get0_extensions()\fR and \&\fBX509_REVOKED_get0_extensions()\fR return a stack of extensions. They return \&\s-1NULL\s0 if no extensions are present. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), \&\fBERR_get_error\fR\|(3), \&\fBX509_CRL_get0_by_serial\fR\|(3), \&\fBX509_get0_signature\fR\|(3), \&\fBX509_get_ext_d2i\fR\|(3), \&\fBX509_get_extension_flags\fR\|(3), \&\fBX509_get_pubkey\fR\|(3), \&\fBX509_get_subject_name\fR\|(3), \&\fBX509_get_version\fR\|(3), \&\fBX509_NAME_add_entry_by_txt\fR\|(3), \&\fBX509_NAME_ENTRY_get_object\fR\|(3), \&\fBX509_NAME_get_index_by_NID\fR\|(3), \&\fBX509_NAME_print_ex\fR\|(3), \&\fBX509_new\fR\|(3), \&\fBX509_sign\fR\|(3), \&\fBX509_verify_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!l0&& BIO_ctrl.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_CTRL 3" .TH BIO_CTRL 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close, BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending, BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb \&\- BIO control operations .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef int BIO_info_cb(BIO *b, int state, int res); \& \& long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); \& long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb); \& void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); \& long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); \& \& int BIO_reset(BIO *b); \& int BIO_seek(BIO *b, int ofs); \& int BIO_tell(BIO *b); \& int BIO_flush(BIO *b); \& int BIO_eof(BIO *b); \& int BIO_set_close(BIO *b, long flag); \& int BIO_get_close(BIO *b); \& int BIO_pending(BIO *b); \& int BIO_wpending(BIO *b); \& size_t BIO_ctrl_pending(BIO *b); \& size_t BIO_ctrl_wpending(BIO *b); \& \& int BIO_get_info_callback(BIO *b, BIO_info_cb **cbp); \& int BIO_set_info_callback(BIO *b, BIO_info_cb *cb); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_ctrl()\fR, \fBBIO_callback_ctrl()\fR, \fBBIO_ptr_ctrl()\fR and \fBBIO_int_ctrl()\fR are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types. These functions are not normally called directly, various macros are used instead. The standard macros are described below, macros specific to a particular type of \s-1BIO\s0 are described in the specific BIOs manual page as well as any special features of the standard calls. .PP \&\fBBIO_reset()\fR typically resets a \s-1BIO\s0 to some initial state, in the case of file related BIOs for example it rewinds the file pointer to the start of the file. .PP \&\fBBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and \&\s-1FILE\s0 BIOs) file position pointer to \fBofs\fR bytes from start of file. .PP \&\fBBIO_tell()\fR returns the current file position of a file related \s-1BIO.\s0 .PP \&\fBBIO_flush()\fR normally writes out any internally buffered data, in some cases it is used to signal \s-1EOF\s0 and that no more data will be written. .PP \&\fBBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of \&\*(L"\s-1EOF\*(R"\s0 varies according to the \s-1BIO\s0 type. .PP \&\fBBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 Typically \s-1BIO_CLOSE\s0 is used in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should be closed when the \s-1BIO\s0 is freed. .PP \&\fBBIO_get_close()\fR returns the BIOs close flag. .PP \&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR return the number of pending characters in the BIOs read and write buffers. Not all BIOs support these calls. \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR return a size_t type and are functions, \fBBIO_pending()\fR and \fBBIO_wpending()\fR are macros which call \fBBIO_ctrl()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_reset()\fR normally returns 1 for success and 0 or \-1 for failure. File BIOs are an exception, they return 0 for success and \-1 for failure. .PP \&\fBBIO_seek()\fR and \fBBIO_tell()\fR both return the current file position on success and \-1 for failure, except file BIOs which for \fBBIO_seek()\fR always return 0 for success and \-1 for failure. .PP \&\fBBIO_flush()\fR returns 1 for success and 0 or \-1 for failure. .PP \&\fBBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached 0 otherwise. .PP \&\fBBIO_set_close()\fR always returns 1. .PP \&\fBBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 .PP \&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR return the amount of pending data. .SH "NOTES" .IX Header "NOTES" \&\fBBIO_flush()\fR, because it can write data may return 0 or \-1 indicating that the call should be retried later in a similar manner to \fBBIO_write_ex()\fR. The \fBBIO_should_retry()\fR call should be used and appropriate action taken is the call fails. .PP The return values of \fBBIO_pending()\fR and \fBBIO_wpending()\fR may not reliably determine the amount of pending data in all cases. For example in the case of a file \s-1BIO\s0 some data may be available in the \s-1FILE\s0 structures internal buffers but it is not possible to determine this in a portably way. For other types of \s-1BIO\s0 they may not be supported. .PP Filter BIOs if they do not internally handle a particular \fBBIO_ctrl()\fR operation usually pass the operation to the next \s-1BIO\s0 in the chain. This often means there is no need to locate the required \s-1BIO\s0 for a particular operation, it can be called on a chain and it will be automatically passed to the relevant \s-1BIO.\s0 However, this can cause unexpected results: for example no current filter BIOs implement \&\fBBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0 or file descriptor \s-1BIO.\s0 .PP Source/sink BIOs return an 0 if they do not recognize the \fBBIO_ctrl()\fR operation. .SH "BUGS" .IX Header "BUGS" Some of the return values are ambiguous and care should be taken. In particular a return value of 0 can be returned if an operation is not supported, if an error occurred, if \s-1EOF\s0 has not been reached and in the case of \fBBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!6 6 X509_NAME_ENTRY_get_object.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_NAME_ENTRY_GET_OBJECT 3" .TH X509_NAME_ENTRY_GET_OBJECT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data, X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID, X509_NAME_ENTRY_create_by_OBJ \- X509_NAME_ENTRY utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); \& ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); \& \& int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); \& int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, \& const unsigned char *bytes, int len); \& \& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, \& int type, const unsigned char *bytes, \& int len); \& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, \& int type, const unsigned char *bytes, \& int len); \& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, \& const ASN1_OBJECT *obj, int type, \& const unsigned char *bytes, int len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in and \fB\s-1ASN1_OBJECT\s0\fR structure. .PP \&\fBX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in and \fB\s-1ASN1_STRING\s0\fR structure. .PP \&\fBX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR. .PP \&\fBX509_NAME_ENTRY_set_data()\fR sets the field value of \fBne\fR to string type \&\fBtype\fR and value determined by \fBbytes\fR and \fBlen\fR. .PP \&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_NID()\fR and \fBX509_NAME_ENTRY_create_by_OBJ()\fR create and return an \&\fBX509_NAME_ENTRY\fR structure. .SH "NOTES" .IX Header "NOTES" \&\fBX509_NAME_ENTRY_get_object()\fR and \fBX509_NAME_ENTRY_get_data()\fR can be used to examine an \fBX509_NAME_ENTRY\fR function as returned by \&\fBX509_NAME_get_entry()\fR for example. .PP \&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_OBJ()\fR, \&\fBX509_NAME_ENTRY_create_by_NID()\fR and \fBX509_NAME_ENTRY_set_data()\fR are seldom used in practice because \fBX509_NAME_ENTRY\fR structures are almost always part of \fBX509_NAME\fR structures and the corresponding \fBX509_NAME\fR functions are typically used to create and add new entries in a single operation. .PP The arguments of these functions support similar options to the similarly named ones of the corresponding \fBX509_NAME\fR functions such as \&\fBX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to \&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fBX509_set_data()\fR the field name must be set first so the relevant field information can be looked up internally. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_NAME_ENTRY_get_object()\fR returns a valid \fB\s-1ASN1_OBJECT\s0\fR structure if it is set or \s-1NULL\s0 if an error occurred. .PP \&\fBX509_NAME_ENTRY_get_data()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure if it is set or \s-1NULL\s0 if an error occurred. .PP \&\fBX509_NAME_ENTRY_set_object()\fR and \fBX509_NAME_ENTRY_set_data()\fR return 1 on success or 0 on error. .PP \&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_NID()\fR and \&\fBX509_NAME_ENTRY_create_by_OBJ()\fR return a valid \fBX509_NAME_ENTRY\fR on success or \&\s-1NULL\s0 if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3), \&\fBOBJ_nid2obj\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!s( ERR_GET_LIB.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ERR_GET_LIB 3" .TH ERR_GET_LIB 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON, ERR_FATAL_ERROR \&\- get information from error codes .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int ERR_GET_LIB(unsigned long e); \& \& int ERR_GET_FUNC(unsigned long e); \& \& int ERR_GET_REASON(unsigned long e); \& \& int ERR_FATAL_ERROR(unsigned long e); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The error code returned by \fBERR_get_error()\fR consists of a library number, function code and reason code. \s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR and \s-1\fBERR_GET_REASON\s0()\fR can be used to extract these. .PP \&\s-1\fBERR_FATAL_ERROR\s0()\fR indicates whether a given error code is a fatal error. .PP The library number and function code describe where the error occurred, the reason code is the information about what went wrong. .PP Each sub-library of OpenSSL has a unique library number; function and reason codes are unique within each sub-library. Note that different libraries may use the same value to signal different functions and reasons. .PP \&\fB\s-1ERR_R_...\s0\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally unique. However, when checking for sub-library specific reason codes, be sure to also compare the library number. .PP \&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR, \s-1\fBERR_GET_REASON\s0()\fR, and \s-1\fBERR_FATAL_ERROR\s0()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The library number, function code, reason code, and whether the error is fatal, respectively. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR and \s-1\fBERR_GET_REASON\s0()\fR are available in all versions of OpenSSL. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!eBV&V& SSL_CTX_set_session_cache_mode.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_SESSION_CACHE_MODE 3" .TH SSL_CTX_SET_SESSION_CACHE_MODE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode); \& long SSL_CTX_get_session_cache_mode(SSL_CTX ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_session_cache_mode()\fR enables/disables session caching by setting the operational mode for \fBctx\fR to . .PP \&\fBSSL_CTX_get_session_cache_mode()\fR returns the currently used cache mode. .SH "NOTES" .IX Header "NOTES" The OpenSSL library can store/retrieve \s-1SSL/TLS\s0 sessions for later reuse. The sessions can be held in memory for each \fBctx\fR, if more than one \&\s-1SSL_CTX\s0 object is being maintained, the sessions are unique for each \s-1SSL_CTX\s0 object. .PP In order to reuse a session, a client must send the session's id to the server. It can only send exactly one id. The server then either agrees to reuse the session or it starts a full handshake (to create a new session). .PP A server will look up the session in its internal session storage. If the session is not found in internal storage or lookups for the internal storage have been deactivated (\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0), the server will try the external storage if available. .PP Since a client may try to reuse a session intended for use in a different context, the session id context must be set by the server (see \&\fBSSL_CTX_set_session_id_context\fR\|(3)). .PP The following session cache modes and modifiers are available: .IP "\s-1SSL_SESS_CACHE_OFF\s0" 4 .IX Item "SSL_SESS_CACHE_OFF" No session caching for client or server takes place. .IP "\s-1SSL_SESS_CACHE_CLIENT\s0" 4 .IX Item "SSL_SESS_CACHE_CLIENT" Client sessions are added to the session cache. As there is no reliable way for the OpenSSL library to know whether a session should be reused or which session to choose (due to the abstract \s-1BIO\s0 layer the \s-1SSL\s0 engine does not have details about the connection), the application must select the session to be reused by using the \fBSSL_set_session\fR\|(3) function. This option is not activated by default. .IP "\s-1SSL_SESS_CACHE_SERVER\s0" 4 .IX Item "SSL_SESS_CACHE_SERVER" Server sessions are added to the session cache. When a client proposes a session to be reused, the server looks for the corresponding session in (first) the internal session cache (unless \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 is set), then (second) in the external cache if available. If the session is found, the server will try to reuse the session. This is the default. .IP "\s-1SSL_SESS_CACHE_BOTH\s0" 4 .IX Item "SSL_SESS_CACHE_BOTH" Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time. .IP "\s-1SSL_SESS_CACHE_NO_AUTO_CLEAR\s0" 4 .IX Item "SSL_SESS_CACHE_NO_AUTO_CLEAR" Normally the session cache is checked for expired sessions every 255 connections using the \&\fBSSL_CTX_flush_sessions\fR\|(3) function. Since this may lead to a delay which cannot be controlled, the automatic flushing may be disabled and \&\fBSSL_CTX_flush_sessions\fR\|(3) can be called explicitly by the application. .IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 .IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" By setting this flag, session-resume operations in an \s-1SSL/TLS\s0 server will not automatically look up sessions in the internal cache, even if sessions are automatically stored there. If external session caching callbacks are in use, this flag guarantees that all lookups are directed to the external cache. As automatic lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on clients. .IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4 .IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE" Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER,\s0 sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse. Normally a new session is added to the internal cache as well as any external session caching (callback) that is configured for the \s-1SSL_CTX.\s0 This flag will prevent sessions being stored in the internal cache (though the application can add them manually using \fBSSL_CTX_add_session\fR\|(3)). Note: in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful session lookups in the external cache (i.e. for session-resume requests) would normally be copied into the local cache before processing continues \- this flag prevents these additions to the internal cache as well. .IP "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4 .IX Item "SSL_SESS_CACHE_NO_INTERNAL" Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and \&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time. .PP The default mode is \s-1SSL_SESS_CACHE_SERVER.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode. .PP \&\fBSSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), \&\fBSSL_session_reused\fR\|(3), \&\fBSSL_CTX_add_session\fR\|(3), \&\fBSSL_CTX_sess_number\fR\|(3), \&\fBSSL_CTX_sess_set_cache_size\fR\|(3), \&\fBSSL_CTX_sess_set_get_cb\fR\|(3), \&\fBSSL_CTX_set_session_id_context\fR\|(3), \&\fBSSL_CTX_set_timeout\fR\|(3), \&\fBSSL_CTX_flush_sessions\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!/,}V}VSSL_CTX_dane_enable.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_DANE_ENABLE 3" .TH SSL_CTX_DANE_ENABLE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa, SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags, SSL_dane_set_flags, SSL_dane_clear_flags \&\- enable DANE TLS authentication of the remote TLS server in the local TLS client .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_dane_enable(SSL_CTX *ctx); \& int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, \& uint8_t mtype, uint8_t ord); \& int SSL_dane_enable(SSL *s, const char *basedomain); \& int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, \& uint8_t mtype, unsigned const char *data, size_t dlen); \& int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); \& int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, \& uint8_t *mtype, unsigned const char **data, \& size_t *dlen); \& unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); \& unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); \& unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); \& unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions implement support for \s-1DANE TLSA\s0 (\s-1RFC6698\s0 and \s-1RFC7671\s0) peer authentication. .PP \&\fBSSL_CTX_dane_enable()\fR must be called first to initialize the shared state required for \s-1DANE\s0 support. Individual connections associated with the context can then enable per-connection \s-1DANE\s0 support as appropriate. \&\s-1DANE\s0 authentication is implemented in the \fBX509_verify_cert\fR\|(3) function, and applications that override \fBX509_verify_cert\fR\|(3) via \&\fBSSL_CTX_set_cert_verify_callback\fR\|(3) are responsible to authenticate the peer chain in whatever manner they see fit. .PP \&\fBSSL_CTX_dane_mtype_set()\fR may then be called zero or more times to adjust the supported digest algorithms. This must be done before any \s-1SSL\s0 handles are created for the context. .PP The \fBmtype\fR argument specifies a \s-1DANE TLSA\s0 matching type and the \fBmd\fR argument specifies the associated digest algorithm handle. The \fBord\fR argument specifies a strength ordinal. Algorithms with a larger strength ordinal are considered more secure. Strength ordinals are used to implement \s-1RFC7671\s0 digest algorithm agility. Specifying a \fB\s-1NULL\s0\fR digest algorithm for a matching type disables support for that matching type. Matching type \fBFull\fR\|(0) cannot be modified or disabled. .PP By default, matching type \f(CW\*(C`SHA2\-256(1)\*(C'\fR (see \s-1RFC7218\s0 for definitions of the \s-1DANE TLSA\s0 parameter acronyms) is mapped to \f(CW\*(C`EVP_sha256()\*(C'\fR with a strength ordinal of \f(CW1\fR and matching type \f(CW\*(C`SHA2\-512(2)\*(C'\fR is mapped to \f(CW\*(C`EVP_sha512()\*(C'\fR with a strength ordinal of \f(CW2\fR. .PP \&\fBSSL_dane_enable()\fR must be called before the \s-1SSL\s0 handshake is initiated with \&\fBSSL_connect\fR\|(3) if (and only if) you want to enable \s-1DANE\s0 for that connection. (The connection must be associated with a DANE-enabled \s-1SSL\s0 context). The \fBbasedomain\fR argument specifies the \s-1RFC7671 TLSA\s0 base domain, which will be the primary peer reference identifier for certificate name checks. Additional server names can be specified via \fBSSL_add1_host\fR\|(3). The \fBbasedomain\fR is used as the default \s-1SNI\s0 hint if none has yet been specified via \fBSSL_set_tlsext_host_name\fR\|(3). .PP \&\fBSSL_dane_tlsa_add()\fR may then be called one or more times, to load each of the \&\s-1TLSA\s0 records that apply to the remote \s-1TLS\s0 peer. (This too must be done prior to the beginning of the \s-1SSL\s0 handshake). The arguments specify the fields of the \s-1TLSA\s0 record. The \fBdata\fR field is provided in binary (wire \s-1RDATA\s0) form, not the hexadecimal \&\s-1ASCII\s0 presentation form, with an explicit length passed via \fBdlen\fR. The library takes a copy of the \fBdata\fR buffer contents and the caller may free the original \fBdata\fR buffer when convenient. A return value of 0 indicates that \*(L"unusable\*(R" \s-1TLSA\s0 records (with invalid or unsupported parameters) were provided. A negative return value indicates an internal error in processing the record. .PP The caller is expected to check the return value of each \fBSSL_dane_tlsa_add()\fR call and take appropriate action if none are usable or an internal error is encountered in processing some records. .PP If no \s-1TLSA\s0 records are added successfully, \s-1DANE\s0 authentication is not enabled, and authentication will be based on any configured traditional trust-anchors; authentication success in this case does not mean that the peer was DANE-authenticated. .PP \&\fBSSL_get0_dane_authority()\fR can be used to get more detailed information about the matched \s-1DANE\s0 trust-anchor after successful connection completion. The return value is negative if \s-1DANE\s0 verification failed (or was not enabled), 0 if an \s-1EE TLSA\s0 record directly matched the leaf certificate, or a positive number indicating the depth at which a \s-1TA\s0 record matched an issuer certificate. The complete verified chain can be retrieved via \fBSSL_get0_verified_chain\fR\|(3). The return value is an index into this verified chain, rather than the list of certificates sent by the peer as returned by \fBSSL_get_peer_cert_chain\fR\|(3). .PP If the \fBmcert\fR argument is not \fB\s-1NULL\s0\fR and a \s-1TLSA\s0 record matched a chain certificate, a pointer to the matching certificate is returned via \fBmcert\fR. The returned address is a short-term internal reference to the certificate and must not be freed by the application. Applications that want to retain access to the certificate can call \&\fBX509_up_ref\fR\|(3) to obtain a long-term reference which must then be freed via \&\fBX509_free\fR\|(3) once no longer needed. .PP If no \s-1TLSA\s0 records directly matched any elements of the certificate chain, but a \s-1\fBDANE\-TA\s0\fR\|(2) \s-1\fBSPKI\s0\fR\|(1) \fBFull\fR\|(0) record provided the public key that signed an element of the chain, then that key is returned via \fBmspki\fR argument (if not \&\s-1NULL\s0). In this case the return value is the depth of the top-most element of the validated certificate chain. As with \fBmcert\fR this is a short-term internal reference, and \&\fBEVP_PKEY_up_ref\fR\|(3) and \fBEVP_PKEY_free\fR\|(3) can be used to acquire and release long-term references respectively. .PP \&\fBSSL_get0_dane_tlsa()\fR can be used to retrieve the fields of the \s-1TLSA\s0 record that matched the peer certificate chain. The return value indicates the match depth or failure to match just as with \&\fBSSL_get0_dane_authority()\fR. When the return value is nonnegative, the storage pointed to by the \fBusage\fR, \&\fBselector\fR, \fBmtype\fR and \fBdata\fR parameters is updated to the corresponding \&\s-1TLSA\s0 record fields. The \fBdata\fR field is in binary wire form, and is therefore not NUL-terminated, its length is returned via the \fBdlen\fR parameter. If any of these parameters is \s-1NULL,\s0 the corresponding field is not returned. The \fBdata\fR parameter is set to a short-term internal-copy of the associated data field and must not be freed by the application. Applications that need long-term access to this field need to copy the content. .PP \&\fBSSL_CTX_dane_set_flags()\fR and \fBSSL_dane_set_flags()\fR can be used to enable optional \s-1DANE\s0 verification features. \&\fBSSL_CTX_dane_clear_flags()\fR and \fBSSL_dane_clear_flags()\fR can be used to disable the same features. The \fBflags\fR argument is a bit mask of the features to enable or disable. The \fBflags\fR set for an \fB\s-1SSL_CTX\s0\fR context are copied to each \fB\s-1SSL\s0\fR handle associated with that context at the time the handle is created. Subsequent changes in the context's \fBflags\fR have no effect on the \fBflags\fR set for the handle. .PP At present, the only available option is \fB\s-1DANE_FLAG_NO_DANE_EE_NAMECHECKS\s0\fR which can be used to disable server name checks when authenticating via \&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records. For some applications, primarily web browsers, it is not safe to disable name checks due to \*(L"unknown key share\*(R" attacks, in which a malicious server can convince a client that a connection to a victim server is instead a secure connection to the malicious server. The malicious server may then be able to violate cross-origin scripting restrictions. Thus, despite the text of \s-1RFC7671,\s0 name checks are by default enabled for \&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe to do so. In particular, \s-1SMTP\s0 and \s-1XMPP\s0 clients should set this option as \s-1SRV\s0 and \s-1MX\s0 records already make it possible for a remote domain to redirect client connections to any server of its choice, and in any case \s-1SMTP\s0 and \s-1XMPP\s0 clients do not execute scripts downloaded from remote servers. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The functions \fBSSL_CTX_dane_enable()\fR, \fBSSL_CTX_dane_mtype_set()\fR, \&\fBSSL_dane_enable()\fR and \fBSSL_dane_tlsa_add()\fR return a positive value on success. Negative return values indicate resource problems (out of memory, etc.) in the \&\s-1SSL\s0 library, while a return value of \fB0\fR indicates incorrect usage or invalid input, such as an unsupported \s-1TLSA\s0 record certificate usage, selector or matching type. Invalid input also includes malformed data, either a digest length that does not match the digest algorithm, or a \f(CWFull(0)\fR (binary \s-1ASN.1 DER\s0 form) certificate or a public key that fails to parse. .PP The functions \fBSSL_get0_dane_authority()\fR and \fBSSL_get0_dane_tlsa()\fR return a negative value when \s-1DANE\s0 authentication failed or was not enabled, a nonnegative value indicates the chain depth at which the \s-1TLSA\s0 record matched a chain certificate, or the depth of the top-most certificate, when the \s-1TLSA\s0 record is a full public key that is its signer. .PP The functions \fBSSL_CTX_dane_set_flags()\fR, \fBSSL_CTX_dane_clear_flags()\fR, \&\fBSSL_dane_set_flags()\fR and \fBSSL_dane_clear_flags()\fR return the \fBflags\fR in effect before they were called. .SH "EXAMPLES" .IX Header "EXAMPLES" Suppose \*(L"smtp.example.com\*(R" is the \s-1MX\s0 host of the domain \*(L"example.com\*(R", and has DNSSEC-validated \s-1TLSA\s0 records. The calls below will perform \s-1DANE\s0 authentication and arrange to match either the \s-1MX\s0 hostname or the destination domain name in the \s-1SMTP\s0 server certificate. Wildcards are supported, but must match the entire label. The actual name matched in the certificate (which might be a wildcard) is retrieved, and must be copied by the application if it is to be retained beyond the lifetime of the \s-1SSL\s0 connection. .PP .Vb 7 \& SSL_CTX *ctx; \& SSL *ssl; \& int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL; \& int num_usable = 0; \& const char *nexthop_domain = "example.com"; \& const char *dane_tlsa_domain = "smtp.example.com"; \& uint8_t usage, selector, mtype; \& \& if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) \& /* error */ \& if (SSL_CTX_dane_enable(ctx) <= 0) \& /* error */ \& if ((ssl = SSL_new(ctx)) == NULL) \& /* error */ \& if (SSL_dane_enable(ssl, dane_tlsa_domain) <= 0) \& /* error */ \& \& /* \& * For many applications it is safe to skip DANE\-EE(3) namechecks. Do not \& * disable the checks unless "unknown key share" attacks pose no risk for \& * your application. \& */ \& SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS); \& \& if (!SSL_add1_host(ssl, nexthop_domain)) \& /* error */ \& SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); \& \& for (... each TLSA record ...) { \& unsigned char *data; \& size_t len; \& int ret; \& \& /* set usage, selector, mtype, data, len */ \& \& /* \& * Opportunistic DANE TLS clients support only DANE\-TA(2) or DANE\-EE(3). \& * They treat all other certificate usages, and in particular PKIX\-TA(0) \& * and PKIX\-EE(1), as unusable. \& */ \& switch (usage) { \& default: \& case 0: /* PKIX\-TA(0) */ \& case 1: /* PKIX\-EE(1) */ \& continue; \& case 2: /* DANE\-TA(2) */ \& case 3: /* DANE\-EE(3) */ \& break; \& } \& \& ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len); \& /* free data as appropriate */ \& \& if (ret < 0) \& /* handle SSL library internal error */ \& else if (ret == 0) \& /* handle unusable TLSA record */ \& else \& ++num_usable; \& } \& \& /* \& * At this point, the verification mode is still the default SSL_VERIFY_NONE. \& * Opportunistic DANE clients use unauthenticated TLS when all TLSA records \& * are unusable, so continue the handshake even if authentication fails. \& */ \& if (num_usable == 0) { \& /* Log all records unusable? */ \& \& /* Optionally set verify_cb to a suitable non\-NULL callback. */ \& SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb); \& } else { \& /* At least one usable record. We expect to verify the peer */ \& \& /* Optionally set verify_cb to a suitable non\-NULL callback. */ \& \& /* \& * Below we elect to fail the handshake when peer verification fails. \& * Alternatively, use the permissive SSL_VERIFY_NONE verification mode, \& * complete the handshake, check the verification status, and if not \& * verified disconnect gracefully at the application layer, especially if \& * application protocol supports informing the server that authentication \& * failed. \& */ \& SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb); \& } \& \& /* \& * Load any saved session for resumption, making sure that the previous \& * session applied the same security and authentication requirements that \& * would be expected of a fresh connection. \& */ \& \& /* Perform SSL_connect() handshake and handle errors here */ \& \& if (SSL_session_reused(ssl)) { \& if (SSL_get_verify_result(ssl) == X509_V_OK) { \& /* \& * Resumed session was originally verified, this connection is \& * authenticated. \& */ \& } else { \& /* \& * Resumed session was not originally verified, this connection is not \& * authenticated. \& */ \& } \& } else if (SSL_get_verify_result(ssl) == X509_V_OK) { \& const char *peername = SSL_get0_peername(ssl); \& EVP_PKEY *mspki = NULL; \& \& int depth = SSL_get0_dane_authority(ssl, NULL, &mspki); \& if (depth >= 0) { \& (void) SSL_get0_dane_tlsa(ssl, &usage, &selector, &mtype, NULL, NULL); \& printf("DANE TLSA %d %d %d %s at depth %d\en", usage, selector, mtype, \& (mspki != NULL) ? "TA public key verified certificate" : \& depth ? "matched TA certificate" : "matched EE certificate", \& depth); \& } \& if (peername != NULL) { \& /* Name checks were in scope and matched the peername */ \& printf("Verified peername: %s\en", peername); \& } \& } else { \& /* \& * Not authenticated, presumably all TLSA rrs unusable, but possibly a \& * callback suppressed connection termination despite the presence of \& * usable TLSA RRs none of which matched. Do whatever is appropriate for \& * fresh unauthenticated connections. \& */ \& } .Ve .SH "NOTES" .IX Header "NOTES" It is expected that the majority of clients employing \s-1DANE TLS\s0 will be doing \&\*(L"opportunistic \s-1DANE TLS\*(R"\s0 in the sense of \s-1RFC7672\s0 and \s-1RFC7435.\s0 That is, they will use \s-1DANE\s0 authentication when DNSSEC-validated \s-1TLSA\s0 records are published for a given peer, and otherwise will use unauthenticated \s-1TLS\s0 or even cleartext. .PP Such applications should generally treat any \s-1TLSA\s0 records published by the peer with usages \s-1\fBPKIX\-TA\s0\fR\|(0) and \s-1\fBPKIX\-EE\s0\fR\|(1) as \*(L"unusable\*(R", and should not include them among the \s-1TLSA\s0 records used to authenticate peer connections. In addition, some \s-1TLSA\s0 records with supported usages may be \*(L"unusable\*(R" as a result of invalid or unsupported parameters. .PP When a peer has \s-1TLSA\s0 records, but none are \*(L"usable\*(R", an opportunistic application must avoid cleartext, but cannot authenticate the peer, and so should generally proceed with an unauthenticated connection. Opportunistic applications need to note the return value of each call to \fBSSL_dane_tlsa_add()\fR, and if all return 0 (due to invalid or unsupported parameters) disable peer authentication by calling \&\fBSSL_set_verify\fR\|(3) with \fBmode\fR equal to \fB\s-1SSL_VERIFY_NONE\s0\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_new\fR\|(3), \&\fBSSL_add1_host\fR\|(3), \&\fBSSL_set_hostflags\fR\|(3), \&\fBSSL_set_tlsext_host_name\fR\|(3), \&\fBSSL_set_verify\fR\|(3), \&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), \&\fBSSL_get0_verified_chain\fR\|(3), \&\fBSSL_get_peer_cert_chain\fR\|(3), \&\fBSSL_get_verify_result\fR\|(3), \&\fBSSL_connect\fR\|(3), \&\fBSSL_get0_peername\fR\|(3), \&\fBX509_verify_cert\fR\|(3), \&\fBX509_up_ref\fR\|(3), \&\fBX509_free\fR\|(3), \&\fBEVP_get_digestbyname\fR\|(3), \&\fBEVP_PKEY_up_ref\fR\|(3), \&\fBEVP_PKEY_free\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!GO:b"b"SSL_get_session.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_SESSION 3" .TH SSL_GET_SESSION 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get_session, SSL_get0_session, SSL_get1_session \- retrieve TLS/SSL session data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& SSL_SESSION *SSL_get_session(const SSL *ssl); \& SSL_SESSION *SSL_get0_session(const SSL *ssl); \& SSL_SESSION *SSL_get1_session(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in \&\fBssl\fR. The reference count of the \fB\s-1SSL_SESSION\s0\fR is not incremented, so that the pointer can become invalid by other operations. .PP \&\fBSSL_get0_session()\fR is the same as \fBSSL_get_session()\fR. .PP \&\fBSSL_get1_session()\fR is the same as \fBSSL_get_session()\fR, but the reference count of the \fB\s-1SSL_SESSION\s0\fR is incremented by one. .SH "NOTES" .IX Header "NOTES" The ssl session contains all information required to re-establish the connection without a full handshake for \s-1SSL\s0 versions up to and including TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the main handshake has occurred. The server will send the session information to the client at a time of its choosing, which may be some while after the initial connection is established (or never). Calling these functions on the client side in TLSv1.3 before the session has been established will still return an \&\s-1SSL_SESSION\s0 object but that object cannot be used for resuming the session. See \&\fBSSL_SESSION_is_resumable\fR\|(3) for information on how to determine whether an \&\s-1SSL_SESSION\s0 object can be used for resumption or not. .PP Additionally, in TLSv1.3, a server can send multiple messages that establish a session for a single connection. In that case, on the client side, the above functions will only return information on the last session that was received. On the server side they will only return information on the last session that was sent, or if no session tickets were sent then the session for the current connection. .PP The preferred way for applications to obtain a resumable \s-1SSL_SESSION\s0 object is to use a new session callback as described in \fBSSL_CTX_sess_set_new_cb\fR\|(3). The new session callback is only invoked when a session is actually established, so this avoids the problem described above where an application obtains an \&\s-1SSL_SESSION\s0 object that cannot be used for resumption in TLSv1.3. It also enables applications to obtain information about all sessions sent by the server. .PP A session will be automatically removed from the session cache and marked as non-resumable if the connection is not closed down cleanly, e.g. if a fatal error occurs on the connection or \fBSSL_shutdown\fR\|(3) is not called prior to \&\fBSSL_free\fR\|(3). .PP In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for resumption once. .PP \&\fBSSL_get0_session()\fR returns a pointer to the actual session. As the reference counter is not incremented, the pointer is only valid while the connection is in use. If \fBSSL_clear\fR\|(3) or \&\fBSSL_free\fR\|(3) is called, the session may be removed completely (if considered bad), and the pointer obtained will become invalid. Even if the session is valid, it can be removed at any time due to timeout during \fBSSL_CTX_flush_sessions\fR\|(3). .PP If the data is to be kept, \fBSSL_get1_session()\fR will increment the reference count, so that the session will not be implicitly removed by other operations but stays in memory. In order to remove the session \&\fBSSL_SESSION_free\fR\|(3) must be explicitly called once to decrement the reference count again. .PP \&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created from this \s-1SSL_CTX\s0 object). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "\s-1NULL\s0" 4 .IX Item "NULL" There is no session available in \fBssl\fR. .IP "Pointer to an \s-1SSL_SESSION\s0" 4 .IX Item "Pointer to an SSL_SESSION" The return value points to the data of an \s-1SSL\s0 session. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_free\fR\|(3), \&\fBSSL_clear\fR\|(3), \&\fBSSL_SESSION_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! ;WW CMS_decrypt.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CMS_DECRYPT 3" .TH CMS_DECRYPT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CMS_decrypt \- decrypt content from a CMS envelopedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, \& BIO *dcont, BIO *out, unsigned int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBCMS_decrypt()\fR extracts and decrypts the content from a \s-1CMS\s0 EnvelopedData structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the recipient's certificate, \fBout\fR is a \s-1BIO\s0 to write the content to and \&\fBflags\fR is an optional set of flags. .PP The \fBdcont\fR parameter is used in the rare case where the encrypted content is detached. It will normally be set to \s-1NULL.\s0 .SH "NOTES" .IX Header "NOTES" Although the recipients certificate is not needed to decrypt the data it is needed to locate the appropriate (of possible several) recipients in the \s-1CMS\s0 structure. .PP If \fBcert\fR is set to \s-1NULL\s0 all possible recipients are tried. This case however is problematic. To thwart the \s-1MMA\s0 attack (Bleichenbacher's attack on \&\s-1PKCS\s0 #1 v1.5 \s-1RSA\s0 padding) all recipients are tried whether they succeed or not. If no recipient succeeds then a random symmetric key is used to decrypt the content: this will typically output garbage and may (but is not guaranteed to) ultimately return a padding error only. If \fBCMS_decrypt()\fR just returned an error when all recipient encrypted keys failed to decrypt an attacker could use this in a timing attack. If the special flag \fB\s-1CMS_DEBUG_DECRYPT\s0\fR is set then the above behaviour is modified and an error \fBis\fR returned if no recipient encrypted key can be decrypted \fBwithout\fR generating a random content encryption key. Applications should use this flag with \&\fBextreme caution\fR especially in automated gateways as it can leave them open to attack. .PP It is possible to determine the correct recipient key by other means (for example looking them up in a database) and setting them in the \s-1CMS\s0 structure in advance using the \s-1CMS\s0 utility functions such as \fBCMS_set1_pkey()\fR. In this case both \fBcert\fR and \fBpkey\fR should be set to \s-1NULL.\s0 .PP To process KEKRecipientInfo types \fBCMS_set1_key()\fR or \fBCMS_RecipientInfo_set0_key()\fR and \fBCMS_RecipientInfo_decrypt()\fR should be called before \fBCMS_decrypt()\fR and \&\fBcert\fR and \fBpkey\fR set to \s-1NULL.\s0 .PP The following flags can be passed in the \fBflags\fR parameter. .PP If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted from the content. If the content is not of type \fBtext/plain\fR then an error is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_decrypt()\fR returns either 1 for success or 0 for failure. The error can be obtained from \fBERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" The lack of single pass processing and the need to hold all data in memory as mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decrypt()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_encrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!hQ*#*# BN_bn2bin.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_BN2BIN 3" .TH BN_BN2BIN 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_bn2binpad, BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn \- format conversions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int BN_bn2bin(const BIGNUM *a, unsigned char *to); \& int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); \& BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); \& \& int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); \& BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); \& \& char *BN_bn2hex(const BIGNUM *a); \& char *BN_bn2dec(const BIGNUM *a); \& int BN_hex2bn(BIGNUM **a, const char *str); \& int BN_dec2bn(BIGNUM **a, const char *str); \& \& int BN_print(BIO *fp, const BIGNUM *a); \& int BN_print_fp(FILE *fp, const BIGNUM *a); \& \& int BN_bn2mpi(const BIGNUM *a, unsigned char *to); \& BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBN_bn2bin()\fR converts the absolute value of \fBa\fR into big-endian form and stores it at \fBto\fR. \fBto\fR must point to BN_num_bytes(\fBa\fR) bytes of memory. .PP \&\fBBN_bn2binpad()\fR also converts the absolute value of \fBa\fR into big-endian form and stores it at \fBto\fR. \fBtolen\fR indicates the length of the output buffer \&\fBto\fR. The result is padded with zeros if necessary. If \fBtolen\fR is less than BN_num_bytes(\fBa\fR) an error is returned. .PP \&\fBBN_bin2bn()\fR converts the positive integer in big-endian form of length \&\fBlen\fR at \fBs\fR into a \fB\s-1BIGNUM\s0\fR and places it in \fBret\fR. If \fBret\fR is \&\s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. .PP \&\fBBN_bn2lebinpad()\fR and \fBBN_lebin2bn()\fR are identical to \fBBN_bn2binpad()\fR and \&\fBBN_bin2bn()\fR except the buffer is in little-endian format. .PP \&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return printable strings containing the hexadecimal and decimal encoding of \fBa\fR respectively. For negative numbers, the string is prefaced with a leading '\-'. The string must be freed later using \fBOPENSSL_free()\fR. .PP \&\fBBN_hex2bn()\fR takes as many characters as possible from the string \fBstr\fR, including the leading character '\-' which means negative, to form a valid hexadecimal number representation and converts them to a \fB\s-1BIGNUM\s0\fR and stores it in **\fBa\fR. If *\fBa\fR is \s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. If \&\fBa\fR is \s-1NULL,\s0 it only computes the length of valid representation. A \*(L"negative zero\*(R" is converted to zero. \&\fBBN_dec2bn()\fR is the same using the decimal system. .PP \&\fBBN_print()\fR and \fBBN_print_fp()\fR write the hexadecimal encoding of \fBa\fR, with a leading '\-' for negative numbers, to the \fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR \&\fBfp\fR. .PP \&\fBBN_bn2mpi()\fR and \fBBN_mpi2bn()\fR convert \fB\s-1BIGNUM\s0\fRs from and to a format that consists of the number's length in bytes represented as a 4\-byte big-endian number, and the number itself in big-endian format, where the most significant bit signals a negative number (the representation of numbers with the \s-1MSB\s0 set is prefixed with null byte). .PP \&\fBBN_bn2mpi()\fR stores the representation of \fBa\fR at \fBto\fR, where \fBto\fR must be large enough to hold the result. The size can be determined by calling BN_bn2mpi(\fBa\fR, \s-1NULL\s0). .PP \&\fBBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to a \fB\s-1BIGNUM\s0\fR and stores it at \fBret\fR, or in a newly allocated \fB\s-1BIGNUM\s0\fR if \fBret\fR is \s-1NULL.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR. \&\fBBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error. .PP \&\fBBN_bn2binpad()\fR returns the number of bytes written or \-1 if the supplied buffer is too small. .PP \&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return a null-terminated string, or \s-1NULL\s0 on error. \fBBN_hex2bn()\fR and \fBBN_dec2bn()\fR return the number of characters used in parsing, or 0 on error, in which case no new \fB\s-1BIGNUM\s0\fR will be created. .PP \&\fBBN_print_fp()\fR and \fBBN_print()\fR return 1 on success, 0 on write errors. .PP \&\fBBN_bn2mpi()\fR returns the length of the representation. \fBBN_mpi2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. .PP The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBBN_zero\fR\|(3), \&\fBASN1_INTEGER_to_BN\fR\|(3), \&\fBBN_num_bytes\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!- BN_set_bit.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_SET_BIT 3" .TH BN_SET_BIT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, BN_lshift1, BN_rshift, BN_rshift1 \- bit operations on BIGNUMs .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int BN_set_bit(BIGNUM *a, int n); \& int BN_clear_bit(BIGNUM *a, int n); \& \& int BN_is_bit_set(const BIGNUM *a, int n); \& \& int BN_mask_bits(BIGNUM *a, int n); \& \& int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); \& int BN_lshift1(BIGNUM *r, BIGNUM *a); \& \& int BN_rshift(BIGNUM *r, BIGNUM *a, int n); \& int BN_rshift1(BIGNUM *r, BIGNUM *a); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBN_set_bit()\fR sets bit \fBn\fR in \fBa\fR to 1 (\f(CW\*(C`a|=(1<. PK!>11X509_get_extension_flags.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_GET_EXTENSION_FLAGS 3" .TH X509_GET_EXTENSION_FLAGS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_get0_subject_key_id, X509_get0_authority_key_id, X509_get0_authority_issuer, X509_get0_authority_serial, X509_get_pathlen, X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage, X509_set_proxy_flag, X509_set_proxy_pathlen, X509_get_proxy_pathlen \- retrieve certificate extension data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long X509_get_pathlen(X509 *x); \& uint32_t X509_get_extension_flags(X509 *x); \& uint32_t X509_get_key_usage(X509 *x); \& uint32_t X509_get_extended_key_usage(X509 *x); \& const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); \& const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); \& const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); \& const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); \& void X509_set_proxy_flag(X509 *x); \& void X509_set_proxy_pathlen(int l); \& long X509_get_proxy_pathlen(X509 *x); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions retrieve information related to commonly used certificate extensions. .PP \&\fBX509_get_pathlen()\fR retrieves the path length extension from a certificate. This extension is used to limit the length of a cert chain that may be issued from that \s-1CA.\s0 .PP \&\fBX509_get_extension_flags()\fR retrieves general information about a certificate, it will return one or more of the following flags ored together. .IP "\fB\s-1EXFLAG_V1\s0\fR" 4 .IX Item "EXFLAG_V1" The certificate is an obsolete version 1 certificate. .IP "\fB\s-1EXFLAG_BCONS\s0\fR" 4 .IX Item "EXFLAG_BCONS" The certificate contains a basic constraints extension. .IP "\fB\s-1EXFLAG_CA\s0\fR" 4 .IX Item "EXFLAG_CA" The certificate contains basic constraints and asserts the \s-1CA\s0 flag. .IP "\fB\s-1EXFLAG_PROXY\s0\fR" 4 .IX Item "EXFLAG_PROXY" The certificate is a valid proxy certificate. .IP "\fB\s-1EXFLAG_SI\s0\fR" 4 .IX Item "EXFLAG_SI" The certificate is self issued (that is subject and issuer names match). .IP "\fB\s-1EXFLAG_SS\s0\fR" 4 .IX Item "EXFLAG_SS" The subject and issuer names match and extension values imply it is self signed. .IP "\fB\s-1EXFLAG_FRESHEST\s0\fR" 4 .IX Item "EXFLAG_FRESHEST" The freshest \s-1CRL\s0 extension is present in the certificate. .IP "\fB\s-1EXFLAG_CRITICAL\s0\fR" 4 .IX Item "EXFLAG_CRITICAL" The certificate contains an unhandled critical extension. .IP "\fB\s-1EXFLAG_INVALID\s0\fR" 4 .IX Item "EXFLAG_INVALID" Some certificate extension values are invalid or inconsistent. The certificate should be rejected. This bit may also be raised after an out-of-memory error while processing the X509 object, so it may not be related to the processed \&\s-1ASN1\s0 object itself. .IP "\fB\s-1EXFLAG_NO_FINGERPRINT\s0\fR" 4 .IX Item "EXFLAG_NO_FINGERPRINT" Failed to compute the internal \s-1SHA1\s0 hash value of the certificate. This may be due to malloc failure or because no \s-1SHA1\s0 implementation was found. .IP "\fB\s-1EXFLAG_INVALID_POLICY\s0\fR" 4 .IX Item "EXFLAG_INVALID_POLICY" The NID_certificate_policies certificate extension is invalid or inconsistent. The certificate should be rejected. This bit may also be raised after an out-of-memory error while processing the X509 object, so it may not be related to the processed \&\s-1ASN1\s0 object itself. .IP "\fB\s-1EXFLAG_KUSAGE\s0\fR" 4 .IX Item "EXFLAG_KUSAGE" The certificate contains a key usage extension. The value can be retrieved using \fBX509_get_key_usage()\fR. .IP "\fB\s-1EXFLAG_XKUSAGE\s0\fR" 4 .IX Item "EXFLAG_XKUSAGE" The certificate contains an extended key usage extension. The value can be retrieved using \fBX509_get_extended_key_usage()\fR. .PP \&\fBX509_get_key_usage()\fR returns the value of the key usage extension. If key usage is present will return zero or more of the flags: \&\fB\s-1KU_DIGITAL_SIGNATURE\s0\fR, \fB\s-1KU_NON_REPUDIATION\s0\fR, \fB\s-1KU_KEY_ENCIPHERMENT\s0\fR, \&\fB\s-1KU_DATA_ENCIPHERMENT\s0\fR, \fB\s-1KU_KEY_AGREEMENT\s0\fR, \fB\s-1KU_KEY_CERT_SIGN\s0\fR, \&\fB\s-1KU_CRL_SIGN\s0\fR, \fB\s-1KU_ENCIPHER_ONLY\s0\fR or \fB\s-1KU_DECIPHER_ONLY\s0\fR corresponding to individual key usage bits. If key usage is absent then \fB\s-1UINT32_MAX\s0\fR is returned. .PP \&\fBX509_get_extended_key_usage()\fR returns the value of the extended key usage extension. If extended key usage is present it will return zero or more of the flags: \fB\s-1XKU_SSL_SERVER\s0\fR, \fB\s-1XKU_SSL_CLIENT\s0\fR, \fB\s-1XKU_SMIME\s0\fR, \fB\s-1XKU_CODE_SIGN\s0\fR \&\fB\s-1XKU_OCSP_SIGN\s0\fR, \fB\s-1XKU_TIMESTAMP\s0\fR, \fB\s-1XKU_DVCS\s0\fR or \fB\s-1XKU_ANYEKU\s0\fR. These correspond to the OIDs \fBid-kp-serverAuth\fR, \fBid-kp-clientAuth\fR, \&\fBid-kp-emailProtection\fR, \fBid-kp-codeSigning\fR, \fBid-kp-OCSPSigning\fR, \&\fBid-kp-timeStamping\fR, \fBid-kp-dvcs\fR and \fBanyExtendedKeyUsage\fR respectively. Additionally \fB\s-1XKU_SGC\s0\fR is set if either Netscape or Microsoft \s-1SGC\s0 OIDs are present. .PP \&\fBX509_get0_subject_key_id()\fR returns an internal pointer to the subject key identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension is not present or cannot be parsed. .PP \&\fBX509_get0_authority_key_id()\fR returns an internal pointer to the authority key identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension is not present or cannot be parsed. .PP \&\fBX509_get0_authority_issuer()\fR returns an internal pointer to the authority certificate issuer of \fBx\fR as a stack of \fB\s-1GENERAL_NAME\s0\fR structures or \&\fB\s-1NULL\s0\fR if the extension is not present or cannot be parsed. .PP \&\fBX509_get0_authority_serial()\fR returns an internal pointer to the authority certificate serial number of \fBx\fR as an \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1NULL\s0\fR if the extension is not present or cannot be parsed. .PP \&\fBX509_set_proxy_flag()\fR marks the certificate with the \fB\s-1EXFLAG_PROXY\s0\fR flag. This is for the users who need to mark non\-RFC3820 proxy certificates as such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones. .PP \&\fBX509_set_proxy_pathlen()\fR sets the proxy certificate path length for the given certificate \fBx\fR. This is for the users who need to mark non\-RFC3820 proxy certificates as such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones. .PP \&\fBX509_get_proxy_pathlen()\fR returns the proxy certificate path length for the given certificate \fBx\fR if it is a proxy certificate. .SH "NOTES" .IX Header "NOTES" The value of the flags correspond to extension values which are cached in the \fBX509\fR structure. If the flags returned do not provide sufficient information an application should examine extension values directly for example using \fBX509_get_ext_d2i()\fR. .PP If the key usage or extended key usage extension is absent then typically usage is unrestricted. For this reason \fBX509_get_key_usage()\fR and \&\fBX509_get_extended_key_usage()\fR return \fB\s-1UINT32_MAX\s0\fR when the corresponding extension is absent. Applications can additionally check the return value of \&\fBX509_get_extension_flags()\fR and take appropriate action is an extension is absent. .PP If \fBX509_get0_subject_key_id()\fR returns \fB\s-1NULL\s0\fR then the extension may be absent or malformed. Applications can determine the precise reason using \&\fBX509_get_ext_d2i()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_get_pathlen()\fR returns the path length value, or \-1 if the extension is not present. .PP \&\fBX509_get_extension_flags()\fR, \fBX509_get_key_usage()\fR and \&\fBX509_get_extended_key_usage()\fR return sets of flags corresponding to the certificate extension values. .PP \&\fBX509_get0_subject_key_id()\fR returns the subject key identifier as a pointer to an \fB\s-1ASN1_OCTET_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if the extension is absent or an error occurred during parsing. .PP \&\fBX509_get_proxy_pathlen()\fR returns the path length value if the given certificate is a proxy one and has a path length set, and \-1 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_check_purpose\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBX509_get_pathlen()\fR, \fBX509_set_proxy_flag()\fR, \fBX509_set_proxy_pathlen()\fR and \&\fBX509_get_proxy_pathlen()\fR were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!m" EVP_sha1.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_SHA1 3" .TH EVP_SHA1 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_sha1 \&\- SHA\-1 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_MD *EVP_sha1(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1SHA\-1\s0 (Secure Hash Algorithm 1) is a cryptographic hash function standardized in \s-1NIST FIPS 180\-4.\s0 The algorithm was designed by the United States National Security Agency and initially published in 1995. .IP "\fBEVP_sha1()\fR" 4 .IX Item "EVP_sha1()" The \s-1SHA\-1\s0 algorithm which produces a 160\-bit output from a given input. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1NIST FIPS 180\-4.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!$`ODH_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DH_NEW 3" .TH DH_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DH_new, DH_free \- allocate and free DH objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& DH* DH_new(void); \& \& void DH_free(DH *dh); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure. .PP \&\fBDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are erased before the memory is returned to the system. If \fBdh\fR is \s-1NULL\s0 nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" If the allocation fails, \fBDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP \&\fBDH_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \&\fBDH_generate_parameters\fR\|(3), \&\fBDH_generate_key\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!/ CwwSSL_alloc_buffers.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_ALLOC_BUFFERS 3" .TH SSL_ALLOC_BUFFERS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_free_buffers, SSL_alloc_buffers \- manage SSL structure buffers .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_free_buffers(SSL *ssl); \& int SSL_alloc_buffers(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_free_buffers()\fR frees the read and write buffers of the given \fBssl\fR. \&\fBSSL_alloc_buffers()\fR allocates the read and write buffers of the given \fBssl\fR. .PP The \fB\s-1SSL_MODE_RELEASE_BUFFERS\s0\fR mode releases read or write buffers whenever the buffers have been drained. These functions allow applications to manually control when buffers are freed and allocated. .PP After freeing the buffers, the buffers are automatically reallocated upon a new read or write. The \fBSSL_alloc_buffers()\fR does not need to be called, but can be used to make sure the buffers are preallocated. This can be used to avoid allocation during data processing or with \fBCRYPTO_set_mem_functions()\fR to control where and how buffers are allocated. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "0 (Failure)" 4 .IX Item "0 (Failure)" The \fBSSL_free_buffers()\fR function returns 0 when there is pending data to be read or written. The \fBSSL_alloc_buffers()\fR function returns 0 when there is an allocation failure. .IP "1 (Success)" 4 .IX Item "1 (Success)" The \fBSSL_free_buffers()\fR function returns 1 if the buffers have been freed. This value is also returned if the buffers had been freed before calling \&\fBSSL_free_buffers()\fR. The \fBSSL_alloc_buffers()\fR function returns 1 if the buffers have been allocated. This value is also returned if the buffers had been allocated before calling \&\fBSSL_alloc_buffers()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_free\fR\|(3), \fBSSL_clear\fR\|(3), \&\fBSSL_new\fR\|(3), \fBSSL_CTX_set_mode\fR\|(3), CRYPTO_set_mem_functions .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!59 PPSSL_CTX_set_options.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_OPTIONS 3" .TH SSL_CTX_SET_OPTIONS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support \- manipulate SSL options .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_CTX_set_options(SSL_CTX *ctx, long options); \& long SSL_set_options(SSL *ssl, long options); \& \& long SSL_CTX_clear_options(SSL_CTX *ctx, long options); \& long SSL_clear_options(SSL *ssl, long options); \& \& long SSL_CTX_get_options(SSL_CTX *ctx); \& long SSL_get_options(SSL *ssl); \& \& long SSL_get_secure_renegotiation_support(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_options()\fR adds the options set via bit mask in \fBoptions\fR to \fBctx\fR. Options already set before are not cleared! .PP \&\fBSSL_set_options()\fR adds the options set via bit mask in \fBoptions\fR to \fBssl\fR. Options already set before are not cleared! .PP \&\fBSSL_CTX_clear_options()\fR clears the options set via bit mask in \fBoptions\fR to \fBctx\fR. .PP \&\fBSSL_clear_options()\fR clears the options set via bit mask in \fBoptions\fR to \fBssl\fR. .PP \&\fBSSL_CTX_get_options()\fR returns the options set for \fBctx\fR. .PP \&\fBSSL_get_options()\fR returns the options set for \fBssl\fR. .PP \&\fBSSL_get_secure_renegotiation_support()\fR indicates whether the peer supports secure renegotiation. Note, this is implemented via a macro. .SH "NOTES" .IX Header "NOTES" The behaviour of the \s-1SSL\s0 library can be changed by setting several options. The options are coded as bit masks and can be combined by a bitwise \fBor\fR operation (|). .PP \&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR affect the (external) protocol behaviour of the \s-1SSL\s0 library. The (internal) behaviour of the \s-1API\s0 can be changed by using the similar \&\fBSSL_CTX_set_mode\fR\|(3) and \fBSSL_set_mode()\fR functions. .PP During a handshake, the option settings of the \s-1SSL\s0 object are used. When a new \s-1SSL\s0 object is created from a context using \fBSSL_new()\fR, the current option setting is copied. Changes to \fBctx\fR do not affect already created \&\s-1SSL\s0 objects. \fBSSL_clear()\fR does not affect the settings. .PP The following \fBbug workaround\fR options are available: .IP "\s-1SSL_OP_SAFARI_ECDHE_ECDSA_BUG\s0" 4 .IX Item "SSL_OP_SAFARI_ECDHE_ECDSA_BUG" Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS X. OS X 10.8..10.8.3\s0 has broken support for ECDHE-ECDSA ciphers. .IP "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 .IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" Disables a countermeasure against a \s-1SSL 3.0/TLS 1.0\s0 protocol vulnerability affecting \s-1CBC\s0 ciphers, which cannot be handled by some broken \s-1SSL\s0 implementations. This option has no effect for connections using other ciphers. .IP "\s-1SSL_OP_TLSEXT_PADDING\s0" 4 .IX Item "SSL_OP_TLSEXT_PADDING" Adds a padding extension to ensure the ClientHello size is never between 256 and 511 bytes in length. This is needed as a workaround for some implementations. .IP "\s-1SSL_OP_ALL\s0" 4 .IX Item "SSL_OP_ALL" All of the above bug workarounds plus \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR as mentioned below. .PP It is usually safe to use \fB\s-1SSL_OP_ALL\s0\fR to enable the bug workaround options if compatibility with somewhat broken implementations is desired. .PP The following \fBmodifying\fR options are available: .IP "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 .IX Item "SSL_OP_TLS_ROLLBACK_BUG" Disable version rollback attack detection. .Sp During the client key exchange, the client must send the same information about acceptable \s-1SSL/TLS\s0 protocol levels as during the first hello. Some clients violate this rule by adapting to the server's answer. (Example: the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server only understands up to SSLv3. In this case the client must still use the same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect to the server's answer and violate the version rollback protection.) .IP "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4 .IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE" When choosing a cipher, use the server's preferences instead of the client preferences. When not set, the \s-1SSL\s0 server will always follow the clients preferences. When set, the \s-1SSL/TLS\s0 server will choose following its own preferences. .IP "SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2" 4 .IX Item "SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2" These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol versions with \s-1TLS\s0 or the DTLSv1, DTLSv1.2 versions with \s-1DTLS,\s0 respectively. As of OpenSSL 1.1.0, these options are deprecated, use \&\fBSSL_CTX_set_min_proto_version\fR\|(3) and \&\fBSSL_CTX_set_max_proto_version\fR\|(3) instead. .IP "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4 .IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" When performing renegotiation as a server, always start a new session (i.e., session resumption requests are only accepted in the initial handshake). This option is not needed for clients. .IP "\s-1SSL_OP_NO_COMPRESSION\s0" 4 .IX Item "SSL_OP_NO_COMPRESSION" Do not use compression even if it is supported. .IP "\s-1SSL_OP_NO_QUERY_MTU\s0" 4 .IX Item "SSL_OP_NO_QUERY_MTU" Do not query the \s-1MTU.\s0 Only affects \s-1DTLS\s0 connections. .IP "\s-1SSL_OP_COOKIE_EXCHANGE\s0" 4 .IX Item "SSL_OP_COOKIE_EXCHANGE" Turn on Cookie Exchange as described in \s-1RFC4347\s0 Section 4.2.1. Only affects \&\s-1DTLS\s0 connections. .IP "\s-1SSL_OP_NO_TICKET\s0" 4 .IX Item "SSL_OP_NO_TICKET" \&\s-1SSL/TLS\s0 supports two mechanisms for resuming sessions: session ids and stateless session tickets. .Sp When using session ids a copy of the session information is cached on the server and a unique id is sent to the client. When the client wishes to resume it provides the unique id so that the server can retrieve the session information from its cache. .Sp When using stateless session tickets the server uses a session ticket encryption key to encrypt the session information. This encrypted data is sent to the client as a \*(L"ticket\*(R". When the client wishes to resume it sends the encrypted data back to the server. The server uses its key to decrypt the data and resume the session. In this way the server can operate statelessly \- no session information needs to be cached locally. .Sp The TLSv1.3 protocol only supports tickets and does not directly support session ids. However, OpenSSL allows two modes of ticket operation in TLSv1.3: stateful and stateless. Stateless tickets work the same way as in TLSv1.2 and below. Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. The session information is cached on the server and the session id is wrapped up in a ticket and sent back to the client. When the client wishes to resume, it presents a ticket in the same way as for stateless tickets. The server can then extract the session id from the ticket and retrieve the session information from its cache. .Sp By default OpenSSL will use stateless tickets. The \s-1SSL_OP_NO_TICKET\s0 option will cause stateless tickets to not be issued. In TLSv1.2 and below this means no ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be sent. This is a server-side option only. .Sp In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from being sent by calling \fBSSL_CTX_set_num_tickets\fR\|(3) or \&\fBSSL_set_num_tickets\fR\|(3). .IP "\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0" 4 .IX Item "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" Allow legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See the \fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. .IP "\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0" 4 .IX Item "SSL_OP_LEGACY_SERVER_CONNECT" Allow legacy insecure renegotiation between OpenSSL and unpatched servers \&\fBonly\fR: this option is currently set by default. See the \&\fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. .IP "\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0" 4 .IX Item "SSL_OP_NO_ENCRYPT_THEN_MAC" Normally clients and servers will transparently attempt to negotiate the \&\s-1RFC7366\s0 Encrypt-then-MAC option on \s-1TLS\s0 and \s-1DTLS\s0 connection. .Sp If this option is set, Encrypt-then-MAC is disabled. Clients will not propose, and servers will not accept the extension. .IP "\s-1SSL_OP_NO_RENEGOTIATION\s0" 4 .IX Item "SSL_OP_NO_RENEGOTIATION" Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest messages, and ignore renegotiation requests via ClientHello. .IP "\s-1SSL_OP_ALLOW_NO_DHE_KEX\s0" 4 .IX Item "SSL_OP_ALLOW_NO_DHE_KEX" In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means that there will be no forward secrecy for the resumed session. .IP "\s-1SSL_OP_PRIORITIZE_CHACHA\s0" 4 .IX Item "SSL_OP_PRIORITIZE_CHACHA" When \s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0 is set, temporarily reprioritize ChaCha20\-Poly1305 ciphers to the top of the server cipher list if a ChaCha20\-Poly1305 cipher is at the top of the client cipher list. This helps those clients (e.g. mobile) use ChaCha20\-Poly1305 if that cipher is anywhere in the server cipher list; but still allows other clients to use \s-1AES\s0 and other ciphers. Requires \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. .IP "\s-1SSL_OP_ENABLE_MIDDLEBOX_COMPAT\s0" 4 .IX Item "SSL_OP_ENABLE_MIDDLEBOX_COMPAT" If set then dummy Change Cipher Spec (\s-1CCS\s0) messages are sent in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that do not understand TLSv1.3 will not drop the connection. Regardless of whether this option is set or not \s-1CCS\s0 messages received from the peer will always be ignored in TLSv1.3. This option is set by default. To switch it off use \&\fBSSL_clear_options()\fR. A future version of OpenSSL may not set this by default. .IP "\s-1SSL_OP_NO_ANTI_REPLAY\s0" 4 .IX Item "SSL_OP_NO_ANTI_REPLAY" By default, when a server is configured for early data (i.e., max_early_data > 0), OpenSSL will switch on replay protection. See \fBSSL_read_early_data\fR\|(3) for a description of the replay protection feature. Anti-replay measures are required to comply with the TLSv1.3 specification. Some applications may be able to mitigate the replay risks in other ways and in such cases the built in OpenSSL functionality is not required. Those applications can turn this feature off by setting this option. This is a server-side opton only. It is ignored by clients. .PP The following options no longer have any effect but their identifiers are retained for compatibility purposes: .IP "\s-1SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\s0" 4 .IX Item "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" .PD 0 .IP "\s-1SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER\s0" 4 .IX Item "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER" .IP "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4 .IX Item "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" .IP "\s-1SSL_OP_TLS_D5_BUG\s0" 4 .IX Item "SSL_OP_TLS_D5_BUG" .IP "\s-1SSL_OP_TLS_BLOCK_PADDING_BUG\s0" 4 .IX Item "SSL_OP_TLS_BLOCK_PADDING_BUG" .IP "\s-1SSL_OP_MSIE_SSLV2_RSA_PADDING\s0" 4 .IX Item "SSL_OP_MSIE_SSLV2_RSA_PADDING" .IP "\s-1SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG\s0" 4 .IX Item "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG" .IP "\s-1SSL_OP_MICROSOFT_SESS_ID_BUG\s0" 4 .IX Item "SSL_OP_MICROSOFT_SESS_ID_BUG" .IP "\s-1SSL_OP_NETSCAPE_CHALLENGE_BUG\s0" 4 .IX Item "SSL_OP_NETSCAPE_CHALLENGE_BUG" .IP "\s-1SSL_OP_PKCS1_CHECK_1\s0" 4 .IX Item "SSL_OP_PKCS1_CHECK_1" .IP "\s-1SSL_OP_PKCS1_CHECK_2\s0" 4 .IX Item "SSL_OP_PKCS1_CHECK_2" .IP "\s-1SSL_OP_SINGLE_DH_USE\s0" 4 .IX Item "SSL_OP_SINGLE_DH_USE" .IP "\s-1SSL_OP_SINGLE_ECDH_USE\s0" 4 .IX Item "SSL_OP_SINGLE_ECDH_USE" .IP "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 .IX Item "SSL_OP_EPHEMERAL_RSA" .PD .SH "SECURE RENEGOTIATION" .IX Header "SECURE RENEGOTIATION" OpenSSL always attempts to use secure renegotiation as described in \s-1RFC5746.\s0 This counters the prefix attack described in \&\s-1CVE\-2009\-3555\s0 and elsewhere. .PP This attack has far reaching consequences which application writers should be aware of. In the description below an implementation supporting secure renegotiation is referred to as \fIpatched\fR. A server not supporting secure renegotiation is referred to as \fIunpatched\fR. .PP The following sections describe the operations permitted by OpenSSL's secure renegotiation implementation. .SS "Patched client and server" .IX Subsection "Patched client and server" Connections and renegotiation are always permitted by OpenSSL implementations. .SS "Unpatched client and patched OpenSSL server" .IX Subsection "Unpatched client and patched OpenSSL server" The initial connection succeeds but client renegotiation is denied by the server with a \fBno_renegotiation\fR warning alert if \s-1TLS\s0 v1.0 is used or a fatal \&\fBhandshake_failure\fR alert in \s-1SSL\s0 v3.0. .PP If the patched OpenSSL server attempts to renegotiate a fatal \&\fBhandshake_failure\fR alert is sent. This is because the server code may be unaware of the unpatched nature of the client. .PP If the option \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then renegotiation \fBalways\fR succeeds. .SS "Patched OpenSSL client and unpatched server." .IX Subsection "Patched OpenSSL client and unpatched server." If the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR or \&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then initial connections and renegotiation between patched OpenSSL clients and unpatched servers succeeds. If neither option is set then initial connections to unpatched servers will fail. .PP The option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR is currently set by default even though it has security implications: otherwise it would be impossible to connect to unpatched servers (i.e. all of them initially) and this is clearly not acceptable. Renegotiation is permitted because this does not add any additional security issues: during an attack clients do not see any renegotiations anyway. .PP As more servers become patched the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR will \&\fBnot\fR be set by default in a future version of OpenSSL. .PP OpenSSL client applications wishing to ensure they can connect to unpatched servers should always \fBset\fR \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR .PP OpenSSL client applications that want to ensure they can \fBnot\fR connect to unpatched servers (and thus avoid any security issues) should always \fBclear\fR \&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR using \fBSSL_CTX_clear_options()\fR or \&\fBSSL_clear_options()\fR. .PP The difference between the \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR and \&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR options is that \&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR enables initial connections and secure renegotiation between OpenSSL clients and unpatched servers \fBonly\fR, while \&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR allows initial connections and renegotiation between OpenSSL and unpatched clients or servers. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR return the new options bit mask after adding \fBoptions\fR. .PP \&\fBSSL_CTX_clear_options()\fR and \fBSSL_clear_options()\fR return the new options bit mask after clearing \fBoptions\fR. .PP \&\fBSSL_CTX_get_options()\fR and \fBSSL_get_options()\fR return the current bit mask. .PP \&\fBSSL_get_secure_renegotiation_support()\fR returns 1 is the peer supports secure renegotiation and 0 if it does not. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), \&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), \&\fBSSL_CTX_set_min_proto_version\fR\|(3), \&\fBdhparam\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" The attempt to always try to use secure renegotiation was added in OpenSSL 0.9.8m. .PP The \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR and \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR options were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!tys!!SSL_CTX_set1_curves.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET1_CURVES 3" .TH SSL_CTX_SET1_CURVES 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve \&\- EC supported curve functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen); \& int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list); \& \& int SSL_set1_groups(SSL *ssl, int *glist, int glistlen); \& int SSL_set1_groups_list(SSL *ssl, char *list); \& \& int SSL_get1_groups(SSL *ssl, int *groups); \& int SSL_get_shared_group(SSL *s, int n); \& \& int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen); \& int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list); \& \& int SSL_set1_curves(SSL *ssl, int *clist, int clistlen); \& int SSL_set1_curves_list(SSL *ssl, char *list); \& \& int SSL_get1_curves(SSL *ssl, int *curves); \& int SSL_get_shared_curve(SSL *s, int n); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" For all of the functions below that set the supported groups there must be at least one group in the list. .PP \&\fBSSL_CTX_set1_groups()\fR sets the supported groups for \fBctx\fR to \fBglistlen\fR groups in the array \fBglist\fR. The array consist of all NIDs of groups in preference order. For a \s-1TLS\s0 client the groups are used directly in the supported groups extension. For a \s-1TLS\s0 server the groups are used to determine the set of shared groups. .PP \&\fBSSL_CTX_set1_groups_list()\fR sets the supported groups for \fBctx\fR to string \fBlist\fR. The string is a colon separated list of group NIDs or names, for example \*(L"P\-521:P\-384:P\-256\*(R". .PP \&\fBSSL_set1_groups()\fR and \fBSSL_set1_groups_list()\fR are similar except they set supported groups for the \s-1SSL\s0 structure \fBssl\fR. .PP \&\fBSSL_get1_groups()\fR returns the set of supported groups sent by a client in the supported groups extension. It returns the total number of supported groups. The \fBgroups\fR parameter can be \fB\s-1NULL\s0\fR to simply return the number of groups for memory allocation purposes. The \&\fBgroups\fR array is in the form of a set of group NIDs in preference order. It can return zero if the client did not send a supported groups extension. .PP \&\fBSSL_get_shared_group()\fR returns shared group \fBn\fR for a server-side \&\s-1SSL\s0 \fBssl\fR. If \fBn\fR is \-1 then the total number of shared groups is returned, which may be zero. Other than for diagnostic purposes, most applications will only be interested in the first shared group so \fBn\fR is normally set to zero. If the value \fBn\fR is out of range, NID_undef is returned. .PP All these functions are implemented as macros. .PP The curve functions are synonyms for the equivalently named group functions and are identical in every respect. They exist because, prior to \s-1TLS1.3,\s0 there was only the concept of supported curves. In \s-1TLS1.3\s0 this was renamed to supported groups, and extended to include Diffie Hellman groups. The group functions should be used in preference. .SH "NOTES" .IX Header "NOTES" If an application wishes to make use of several of these functions for configuration purposes either on a command line or in a file it should consider using the \s-1SSL_CONF\s0 interface instead of manually parsing options. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set1_groups()\fR, \fBSSL_CTX_set1_groups_list()\fR, \fBSSL_set1_groups()\fR and \&\fBSSL_set1_groups_list()\fR, return 1 for success and 0 for failure. .PP \&\fBSSL_get1_groups()\fR returns the number of groups, which may be zero. .PP \&\fBSSL_get_shared_group()\fR returns the \s-1NID\s0 of shared group \fBn\fR or NID_undef if there is no shared group \fBn\fR; or the total number of shared groups if \fBn\fR is \-1. .PP When called on a client \fBssl\fR, \fBSSL_get_shared_group()\fR has no meaning and returns \-1. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The curve functions were added in OpenSSL 1.0.2. The equivalent group functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! "ŗDTLS_get_data_mtu.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DTLS_GET_DATA_MTU 3" .TH DTLS_GET_DATA_MTU 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DTLS_get_data_mtu \- Get maximum data payload size .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& size_t DTLS_get_data_mtu(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This function obtains the maximum data payload size for the established \&\s-1DTLS\s0 connection \fBssl\fR, based on the \s-1DTLS\s0 record \s-1MTU\s0 and the overhead of the \s-1DTLS\s0 record header, encryption and authentication currently in use. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Returns the maximum data payload size on success, or 0 on failure. .SH "HISTORY" .IX Header "HISTORY" The \fBDTLS_get_data_mtu()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!Y٠//(SSL_CTX_set_tlsext_servername_callback.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3" .TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, SSL_get_servername_type, SSL_get_servername, SSL_set_tlsext_host_name \- handle server name indication (SNI) .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx, \& int (*cb)(SSL *s, int *al, void *arg)); \& long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); \& \& const char *SSL_get_servername(const SSL *s, const int type); \& int SSL_get_servername_type(const SSL *s); \& \& int SSL_set_tlsext_host_name(const SSL *s, const char *name); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The functionality provided by the servername callback is mostly superseded by the ClientHello callback, which can be set using \fBSSL_CTX_set_client_hello_cb()\fR. However, even where the ClientHello callback is used, the servername callback is still necessary in order to acknowledge the servername requested by the client. .PP \&\fBSSL_CTX_set_tlsext_servername_callback()\fR sets the application callback \fBcb\fR used by a server to perform any actions or configuration required based on the servername extension received in the incoming connection. When \fBcb\fR is \s-1NULL, SNI\s0 is not used. .PP The servername callback should return one of the following values: .IP "\s-1SSL_TLSEXT_ERR_OK\s0" 4 .IX Item "SSL_TLSEXT_ERR_OK" This is used to indicate that the servername requested by the client has been accepted. Typically a server will call \fBSSL_set_SSL_CTX()\fR in the callback to set up a different configuration for the selected servername in this case. .IP "\s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0" 4 .IX Item "SSL_TLSEXT_ERR_ALERT_FATAL" In this case the servername requested by the client is not accepted and the handshake will be aborted. The value of the alert to be used should be stored in the location pointed to by the \fBal\fR parameter to the callback. By default this value is initialised to \s-1SSL_AD_UNRECOGNIZED_NAME.\s0 .IP "\s-1SSL_TLSEXT_ERR_ALERT_WARNING\s0" 4 .IX Item "SSL_TLSEXT_ERR_ALERT_WARNING" If this value is returned then the servername is not accepted by the server. However, the handshake will continue and send a warning alert instead. The value of the alert should be stored in the location pointed to by the \fBal\fR parameter as for \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 above. Note that TLSv1.3 does not support warning alerts, so if TLSv1.3 has been negotiated then this return value is treated the same way as \s-1SSL_TLSEXT_ERR_NOACK.\s0 .IP "\s-1SSL_TLSEXT_ERR_NOACK\s0" 4 .IX Item "SSL_TLSEXT_ERR_NOACK" This return value indicates that the servername is not accepted by the server. No alerts are sent and the server will not acknowledge the requested servername. .PP \&\fBSSL_CTX_set_tlsext_servername_arg()\fR sets a context-specific argument to be passed into the callback (via the \fBarg\fR parameter) for this \fB\s-1SSL_CTX\s0\fR. .PP The behaviour of \fBSSL_get_servername()\fR depends on a number of different factors. In particular note that in TLSv1.3 the servername is negotiated in every handshake. In TLSv1.2 the servername is only negotiated on initial handshakes and not on resumption handshakes. .IP "On the client, before the handshake" 4 .IX Item "On the client, before the handshake" If a servername has been set via a call to \fBSSL_set_tlsext_host_name()\fR then it will return that servername. .Sp If one has not been set, but a TLSv1.2 resumption is being attempted and the session from the original handshake had a servername accepted by the server then it will return that servername. .Sp Otherwise it returns \s-1NULL.\s0 .IP "On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred" 4 .IX Item "On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred" If the session from the original handshake had a servername accepted by the server then it will return that servername. .Sp Otherwise it returns the servername set via \fBSSL_set_tlsext_host_name()\fR or \s-1NULL\s0 if it was not called. .IP "On the client, during or after the handshake and a TLSv1.2 (or below) resumption did not occur" 4 .IX Item "On the client, during or after the handshake and a TLSv1.2 (or below) resumption did not occur" It will return the servername set via \fBSSL_set_tlsext_host_name()\fR or \s-1NULL\s0 if it was not called. .IP "On the server, before the handshake" 4 .IX Item "On the server, before the handshake" The function will always return \s-1NULL\s0 before the handshake .IP "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption occurred" 4 .IX Item "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption occurred" If a servername was accepted by the server in the original handshake then it will return that servername, or \s-1NULL\s0 otherwise. .IP "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption did not occur" 4 .IX Item "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption did not occur" The function will return the servername requested by the client in this handshake or \s-1NULL\s0 if none was requested. .PP Note that the ClientHello callback occurs before a servername extension from the client is processed. The servername, certificate and \s-1ALPN\s0 callbacks occur after a servername extension from the client is processed. .PP \&\fBSSL_get_servername_type()\fR returns the servername type or \-1 if no servername is present. Currently the only supported type (defined in \s-1RFC3546\s0) is \&\fBTLSEXT_NAMETYPE_host_name\fR. .PP \&\fBSSL_set_tlsext_host_name()\fR sets the server name indication ClientHello extension to contain the value \fBname\fR. The type of server name indication extension is set to \fBTLSEXT_NAMETYPE_host_name\fR (defined in \s-1RFC3546\s0). .SH "NOTES" .IX Header "NOTES" Several callbacks are executed during ClientHello processing, including the ClientHello, \s-1ALPN,\s0 and servername callbacks. The ClientHello callback is executed first, then the servername callback, followed by the \s-1ALPN\s0 callback. .PP The \fBSSL_set_tlsext_host_name()\fR function should only be called on \s-1SSL\s0 objects that will act as clients; otherwise the configured \fBname\fR will be ignored. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_tlsext_servername_callback()\fR and \&\fBSSL_CTX_set_tlsext_servername_arg()\fR both always return 1 indicating success. \&\fBSSL_set_tlsext_host_name()\fR returns 1 on success, 0 in case of error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_alpn_select_cb\fR\|(3), \&\fBSSL_get0_alpn_selected\fR\|(3), \fBSSL_CTX_set_client_hello_cb\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBSSL_get_servername()\fR historically provided some unexpected results in certain corner cases. This has been fixed from OpenSSL 1.1.1e. .PP Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2 handshake, the server accepted it, and then the client successfully resumed but set a different explicit servername in the second handshake then when called by the client it returned the servername from the second handshake. This has now been changed to return the servername requested in the original handshake. .PP Also prior to 1.1.1e, if the client sent a servername in the first handshake but the server did not accept it, and then a second handshake occurred where TLSv1.2 resumption was successful then when called by the server it returned the servername requested in the original handshake. This has now been changed to \&\s-1NULL.\s0 .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!}_EVP_SignInit.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_SIGNINIT 3" .TH EVP_SIGNINIT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal \&\- EVP signing functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); \& int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); \& int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sig, unsigned int *s, EVP_PKEY *pkey); \& \& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1EVP\s0 signature routines are a high-level interface to digital signatures. .PP \&\fBEVP_SignInit_ex()\fR sets up signing context \fIctx\fR to use digest \&\fItype\fR from \fB\s-1ENGINE\s0\fR \fIimpl\fR. \fIctx\fR must be created with \&\fBEVP_MD_CTX_new()\fR before calling this function. .PP \&\fBEVP_SignUpdate()\fR hashes \fIcnt\fR bytes of data at \fId\fR into the signature context \fIctx\fR. This function can be called several times on the same \fIctx\fR to include additional data. .PP \&\fBEVP_SignFinal()\fR signs the data in \fIctx\fR using the private key \fIpkey\fR and places the signature in \fIsig\fR. \fIsig\fR must be at least \f(CW\*(C`EVP_PKEY_size(pkey)\*(C'\fR bytes in size. \fIs\fR is an \s-1OUT\s0 parameter, and not used as an \s-1IN\s0 parameter. The number of bytes of data written (i.e. the length of the signature) will be written to the integer at \fIs\fR, at most \f(CW\*(C`EVP_PKEY_size(pkey)\*(C'\fR bytes will be written. .PP \&\fBEVP_SignInit()\fR initializes a signing context \fIctx\fR to use the default implementation of digest \fItype\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_SignInit_ex()\fR, \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR return 1 for success and 0 for failure. .PP The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP When signing with \s-1DSA\s0 private keys the random number generator must be seeded. If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. This requirement does not hold for \s-1RSA\s0 signatures. .PP The call to \fBEVP_SignFinal()\fR internally finalizes a copy of the digest context. This means that calls to \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR can be called later to digest and sign additional data. .PP Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak will occur. .SH "BUGS" .IX Header "BUGS" Older versions of this documentation wrongly stated that calls to \&\fBEVP_SignUpdate()\fR could not be made after calling \fBEVP_SignFinal()\fR. .PP Since the private key is passed in the call to \fBEVP_SignFinal()\fR any error relating to the private key (for example an unsuitable key and digest combination) will not be indicated until after potentially large amounts of data have been passed through \fBEVP_SignUpdate()\fR. .PP It is not possible to change the signing parameters using these function. .PP The previous two bugs are fixed in the newer EVP_SignDigest*() function. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_size\fR\|(3), \fBEVP_PKEY_bits\fR\|(3), \fBEVP_PKEY_security_bits\fR\|(3), \&\fBEVP_VerifyInit\fR\|(3), \&\fBEVP_DigestInit\fR\|(3), \&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), \&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), \&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!c,s!s!ASN1_STRING_length.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ASN1_STRING_LENGTH 3" .TH ASN1_STRING_LENGTH 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, ASN1_STRING_type, ASN1_STRING_get0_data, ASN1_STRING_data, ASN1_STRING_to_UTF8 \- ASN1_STRING utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int ASN1_STRING_length(ASN1_STRING *x); \& const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x); \& unsigned char * ASN1_STRING_data(ASN1_STRING *x); \& \& ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a); \& \& int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); \& \& int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); \& \& int ASN1_STRING_type(const ASN1_STRING *x); \& \& int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions allow an \fB\s-1ASN1_STRING\s0\fR structure to be manipulated. .PP \&\fBASN1_STRING_length()\fR returns the length of the content of \fBx\fR. .PP \&\fBASN1_STRING_get0_data()\fR returns an internal pointer to the data of \fBx\fR. Since this is an internal pointer it should \fBnot\fR be freed or modified in any way. .PP \&\fBASN1_STRING_data()\fR is similar to \fBASN1_STRING_get0_data()\fR except the returned value is not constant. This function is deprecated: applications should use \fBASN1_STRING_get0_data()\fR instead. .PP \&\fBASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR. .PP \&\fBASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two are identical. The string types and content are compared. .PP \&\fBASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer \&\fBdata\fR or length \fBlen\fR. The supplied data is copied. If \fBlen\fR is \-1 then the length is determined by strlen(data). .PP \&\fBASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants such as \fBV_ASN1_OCTET_STRING\fR. .PP \&\fBASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the converted data is allocated in a buffer in \fB*out\fR. The length of \&\fBout\fR is returned or a negative error code. The buffer \fB*out\fR should be freed using \fBOPENSSL_free()\fR. .SH "NOTES" .IX Header "NOTES" Almost all \s-1ASN1\s0 types in OpenSSL are represented as an \fB\s-1ASN1_STRING\s0\fR structure. Other types such as \fB\s-1ASN1_OCTET_STRING\s0\fR are simply typedef'ed to \fB\s-1ASN1_STRING\s0\fR and the functions call the \fB\s-1ASN1_STRING\s0\fR equivalents. \&\fB\s-1ASN1_STRING\s0\fR is also used for some \fB\s-1CHOICE\s0\fR types which consist entirely of primitive string types such as \fBDirectoryString\fR and \&\fBTime\fR. .PP These functions should \fBnot\fR be used to examine or modify \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1ASN1_ENUMERATED\s0\fR types: the relevant \fB\s-1INTEGER\s0\fR or \fB\s-1ENUMERATED\s0\fR utility functions should be used instead. .PP In general it cannot be assumed that the data returned by \fBASN1_STRING_data()\fR is null terminated or does not contain embedded nulls. The actual format of the data will depend on the actual string type itself: for example for an IA5String the data will be \s-1ASCII,\s0 for a BMPString two bytes per character in big endian format, and for a UTF8String it will be in \s-1UTF8\s0 format. .PP Similar care should be take to ensure the data is in the correct format when calling \fBASN1_STRING_set()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASN1_STRING_length()\fR returns the length of the content of \fBx\fR. .PP \&\fBASN1_STRING_get0_data()\fR and \fBASN1_STRING_data()\fR return an internal pointer to the data of \fBx\fR. .PP \&\fBASN1_STRING_dup()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBASN1_STRING_cmp()\fR returns an integer greater than, equal to, or less than 0, according to whether \fBa\fR is greater than, equal to, or less than \fBb\fR. .PP \&\fBASN1_STRING_set()\fR returns 1 on success or 0 on error. .PP \&\fBASN1_STRING_type()\fR returns the type of \fBx\fR. .PP \&\fBASN1_STRING_to_UTF8()\fR returns the number of bytes in output string \fBout\fR or a negative value if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!TFQQX509_get_pubkey.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_GET_PUBKEY 3" .TH X509_GET_PUBKEY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey, X509_REQ_get_X509_PUBKEY \- get or set certificate or certificate request public key .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& EVP_PKEY *X509_get_pubkey(X509 *x); \& EVP_PKEY *X509_get0_pubkey(const X509 *x); \& int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); \& X509_PUBKEY *X509_get_X509_PUBKEY(X509 *x); \& \& EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); \& EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); \& int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); \& X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *x); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_get_pubkey()\fR attempts to decode the public key for certificate \fBx\fR. If successful it returns the public key as an \fB\s-1EVP_PKEY\s0\fR pointer with its reference count incremented: this means the returned key must be freed up after use. \fBX509_get0_pubkey()\fR is similar except it does \fBnot\fR increment the reference count of the returned \fB\s-1EVP_PKEY\s0\fR so it must not be freed up after use. .PP \&\fBX509_get_X509_PUBKEY()\fR returns an internal pointer to the \fBX509_PUBKEY\fR structure which encodes the certificate of \fBx\fR. The returned value must not be freed up after use. .PP \&\fBX509_set_pubkey()\fR attempts to set the public key for certificate \fBx\fR to \&\fBpkey\fR. The key \fBpkey\fR should be freed up after use. .PP \&\fBX509_REQ_get_pubkey()\fR, \fBX509_REQ_get0_pubkey()\fR, \fBX509_REQ_set_pubkey()\fR and \&\fBX509_REQ_get_X509_PUBKEY()\fR are similar but operate on certificate request \fBreq\fR. .SH "NOTES" .IX Header "NOTES" The first time a public key is decoded the \fB\s-1EVP_PKEY\s0\fR structure is cached in the certificate or certificate request itself. Subsequent calls return the cached structure with its reference count incremented to improve performance. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_get_pubkey()\fR, \fBX509_get0_pubkey()\fR, \fBX509_get_X509_PUBKEY()\fR, \&\fBX509_REQ_get_pubkey()\fR and \fBX509_REQ_get_X509_PUBKEY()\fR return a public key or \&\fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBX509_set_pubkey()\fR and \fBX509_REQ_set_pubkey()\fR return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), \&\fBERR_get_error\fR\|(3), \&\fBX509_CRL_get0_by_serial\fR\|(3), \&\fBX509_get0_signature\fR\|(3), \&\fBX509_get_ext_d2i\fR\|(3), \&\fBX509_get_extension_flags\fR\|(3), \&\fBX509_get_subject_name\fR\|(3), \&\fBX509_get_version\fR\|(3), \&\fBX509_NAME_add_entry_by_txt\fR\|(3), \&\fBX509_NAME_ENTRY_get_object\fR\|(3), \&\fBX509_NAME_get_index_by_NID\fR\|(3), \&\fBX509_NAME_print_ex\fR\|(3), \&\fBX509_new\fR\|(3), \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!SSL_library_init.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_LIBRARY_INIT 3" .TH SSL_LIBRARY_INIT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_library_init, OpenSSL_add_ssl_algorithms \&\- initialize SSL library by registering algorithms .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_library_init(void); \& \& int OpenSSL_add_ssl_algorithms(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_library_init()\fR registers the available \s-1SSL/TLS\s0 ciphers and digests. .PP \&\fBOpenSSL_add_ssl_algorithms()\fR is a synonym for \fBSSL_library_init()\fR and is implemented as a macro. .SH "NOTES" .IX Header "NOTES" \&\fBSSL_library_init()\fR must be called before any other action takes place. \&\fBSSL_library_init()\fR is not reentrant. .SH "WARNINGS" .IX Header "WARNINGS" \&\fBSSL_library_init()\fR adds ciphers and digests used directly and indirectly by \&\s-1SSL/TLS.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBRAND_add\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_library_init()\fR and \fBOpenSSL_add_ssl_algorithms()\fR functions were deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_ssl()\fR. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! pCSSL_get_peer_cert_chain.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_CERT_CHAIN 3" .TH SSL_GET_PEER_CERT_CHAIN 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get_peer_cert_chain, SSL_get0_verified_chain \- get the X509 certificate chain of the peer .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl); \& STACK_OF(X509) *SSL_get0_verified_chain(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_get_peer_cert_chain()\fR returns a pointer to \s-1STACK_OF\s0(X509) certificates forming the certificate chain sent by the peer. If called on the client side, the stack also contains the peer's certificate; if called on the server side, the peer's certificate must be obtained separately using \&\fBSSL_get_peer_certificate\fR\|(3). If the peer did not present a certificate, \s-1NULL\s0 is returned. .PP \&\s-1NB:\s0 \fBSSL_get_peer_cert_chain()\fR returns the peer chain as sent by the peer: it only consists of certificates the peer has sent (in the order the peer has sent them) it is \fBnot\fR a verified chain. .PP \&\fBSSL_get0_verified_chain()\fR returns the \fBverified\fR certificate chain of the peer including the peer's end entity certificate. It must be called after a session has been successfully established. If peer verification was not successful (as indicated by \fBSSL_get_verify_result()\fR not returning X509_V_OK) the chain may be incomplete or invalid. .SH "NOTES" .IX Header "NOTES" If the session is resumed peers do not send certificates so a \s-1NULL\s0 pointer is returned by these functions. Applications can call \fBSSL_session_reused()\fR to determine whether a session is resumed. .PP The reference count of each certificate in the returned \s-1STACK_OF\s0(X509) object is not incremented and the returned stack may be invalidated by renegotiation. If applications wish to use any certificates in the returned chain indefinitely they must increase the reference counts using \fBX509_up_ref()\fR or obtain a copy of the whole chain with \fBX509_chain_up_ref()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "\s-1NULL\s0" 4 .IX Item "NULL" No certificate was presented by the peer or no connection was established or the certificate chain is no longer available when a session is reused. .IP "Pointer to a \s-1STACK_OF\s0(X509)" 4 .IX Item "Pointer to a STACK_OF(X509)" The return value points to the certificate chain presented by the peer. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_peer_certificate\fR\|(3), \fBX509_up_ref\fR\|(3), \&\fBX509_chain_up_ref\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ʾϮ<<OPENSSL_Applink.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OPENSSL_APPLINK 3" .TH OPENSSL_APPLINK 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OPENSSL_Applink \- glue between OpenSSL BIO and Win32 compiler run\-time .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& _\|_declspec(dllexport) void **OPENSSL_Applink(); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" OPENSSL_Applink is application-side interface which provides a glue between OpenSSL \s-1BIO\s0 layer and Win32 compiler run-time environment. Even though it appears at application side, it's essentially OpenSSL private interface. For this reason application developers are not expected to implement it, but to compile provided module with compiler of their choice and link it into the target application. The referred module is available as \fIapplink.c\fR, located alongside the public header files (only on the platforms where applicable). .SH "RETURN VALUES" .IX Header "RETURN VALUES" Not available. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!-q!q!RAND_DRBG_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RAND_DRBG_NEW 3" .TH RAND_DRBG_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RAND_DRBG_new, RAND_DRBG_secure_new, RAND_DRBG_set, RAND_DRBG_set_defaults, RAND_DRBG_instantiate, RAND_DRBG_uninstantiate, RAND_DRBG_free \&\- initialize and cleanup a RAND_DRBG instance .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& \& RAND_DRBG *RAND_DRBG_new(int type, \& unsigned int flags, \& RAND_DRBG *parent); \& \& RAND_DRBG *RAND_DRBG_secure_new(int type, \& unsigned int flags, \& RAND_DRBG *parent); \& \& int RAND_DRBG_set(RAND_DRBG *drbg, \& int type, unsigned int flags); \& \& int RAND_DRBG_set_defaults(int type, unsigned int flags); \& \& int RAND_DRBG_instantiate(RAND_DRBG *drbg, \& const unsigned char *pers, size_t perslen); \& \& int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); \& \& void RAND_DRBG_free(RAND_DRBG *drbg); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBRAND_DRBG_new()\fR and \fBRAND_DRBG_secure_new()\fR create a new \s-1DRBG\s0 instance of the given \fBtype\fR, allocated from the heap resp. the secure heap (using \fBOPENSSL_zalloc()\fR resp. \fBOPENSSL_secure_zalloc()\fR). .PP \&\fBRAND_DRBG_set()\fR initializes the \fBdrbg\fR with the given \fBtype\fR and \fBflags\fR. .PP \&\fBRAND_DRBG_set_defaults()\fR sets the default \fBtype\fR and \fBflags\fR for new \s-1DRBG\s0 instances. .PP Currently, all \s-1DRBG\s0 types are based on AES-CTR, so \fBtype\fR can be one of the following values: NID_aes_128_ctr, NID_aes_192_ctr, NID_aes_256_ctr. Before the \s-1DRBG\s0 can be used to generate random bits, it is necessary to set its type and to instantiate it. .PP The optional \fBflags\fR argument specifies a set of bit flags which can be joined using the | operator. Currently, the only flag is \&\s-1RAND_DRBG_FLAG_CTR_NO_DF,\s0 which disables the use of the derivation function ctr_df. For an explanation, see [\s-1NIST SP 800\-90A\s0 Rev. 1]. .PP If a \fBparent\fR instance is specified then this will be used instead of the default entropy source for reseeding the \fBdrbg\fR. It is said that the \&\fBdrbg\fR is \fIchained\fR to its \fBparent\fR. For more information, see the \s-1NOTES\s0 section. .PP \&\fBRAND_DRBG_instantiate()\fR seeds the \fBdrbg\fR instance using random input from trusted entropy sources. Optionally, a personalization string \fBpers\fR of length \fBperslen\fR can be specified. To omit the personalization string, set \fBpers\fR=NULL and \fBperslen\fR=0; .PP \&\fBRAND_DRBG_uninstantiate()\fR clears the internal state of the \fBdrbg\fR and puts it back in the uninstantiated state. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_DRBG_new()\fR and \fBRAND_DRBG_secure_new()\fR return a pointer to a \s-1DRBG\s0 instance allocated on the heap, resp. secure heap. .PP \&\fBRAND_DRBG_set()\fR, \&\fBRAND_DRBG_instantiate()\fR, and \&\fBRAND_DRBG_uninstantiate()\fR return 1 on success, and 0 on failure. .PP \&\fBRAND_DRBG_free()\fR does not return a value. .SH "NOTES" .IX Header "NOTES" The \s-1DRBG\s0 design supports \fIchaining\fR, which means that a \s-1DRBG\s0 instance can use another \fBparent\fR \s-1DRBG\s0 instance instead of the default entropy source to obtain fresh random input for reseeding, provided that \fBparent\fR \s-1DRBG\s0 instance was properly instantiated, either from a trusted entropy source, or from yet another parent \s-1DRBG\s0 instance. For a detailed description of the reseeding process, see \s-1\fBRAND_DRBG\s0\fR\|(7). .PP The default \s-1DRBG\s0 type and flags are applied only during creation of a \s-1DRBG\s0 instance. To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances (, resp. and ), it is necessary to call \&\fBRAND_DRBG_set_defaults()\fR before creating any thread and before calling any cryptographic routines that obtain random data directly or indirectly. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOPENSSL_zalloc\fR\|(3), \&\fBOPENSSL_secure_zalloc\fR\|(3), \&\fBRAND_DRBG_generate\fR\|(3), \&\s-1\fBRAND_DRBG\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!Ȩk\(\(SSL_CTX_set_info_callback.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_INFO_CALLBACK 3" .TH SSL_CTX_SET_INFO_CALLBACK 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \&\- handle information callback for SSL connections .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); \& void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))(); \& \& void SSL_set_info_callback(SSL *ssl, void (*callback)()); \& void (*SSL_get_info_callback(const SSL *ssl))(); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection setup and use. The setting for \fBctx\fR is overridden from the setting for a specific \s-1SSL\s0 object, if specified. When \fBcallback\fR is \s-1NULL,\s0 no callback function is used. .PP \&\fBSSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to obtain state information for \fBssl\fR during connection setup and use. When \fBcallback\fR is \s-1NULL,\s0 the callback setting currently valid for \&\fBctx\fR is used. .PP \&\fBSSL_CTX_get_info_callback()\fR returns a pointer to the currently set information callback function for \fBctx\fR. .PP \&\fBSSL_get_info_callback()\fR returns a pointer to the currently set information callback function for \fBssl\fR. .SH "NOTES" .IX Header "NOTES" When setting up a connection and during use, it is possible to obtain state information from the \s-1SSL/TLS\s0 engine. When set, an information callback function is called whenever a significant event occurs such as: the state changes, an alert appears, or an error occurs. .PP The callback function is called as \fBcallback(\s-1SSL\s0 *ssl, int where, int ret)\fR. The \fBwhere\fR argument specifies information about where (in which context) the callback function was called. If \fBret\fR is 0, an error condition occurred. If an alert is handled, \s-1SSL_CB_ALERT\s0 is set and \fBret\fR specifies the alert information. .PP \&\fBwhere\fR is a bit mask made up of the following bits: .IP "\s-1SSL_CB_LOOP\s0" 4 .IX Item "SSL_CB_LOOP" Callback has been called to indicate state change or some other significant state machine event. This may mean that the callback gets invoked more than once per state in some situations. .IP "\s-1SSL_CB_EXIT\s0" 4 .IX Item "SSL_CB_EXIT" Callback has been called to indicate exit of a handshake function. This will happen after the end of a handshake, but may happen at other times too such as on error or when \s-1IO\s0 might otherwise block and nonblocking is being used. .IP "\s-1SSL_CB_READ\s0" 4 .IX Item "SSL_CB_READ" Callback has been called during read operation. .IP "\s-1SSL_CB_WRITE\s0" 4 .IX Item "SSL_CB_WRITE" Callback has been called during write operation. .IP "\s-1SSL_CB_ALERT\s0" 4 .IX Item "SSL_CB_ALERT" Callback has been called due to an alert being sent or received. .IP "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4 .IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" .PD 0 .IP "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4 .IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" .IP "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 .IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" .IP "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 .IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" .IP "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4 .IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" .IP "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4 .IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" .IP "\s-1SSL_CB_HANDSHAKE_START\s0" 4 .IX Item "SSL_CB_HANDSHAKE_START" .PD Callback has been called because a new handshake is started. It also occurs when resuming a handshake following a pause to handle early data. .IP "\s-1SSL_CB_HANDSHAKE_DONE\s0" 4 .IX Item "SSL_CB_HANDSHAKE_DONE" Callback has been called because a handshake is finished. It also occurs if the handshake is paused to allow the exchange of early data. .PP The current state information can be obtained using the \&\fBSSL_state_string\fR\|(3) family of functions. .PP The \fBret\fR information can be evaluated using the \&\fBSSL_alert_type_string\fR\|(3) family of functions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_set_info_callback()\fR does not provide diagnostic information. .PP \&\fBSSL_get_info_callback()\fR returns the current setting. .SH "EXAMPLES" .IX Header "EXAMPLES" The following example callback function prints state strings, information about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO.\s0 .PP .Vb 4 \& void apps_ssl_info_callback(SSL *s, int where, int ret) \& { \& const char *str; \& int w = where & ~SSL_ST_MASK; \& \& if (w & SSL_ST_CONNECT) \& str = "SSL_connect"; \& else if (w & SSL_ST_ACCEPT) \& str = "SSL_accept"; \& else \& str = "undefined"; \& \& if (where & SSL_CB_LOOP) { \& BIO_printf(bio_err, "%s:%s\en", str, SSL_state_string_long(s)); \& } else if (where & SSL_CB_ALERT) { \& str = (where & SSL_CB_READ) ? "read" : "write"; \& BIO_printf(bio_err, "SSL3 alert %s:%s:%s\en", str, \& SSL_alert_type_string_long(ret), \& SSL_alert_desc_string_long(ret)); \& } else if (where & SSL_CB_EXIT) { \& if (ret == 0) { \& BIO_printf(bio_err, "%s:failed in %s\en", \& str, SSL_state_string_long(s)); \& } else if (ret < 0) { \& BIO_printf(bio_err, "%s:error in %s\en", \& str, SSL_state_string_long(s)); \& } \& } \& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_state_string\fR\|(3), \&\fBSSL_alert_type_string\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! =SSL_SESSION_get_compress_id.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_COMPRESS_ID 3" .TH SSL_SESSION_GET_COMPRESS_ID 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_SESSION_get_compress_id \&\- get details about the compression associated with a session .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" If compression has been negotiated for an ssl session then \&\fBSSL_SESSION_get_compress_id()\fR will return the id for the compression method or 0 otherwise. The only built-in supported compression method is zlib which has an id of 1. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_SESSION_get_compress_id()\fR returns the id of the compression method or 0 if none. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!zDDSSL_extension_supported.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_EXTENSION_SUPPORTED 3" .TH SSL_EXTENSION_SUPPORTED 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_extension_supported, SSL_CTX_add_custom_ext, SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext, custom_ext_add_cb, custom_ext_free_cb, custom_ext_parse_cb \&\- custom TLS extension handling .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef int (*SSL_custom_ext_add_cb_ex) (SSL *s, unsigned int ext_type, \& unsigned int context, \& const unsigned char **out, \& size_t *outlen, X509 *x, \& size_t chainidx, int *al, \& void *add_arg); \& \& typedef void (*SSL_custom_ext_free_cb_ex) (SSL *s, unsigned int ext_type, \& unsigned int context, \& const unsigned char *out, \& void *add_arg); \& \& typedef int (*SSL_custom_ext_parse_cb_ex) (SSL *s, unsigned int ext_type, \& unsigned int context, \& const unsigned char *in, \& size_t inlen, X509 *x, \& size_t chainidx, int *al, \& void *parse_arg); \& \& int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, \& unsigned int context, \& SSL_custom_ext_add_cb_ex add_cb, \& SSL_custom_ext_free_cb_ex free_cb, \& void *add_arg, \& SSL_custom_ext_parse_cb_ex parse_cb, \& void *parse_arg); \& \& typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, \& const unsigned char **out, \& size_t *outlen, int *al, \& void *add_arg); \& \& typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, \& const unsigned char *out, \& void *add_arg); \& \& typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, \& const unsigned char *in, \& size_t inlen, int *al, \& void *parse_arg); \& \& int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, \& custom_ext_add_cb add_cb, \& custom_ext_free_cb free_cb, void *add_arg, \& custom_ext_parse_cb parse_cb, \& void *parse_arg); \& \& int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, \& custom_ext_add_cb add_cb, \& custom_ext_free_cb free_cb, void *add_arg, \& custom_ext_parse_cb parse_cb, \& void *parse_arg); \& \& int SSL_extension_supported(unsigned int ext_type); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_add_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client or server for all supported protocol versions with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and \fBparse_cb\fR (see the \&\*(L"\s-1EXTENSION CALLBACKS\*(R"\s0 section below). The \fBcontext\fR value determines which messages and under what conditions the extension will be added/parsed (see the \*(L"\s-1EXTENSION CONTEXTS\*(R"\s0 section below). .PP \&\fBSSL_CTX_add_client_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and \&\fBparse_cb\fR. This function is similar to \fBSSL_CTX_add_custom_ext()\fR except it only applies to clients, uses the older style of callbacks, and implicitly sets the \&\fBcontext\fR value to: .PP .Vb 2 \& SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO \& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION .Ve .PP \&\fBSSL_CTX_add_server_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 server with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and \&\fBparse_cb\fR. This function is similar to \fBSSL_CTX_add_custom_ext()\fR except it only applies to servers, uses the older style of callbacks, and implicitly sets the \fBcontext\fR value to the same as for \fBSSL_CTX_add_client_custom_ext()\fR above. .PP The \fBext_type\fR parameter corresponds to the \fBextension_type\fR field of \&\s-1RFC5246\s0 et al. It is \fBnot\fR a \s-1NID.\s0 In all cases the extension type must not be handled by OpenSSL internally or an error occurs. .PP \&\fBSSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled internally by OpenSSL and 0 otherwise. .SH "EXTENSION CALLBACKS" .IX Header "EXTENSION CALLBACKS" The callback \fBadd_cb\fR is called to send custom extension data to be included in various \s-1TLS\s0 messages. The \fBext_type\fR parameter is set to the extension type which will be added and \fBadd_arg\fR to the value set when the extension handler was added. When using the new style callbacks the \fBcontext\fR parameter will indicate which message is currently being constructed e.g. for the ClientHello it will be set to \fB\s-1SSL_EXT_CLIENT_HELLO\s0\fR. .PP If the application wishes to include the extension \fBext_type\fR it should set \fB*out\fR to the extension data, set \fB*outlen\fR to the length of the extension data and return 1. .PP If the \fBadd_cb\fR does not wish to include the extension it must return 0. .PP If \fBadd_cb\fR returns \-1 a fatal handshake error occurs using the \s-1TLS\s0 alert value specified in \fB*al\fR. .PP When constructing the ClientHello, if \fBadd_cb\fR is set to \s-1NULL\s0 a zero length extension is added for \fBext_type\fR. For all other messages if \fBadd_cb\fR is set to \s-1NULL\s0 then no extension is added. .PP When constructing a Certificate message the callback will be called for each certificate in the message. The \fBx\fR parameter will indicate the current certificate and the \fBchainidx\fR parameter will indicate the position of the certificate in the message. The first certificate is always the end entity certificate and has a \fBchainidx\fR value of 0. The certificates are in the order that they were received in the Certificate message. .PP For all messages except the ServerHello and EncryptedExtensions every registered \fBadd_cb\fR is always called to see if the application wishes to add an extension (as long as all requirements of the specified \fBcontext\fR are met). .PP For the ServerHello and EncryptedExtension messages every registered \fBadd_cb\fR is called once if and only if the requirements of the specified \fBcontext\fR are met and the corresponding extension was received in the ClientHello. That is, if no corresponding extension was received in the ClientHello then \fBadd_cb\fR will not be called. .PP If an extension is added (that is \fBadd_cb\fR returns 1) \fBfree_cb\fR is called (if it is set) with the value of \fBout\fR set by the add callback. It can be used to free up any dynamic extension data set by \fBadd_cb\fR. Since \fBout\fR is constant (to permit use of constant data in \fBadd_cb\fR) applications may need to cast away const to free the data. .PP The callback \fBparse_cb\fR receives data for \s-1TLS\s0 extensions. The callback is only called if the extension is present and relevant for the context (see \&\*(L"\s-1EXTENSION CONTEXTS\*(R"\s0 below). .PP The extension data consists of \fBinlen\fR bytes in the buffer \fBin\fR for the extension \fBext_type\fR. .PP If the message being parsed is a TLSv1.3 compatible Certificate message then \&\fBparse_cb\fR will be called for each certificate contained within the message. The \fBx\fR parameter will indicate the current certificate and the \fBchainidx\fR parameter will indicate the position of the certificate in the message. The first certificate is always the end entity certificate and has a \fBchainidx\fR value of 0. .PP If the \fBparse_cb\fR considers the extension data acceptable it must return 1. If it returns 0 or a negative value a fatal handshake error occurs using the \s-1TLS\s0 alert value specified in \fB*al\fR. .PP The buffer \fBin\fR is a temporary internal buffer which will not be valid after the callback returns. .SH "EXTENSION CONTEXTS" .IX Header "EXTENSION CONTEXTS" An extension context defines which messages and under which conditions an extension should be added or expected. The context is built up by performing a bitwise \s-1OR\s0 of multiple pre-defined values together. The valid context values are: .IP "\s-1SSL_EXT_TLS_ONLY\s0" 4 .IX Item "SSL_EXT_TLS_ONLY" The extension is only allowed in \s-1TLS\s0 .IP "\s-1SSL_EXT_DTLS_ONLY\s0" 4 .IX Item "SSL_EXT_DTLS_ONLY" The extension is only allowed in \s-1DTLS\s0 .IP "\s-1SSL_EXT_TLS_IMPLEMENTATION_ONLY\s0" 4 .IX Item "SSL_EXT_TLS_IMPLEMENTATION_ONLY" The extension is allowed in \s-1DTLS,\s0 but there is only a \s-1TLS\s0 implementation available (so it is ignored in \s-1DTLS\s0). .IP "\s-1SSL_EXT_SSL3_ALLOWED\s0" 4 .IX Item "SSL_EXT_SSL3_ALLOWED" Extensions are not typically defined for SSLv3. Setting this value will allow the extension in SSLv3. Applications will not typically need to use this. .IP "\s-1SSL_EXT_TLS1_2_AND_BELOW_ONLY\s0" 4 .IX Item "SSL_EXT_TLS1_2_AND_BELOW_ONLY" The extension is only defined for TLSv1.2/DTLSv1.2 and below. Servers will ignore this extension if it is present in the ClientHello and TLSv1.3 is negotiated. .IP "\s-1SSL_EXT_TLS1_3_ONLY\s0" 4 .IX Item "SSL_EXT_TLS1_3_ONLY" The extension is only defined for \s-1TLS1.3\s0 and above. Servers will ignore this extension if it is present in the ClientHello and TLSv1.2 or below is negotiated. .IP "\s-1SSL_EXT_IGNORE_ON_RESUMPTION\s0" 4 .IX Item "SSL_EXT_IGNORE_ON_RESUMPTION" The extension will be ignored during parsing if a previous session is being successfully resumed. .IP "\s-1SSL_EXT_CLIENT_HELLO\s0" 4 .IX Item "SSL_EXT_CLIENT_HELLO" The extension may be present in the ClientHello message. .IP "\s-1SSL_EXT_TLS1_2_SERVER_HELLO\s0" 4 .IX Item "SSL_EXT_TLS1_2_SERVER_HELLO" The extension may be present in a TLSv1.2 or below compatible ServerHello message. .IP "\s-1SSL_EXT_TLS1_3_SERVER_HELLO\s0" 4 .IX Item "SSL_EXT_TLS1_3_SERVER_HELLO" The extension may be present in a TLSv1.3 compatible ServerHello message. .IP "\s-1SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS\s0" 4 .IX Item "SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS" The extension may be present in an EncryptedExtensions message. .IP "\s-1SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST\s0" 4 .IX Item "SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST" The extension may be present in a HelloRetryRequest message. .IP "\s-1SSL_EXT_TLS1_3_CERTIFICATE\s0" 4 .IX Item "SSL_EXT_TLS1_3_CERTIFICATE" The extension may be present in a TLSv1.3 compatible Certificate message. .IP "\s-1SSL_EXT_TLS1_3_NEW_SESSION_TICKET\s0" 4 .IX Item "SSL_EXT_TLS1_3_NEW_SESSION_TICKET" The extension may be present in a TLSv1.3 compatible NewSessionTicket message. .IP "\s-1SSL_EXT_TLS1_3_CERTIFICATE_REQUEST\s0" 4 .IX Item "SSL_EXT_TLS1_3_CERTIFICATE_REQUEST" The extension may be present in a TLSv1.3 compatible CertificateRequest message. .PP The context must include at least one message value (otherwise the extension will never be used). .SH "NOTES" .IX Header "NOTES" The \fBadd_arg\fR and \fBparse_arg\fR parameters can be set to arbitrary values which will be passed to the corresponding callbacks. They can, for example, be used to store the extension data received in a convenient structure or pass the extension data to be added or freed when adding extensions. .PP If the same custom extension type is received multiple times a fatal \&\fBdecode_error\fR alert is sent and the handshake aborts. If a custom extension is received in a ServerHello/EncryptedExtensions message which was not sent in the ClientHello a fatal \fBunsupported_extension\fR alert is sent and the handshake is aborted. The ServerHello/EncryptedExtensions \fBadd_cb\fR callback is only called if the corresponding extension was received in the ClientHello. This is compliant with the \s-1TLS\s0 specifications. This behaviour ensures that each callback is called at most once and that an application can never send unsolicited extensions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_add_custom_ext()\fR, \fBSSL_CTX_add_client_custom_ext()\fR and \&\fBSSL_CTX_add_server_custom_ext()\fR return 1 for success and 0 for failure. A failure can occur if an attempt is made to add the same \fBext_type\fR more than once, if an attempt is made to use an extension type handled internally by OpenSSL or if an internal error occurs (for example a memory allocation failure). .PP \&\fBSSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled internally by OpenSSL and 0 otherwise. .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_CTX_add_custom_ext()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2014\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! W!!ASN1_TYPE_get.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ASN1_TYPE_GET 3" .TH ASN1_TYPE_GET 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ASN1_TYPE_get, ASN1_TYPE_set, ASN1_TYPE_set1, ASN1_TYPE_cmp, ASN1_TYPE_unpack_sequence, ASN1_TYPE_pack_sequence \- ASN1_TYPE utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int ASN1_TYPE_get(const ASN1_TYPE *a); \& void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); \& int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); \& int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); \& \& void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); \& ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, \& ASN1_TYPE **t); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions allow an \s-1ASN1_TYPE\s0 structure to be manipulated. The \&\s-1ASN1_TYPE\s0 structure can contain any \s-1ASN.1\s0 type or constructed type such as a \s-1SEQUENCE:\s0 it is effectively equivalent to the \s-1ASN.1 ANY\s0 type. .PP \&\fBASN1_TYPE_get()\fR returns the type of \fBa\fR. .PP \&\fBASN1_TYPE_set()\fR sets the value of \fBa\fR to \fBtype\fR and \fBvalue\fR. This function uses the pointer \fBvalue\fR internally so it must \fBnot\fR be freed up after the call. .PP \&\fBASN1_TYPE_set1()\fR sets the value of \fBa\fR to \fBtype\fR a copy of \fBvalue\fR. .PP \&\fBASN1_TYPE_cmp()\fR compares \s-1ASN.1\s0 types \fBa\fR and \fBb\fR and returns 0 if they are identical and nonzero otherwise. .PP \&\fBASN1_TYPE_unpack_sequence()\fR attempts to parse the \s-1SEQUENCE\s0 present in \&\fBt\fR using the \s-1ASN.1\s0 structure \fBit\fR. If successful it returns a pointer to the \s-1ASN.1\s0 structure corresponding to \fBit\fR which must be freed by the caller. If it fails it return \s-1NULL.\s0 .PP \&\fBASN1_TYPE_pack_sequence()\fR attempts to encode the \s-1ASN.1\s0 structure \fBs\fR corresponding to \fBit\fR into an \s-1ASN1_TYPE.\s0 If successful the encoded \&\s-1ASN1_TYPE\s0 is returned. If \fBt\fR and \fB*t\fR are not \s-1NULL\s0 the encoded type is written to \fBt\fR overwriting any existing data. If \fBt\fR is not \s-1NULL\s0 but \fB*t\fR is \s-1NULL\s0 the returned \s-1ASN1_TYPE\s0 is written to \fB*t\fR. .SH "NOTES" .IX Header "NOTES" The type and meaning of the \fBvalue\fR parameter for \fBASN1_TYPE_set()\fR and \&\fBASN1_TYPE_set1()\fR is determined by the \fBtype\fR parameter. If \fBtype\fR is V_ASN1_NULL \fBvalue\fR is ignored. If \fBtype\fR is V_ASN1_BOOLEAN then the boolean is set to \s-1TRUE\s0 if \fBvalue\fR is not \s-1NULL.\s0 If \fBtype\fR is V_ASN1_OBJECT then value is an \s-1ASN1_OBJECT\s0 structure. Otherwise \fBtype\fR is and \s-1ASN1_STRING\s0 structure. If \fBtype\fR corresponds to a primitive type (or a string type) then the contents of the \s-1ASN1_STRING\s0 contain the content octets of the type. If \fBtype\fR corresponds to a constructed type or a tagged type (V_ASN1_SEQUENCE, V_ASN1_SET or V_ASN1_OTHER) then the \&\s-1ASN1_STRING\s0 contains the entire \s-1ASN.1\s0 encoding verbatim (including tag and length octets). .PP \&\fBASN1_TYPE_cmp()\fR may not return zero if two types are equivalent but have different encodings. For example the single content octet of the boolean \s-1TRUE\s0 value under \s-1BER\s0 can have any nonzero encoding but \fBASN1_TYPE_cmp()\fR will only return zero if the values are the same. .PP If either or both of the parameters passed to \fBASN1_TYPE_cmp()\fR is \s-1NULL\s0 the return value is nonzero. Technically if both parameters are \s-1NULL\s0 the two types could be absent \s-1OPTIONAL\s0 fields and so should match, however, passing \&\s-1NULL\s0 values could also indicate a programming error (for example an unparsable type which returns \s-1NULL\s0) for types which do \fBnot\fR match. So applications should handle the case of two absent values separately. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASN1_TYPE_get()\fR returns the type of the \s-1ASN1_TYPE\s0 argument. .PP \&\fBASN1_TYPE_set()\fR does not return a value. .PP \&\fBASN1_TYPE_set1()\fR returns 1 for success and 0 for failure. .PP \&\fBASN1_TYPE_cmp()\fR returns 0 if the types are identical and nonzero otherwise. .PP \&\fBASN1_TYPE_unpack_sequence()\fR returns a pointer to an \s-1ASN.1\s0 structure or \&\s-1NULL\s0 on failure. .PP \&\fBASN1_TYPE_pack_sequence()\fR return an \s-1ASN1_TYPE\s0 structure if it succeeds or \&\s-1NULL\s0 on failure. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!WsolDH_set_method.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DH_SET_METHOD 3" .TH DH_SET_METHOD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DH_set_default_method, DH_get_default_method, DH_set_method, DH_new_method, DH_OpenSSL \- select DH method .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void DH_set_default_method(const DH_METHOD *meth); \& \& const DH_METHOD *DH_get_default_method(void); \& \& int DH_set_method(DH *dh, const DH_METHOD *meth); \& \& DH *DH_new_method(ENGINE *engine); \& \& const DH_METHOD *DH_OpenSSL(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman operations. By modifying the method, alternative implementations such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for important information about how these \s-1DH API\s0 functions are affected by the use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as returned by \fBDH_OpenSSL()\fR. .PP \&\fBDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0 structures created later. \&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1DH,\s0 so this function is no longer recommended. This function is not thread-safe and should not be called at the same time as other OpenSSL functions. .PP \&\fBDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0 However, the meaningfulness of this result is dependent on whether the \s-1ENGINE API\s0 is being used, so this function is no longer recommended. .PP \&\fBDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR. This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0 implementations (e.g. from an \s-1ENGINE\s0 module that supports embedded hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0 for the key can have unexpected results. .PP \&\fBDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1DH\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by \&\fBDH_set_default_method()\fR is used. .PP A new \s-1DH_METHOD\s0 object may be constructed using \fBDH_meth_new()\fR (see \&\fBDH_meth_new\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDH_OpenSSL()\fR and \fBDH_get_default_method()\fR return pointers to the respective \&\fB\s-1DH_METHOD\s0\fRs. .PP \&\fBDH_set_default_method()\fR returns no value. .PP \&\fBDH_set_method()\fR returns nonzero if the provided \fBmeth\fR was successfully set as the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous method was supplied by an \s-1ENGINE\s0). .PP \&\fBDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by \&\fBERR_get_error\fR\|(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!R ^^SSL_CTX_set_quiet_shutdown.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_QUIET_SHUTDOWN 3" .TH SSL_CTX_SET_QUIET_SHUTDOWN 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); \& int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); \& \& void SSL_set_quiet_shutdown(SSL *ssl, int mode); \& int SSL_get_quiet_shutdown(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be \&\fBmode\fR. \s-1SSL\s0 objects created from \fBctx\fR inherit the \fBmode\fR valid at the time \&\fBSSL_new\fR\|(3) is called. \fBmode\fR may be 0 or 1. .PP \&\fBSSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR. .PP \&\fBSSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be \&\fBmode\fR. The setting stays valid until \fBssl\fR is removed with \&\fBSSL_free\fR\|(3) or \fBSSL_set_quiet_shutdown()\fR is called again. It is not changed when \fBSSL_clear\fR\|(3) is called. \&\fBmode\fR may be 0 or 1. .PP \&\fBSSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR. .SH "NOTES" .IX Header "NOTES" Normally when a \s-1SSL\s0 connection is finished, the parties must send out close_notify alert messages using \fBSSL_shutdown\fR\|(3) for a clean shutdown. .PP When setting the \*(L"quiet shutdown\*(R" flag to 1, \fBSSL_shutdown\fR\|(3) will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. (\fBSSL_shutdown\fR\|(3) then behaves like \&\fBSSL_set_shutdown\fR\|(3) called with SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) The session is thus considered to be shutdown, but no close_notify alert is sent to the peer. This behaviour violates the \s-1TLS\s0 standard. .PP The default is normal shutdown behaviour as described by the \s-1TLS\s0 standard. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_quiet_shutdown()\fR and \fBSSL_set_quiet_shutdown()\fR do not return diagnostic information. .PP \&\fBSSL_CTX_get_quiet_shutdown()\fR and SSL_get_quiet_shutdown return the current setting. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_shutdown\fR\|(3), \&\fBSSL_set_shutdown\fR\|(3), \fBSSL_new\fR\|(3), \&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ϗ|%%X509_LOOKUP_hash_dir.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_LOOKUP_HASH_DIR 3" .TH X509_LOOKUP_HASH_DIR 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_load_cert_file, X509_load_crl_file, X509_load_cert_crl_file \- Default OpenSSL certificate lookup methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); \& X509_LOOKUP_METHOD *X509_LOOKUP_file(void); \& \& int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); \& int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); \& int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_LOOKUP_hash_dir\fR and \fBX509_LOOKUP_file\fR are two certificate lookup methods to use with \fBX509_STORE\fR, provided by OpenSSL library. .PP Users of the library typically do not need to create instances of these methods manually, they would be created automatically by \&\fBX509_STORE_load_locations\fR\|(3) or \&\fBSSL_CTX_load_verify_locations\fR\|(3) functions. .PP Internally loading of certificates and CRLs is implemented via functions \&\fBX509_load_cert_crl_file\fR, \fBX509_load_cert_file\fR and \&\fBX509_load_crl_file\fR. These functions support parameter \fItype\fR, which can be one of constants \fB\s-1FILETYPE_PEM\s0\fR, \fB\s-1FILETYPE_ASN1\s0\fR and \&\fB\s-1FILETYPE_DEFAULT\s0\fR. They load certificates and/or CRLs from specified file into memory cache of \fBX509_STORE\fR objects which given \fBctx\fR parameter is associated with. .PP Functions \fBX509_load_cert_file\fR and \&\fBX509_load_crl_file\fR can load both \s-1PEM\s0 and \s-1DER\s0 formats depending of type value. Because \s-1DER\s0 format cannot contain more than one certificate or \s-1CRL\s0 object (while \s-1PEM\s0 can contain several concatenated \s-1PEM\s0 objects) \&\fBX509_load_cert_crl_file\fR with \fB\s-1FILETYPE_ASN1\s0\fR is equivalent to \&\fBX509_load_cert_file\fR. .PP Constant \fB\s-1FILETYPE_DEFAULT\s0\fR with \s-1NULL\s0 filename causes these functions to load default certificate store file (see \&\fBX509_STORE_set_default_paths\fR\|(3). .PP Functions return number of objects loaded from file or 0 in case of error. .PP Both methods support adding several certificate locations into one \&\fBX509_STORE\fR. .PP This page documents certificate store formats used by these methods and caching policy. .SS "File Method" .IX Subsection "File Method" The \fBX509_LOOKUP_file\fR method loads all the certificates or CRLs present in a file into memory at the time the file is added as a lookup source. .PP File format is \s-1ASCII\s0 text which contains concatenated \s-1PEM\s0 certificates and CRLs. .PP This method should be used by applications which work with a small set of CAs. .SS "Hashed Directory Method" .IX Subsection "Hashed Directory Method" \&\fBX509_LOOKUP_hash_dir\fR is a more advanced method, which loads certificates and CRLs on demand, and caches them in memory once they are loaded. As of OpenSSL 1.0.0, it also checks for newer CRLs upon each lookup, so that newer CRLs are as soon as they appear in the directory. .PP The directory should contain one certificate or \s-1CRL\s0 per file in \s-1PEM\s0 format, with a filename of the form \fIhash\fR.\fIN\fR for a certificate, or \&\fIhash\fR.\fBr\fR\fIN\fR for a \s-1CRL.\s0 The \fIhash\fR is the value returned by the \fBX509_NAME_hash\fR\|(3) function applied to the subject name for certificates or issuer name for CRLs. The hash can also be obtained via the \fB\-hash\fR option of the \fBx509\fR\|(1) or \&\fBcrl\fR\|(1) commands. .PP The .\fIN\fR or .\fBr\fR\fIN\fR suffix is a sequence number that starts at zero, and is incremented consecutively for each certificate or \s-1CRL\s0 with the same \fIhash\fR value. Gaps in the sequence numbers are not supported, it is assumed that there are no more objects with the same hash beyond the first missing number in the sequence. .PP Sequence numbers make it possible for the directory to contain multiple certificates with same subject name hash value. For example, it is possible to have in the store several certificates with same subject or several CRLs with same issuer (and, for example, different validity period). .PP When checking for new CRLs once one \s-1CRL\s0 for given hash value is loaded, hash_dir lookup method checks only for certificates with sequence number greater than that of the already cached \s-1CRL.\s0 .PP Note that the hash algorithm used for subject name hashing changed in OpenSSL 1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL 0.9.8 to 1.0.0. .PP OpenSSL includes a \fBrehash\fR\|(1) utility which creates symlinks with correct hashed names for all files with .pem suffix in a given directory. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_LOOKUP_hash_dir()\fR and \fBX509_LOOKUP_file()\fR always return a valid \&\fBX509_LOOKUP_METHOD\fR structure. .PP \&\fBX509_load_cert_file()\fR, \fBX509_load_crl_file()\fR and \fBX509_load_cert_crl_file()\fR return the number of loaded objects or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPEM_read_PrivateKey\fR\|(3), \&\fBX509_STORE_load_locations\fR\|(3), \&\fBX509_store_add_lookup\fR\|(3), \&\fBSSL_CTX_load_verify_locations\fR\|(3), \&\fBX509_LOOKUP_meth_new\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!RSA_sign_ASN1_OCTET_STRING.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RSA_SIGN_ASN1_OCTET_STRING 3" .TH RSA_SIGN_ASN1_OCTET_STRING 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- RSA signatures .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, \& unsigned int m_len, unsigned char *sigret, \& unsigned int *siglen, RSA *rsa); \& \& int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m, \& unsigned int m_len, unsigned char *sigbuf, \& unsigned int siglen, RSA *rsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBRSA_sign_ASN1_OCTET_STRING()\fR signs the octet string \fBm\fR of size \&\fBm_len\fR using the private key \fBrsa\fR represented in \s-1DER\s0 using \s-1PKCS\s0 #1 padding. It stores the signature in \fBsigret\fR and the signature size in \fBsiglen\fR. \fBsigret\fR must point to \fBRSA_size(rsa)\fR bytes of memory. .PP \&\fBdummy\fR is ignored. .PP The random number generator must be seeded when calling \&\fBRSA_sign_ASN1_OCTET_STRING()\fR. If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. .PP \&\fBRSA_verify_ASN1_OCTET_STRING()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR is the \s-1DER\s0 representation of a given octet string \&\fBm\fR of size \fBm_len\fR. \fBdummy\fR is ignored. \fBrsa\fR is the signer's public key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRSA_sign_ASN1_OCTET_STRING()\fR returns 1 on success, 0 otherwise. \&\fBRSA_verify_ASN1_OCTET_STRING()\fR returns 1 on successful verification, 0 otherwise. .PP The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "BUGS" .IX Header "BUGS" These functions serve no recognizable purpose. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \&\fBRAND_bytes\fR\|(3), \fBRSA_sign\fR\|(3), \&\fBRSA_verify\fR\|(3), \&\s-1\fBRAND\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!l~77ERR_print_errors.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ERR_PRINT_ERRORS 3" .TH ERR_PRINT_ERRORS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb \&\- print error messages .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void ERR_print_errors(BIO *bp); \& void ERR_print_errors_fp(FILE *fp); \& void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBERR_print_errors()\fR is a convenience function that prints the error strings for all errors that OpenSSL has recorded to \fBbp\fR, thus emptying the error queue. .PP \&\fBERR_print_errors_fp()\fR is the same, except that the output goes to a \&\fB\s-1FILE\s0\fR. .PP \&\fBERR_print_errors_cb()\fR is the same, except that the callback function, \&\fBcb\fR, is called for each error line with the string, length, and userdata \&\fBu\fR as the callback parameters. .PP The error strings will have the following format: .PP .Vb 1 \& [pid]:error:[error code]:[library name]:[function name]:[reason string]:[filename]:[line]:[optional text message] .Ve .PP \&\fIerror code\fR is an 8 digit hexadecimal number. \fIlibrary name\fR, \&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text, as is \fIoptional text message\fR if one was set for the respective error code. .PP If there is no text string registered for the given error code, the error string will contain the numeric code. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBERR_print_errors()\fR and \fBERR_print_errors_fp()\fR return no values. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_error_string\fR\|(3), \&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!g SSL_want.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_WANT 3" .TH SSL_WANT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup, SSL_want_async, SSL_want_async_job, SSL_want_client_hello_cb \- obtain state information TLS/SSL I/O operation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_want(const SSL *ssl); \& int SSL_want_nothing(const SSL *ssl); \& int SSL_want_read(const SSL *ssl); \& int SSL_want_write(const SSL *ssl); \& int SSL_want_x509_lookup(const SSL *ssl); \& int SSL_want_async(const SSL *ssl); \& int SSL_want_async_job(const SSL *ssl); \& int SSL_want_client_hello_cb(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_want()\fR returns state information for the \s-1SSL\s0 object \fBssl\fR. .PP The other SSL_want_*() calls are shortcuts for the possible states returned by \fBSSL_want()\fR. .SH "NOTES" .IX Header "NOTES" \&\fBSSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its return values are similar to that of \fBSSL_get_error\fR\|(3). Unlike \fBSSL_get_error\fR\|(3), which also evaluates the error queue, the results are obtained by examining an internal state flag only. The information must therefore only be used for normal operation under nonblocking I/O. Error conditions are not handled and must be treated using \fBSSL_get_error\fR\|(3). .PP The result returned by \fBSSL_want()\fR should always be consistent with the result of \fBSSL_get_error\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can currently occur for \fBSSL_want()\fR: .IP "\s-1SSL_NOTHING\s0" 4 .IX Item "SSL_NOTHING" There is no data to be written or to be read. .IP "\s-1SSL_WRITING\s0" 4 .IX Item "SSL_WRITING" There are data in the \s-1SSL\s0 buffer that must be written to the underlying \&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. A call to \fBSSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_WRITE.\s0 .IP "\s-1SSL_READING\s0" 4 .IX Item "SSL_READING" More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. A call to \fBSSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_READ.\s0 .IP "\s-1SSL_X509_LOOKUP\s0" 4 .IX Item "SSL_X509_LOOKUP" The operation did not complete because an application callback set by \&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again. A call to \fBSSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_X509_LOOKUP.\s0 .IP "\s-1SSL_ASYNC_PAUSED\s0" 4 .IX Item "SSL_ASYNC_PAUSED" An asynchronous operation partially completed and was then paused. See \&\fBSSL_get_all_async_fds\fR\|(3). A call to \fBSSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_ASYNC.\s0 .IP "\s-1SSL_ASYNC_NO_JOBS\s0" 4 .IX Item "SSL_ASYNC_NO_JOBS" The asynchronous job could not be started because there were no async jobs available in the pool (see \fBASYNC_init_thread\fR\|(3)). A call to \fBSSL_get_error\fR\|(3) should return \s-1SSL_ERROR_WANT_ASYNC_JOB.\s0 .IP "\s-1SSL_CLIENT_HELLO_CB\s0" 4 .IX Item "SSL_CLIENT_HELLO_CB" The operation did not complete because an application callback set by \&\fBSSL_CTX_set_client_hello_cb()\fR has asked to be called again. A call to \fBSSL_get_error\fR\|(3) should return \&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB.\s0 .PP \&\fBSSL_want_nothing()\fR, \fBSSL_want_read()\fR, \fBSSL_want_write()\fR, \fBSSL_want_x509_lookup()\fR, \&\fBSSL_want_async()\fR, \fBSSL_want_async_job()\fR, and \fBSSL_want_client_hello_cb()\fR return 1, when the corresponding condition is true or 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_want_client_hello_cb()\fR function and the \s-1SSL_CLIENT_HELLO_CB\s0 return value were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!& BUF_MEM_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BUF_MEM_NEW 3" .TH BUF_MEM_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, BUF_MEM_grow_clean, BUF_reverse \&\- simple character array structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& BUF_MEM *BUF_MEM_new(void); \& \& BUF_MEM *BUF_MEM_new_ex(unsigned long flags); \& \& void BUF_MEM_free(BUF_MEM *a); \& \& int BUF_MEM_grow(BUF_MEM *str, int len); \& size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); \& \& void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The buffer library handles simple character arrays. Buffers are used for various purposes in the library, most notably memory BIOs. .PP \&\fBBUF_MEM_new()\fR allocates a new buffer of zero size. .PP \&\fBBUF_MEM_new_ex()\fR allocates a buffer with the specified flags. The flag \fB\s-1BUF_MEM_FLAG_SECURE\s0\fR specifies that the \fBdata\fR pointer should be allocated on the secure heap; see \fBCRYPTO_secure_malloc\fR\|(3). .PP \&\fBBUF_MEM_free()\fR frees up an already existing buffer. The data is zeroed before freeing up in case the buffer contains sensitive data. .PP \&\fBBUF_MEM_grow()\fR changes the size of an already existing buffer to \&\fBlen\fR. Any data already in the buffer is preserved if it increases in size. .PP \&\fBBUF_MEM_grow_clean()\fR is similar to \fBBUF_MEM_grow()\fR but it sets any free'd or additionally-allocated memory to zero. .PP \&\fBBUF_reverse()\fR reverses \fBsize\fR bytes at \fBin\fR into \fBout\fR. If \fBin\fR is \s-1NULL,\s0 the array is reversed in-place. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBUF_MEM_new()\fR returns the buffer or \s-1NULL\s0 on error. .PP \&\fBBUF_MEM_free()\fR has no return value. .PP \&\fBBUF_MEM_grow()\fR and \fBBUF_MEM_grow_clean()\fR return zero on error or the new size (i.e., \fBlen\fR). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBbio\fR\|(7), \&\fBCRYPTO_secure_malloc\fR\|(3). .SH "HISTORY" .IX Header "HISTORY" The \fBBUF_MEM_new_ex()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!#%%SSL_CTX_set_tmp_dh_callback.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TMP_DH_CALLBACK 3" .TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle DH keys for ephemeral key exchange .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, \& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, \& int keylength)); \& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); \& \& void SSL_set_tmp_dh_callback(SSL *ctx, \& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, \& int keylength)); \& long SSL_set_tmp_dh(SSL *ssl, DH *dh) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR. The callback is inherited by all \fBssl\fR objects created from \fBctx\fR. .PP \&\fBSSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR. The key is inherited by all \fBssl\fR objects created from \fBctx\fR. .PP \&\fBSSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR. .PP \&\fBSSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR. .PP These functions apply to \s-1SSL/TLS\s0 servers only. .SH "NOTES" .IX Header "NOTES" When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1DH\s0 key exchange can take place. Ciphers with \s-1DSA\s0 keys always use ephemeral \s-1DH\s0 keys as well. In these cases, the session data are negotiated using the ephemeral/temporary \s-1DH\s0 key and the key supplied and certified by the certificate chain is only used for signing. Anonymous ciphers (without a permanent server key) also use ephemeral \s-1DH\s0 keys. .PP Using ephemeral \s-1DH\s0 key exchange yields forward secrecy, as the connection can only be decrypted, when the \s-1DH\s0 key is known. By generating a temporary \&\s-1DH\s0 key inside the server application that is lost when the application is left, it becomes impossible for an attacker to decrypt past sessions, even if he gets hold of the normal (certified) key, as this key was only used for signing. .PP In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group (\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate a new \s-1DH\s0 key during the negotiation. .PP As generating \s-1DH\s0 parameters is extremely time consuming, an application should not generate the parameters on the fly but supply the parameters. \&\s-1DH\s0 parameters can be reused, as the actual key is newly generated during the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker may specialize on a very often used \s-1DH\s0 group. Applications should therefore generate their own \s-1DH\s0 parameters during the installation process using the openssl \fBdhparam\fR\|(1) application. This application guarantees that \*(L"strong\*(R" primes are used. .PP Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the \fB\-C\fR option of the \&\fBdhparam\fR\|(1) application. Generation of custom \s-1DH\s0 parameters during installation should still be preferred to stop an attacker from specializing on a commonly used group. File dh1024.pem contains old parameters that must not be used by applications. .PP An application may either directly specify the \s-1DH\s0 parameters or can supply the \s-1DH\s0 parameters via a callback function. .PP Previous versions of the callback used \fBis_export\fR and \fBkeylength\fR parameters to control parameter generation for export and non-export cipher suites. Modern servers that do not support export cipher suites are advised to either use \fBSSL_CTX_set_tmp_dh()\fR or alternatively, use the callback but ignore \fBkeylength\fR and \fBis_export\fR and simply supply at least 2048\-bit parameters in the callback. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_tmp_dh_callback()\fR and \fBSSL_set_tmp_dh_callback()\fR do not return diagnostic output. .PP \&\fBSSL_CTX_set_tmp_dh()\fR and \fBSSL_set_tmp_dh()\fR do return 1 on success and 0 on failure. Check the error queue to find out the reason of failure. .SH "EXAMPLES" .IX Header "EXAMPLES" Setup \s-1DH\s0 parameters with a key length of 2048 bits. (Error handling partly left out.) .PP Command-line parameter generation: .PP .Vb 1 \& $ openssl dhparam \-out dh_param_2048.pem 2048 .Ve .PP Code for setting up parameters during server initialization: .PP .Vb 1 \& SSL_CTX ctx = SSL_CTX_new(); \& \& DH *dh_2048 = NULL; \& FILE *paramfile = fopen("dh_param_2048.pem", "r"); \& \& if (paramfile) { \& dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); \& fclose(paramfile); \& } else { \& /* Error. */ \& } \& if (dh_2048 == NULL) \& /* Error. */ \& if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) \& /* Error. */ \& ... .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3), \&\fBSSL_CTX_set_options\fR\|(3), \&\fBciphers\fR\|(1), \fBdhparam\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ī$ERR_remove_state.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ERR_REMOVE_STATE 3" .TH ERR_REMOVE_STATE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ERR_remove_thread_state, ERR_remove_state \- DEPRECATED .SH "SYNOPSIS" .IX Header "SYNOPSIS" Deprecated: .PP .Vb 3 \& #if OPENSSL_API_COMPAT < 0x10000000L \& void ERR_remove_state(unsigned long tid); \& #endif \& \& #if OPENSSL_API_COMPAT < 0x10100000L \& void ERR_remove_thread_state(void *tid); \& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBERR_remove_state()\fR frees the error queue associated with the specified thread, identified by \fBtid\fR. \&\fBERR_remove_thread_state()\fR does the same thing, except the identifier is an opaque pointer. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBERR_remove_state()\fR and \fBERR_remove_thread_state()\fR return no value. .SH "SEE ALSO" .IX Header "SEE ALSO" L\fBOPENSSL_init_crypto\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBERR_remove_state()\fR was deprecated in OpenSSL 1.0.0 and \&\fBERR_remove_thread_state()\fR was deprecated in OpenSSL 1.1.0; these functions and should not be used. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ϱ@##ASN1_STRING_print_ex.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ASN1_STRING_PRINT_EX 3" .TH ASN1_STRING_PRINT_EX 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ASN1_tag2str, ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print \&\- ASN1_STRING output routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); \& int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); \& int ASN1_STRING_print(BIO *out, const ASN1_STRING *str); \& \& const char *ASN1_tag2str(int tag); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions output an \fB\s-1ASN1_STRING\s0\fR structure. \fB\s-1ASN1_STRING\s0\fR is used to represent all the \s-1ASN1\s0 string types. .PP \&\fBASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by the options \fBflags\fR. \fBASN1_STRING_print_ex_fp()\fR is identical except it outputs to \fBfp\fR instead. .PP \&\fBASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to \&\fBASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0) with '.'. .PP \&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR. .SH "NOTES" .IX Header "NOTES" \&\fBASN1_STRING_print()\fR is a deprecated function which should be avoided; use \&\fBASN1_STRING_print_ex()\fR instead. .PP Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253 &\s0 ~ASN1_STRFLGS_ESC_MSB\fR. .PP The complete set of supported options for \fBflags\fR is listed below. .PP Various characters can be escaped. If \fB\s-1ASN1_STRFLGS_ESC_2253\s0\fR is set the characters determined by \s-1RFC2253\s0 are escaped. If \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0\fR is set control characters are escaped. If \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR is set characters with the \&\s-1MSB\s0 set are escaped: this option should \fBnot\fR be used if the terminal correctly interprets \s-1UTF8\s0 sequences. .PP Escaping takes several forms. .PP If the character being escaped is a 16 bit character then the form \*(L"\eUXXXX\*(R" is used using exactly four characters for the hex representation. If it is 32 bits then \&\*(L"\eWXXXXXXXX\*(R" is used using eight characters of its hex representation. These forms will only be used if \s-1UTF8\s0 conversion is not set (see below). .PP Printable characters are normally escaped using the backslash '\e' character. If \&\fB\s-1ASN1_STRFLGS_ESC_QUOTE\s0\fR is set then the whole string is instead surrounded by double quote characters: this is arguably more readable than the backslash notation. Other characters use the \*(L"\eXX\*(R" using exactly two characters of the hex representation. .PP If \fB\s-1ASN1_STRFLGS_UTF8_CONVERT\s0\fR is set then characters are converted to \s-1UTF8\s0 format first. If the terminal supports the display of \s-1UTF8\s0 sequences then this option will correctly display multi byte characters. .PP If \fB\s-1ASN1_STRFLGS_IGNORE_TYPE\s0\fR is set then the string type is not interpreted at all: everything is assumed to be one byte per character. This is primarily for debugging purposes and can result in confusing output in multi character strings. .PP If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out before its value (for example \*(L"\s-1BMPSTRING\*(R"\s0), this actually uses \fBASN1_tag2str()\fR. .PP The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just outputs the value of the string using the form #XXXX using hex format for each octet. .PP If \fB\s-1ASN1_STRFLGS_DUMP_ALL\s0\fR is set then any type is dumped. .PP Normally non character string types (such as \s-1OCTET STRING\s0) are assumed to be one byte per character, if \fB\s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0\fR is set then they will be dumped instead. .PP When a type is dumped normally just the content octets are printed, if \&\fB\s-1ASN1_STRFLGS_DUMP_DER\s0\fR is set then the complete encoding is dumped instead (including tag and length octets). .PP \&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253.\s0 It is equivalent to: \s-1ASN1_STRFLGS_ESC_2253\s0 | \s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASN1_STRING_print_ex()\fR and \fBASN1_STRING_print_ex_fp()\fR return the number of characters written or \-1 if an error occurred. .PP \&\fBASN1_STRING_print()\fR returns 1 on success or 0 on error. .PP \&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_NAME_print_ex\fR\|(3), \&\fBASN1_tag2str\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!?# qSSL_state_string.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_STATE_STRING 3" .TH SSL_STATE_STRING 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_state_string, SSL_state_string_long \- get textual description of state of an SSL object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const char *SSL_state_string(const SSL *ssl); \& const char *SSL_state_string_long(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_state_string()\fR returns a 6 letter string indicating the current state of the \s-1SSL\s0 object \fBssl\fR. .PP \&\fBSSL_state_string_long()\fR returns a string indicating the current state of the \s-1SSL\s0 object \fBssl\fR. .SH "NOTES" .IX Header "NOTES" During its use, an \s-1SSL\s0 objects passes several states. The state is internally maintained. Querying the state information is not very informative before or when a connection has been established. It however can be of significant interest during the handshake. .PP When using nonblocking sockets, the function call performing the handshake may return with \s-1SSL_ERROR_WANT_READ\s0 or \s-1SSL_ERROR_WANT_WRITE\s0 condition, so that SSL_state_string[_long]() may be called. .PP For both blocking or nonblocking sockets, the details state information can be used within the info_callback function set with the \&\fBSSL_set_info_callback()\fR call. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Detailed description of possible states to be included later. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_info_callback\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!O]z  BN_mod_mul_reciprocal.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_MOD_MUL_RECIPROCAL 3" .TH BN_MOD_MUL_RECIPROCAL 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_free, BN_RECP_CTX_set \- modular multiplication using reciprocal .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& BN_RECP_CTX *BN_RECP_CTX_new(void); \& void BN_RECP_CTX_free(BN_RECP_CTX *recp); \& \& int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx); \& \& int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp, \& BN_CTX *ctx); \& \& int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b, \& BN_RECP_CTX *recp, BN_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBN_mod_mul_reciprocal()\fR can be used to perform an efficient \&\fBBN_mod_mul\fR\|(3) operation when the operation will be performed repeatedly with the same modulus. It computes \fBr\fR=(\fBa\fR*\fBb\fR)%\fBm\fR using \fBrecp\fR=1/\fBm\fR, which is set as described below. \fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables. .PP \&\fBBN_RECP_CTX_new()\fR allocates and initializes a \fB\s-1BN_RECP\s0\fR structure. .PP \&\fBBN_RECP_CTX_free()\fR frees the components of the \fB\s-1BN_RECP\s0\fR, and, if it was created by \fBBN_RECP_CTX_new()\fR, also the structure itself. If \fBrecp\fR is \s-1NULL,\s0 nothing is done. .PP \&\fBBN_RECP_CTX_set()\fR stores \fBm\fR in \fBrecp\fR and sets it up for computing 1/\fBm\fR and shifting it left by BN_num_bits(\fBm\fR)+1 to make it an integer. The result and the number of bits it was shifted left will later be stored in \fBrecp\fR. .PP \&\fBBN_div_recp()\fR divides \fBa\fR by \fBm\fR using \fBrecp\fR. It places the quotient in \fBdv\fR and the remainder in \fBrem\fR. .PP The \fB\s-1BN_RECP_CTX\s0\fR structure cannot be shared between threads. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBN_RECP_CTX_new()\fR returns the newly allocated \fB\s-1BN_RECP_CTX\s0\fR, and \s-1NULL\s0 on error. .PP \&\fBBN_RECP_CTX_free()\fR has no return value. .PP For the other functions, 1 is returned for success, 0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), \&\fBBN_CTX_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBBN_RECP_CTX_init()\fR was removed in OpenSSL 1.1.0 .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!|C##OCSP_response_status.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OCSP_RESPONSE_STATUS 3" .TH OCSP_RESPONSE_STATUS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, OCSP_RESPONSE_free, OCSP_RESPID_set_by_name, OCSP_RESPID_set_by_key, OCSP_RESPID_match, OCSP_basic_sign, OCSP_basic_sign_ctx \- OCSP response functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int OCSP_response_status(OCSP_RESPONSE *resp); \& OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); \& OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); \& void OCSP_RESPONSE_free(OCSP_RESPONSE *resp); \& \& int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); \& int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); \& int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); \& \& int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, \& const EVP_MD *dgst, STACK_OF(X509) *certs, \& unsigned long flags); \& int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx, \& STACK_OF(X509) *certs, unsigned long flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBOCSP_response_status()\fR returns the \s-1OCSP\s0 response status of \fBresp\fR. It returns one of the values: \fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR, \&\fB\s-1OCSP_RESPONSE_STATUS_MALFORMEDREQUEST\s0\fR, \&\fB\s-1OCSP_RESPONSE_STATUS_INTERNALERROR\s0\fR, \fB\s-1OCSP_RESPONSE_STATUS_TRYLATER\s0\fR \&\fB\s-1OCSP_RESPONSE_STATUS_SIGREQUIRED\s0\fR, or \fB\s-1OCSP_RESPONSE_STATUS_UNAUTHORIZED\s0\fR. .PP \&\fBOCSP_response_get1_basic()\fR decodes and returns the \fB\s-1OCSP_BASICRESP\s0\fR structure contained in \fBresp\fR. .PP \&\fBOCSP_response_create()\fR creates and returns an \fB\s-1OCSP_RESPONSE\s0\fR structure for \&\fBstatus\fR and optionally including basic response \fBbs\fR. .PP \&\fBOCSP_RESPONSE_free()\fR frees up \s-1OCSP\s0 response \fBresp\fR. .PP \&\fBOCSP_RESPID_set_by_name()\fR sets the name of the \s-1OCSP_RESPID\s0 to be the same as the subject name in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. .PP \&\fBOCSP_RESPID_set_by_key()\fR sets the key of the \s-1OCSP_RESPID\s0 to be the same as the key in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. The key is stored as a \s-1SHA1\s0 hash. .PP Note that an \s-1OCSP_RESPID\s0 can only have one of the name, or the key set. Calling \&\fBOCSP_RESPID_set_by_name()\fR or \fBOCSP_RESPID_set_by_key()\fR will clear any existing setting. .PP \&\fBOCSP_RESPID_match()\fR tests whether the \s-1OCSP_RESPID\s0 given in \fBrespid\fR matches with the X509 certificate \fBcert\fR. .PP \&\fBOCSP_basic_sign()\fR signs \s-1OCSP\s0 response \fBbrsp\fR using certificate \fBsigner\fR, private key \&\fBkey\fR, digest \fBdgst\fR and additional certificates \fBcerts\fR. If the \fBflags\fR option \&\fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates will be included in the response. If the \&\fBflags\fR option \fB\s-1OCSP_RESPID_KEY\s0\fR is set then the responder is identified by key \s-1ID\s0 rather than by name. \fBOCSP_basic_sign_ctx()\fR also signs \s-1OCSP\s0 response \fBbrsp\fR but uses the parameters contained in digest context \fBctx\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOCSP_RESPONSE_status()\fR returns a status value. .PP \&\fBOCSP_response_get1_basic()\fR returns an \fB\s-1OCSP_BASICRESP\s0\fR structure pointer or \&\fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBOCSP_response_create()\fR returns an \fB\s-1OCSP_RESPONSE\s0\fR structure pointer or \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBOCSP_RESPONSE_free()\fR does not return a value. .PP \&\fBOCSP_RESPID_set_by_name()\fR, \fBOCSP_RESPID_set_by_key()\fR, \fBOCSP_basic_sign()\fR, and \&\fBOCSP_basic_sign_ctx()\fR return 1 on success or 0 on failure. .PP \&\fBOCSP_RESPID_match()\fR returns 1 if the \s-1OCSP_RESPID\s0 and the X509 certificate match or 0 otherwise. .SH "NOTES" .IX Header "NOTES" \&\fBOCSP_response_get1_basic()\fR is only called if the status of a response is \&\fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7) \&\fBOCSP_cert_to_id\fR\|(3) \&\fBOCSP_request_add1_nonce\fR\|(3) \&\fBOCSP_REQUEST_new\fR\|(3) \&\fBOCSP_resp_find_status\fR\|(3) \&\fBOCSP_sendreq_new\fR\|(3) \&\fBOCSP_RESPID_new\fR\|(3) \&\fBOCSP_RESPID_free\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBOCSP_RESPID_set_by_name()\fR, \fBOCSP_RESPID_set_by_key()\fR and \fBOCSP_RESPID_match()\fR functions were added in OpenSSL 1.1.0a. .PP The \fBOCSP_basic_sign_ctx()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ȁqLqLSSL_CTX_set_verify.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_VERIFY 3" .TH SSL_CTX_SET_VERIFY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get_ex_data_X509_STORE_CTX_idx, SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth, SSL_verify_cb, SSL_verify_client_post_handshake, SSL_set_post_handshake_auth, SSL_CTX_set_post_handshake_auth \&\- set peer certificate verification parameters .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); \& \& void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback); \& void SSL_set_verify(SSL *ssl, int mode, SSL_verify_cb verify_callback); \& SSL_get_ex_data_X509_STORE_CTX_idx(void); \& \& void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); \& void SSL_set_verify_depth(SSL *ssl, int depth); \& \& int SSL_verify_client_post_handshake(SSL *ssl); \& void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); \& void SSL_set_post_handshake_auth(SSL *ssl, int val); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and specifies the \fBverify_callback\fR function to be used. If no callback function shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. .PP \&\fBSSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and specifies the \fBverify_callback\fR function to be used. If no callback function shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. In this case last \fBverify_callback\fR set specifically for this \fBssl\fR remains. If no special \fBcallback\fR was set before, the default callback for the underlying \&\fBctx\fR is used, that was valid at the time \fBssl\fR was created with \&\fBSSL_new\fR\|(3). Within the callback function, \&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR can be called to get the data index of the current \s-1SSL\s0 object that is doing the verification. .PP \&\fBSSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain verification that shall be allowed for \fBctx\fR. .PP \&\fBSSL_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain verification that shall be allowed for \fBssl\fR. .PP \&\fBSSL_CTX_set_post_handshake_auth()\fR and \fBSSL_set_post_handshake_auth()\fR enable the Post-Handshake Authentication extension to be added to the ClientHello such that post-handshake authentication can be requested by the server. If \fBval\fR is 0 then the extension is not sent, otherwise it is. By default the extension is not sent. A certificate callback will need to be set via \&\fBSSL_CTX_set_client_cert_cb()\fR if no certificate is provided at initialization. .PP \&\fBSSL_verify_client_post_handshake()\fR causes a CertificateRequest message to be sent by a server on the given \fBssl\fR connection. The \s-1SSL_VERIFY_PEER\s0 flag must be set; the \s-1SSL_VERIFY_POST_HANDSHAKE\s0 flag is optional. .SH "NOTES" .IX Header "NOTES" The verification of certificates can be controlled by a set of logically or'ed \fBmode\fR flags: .IP "\s-1SSL_VERIFY_NONE\s0" 4 .IX Item "SSL_VERIFY_NONE" \&\fBServer mode:\fR the server will not send a client certificate request to the client, so the client will not send a certificate. .Sp \&\fBClient mode:\fR if not using an anonymous cipher (by default disabled), the server will send a certificate which will be checked. The result of the certificate verification process can be checked after the \s-1TLS/SSL\s0 handshake using the \fBSSL_get_verify_result\fR\|(3) function. The handshake will be continued regardless of the verification result. .IP "\s-1SSL_VERIFY_PEER\s0" 4 .IX Item "SSL_VERIFY_PEER" \&\fBServer mode:\fR the server sends a client certificate request to the client. The certificate returned (if any) is checked. If the verification process fails, the \s-1TLS/SSL\s0 handshake is immediately terminated with an alert message containing the reason for the verification failure. The behaviour can be controlled by the additional \&\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSL_VERIFY_CLIENT_ONCE\s0 and \&\s-1SSL_VERIFY_POST_HANDSHAKE\s0 flags. .Sp \&\fBClient mode:\fR the server certificate is verified. If the verification process fails, the \s-1TLS/SSL\s0 handshake is immediately terminated with an alert message containing the reason for the verification failure. If no server certificate is sent, because an anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 is ignored. .IP "\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0" 4 .IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" \&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0 handshake is immediately terminated with a \*(L"handshake failure\*(R" alert. This flag must be used together with \s-1SSL_VERIFY_PEER.\s0 .Sp \&\fBClient mode:\fR ignored (see \s-1BUGS\s0) .IP "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4 .IX Item "SSL_VERIFY_CLIENT_ONCE" \&\fBServer mode:\fR only request a client certificate once during the connection. Do not ask for a client certificate again during renegotiation or post-authentication if a certificate was requested during the initial handshake. This flag must be used together with \&\s-1SSL_VERIFY_PEER.\s0 .Sp \&\fBClient mode:\fR ignored (see \s-1BUGS\s0) .IP "\s-1SSL_VERIFY_POST_HANDSHAKE\s0" 4 .IX Item "SSL_VERIFY_POST_HANDSHAKE" \&\fBServer mode:\fR the server will not send a client certificate request during the initial handshake, but will send the request via \&\fBSSL_verify_client_post_handshake()\fR. This allows the \s-1SSL_CTX\s0 or \s-1SSL\s0 to be configured for post-handshake peer verification before the handshake occurs. This flag must be used together with \&\s-1SSL_VERIFY_PEER.\s0 TLSv1.3 only; no effect on pre\-TLSv1.3 connections. .Sp \&\fBClient mode:\fR ignored (see \s-1BUGS\s0) .PP If the \fBmode\fR is \s-1SSL_VERIFY_NONE\s0 none of the other flags may be set. .PP The actual verification procedure is performed either using the built-in verification procedure or using another application provided verification function set with \&\fBSSL_CTX_set_cert_verify_callback\fR\|(3). The following descriptions apply in the case of the built-in procedure. An application provided procedure also has access to the verify depth information and the \fBverify_callback()\fR function, but the way this information is used may be different. .PP \&\fBSSL_CTX_set_verify_depth()\fR and \fBSSL_set_verify_depth()\fR set a limit on the number of certificates between the end-entity and trust-anchor certificates. Neither the end-entity nor the trust-anchor certificates count against \fBdepth\fR. If the certificate chain needed to reach a trusted issuer is longer than \fBdepth+2\fR, X509_V_ERR_CERT_CHAIN_TOO_LONG will be issued. The depth count is \*(L"level 0:peer certificate\*(R", \*(L"level 1: \s-1CA\s0 certificate\*(R", \&\*(L"level 2: higher level \s-1CA\s0 certificate\*(R", and so on. Setting the maximum depth to 2 allows the levels 0, 1, 2 and 3 (0 being the end-entity and 3 the trust-anchor). The default depth limit is 100, allowing for the peer certificate, at most 100 intermediate \s-1CA\s0 certificates and a final trust anchor certificate. .PP The \fBverify_callback\fR function is used to control the behaviour when the \&\s-1SSL_VERIFY_PEER\s0 flag is set. It must be supplied by the application and receives two arguments: \fBpreverify_ok\fR indicates, whether the verification of the certificate in question was passed (preverify_ok=1) or not (preverify_ok=0). \fBx509_ctx\fR is a pointer to the complete context used for the certificate chain verification. .PP The certificate chain is checked starting with the deepest nesting level (the root \s-1CA\s0 certificate) and worked upward to the peer's certificate. At each level signatures and issuer attributes are checked. Whenever a verification error is found, the error number is stored in \fBx509_ctx\fR and \fBverify_callback\fR is called with \fBpreverify_ok\fR=0. By applying X509_CTX_store_* functions \fBverify_callback\fR can locate the certificate in question and perform additional steps (see \s-1EXAMPLES\s0). If no error is found for a certificate, \fBverify_callback\fR is called with \fBpreverify_ok\fR=1 before advancing to the next level. .PP The return value of \fBverify_callback\fR controls the strategy of the further verification process. If \fBverify_callback\fR returns 0, the verification process is immediately stopped with \*(L"verification failed\*(R" state. If \&\s-1SSL_VERIFY_PEER\s0 is set, a verification failure alert is sent to the peer and the \s-1TLS/SSL\s0 handshake is terminated. If \fBverify_callback\fR returns 1, the verification process is continued. If \fBverify_callback\fR always returns 1, the \s-1TLS/SSL\s0 handshake will not be terminated with respect to verification failures and the connection will be established. The calling process can however retrieve the error code of the last verification error using \&\fBSSL_get_verify_result\fR\|(3) or by maintaining its own error storage managed by \fBverify_callback\fR. .PP If no \fBverify_callback\fR is specified, the default callback will be used. Its return value is identical to \fBpreverify_ok\fR, so that any verification failure will lead to a termination of the \s-1TLS/SSL\s0 handshake with an alert message, if \s-1SSL_VERIFY_PEER\s0 is set. .PP After calling \fBSSL_set_post_handshake_auth()\fR, the client will need to add a certificate or certificate callback to its configuration before it can successfully authenticate. This must be called before \fBSSL_connect()\fR. .PP \&\fBSSL_verify_client_post_handshake()\fR requires that verify flags have been previously set, and that a client sent the post-handshake authentication extension. When the client returns a certificate the verify callback will be invoked. A write operation must take place for the Certificate Request to be sent to the client, this can be done with \fBSSL_do_handshake()\fR or \fBSSL_write_ex()\fR. Only one certificate request may be outstanding at any time. .PP When post-handshake authentication occurs, a refreshed NewSessionTicket message is sent to the client. .SH "BUGS" .IX Header "BUGS" In client mode, it is not checked whether the \s-1SSL_VERIFY_PEER\s0 flag is set, but whether any flags other than \s-1SSL_VERIFY_NONE\s0 are set. This can lead to unexpected behaviour if \s-1SSL_VERIFY_PEER\s0 and other flags are not used as required. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The SSL*_set_verify*() functions do not provide diagnostic information. .PP The \fBSSL_verify_client_post_handshake()\fR function returns 1 if the request succeeded, and 0 if the request failed. The error stack can be examined to determine the failure reason. .SH "EXAMPLES" .IX Header "EXAMPLES" The following code sequence realizes an example \fBverify_callback\fR function that will always continue the \s-1TLS/SSL\s0 handshake regardless of verification failure, if wished. The callback realizes a verification depth limit with more informational output. .PP All verification errors are printed; information about the certificate chain is printed on request. The example is realized for a server that does allow but not require client certificates. .PP The example makes use of the ex_data technique to store application data into/retrieve application data from the \s-1SSL\s0 structure (see \fBCRYPTO_get_ex_new_index\fR\|(3), \&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)). .PP .Vb 7 \& ... \& typedef struct { \& int verbose_mode; \& int verify_depth; \& int always_continue; \& } mydata_t; \& int mydata_index; \& \& ... \& static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) \& { \& char buf[256]; \& X509 *err_cert; \& int err, depth; \& SSL *ssl; \& mydata_t *mydata; \& \& err_cert = X509_STORE_CTX_get_current_cert(ctx); \& err = X509_STORE_CTX_get_error(ctx); \& depth = X509_STORE_CTX_get_error_depth(ctx); \& \& /* \& * Retrieve the pointer to the SSL of the connection currently treated \& * and the application specific data stored into the SSL object. \& */ \& ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); \& mydata = SSL_get_ex_data(ssl, mydata_index); \& \& X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); \& \& /* \& * Catch a too long certificate chain. The depth limit set using \& * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so \& * that whenever the "depth>verify_depth" condition is met, we \& * have violated the limit and want to log this error condition. \& * We must do it here, because the CHAIN_TOO_LONG error would not \& * be found explicitly; only errors introduced by cutting off the \& * additional certificates would be logged. \& */ \& if (depth > mydata\->verify_depth) { \& preverify_ok = 0; \& err = X509_V_ERR_CERT_CHAIN_TOO_LONG; \& X509_STORE_CTX_set_error(ctx, err); \& } \& if (!preverify_ok) { \& printf("verify error:num=%d:%s:depth=%d:%s\en", err, \& X509_verify_cert_error_string(err), depth, buf); \& } else if (mydata\->verbose_mode) { \& printf("depth=%d:%s\en", depth, buf); \& } \& \& /* \& * At this point, err contains the last verification error. We can use \& * it for something special \& */ \& if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) { \& X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256); \& printf("issuer= %s\en", buf); \& } \& \& if (mydata\->always_continue) \& return 1; \& else \& return preverify_ok; \& } \& ... \& \& mydata_t mydata; \& \& ... \& mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL); \& \& ... \& SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, \& verify_callback); \& \& /* \& * Let the verify_callback catch the verify_depth error so that we get \& * an appropriate error in the logfile. \& */ \& SSL_CTX_set_verify_depth(verify_depth + 1); \& \& /* \& * Set up the SSL specific data into "mydata" and store it into th SSL \& * structure. \& */ \& mydata.verify_depth = verify_depth; ... \& SSL_set_ex_data(ssl, mydata_index, &mydata); \& \& ... \& SSL_accept(ssl); /* check of success left out for clarity */ \& if (peer = SSL_get_peer_certificate(ssl)) { \& if (SSL_get_verify_result(ssl) == X509_V_OK) { \& /* The client sent a certificate which verified OK */ \& } \& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \&\fBSSL_CTX_get_verify_mode\fR\|(3), \&\fBSSL_get_verify_result\fR\|(3), \&\fBSSL_CTX_load_verify_locations\fR\|(3), \&\fBSSL_get_peer_certificate\fR\|(3), \&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), \&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), \&\fBSSL_CTX_set_client_cert_cb\fR\|(3), \&\fBCRYPTO_get_ex_new_index\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \s-1SSL_VERIFY_POST_HANDSHAKE\s0 option, and the \fBSSL_verify_client_post_handshake()\fR and \fBSSL_set_post_handshake_auth()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!3X509_verify_cert.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_VERIFY_CERT 3" .TH X509_VERIFY_CERT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_verify_cert \- discover and verify X509 certificate chain .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_verify_cert(X509_STORE_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBX509_verify_cert()\fR function attempts to discover and validate a certificate chain based on parameters in \fBctx\fR. A complete description of the process is contained in the \fBverify\fR\|(1) manual page. .SH "RETURN VALUES" .IX Header "RETURN VALUES" If a complete chain can be built and validated this function returns 1, otherwise it return zero, in exceptional circumstances it can also return a negative code. .PP If the function fails additional error information can be obtained by examining \fBctx\fR using, for example \fBX509_STORE_CTX_get_error()\fR. .SH "NOTES" .IX Header "NOTES" Applications rarely call this function directly but it is used by OpenSSL internally for certificate validation, in both the S/MIME and \&\s-1SSL/TLS\s0 code. .PP A negative return value from \fBX509_verify_cert()\fR can occur if it is invoked incorrectly, such as with no certificate set in \fBctx\fR, or when it is called twice in succession without reinitialising \fBctx\fR for the second call. A negative return value can also happen due to internal resource problems or if a retry operation is requested during internal lookups (which never happens with standard lookup methods). Applications must check for <= 0 return value on error. .SH "BUGS" .IX Header "BUGS" This function uses the header \fBx509.h\fR as opposed to most chain verification functions which use \fBx509_vfy.h\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_STORE_CTX_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!xB X509_sign.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_SIGN 3" .TH X509_SIGN 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_sign, X509_sign_ctx, X509_verify, X509_REQ_sign, X509_REQ_sign_ctx, X509_REQ_verify, X509_CRL_sign, X509_CRL_sign_ctx, X509_CRL_verify \- sign or verify certificate, certificate request or CRL signature .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); \& int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); \& int X509_verify(X509 *a, EVP_PKEY *r); \& \& int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); \& int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); \& int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); \& \& int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); \& int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); \& int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_sign()\fR signs certificate \fBx\fR using private key \fBpkey\fR and message digest \fBmd\fR and sets the signature in \fBx\fR. \fBX509_sign_ctx()\fR also signs certificate \fBx\fR but uses the parameters contained in digest context \fBctx\fR. .PP \&\fBX509_verify()\fR verifies the signature of certificate \fBx\fR using public key \&\fBpkey\fR. Only the signature is checked: no other checks (such as certificate chain validity) are performed. .PP \&\fBX509_REQ_sign()\fR, \fBX509_REQ_sign_ctx()\fR, \fBX509_REQ_verify()\fR, \&\fBX509_CRL_sign()\fR, \fBX509_CRL_sign_ctx()\fR and \fBX509_CRL_verify()\fR sign and verify certificate requests and CRLs respectively. .SH "NOTES" .IX Header "NOTES" \&\fBX509_sign_ctx()\fR is used where the default parameters for the corresponding public key and digest are not suitable. It can be used to sign keys using RSA-PSS for example. .PP For efficiency reasons and to work around \s-1ASN.1\s0 encoding issues the encoding of the signed portion of a certificate, certificate request and \s-1CRL\s0 is cached internally. If the signed portion of the structure is modified the encoding is not always updated meaning a stale version is sometimes used. This is not normally a problem because modifying the signed portion will invalidate the signature and signing will always update the encoding. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_sign()\fR, \fBX509_sign_ctx()\fR, \fBX509_REQ_sign()\fR, \fBX509_REQ_sign_ctx()\fR, \&\fBX509_CRL_sign()\fR and \fBX509_CRL_sign_ctx()\fR return the size of the signature in bytes for success and zero for failure. .PP \&\fBX509_verify()\fR, \fBX509_REQ_verify()\fR and \fBX509_CRL_verify()\fR return 1 if the signature is valid and 0 if the signature check fails. If the signature could not be checked at all because it was invalid or some other error occurred then \-1 is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), \&\fBERR_get_error\fR\|(3), \&\fBX509_CRL_get0_by_serial\fR\|(3), \&\fBX509_get0_signature\fR\|(3), \&\fBX509_get_ext_d2i\fR\|(3), \&\fBX509_get_extension_flags\fR\|(3), \&\fBX509_get_pubkey\fR\|(3), \&\fBX509_get_subject_name\fR\|(3), \&\fBX509_get_version\fR\|(3), \&\fBX509_NAME_add_entry_by_txt\fR\|(3), \&\fBX509_NAME_ENTRY_get_object\fR\|(3), \&\fBX509_NAME_get_index_by_NID\fR\|(3), \&\fBX509_NAME_print_ex\fR\|(3), \&\fBX509_new\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBX509_sign()\fR, \fBX509_REQ_sign()\fR and \fBX509_CRL_sign()\fR functions are available in all versions of OpenSSL. .PP The \fBX509_sign_ctx()\fR, \fBX509_REQ_sign_ctx()\fR and \fBX509_CRL_sign_ctx()\fR functions were added OpenSSL 1.0.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!&%33 BIO_s_bio.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_S_BIO 3" .TH BIO_S_BIO 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair, BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request, BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request \- BIO pair BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const BIO_METHOD *BIO_s_bio(void); \& \& int BIO_make_bio_pair(BIO *b1, BIO *b2); \& int BIO_destroy_bio_pair(BIO *b); \& int BIO_shutdown_wr(BIO *b); \& \& int BIO_set_write_buf_size(BIO *b, long size); \& size_t BIO_get_write_buf_size(BIO *b, long size); \& \& int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); \& \& int BIO_get_write_guarantee(BIO *b); \& size_t BIO_ctrl_get_write_guarantee(BIO *b); \& int BIO_get_read_request(BIO *b); \& size_t BIO_ctrl_get_read_request(BIO *b); \& int BIO_ctrl_reset_read_request(BIO *b); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_s_bio()\fR returns the method for a \s-1BIO\s0 pair. A \s-1BIO\s0 pair is a pair of source/sink BIOs where data written to either half of the pair is buffered and can be read from the other half. Both halves must usually by handled by the same application thread since no locking is done on the internal data structures. .PP Since \s-1BIO\s0 chains typically end in a source/sink \s-1BIO\s0 it is possible to make this one half of a \s-1BIO\s0 pair and have all the data processed by the chain under application control. .PP One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL I/O\s0 under application control, this can be used when the application wishes to use a non standard transport for \&\s-1TLS/SSL\s0 or the normal socket routines are inappropriate. .PP Calls to \fBBIO_read_ex()\fR will read data from the buffer or request a retry if no data is available. .PP Calls to \fBBIO_write_ex()\fR will place data in the buffer or request a retry if the buffer is full. .PP The standard calls \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR can be used to determine the amount of pending data in the read or write buffer. .PP \&\fBBIO_reset()\fR clears any data in the write buffer. .PP \&\fBBIO_make_bio_pair()\fR joins two separate BIOs into a connected pair. .PP \&\fBBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing up any half of the pair will automatically destroy the association. .PP \&\fBBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other half of the pair will return any pending data or \s-1EOF\s0 when all pending data has been read. .PP \&\fBBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR. If the size is not initialized a default value is used. This is currently 17K, sufficient for a maximum size \s-1TLS\s0 record. .PP \&\fBBIO_get_write_buf_size()\fR returns the size of the write buffer. .PP \&\fBBIO_new_bio_pair()\fR combines the calls to \fBBIO_new()\fR, \fBBIO_make_bio_pair()\fR and \&\fBBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is zero then the default size is used. \fBBIO_new_bio_pair()\fR does not check whether \&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO,\s0 the values are overwritten, \&\fBBIO_free()\fR is not called. .PP \&\fBBIO_get_write_guarantee()\fR and \fBBIO_ctrl_get_write_guarantee()\fR return the maximum length of data that can be currently written to the \s-1BIO.\s0 Writes larger than this value will return a value from \fBBIO_write_ex()\fR less than the amount requested or if the buffer is full request a retry. \fBBIO_ctrl_get_write_guarantee()\fR is a function whereas \fBBIO_get_write_guarantee()\fR is a macro. .PP \&\fBBIO_get_read_request()\fR and \fBBIO_ctrl_get_read_request()\fR return the amount of data requested, or the buffer size if it is less, if the last read attempt at the other half of the \s-1BIO\s0 pair failed due to an empty buffer. This can be used to determine how much data should be written to the \s-1BIO\s0 so the next read will succeed: this is most useful in \s-1TLS/SSL\s0 applications where the amount of data read is usually meaningful rather than just a buffer size. After a successful read this call will return zero. It also will return zero once new data has been written satisfying the read request or part of it. Note that \fBBIO_get_read_request()\fR never returns an amount larger than that returned by \fBBIO_get_write_guarantee()\fR. .PP \&\fBBIO_ctrl_reset_read_request()\fR can also be used to reset the value returned by \&\fBBIO_get_read_request()\fR to zero. .SH "NOTES" .IX Header "NOTES" Both halves of a \s-1BIO\s0 pair should be freed. That is even if one half is implicit freed due to a \fBBIO_free_all()\fR or \fBSSL_free()\fR call the other half needs to be freed. .PP When used in bidirectional applications (such as \s-1TLS/SSL\s0) care should be taken to flush any data in the write buffer. This can be done by calling \fBBIO_pending()\fR on the other half of the pair and, if any data is pending, reading it and sending it to the underlying transport. This must be done before any normal processing (such as calling \fBselect()\fR ) due to a request and \fBBIO_should_read()\fR being true. .PP To see why this is important consider a case where a request is sent using \&\fBBIO_write_ex()\fR and a response read with \fBBIO_read_ex()\fR, this can occur during an \&\s-1TLS/SSL\s0 handshake for example. \fBBIO_write_ex()\fR will succeed and place data in the write buffer. \fBBIO_read_ex()\fR will initially fail and \fBBIO_should_read()\fR will be true. If the application then waits for data to be available on the underlying transport before flushing the write buffer it will never succeed because the request was never sent! .PP \&\fBBIO_eof()\fR is true if no data is in the peer \s-1BIO\s0 and the peer \s-1BIO\s0 has been shutdown. .PP \&\fBBIO_make_bio_pair()\fR, \fBBIO_destroy_bio_pair()\fR, \fBBIO_shutdown_wr()\fR, \&\fBBIO_set_write_buf_size()\fR, \fBBIO_get_write_buf_size()\fR, \&\fBBIO_get_write_guarantee()\fR, and \fBBIO_get_read_request()\fR are implemented as macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in \&\fBbio1\fR and \fBbio2\fR, or 0 on failure, with \s-1NULL\s0 pointers stored into the locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more information. .PP [\s-1XXXXX:\s0 More return values need to be added here] .SH "EXAMPLES" .IX Header "EXAMPLES" The \s-1BIO\s0 pair can be used to have full control over the network access of an application. The application can call \fBselect()\fR on the socket as required without having to go through the SSL-interface. .PP .Vb 1 \& BIO *internal_bio, *network_bio; \& \& ... \& BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0); \& SSL_set_bio(ssl, internal_bio, internal_bio); \& SSL_operations(); /* e.g. SSL_read and SSL_write */ \& ... \& \& application | TLS\-engine \& | | \& +\-\-\-\-\-\-\-\-\-\-> SSL_operations() \& | /\e || \& | || \e/ \& | BIO\-pair (internal_bio) \& | BIO\-pair (network_bio) \& | || /\e \& | \e/ || \& +\-\-\-\-\-\-\-\-\-\-\-< BIO_operations() \& | | \& | | \& socket \& \& ... \& SSL_free(ssl); /* implicitly frees internal_bio */ \& BIO_free(network_bio); \& ... .Ve .PP As the \s-1BIO\s0 pair will only buffer the data and never directly access the connection, it behaves nonblocking and will return as soon as the write buffer is full or the read buffer is drained. Then the application has to flush the write buffer and/or fill the read buffer. .PP Use the \fBBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 and must be transferred to the network. Use \fBBIO_ctrl_get_read_request()\fR to find out, how many bytes must be written into the buffer before the \&\fBSSL_operation()\fR can successfully be continued. .SH "WARNINGS" .IX Header "WARNINGS" As the data is buffered, \fBSSL_operation()\fR may return with an \s-1ERROR_SSL_WANT_READ\s0 condition, but there is still data in the write buffer. An application must not rely on the error value of \fBSSL_operation()\fR but must assure that the write buffer is always flushed first. Otherwise a deadlock may occur as the peer might be waiting for the data before being able to continue. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), \&\fBBIO_should_retry\fR\|(3), \fBBIO_read_ex\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!gm SSL_in_init.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_IN_INIT 3" .TH SSL_IN_INIT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_in_before, SSL_in_init, SSL_is_init_finished, SSL_in_connect_init, SSL_in_accept_init, SSL_get_state \&\- retrieve information about the handshake state machine .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_in_init(const SSL *s); \& int SSL_in_before(const SSL *s); \& int SSL_is_init_finished(const SSL *s); \& \& int SSL_in_connect_init(SSL *s); \& int SSL_in_accept_init(SSL *s); \& \& OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_in_init()\fR returns 1 if the \s-1SSL/TLS\s0 state machine is currently processing or awaiting handshake messages, or 0 otherwise. .PP \&\fBSSL_in_before()\fR returns 1 if no \s-1SSL/TLS\s0 handshake has yet been initiated, or 0 otherwise. .PP \&\fBSSL_is_init_finished()\fR returns 1 if the \s-1SSL/TLS\s0 connection is in a state where fully protected application data can be transferred or 0 otherwise. .PP Note that in some circumstances (such as when early data is being transferred) \&\fBSSL_in_init()\fR, \fBSSL_in_before()\fR and \fBSSL_is_init_finished()\fR can all return 0. .PP \&\fBSSL_in_connect_init()\fR returns 1 if \fBs\fR is acting as a client and \fBSSL_in_init()\fR would return 1, or 0 otherwise. .PP \&\fBSSL_in_accept_init()\fR returns 1 if \fBs\fR is acting as a server and \fBSSL_in_init()\fR would return 1, or 0 otherwise. .PP \&\fBSSL_in_connect_init()\fR and \fBSSL_in_accept_init()\fR are implemented as macros. .PP \&\fBSSL_get_state()\fR returns a value indicating the current state of the handshake state machine. \s-1OSSL_HANDSHAKE_STATE\s0 is an enumerated type where each value indicates a discrete state machine state. Note that future versions of OpenSSL may define more states so applications should expect to receive unrecognised state values. The naming format is made up of a number of elements as follows: .PP \&\fBprotocol\fR_ST_\fBrole\fR_\fBmessage\fR .PP \&\fBprotocol\fR is one of \s-1TLS\s0 or \s-1DTLS. DTLS\s0 is used where a state is specific to the \&\s-1DTLS\s0 protocol. Otherwise \s-1TLS\s0 is used. .PP \&\fBrole\fR is one of \s-1CR, CW, SR\s0 or \s-1SW\s0 to indicate \*(L"client reading\*(R", \&\*(L"client writing\*(R", \*(L"server reading\*(R" or \*(L"server writing\*(R" respectively. .PP \&\fBmessage\fR is the name of a handshake message that is being or has been sent, or is being or has been processed. .PP Additionally there are some special states that do not conform to the above format. These are: .IP "\s-1TLS_ST_BEFORE\s0" 4 .IX Item "TLS_ST_BEFORE" No handshake messages have yet been been sent or received. .IP "\s-1TLS_ST_OK\s0" 4 .IX Item "TLS_ST_OK" Handshake message sending/processing has completed. .IP "\s-1TLS_ST_EARLY_DATA\s0" 4 .IX Item "TLS_ST_EARLY_DATA" Early data is being processed .IP "\s-1TLS_ST_PENDING_EARLY_DATA_END\s0" 4 .IX Item "TLS_ST_PENDING_EARLY_DATA_END" Awaiting the end of early data processing .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_in_init()\fR, \fBSSL_in_before()\fR, \fBSSL_is_init_finished()\fR, \fBSSL_in_connect_init()\fR and \fBSSL_in_accept_init()\fR return values as indicated above. .PP \&\fBSSL_get_state()\fR returns the current handshake state. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_read_early_data\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!\ SCT_print.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SCT_PRINT 3" .TH SCT_PRINT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SCT_print, SCT_LIST_print, SCT_validation_status_string \- Prints Signed Certificate Timestamps in a human\-readable way .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); \& void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, \& const char *separator, const CTLOG_STORE *logs); \& const char *SCT_validation_status_string(const SCT *sct); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSCT_print()\fR prints a single Signed Certificate Timestamp (\s-1SCT\s0) to a bio in a human-readable format. \fBSCT_LIST_print()\fR prints an entire list of SCTs in a similar way. A separator can be specified to delimit each \s-1SCT\s0 in the output. .PP The output can be indented by a specified number of spaces. If a \fB\s-1CTLOG_STORE\s0\fR is provided, it will be used to print the description of the \s-1CT\s0 log that issued each \s-1SCT\s0 (if that log is in the \s-1CTLOG_STORE\s0). Alternatively, \s-1NULL\s0 can be passed as the \s-1CTLOG_STORE\s0 parameter to disable this feature. .PP \&\fBSCT_validation_status_string()\fR will return the validation status of an \s-1SCT\s0 as a human-readable string. Call \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR beforehand in order to set the validation status of an \s-1SCT\s0 first. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSCT_validation_status_string()\fR returns a null-terminated string representing the validation status of an \fB\s-1SCT\s0\fR object. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBct\fR\|(7), \&\fBbio\fR\|(7), \&\fBCTLOG_STORE_new\fR\|(3), \&\fBSCT_validate\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!BQ`` EVP_sha224.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_SHA224 3" .TH EVP_SHA224 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_sha224, EVP_sha256, EVP_sha512_224, EVP_sha512_256, EVP_sha384, EVP_sha512 \&\- SHA\-2 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_MD *EVP_sha224(void); \& const EVP_MD *EVP_sha256(void); \& const EVP_MD *EVP_sha512_224(void); \& const EVP_MD *EVP_sha512_256(void); \& const EVP_MD *EVP_sha384(void); \& const EVP_MD *EVP_sha512(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1SHA\-2\s0 (Secure Hash Algorithm 2) is a family of cryptographic hash functions standardized in \s-1NIST FIPS 180\-4,\s0 first published in 2001. .IP "\fBEVP_sha224()\fR, \fBEVP_sha256()\fR, EVP_sha512_224, EVP_sha512_256, \fBEVP_sha384()\fR, \fBEVP_sha512()\fR" 4 .IX Item "EVP_sha224(), EVP_sha256(), EVP_sha512_224, EVP_sha512_256, EVP_sha384(), EVP_sha512()" The \s-1SHA\-2 SHA\-224, SHA\-256, SHA\-512/224, SHA512/256, SHA\-384\s0 and \s-1SHA\-512\s0 algorithms, which generate 224, 256, 224, 256, 384 and 512 bits respectively of output from a given input. .Sp The two algorithms: \s-1SHA\-512/224\s0 and \s-1SHA512/256\s0 are truncated forms of the \&\s-1SHA\-512\s0 algorithm. They are distinct from \s-1SHA\-224\s0 and \s-1SHA\-256\s0 even though their outputs are of the same size. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1NIST FIPS 180\-4.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!=   SSL_get_fd.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_FD 3" .TH SSL_GET_FD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get_fd, SSL_get_rfd, SSL_get_wfd \- get file descriptor linked to an SSL object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_get_fd(const SSL *ssl); \& int SSL_get_rfd(const SSL *ssl); \& int SSL_get_wfd(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_get_fd()\fR returns the file descriptor which is linked to \fBssl\fR. \&\fBSSL_get_rfd()\fR and \fBSSL_get_wfd()\fR return the file descriptors for the read or the write channel, which can be different. If the read and the write channel are different, \fBSSL_get_fd()\fR will return the file descriptor of the read channel. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "\-1" 4 .IX Item "-1" The operation failed, because the underlying \s-1BIO\s0 is not of the correct type (suitable for file descriptors). .IP ">=0" 4 .IX Item ">=0" The file descriptor linked to \fBssl\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_set_fd\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!v\y%%OpenSSL_add_all_algorithms.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OPENSSL_ADD_ALL_ALGORITHMS 3" .TH OPENSSL_ADD_ALL_ALGORITHMS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup \- add algorithms to internal table .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include .Ve .PP Deprecated: .PP .Vb 4 \& # if OPENSSL_API_COMPAT < 0x10100000L \& void OpenSSL_add_all_algorithms(void); \& void OpenSSL_add_all_ciphers(void); \& void OpenSSL_add_all_digests(void); \& \& void EVP_cleanup(void) \&# endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" OpenSSL keeps an internal table of digest algorithms and ciphers. It uses this table to lookup ciphers via functions such as \fBEVP_get_cipher_byname()\fR. .PP \&\fBOpenSSL_add_all_digests()\fR adds all digest algorithms to the table. .PP \&\fBOpenSSL_add_all_algorithms()\fR adds all algorithms to the table (digests and ciphers). .PP \&\fBOpenSSL_add_all_ciphers()\fR adds all encryption algorithms to the table including password based encryption algorithms. .PP In versions prior to 1.1.0 \fBEVP_cleanup()\fR removed all ciphers and digests from the table. It no longer has any effect in OpenSSL 1.1.0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" None of the functions return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \fBEVP_DigestInit\fR\|(3), \&\fBEVP_EncryptInit\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBOpenSSL_add_all_algorithms()\fR, \fBOpenSSL_add_all_ciphers()\fR, \&\fBOpenSSL_add_all_digests()\fR, and \fBEVP_cleanup()\fR, functions were deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR and should not be used. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ϸRSA_generate_key.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RSA_GENERATE_KEY 3" .TH RSA_GENERATE_KEY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RSA_generate_key_ex, RSA_generate_key, RSA_generate_multi_prime_key \- generate RSA key pair .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); \& int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); .Ve .PP Deprecated: .PP .Vb 4 \& #if OPENSSL_API_COMPAT < 0x00908000L \& RSA *RSA_generate_key(int bits, unsigned long e, \& void (*callback)(int, int, void *), void *cb_arg); \& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBRSA_generate_key_ex()\fR generates a 2\-prime \s-1RSA\s0 key pair and stores it in the \&\fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The pseudo-random number generator must be seeded prior to calling \fBRSA_generate_key_ex()\fR. .PP \&\fBRSA_generate_multi_prime_key()\fR generates a multi-prime \s-1RSA\s0 key pair and stores it in the \fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The number of primes is given by the \fBprimes\fR parameter. The random number generator must be seeded when calling \fBRSA_generate_multi_prime_key()\fR. If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. .PP The modulus size will be of length \fBbits\fR, the number of primes to form the modulus will be \fBprimes\fR, and the public exponent will be \fBe\fR. Key sizes with \fBnum\fR < 1024 should be considered insecure. The exponent is an odd number, typically 3, 17 or 65537. .PP In order to maintain adequate security level, the maximum number of permitted \&\fBprimes\fR depends on modulus bit length: .PP .Vb 3 \& <1024 | >=1024 | >=4096 | >=8192 \& \-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\- \& 2 | 3 | 4 | 5 .Ve .PP A callback function may be used to provide feedback about the progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be called as follows using the \fBBN_GENCB_call()\fR function described on the \fBBN_generate_prime\fR\|(3) page. .PP \&\fBRSA_generate_key()\fR is similar to \fBRSA_generate_key_ex()\fR but expects an old-style callback function; see \&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. .IP "\(bu" 2 While a random prime number is generated, it is called as described in \fBBN_generate_prime\fR\|(3). .IP "\(bu" 2 When the n\-th randomly generated prime is rejected as not suitable for the key, \fBBN_GENCB_call(cb, 2, n)\fR is called. .IP "\(bu" 2 When a random p has been found with p\-1 relatively prime to \fBe\fR, it is called as \fBBN_GENCB_call(cb, 3, 0)\fR. .PP The process is then repeated for prime q and other primes (if any) with \fBBN_GENCB_call(cb, 3, i)\fR where \fBi\fR indicates the i\-th prime. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRSA_generate_multi_prime_key()\fR returns 1 on success or 0 on error. \&\fBRSA_generate_key_ex()\fR returns 1 on success or 0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .PP \&\fBRSA_generate_key()\fR returns a pointer to the \s-1RSA\s0 structure or \&\fB\s-1NULL\s0\fR if the key generation fails. .SH "BUGS" .IX Header "BUGS" \&\fBBN_GENCB_call(cb, 2, x)\fR is used with two different meanings. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \fBBN_generate_prime\fR\|(3), \&\s-1\fBRAND\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" \&\fBRSA_generate_key()\fR was deprecated in OpenSSL 0.9.8; use \&\fBRSA_generate_key_ex()\fR instead. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!$^ASN1_STRING_TABLE_add.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ASN1_STRING_TABLE_ADD 3" .TH ASN1_STRING_TABLE_ADD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ASN1_STRING_TABLE, ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get, ASN1_STRING_TABLE_cleanup \- ASN1_STRING_TABLE manipulation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef struct asn1_string_table_st ASN1_STRING_TABLE; \& \& int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, \& unsigned long mask, unsigned long flags); \& ASN1_STRING_TABLE * ASN1_STRING_TABLE_get(int nid); \& void ASN1_STRING_TABLE_cleanup(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" .SS "Types" .IX Subsection "Types" \&\fB\s-1ASN1_STRING_TABLE\s0\fR is a table which holds string information (basically minimum size, maximum size, type and etc) for a \s-1NID\s0 object. .SS "Functions" .IX Subsection "Functions" \&\fBASN1_STRING_TABLE_add()\fR adds a new \fB\s-1ASN1_STRING_TABLE\s0\fR item into the local \s-1ASN1\s0 string table based on the \fBnid\fR along with other parameters. .PP If the item is already in the table, fields of \fB\s-1ASN1_STRING_TABLE\s0\fR are updated (depending on the values of those parameters, e.g., \fBminsize\fR and \fBmaxsize\fR >= 0, \fBmask\fR and \fBflags\fR != 0). If the \fBnid\fR is standard, a copy of the standard \fB\s-1ASN1_STRING_TABLE\s0\fR is created and updated with other parameters. .PP \&\fBASN1_STRING_TABLE_get()\fR searches for an \fB\s-1ASN1_STRING_TABLE\s0\fR item based on \fBnid\fR. It will search the local table first, then the standard one. .PP \&\fBASN1_STRING_TABLE_cleanup()\fR frees all \fB\s-1ASN1_STRING_TABLE\s0\fR items added by \fBASN1_STRING_TABLE_add()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASN1_STRING_TABLE_add()\fR returns 1 on success, 0 if an error occurred. .PP \&\fBASN1_STRING_TABLE_get()\fR returns a valid \fB\s-1ASN1_STRING_TABLE\s0\fR structure or \fB\s-1NULL\s0\fR if nothing is found. .PP \&\fBASN1_STRING_TABLE_cleanup()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!qeSSL_get_verify_result.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_VERIFY_RESULT 3" .TH SSL_GET_VERIFY_RESULT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get_verify_result \- get result of peer certificate verification .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_get_verify_result(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_get_verify_result()\fR returns the result of the verification of the X509 certificate presented by the peer, if any. .SH "NOTES" .IX Header "NOTES" \&\fBSSL_get_verify_result()\fR can only return one error code while the verification of a certificate can fail because of many reasons at the same time. Only the last verification error that occurred during the processing is available from \fBSSL_get_verify_result()\fR. .PP The verification result is part of the established session and is restored when a session is reused. .SH "BUGS" .IX Header "BUGS" If no peer certificate was presented, the returned result code is X509_V_OK. This is because no verification error occurred, it does however not indicate success. \fBSSL_get_verify_result()\fR is only useful in connection with \fBSSL_get_peer_certificate\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can currently occur: .IP "X509_V_OK" 4 .IX Item "X509_V_OK" The verification succeeded or no peer certificate was presented. .IP "Any other value" 4 .IX Item "Any other value" Documented in \fBverify\fR\|(1). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_set_verify_result\fR\|(3), \&\fBSSL_get_peer_certificate\fR\|(3), \&\fBverify\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! ##SSL_get_SSL_CTX.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_SSL_CTX 3" .TH SSL_GET_SSL_CTX 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get_SSL_CTX \- get the SSL_CTX from which an SSL is created .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which \&\fBssl\fR was created with \fBSSL_new\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The pointer to the \s-1SSL_CTX\s0 object is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!4&&CONF_modules_load_file.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CONF_MODULES_LOAD_FILE 3" .TH CONF_MODULES_LOAD_FILE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CONF_modules_load_file, CONF_modules_load \- OpenSSL configuration functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int CONF_modules_load_file(const char *filename, const char *appname, \& unsigned long flags); \& int CONF_modules_load(const CONF *cnf, const char *appname, \& unsigned long flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The function \fBCONF_modules_load_file()\fR configures OpenSSL using file \&\fBfilename\fR and application name \fBappname\fR. If \fBfilename\fR is \s-1NULL\s0 the standard OpenSSL configuration file is used. If \fBappname\fR is \&\s-1NULL\s0 the standard OpenSSL application name \fBopenssl_conf\fR is used. The behaviour can be customized using \fBflags\fR. .PP \&\fBCONF_modules_load()\fR is identical to \fBCONF_modules_load_file()\fR except it reads configuration information from \fBcnf\fR. .SH "NOTES" .IX Header "NOTES" The following \fBflags\fR are currently recognized: .PP If \fB\s-1CONF_MFLAGS_IGNORE_ERRORS\s0\fR is set errors returned by individual configuration modules are ignored. If not set the first module error is considered fatal and no further modules are loaded. .PP Normally any modules errors will add error information to the error queue. If \&\fB\s-1CONF_MFLAGS_SILENT\s0\fR is set no error information is added. .PP If \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR is set the function unconditionally returns success. This is used by default in \fBOPENSSL_init_crypto\fR\|(3) to ignore any errors in the default system-wide configuration file, as having all OpenSSL applications fail to start when there are potentially minor issues in the file is too risky. Applications calling \fBCONF_modules_load_file\fR explicitly should not generally set this flag. .PP If \fB\s-1CONF_MFLAGS_NO_DSO\s0\fR is set configuration module loading from DSOs is disabled. .PP \&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR if set will make \fBCONF_load_modules_file()\fR ignore missing configuration files. Normally a missing configuration file return an error. .PP \&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR if set and \fBappname\fR is not \s-1NULL\s0 will use the default section pointed to by \fBopenssl_conf\fR if \fBappname\fR does not exist. .PP By using \fBCONF_modules_load_file()\fR with appropriate flags an application can customise application configuration to best suit its needs. In some cases the use of a configuration file is optional and its absence is not an error: in this case \fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR would be set. .PP Errors during configuration may also be handled differently by different applications. For example in some cases an error may simply print out a warning message and the application continue. In other cases an application might consider a configuration file error as fatal and exit immediately. .PP Applications can use the \fBCONF_modules_load()\fR function if they wish to load a configuration file themselves and have finer control over how errors are treated. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return 1 for success and a zero or negative value for failure. If module errors are not ignored the return code will reflect the return value of the failing module (this will always be zero or negative). .SH "EXAMPLES" .IX Header "EXAMPLES" Load a configuration file and print out any errors and exit (missing file considered fatal): .PP .Vb 5 \& if (CONF_modules_load_file(NULL, NULL, 0) <= 0) { \& fprintf(stderr, "FATAL: error loading configuration file\en"); \& ERR_print_errors_fp(stderr); \& exit(1); \& } .Ve .PP Load default configuration file using the section indicated by \*(L"myapp\*(R", tolerate missing files, but exit on other errors: .PP .Vb 6 \& if (CONF_modules_load_file(NULL, "myapp", \& CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { \& fprintf(stderr, "FATAL: error loading configuration file\en"); \& ERR_print_errors_fp(stderr); \& exit(1); \& } .Ve .PP Load custom configuration file and section, only print warnings on error, missing configuration file ignored: .PP .Vb 5 \& if (CONF_modules_load_file("/something/app.cnf", "myapp", \& CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { \& fprintf(stderr, "WARNING: error loading configuration file\en"); \& ERR_print_errors_fp(stderr); \& } .Ve .PP Load and parse configuration file manually, custom error handling: .PP .Vb 3 \& FILE *fp; \& CONF *cnf = NULL; \& long eline; \& \& fp = fopen("/somepath/app.cnf", "r"); \& if (fp == NULL) { \& fprintf(stderr, "Error opening configuration file\en"); \& /* Other missing configuration file behaviour */ \& } else { \& cnf = NCONF_new(NULL); \& if (NCONF_load_fp(cnf, fp, &eline) == 0) { \& fprintf(stderr, "Error on line %ld of configuration file\en", eline); \& ERR_print_errors_fp(stderr); \& /* Other malformed configuration file behaviour */ \& } else if (CONF_modules_load(cnf, "appname", 0) <= 0) { \& fprintf(stderr, "Error configuring application\en"); \& ERR_print_errors_fp(stderr); \& /* Other configuration error behaviour */ \& } \& fclose(fp); \& NCONF_free(cnf); \& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!/}}EVP_idea_cbc.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_IDEA_CBC 3" .TH EVP_IDEA_CBC 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_idea_cbc, EVP_idea_cfb, EVP_idea_cfb64, EVP_idea_ecb, EVP_idea_ofb \&\- EVP IDEA cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_CIPHER *EVP_idea_cbc(void) \& const EVP_CIPHER *EVP_idea_cfb(void) \& const EVP_CIPHER *EVP_idea_cfb64(void) \& const EVP_CIPHER *EVP_idea_ecb(void) \& const EVP_CIPHER *EVP_idea_ofb(void) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1IDEA\s0 encryption algorithm for \s-1EVP.\s0 .IP "\fBEVP_idea_cbc()\fR, \fBEVP_idea_cfb()\fR, \fBEVP_idea_cfb64()\fR, \fBEVP_idea_ecb()\fR, \fBEVP_idea_ofb()\fR" 4 .IX Item "EVP_idea_cbc(), EVP_idea_cfb(), EVP_idea_cfb64(), EVP_idea_ecb(), EVP_idea_ofb()" The \s-1IDEA\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!USF4F4OSSL_STORE_INFO.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OSSL_STORE_INFO 3" .TH OSSL_STORE_INFO 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OSSL_STORE_INFO, OSSL_STORE_INFO_get_type, OSSL_STORE_INFO_get0_NAME, OSSL_STORE_INFO_get0_NAME_description, OSSL_STORE_INFO_get0_PARAMS, OSSL_STORE_INFO_get0_PKEY, OSSL_STORE_INFO_get0_CERT, OSSL_STORE_INFO_get0_CRL, OSSL_STORE_INFO_get1_NAME, OSSL_STORE_INFO_get1_NAME_description, OSSL_STORE_INFO_get1_PARAMS, OSSL_STORE_INFO_get1_PKEY, OSSL_STORE_INFO_get1_CERT, OSSL_STORE_INFO_get1_CRL, OSSL_STORE_INFO_type_string, OSSL_STORE_INFO_free, OSSL_STORE_INFO_new_NAME, OSSL_STORE_INFO_set0_NAME_description, OSSL_STORE_INFO_new_PARAMS, OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, OSSL_STORE_INFO_new_CRL \- Functions to manipulate OSSL_STORE_INFO objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef struct ossl_store_info_st OSSL_STORE_INFO; \& \& int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *store_info); \& const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *store_info); \& char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *store_info); \& const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO \& *store_info); \& char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *store_info); \& EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *store_info); \& EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *store_info); \& EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *store_info); \& EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *store_info); \& X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *store_info); \& X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *store_info); \& X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *store_info); \& X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *store_info); \& \& const char *OSSL_STORE_INFO_type_string(int type); \& \& void OSSL_STORE_INFO_free(OSSL_STORE_INFO *store_info); \& \& OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); \& int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); \& OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(DSA *dsa_params); \& OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); \& OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); \& OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions are primarily useful for applications to retrieve supported objects from \fB\s-1OSSL_STORE_INFO\s0\fR objects and for scheme specific loaders to create \fB\s-1OSSL_STORE_INFO\s0\fR holders. .SS "Types" .IX Subsection "Types" \&\fB\s-1OSSL_STORE_INFO\s0\fR is an opaque type that's just an intermediary holder for the objects that have been retrieved by \fBOSSL_STORE_load()\fR and similar functions. Supported OpenSSL type object can be extracted using one of \&\fBSTORE_INFO_get0_TYPE()\fR. The life time of this extracted object is as long as the life time of the \fB\s-1OSSL_STORE_INFO\s0\fR it was extracted from, so care should be taken not to free the latter too early. As an alternative, \fBSTORE_INFO_get1_TYPE()\fR extracts a duplicate (or the same object with its reference count increased), which can be used after the containing \fB\s-1OSSL_STORE_INFO\s0\fR has been freed. The object returned by \fBSTORE_INFO_get1_TYPE()\fR must be freed separately by the caller. See \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 for more information on the types that are supported. .SS "Functions" .IX Subsection "Functions" \&\fBOSSL_STORE_INFO_get_type()\fR takes a \fB\s-1OSSL_STORE_INFO\s0\fR and returns the \s-1STORE\s0 type number for the object inside. \&\fBSTORE_INFO_get_type_string()\fR takes a \s-1STORE\s0 type number and returns a short string describing it. .PP \&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, \&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, \&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all take a \&\fB\s-1OSSL_STORE_INFO\s0\fR and return the held object of the appropriate OpenSSL type provided that's what's held. .PP \&\fBOSSL_STORE_INFO_get1_NAME()\fR, \fBOSSL_STORE_INFO_get1_NAME_description()\fR, \&\fBOSSL_STORE_INFO_get1_PARAMS()\fR, \fBOSSL_STORE_INFO_get1_PKEY()\fR, \&\fBOSSL_STORE_INFO_get1_CERT()\fR and \fBOSSL_STORE_INFO_get1_CRL()\fR all take a \&\fB\s-1OSSL_STORE_INFO\s0\fR and return a duplicate of the held object of the appropriate OpenSSL type provided that's what's held. .PP \&\fBOSSL_STORE_INFO_free()\fR frees a \fB\s-1OSSL_STORE_INFO\s0\fR and its contained type. .PP \&\fBOSSL_STORE_INFO_new_NAME()\fR , \fBOSSL_STORE_INFO_new_PARAMS()\fR, \&\fBOSSL_STORE_INFO_new_PKEY()\fR, \fBOSSL_STORE_INFO_new_CERT()\fR and \&\fBOSSL_STORE_INFO_new_CRL()\fR create a \fB\s-1OSSL_STORE_INFO\s0\fR object to hold the given input object. Additionally, for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR` objects, \&\fBOSSL_STORE_INFO_set0_NAME_description()\fR can be used to add an extra description. This description is meant to be human readable and should be used for information printout. .SH "SUPPORTED OBJECTS" .IX Header "SUPPORTED OBJECTS" Currently supported object types are: .IP "\s-1OSSL_STORE_INFO_NAME\s0" 4 .IX Item "OSSL_STORE_INFO_NAME" A name is exactly that, a name. It's like a name in a directory, but formatted as a complete \s-1URI.\s0 For example, the path in \s-1URI\s0 \f(CW\*(C`file:/foo/bar/\*(C'\fR could include a file named \f(CW\*(C`cookie.pem\*(C'\fR, and in that case, the returned \fB\s-1OSSL_STORE_INFO_NAME\s0\fR object would have the \s-1URI\s0 \f(CW\*(C`file:/foo/bar/cookie.pem\*(C'\fR, which can be used by the application to get the objects in that file. This can be applied to all schemes that can somehow support a listing of object URIs. .Sp For \f(CW\*(C`file:\*(C'\fR URIs that are used without the explicit scheme, the returned name will be the path of each object, so if \f(CW\*(C`/foo/bar\*(C'\fR was given and that path has the file \f(CW\*(C`cookie.pem\*(C'\fR, the name \&\f(CW\*(C`/foo/bar/cookie.pem\*(C'\fR will be returned. .Sp The returned \s-1URI\s0 is considered canonical and must be unique and permanent for the storage where the object (or collection of objects) resides. Each loader is responsible for ensuring that it only returns canonical URIs. However, it's possible that certain schemes allow an object (or collection thereof) to be reached with alternative URIs; just because one \s-1URI\s0 is canonical doesn't mean that other variants can't be used. .Sp At the discretion of the loader that was used to get these names, an extra description may be attached as well. .IP "\s-1OSSL_STORE_INFO_PARAMS\s0" 4 .IX Item "OSSL_STORE_INFO_PARAMS" Key parameters. .IP "\s-1OSSL_STORE_INFO_PKEY\s0" 4 .IX Item "OSSL_STORE_INFO_PKEY" A private/public key of some sort. .IP "\s-1OSSL_STORE_INFO_CERT\s0" 4 .IX Item "OSSL_STORE_INFO_CERT" An X.509 certificate. .IP "\s-1OSSL_STORE_INFO_CRL\s0" 4 .IX Item "OSSL_STORE_INFO_CRL" A X.509 certificate revocation list. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOSSL_STORE_INFO_get_type()\fR returns the \s-1STORE\s0 type number of the given \&\fB\s-1OSSL_STORE_INFO\s0\fR. There is no error value. .PP \&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, \&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, \&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all return a pointer to the OpenSSL object on success, \s-1NULL\s0 otherwise. .PP \&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, \&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, \&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all return a pointer to a duplicate of the OpenSSL object on success, \s-1NULL\s0 otherwise. .PP \&\fBOSSL_STORE_INFO_type_string()\fR returns a string on success, or \fB\s-1NULL\s0\fR on failure. .PP \&\fBOSSL_STORE_INFO_new_NAME()\fR, \fBOSSL_STORE_INFO_new_PARAMS()\fR, \&\fBOSSL_STORE_INFO_new_PKEY()\fR, \fBOSSL_STORE_INFO_new_CERT()\fR and \&\fBOSSL_STORE_INFO_new_CRL()\fR return a \fB\s-1OSSL_STORE_INFO\s0\fR pointer on success, or \fB\s-1NULL\s0\fR on failure. .PP \&\fBOSSL_STORE_INFO_set0_NAME_description()\fR returns 1 on success, or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3), \fBOSSL_STORE_register_loader\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\s-1\fBOSSL_STORE_INFO\s0()\fR, \fBOSSL_STORE_INFO_get_type()\fR, \fBOSSL_STORE_INFO_get0_NAME()\fR, \&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, \&\fBOSSL_STORE_INFO_get0_CERT()\fR, \fBOSSL_STORE_INFO_get0_CRL()\fR, \&\fBOSSL_STORE_INFO_type_string()\fR, \fBOSSL_STORE_INFO_free()\fR, \fBOSSL_STORE_INFO_new_NAME()\fR, \&\fBOSSL_STORE_INFO_new_PARAMS()\fR, \fBOSSL_STORE_INFO_new_PKEY()\fR, \&\fBOSSL_STORE_INFO_new_CERT()\fR and \fBOSSL_STORE_INFO_new_CRL()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!s!!RAND_DRBG_reseed.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RAND_DRBG_RESEED 3" .TH RAND_DRBG_RESEED 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RAND_DRBG_reseed, RAND_DRBG_set_reseed_interval, RAND_DRBG_set_reseed_time_interval, RAND_DRBG_set_reseed_defaults \&\- reseed a RAND_DRBG instance .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int RAND_DRBG_reseed(RAND_DRBG *drbg, \& const unsigned char *adin, size_t adinlen, \& int prediction_resistance); \& \& int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, \& unsigned int interval); \& \& int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, \& time_t interval); \& \& int RAND_DRBG_set_reseed_defaults( \& unsigned int master_reseed_interval, \& unsigned int slave_reseed_interval, \& time_t master_reseed_time_interval, \& time_t slave_reseed_time_interval \& ); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBRAND_DRBG_reseed()\fR reseeds the given \fBdrbg\fR, obtaining entropy input from its entropy source and mixing in the specified additional data provided in the buffer \fBadin\fR of length \fBadinlen\fR. The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and \fBadinlen\fR to 0. An immediate reseeding from a live entropy source can be requested by setting the \fBprediction_resistance\fR flag to 1. This feature is not implemented yet, so reseeding with prediction resistance requested will always fail. .PP \&\fBRAND_DRBG_set_reseed_interval()\fR sets the reseed interval of the \fBdrbg\fR, which is the maximum allowed number of generate requests between consecutive reseedings. If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the number of generate requests since its last seeding exceeds the given reseed interval. If \fBinterval\fR == 0, then this feature is disabled. .PP \&\fBRAND_DRBG_set_reseed_time_interval()\fR sets the reseed time interval of the \fBdrbg\fR, which is the maximum allowed number of seconds between consecutive reseedings. If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the elapsed time since its last reseeding exceeds the given reseed time interval. If \fBinterval\fR == 0, then this feature is disabled. .PP \&\fBRAND_DRBG_set_reseed_defaults()\fR sets the default values for the reseed interval (\fBmaster_reseed_interval\fR and \fBslave_reseed_interval\fR) and the reseed time interval (\fBmaster_reseed_time_interval\fR and \fBslave_reseed_tme_interval\fR) of \s-1DRBG\s0 instances. The default values are set independently for master \s-1DRBG\s0 instances (which don't have a parent) and slave \s-1DRBG\s0 instances (which are chained to a parent \s-1DRBG\s0). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_DRBG_reseed()\fR, \&\fBRAND_DRBG_set_reseed_interval()\fR, and \&\fBRAND_DRBG_set_reseed_time_interval()\fR, return 1 on success, 0 on failure. .SH "NOTES" .IX Header "NOTES" The default OpenSSL random generator is already set up for automatic reseeding, so in general it is not necessary to reseed it explicitly, or to modify its reseeding thresholds. .PP Normally, the entropy input for seeding a \s-1DRBG\s0 is either obtained from a trusted os entropy source or from a parent \s-1DRBG\s0 instance, which was seeded (directly or indirectly) from a trusted os entropy source. In exceptional cases it is possible to replace the reseeding mechanism entirely by providing application defined callbacks using \fBRAND_DRBG_set_callbacks()\fR. .PP The reseeding default values are applied only during creation of a \s-1DRBG\s0 instance. To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances (, resp. and ), it is necessary to call \&\fBRAND_DRBG_set_reseed_defaults()\fR before creating any thread and before calling any cryptographic routines that obtain random data directly or indirectly. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRAND_DRBG_generate\fR\|(3), \&\fBRAND_DRBG_bytes\fR\|(3), \&\fBRAND_DRBG_set_callbacks\fR\|(3). \&\s-1\fBRAND_DRBG\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!=FSSL_CTX_add_session.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_ADD_SESSION 3" .TH SSL_CTX_ADD_SESSION 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_add_session, SSL_CTX_remove_session \- manipulate session cache .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c); \& \& int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The reference count for session \fBc\fR is incremented by 1. If a session with the same session id already exists, the old session is removed by calling \&\fBSSL_SESSION_free\fR\|(3). .PP \&\fBSSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR and marks it as non-resumable. \fBSSL_SESSION_free\fR\|(3) is called once for \fBc\fR. .SH "NOTES" .IX Header "NOTES" When adding a new session to the internal session cache, it is examined whether a session with the same session id already exists. In this case it is assumed that both sessions are identical. If the same session is stored in a different \s-1SSL_SESSION\s0 object, The old session is removed and replaced by the new session. If the session is actually identical (the \s-1SSL_SESSION\s0 object is identical), \fBSSL_CTX_add_session()\fR is a no-op, and the return value is 0. .PP If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 flag then the internal cache will not be populated automatically by new sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal cache will be searched automatically for session-resume requests (the latter can be suppressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the application can use \fBSSL_CTX_add_session()\fR directly to have full control over the sessions that can be resumed if desired. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following values are returned by all functions: .IP "0" 4 The operation failed. In case of the add operation, it was tried to add the same (identical) session twice. In case of the remove operation, the session was not found in the cache. .IP "1" 4 .IX Item "1" The operation succeeded. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_session_cache_mode\fR\|(3), \&\fBSSL_SESSION_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!SMIME_write_PKCS7.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SMIME_WRITE_PKCS7 3" .TH SMIME_WRITE_PKCS7 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7 structure to produce an S/MIME message. .PP \&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate \fB\s-1PKCS7\s0\fR structure. If streaming is enabled then the content must be supplied in the \&\fBdata\fR argument. \fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" The following flags can be passed in the \fBflags\fR parameter. .PP If \fB\s-1PKCS7_DETACHED\s0\fR is set then cleartext signing will be used, this option only makes sense for signedData where \fB\s-1PKCS7_DETACHED\s0\fR is also set when \fBPKCS7_sign()\fR is also called. .PP If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR is also set. .PP If the \fB\s-1PKCS7_STREAM\s0\fR flag is set streaming is performed. This flag should only be set if \fB\s-1PKCS7_STREAM\s0\fR was also set in the previous call to \&\fBPKCS7_sign()\fR or \fBPKCS7_encrypt()\fR. .PP If cleartext signing is being used and \fB\s-1PKCS7_STREAM\s0\fR not set then the data must be read twice: once to compute the signature in \fBPKCS7_sign()\fR and once to output the S/MIME message. .PP If streaming is performed the content is output in \s-1BER\s0 format using indefinite length constructed encoding except in the case of signed data with detached content where the content is absent and \s-1DER\s0 format is used. .SH "BUGS" .IX Header "BUGS" \&\fBSMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there should be an option to disable this. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSMIME_write_PKCS7()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), \&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) \&\fBPKCS7_decrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!/RSSL_SESSION_get_ex_data.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET_EX_DATA 3" .TH SSL_SESSION_GET_EX_DATA 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \&\- get and set application specific data on a session .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); \& void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_SESSION_set_ex_data()\fR enables an application to store arbitrary application specific data \fBdata\fR in an \s-1SSL_SESSION\s0 structure \fBss\fR. The index \fBidx\fR should be a value previously returned from a call to \fBCRYPTO_get_ex_new_index\fR\|(3). .PP \&\fBSSL_SESSION_get_ex_data()\fR retrieves application specific data previously stored in an \s-1SSL_SESSION\s0 structure \fBs\fR. The \fBidx\fR value should be the same as that used when originally storing the data. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_SESSION_set_ex_data()\fR returns 1 for success or 0 for failure. .PP \&\fBSSL_SESSION_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on failure. \s-1NULL\s0 may also be a valid value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBCRYPTO_get_ex_new_index\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!TSSL_export_keying_material.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_EXPORT_KEYING_MATERIAL 3" .TH SSL_EXPORT_KEYING_MATERIAL 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_export_keying_material, SSL_export_keying_material_early \&\- obtain keying material for application use .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, \& const char *label, size_t llen, \& const unsigned char *context, \& size_t contextlen, int use_context); \& \& int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, \& const char *label, size_t llen, \& const unsigned char *context, \& size_t contextlen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" During the creation of a \s-1TLS\s0 or \s-1DTLS\s0 connection shared keying material is established between the two endpoints. The functions \&\fBSSL_export_keying_material()\fR and \fBSSL_export_keying_material_early()\fR enable an application to use some of this keying material for its own purposes in accordance with \s-1RFC5705\s0 (for TLSv1.2 and below) or \s-1RFC8446\s0 (for TLSv1.3). .PP \&\fBSSL_export_keying_material()\fR derives keying material using the \fIexporter_master_secret\fR established in the handshake. .PP \&\fBSSL_export_keying_material_early()\fR is only usable with TLSv1.3, and derives keying material using the \fIearly_exporter_master_secret\fR (as defined in the \&\s-1TLS 1.3 RFC\s0). For the client, the \fIearly_exporter_master_secret\fR is only available when the client attempts to send 0\-RTT data. For the server, it is only available when the server accepts 0\-RTT data. .PP An application may need to securely establish the context within which this keying material will be used. For example this may include identifiers for the application session, application algorithms or parameters, or the lifetime of the context. The context value is left to the application but must be the same on both sides of the communication. .PP For a given \s-1SSL\s0 connection \fBs\fR, \fBolen\fR bytes of data will be written to \&\fBout\fR. The application specific context should be supplied in the location pointed to by \fBcontext\fR and should be \fBcontextlen\fR bytes long. Provision of a context is optional. If the context should be omitted entirely then \&\fBuse_context\fR should be set to 0. Otherwise it should be any other value. If \&\fBuse_context\fR is 0 then the values of \fBcontext\fR and \fBcontextlen\fR are ignored. Note that in TLSv1.2 and below a zero length context is treated differently from no context at all, and will result in different keying material being returned. In TLSv1.3 a zero length context is that same as no context at all and will result in the same keying material being returned. .PP An application specific label should be provided in the location pointed to by \&\fBlabel\fR and should be \fBllen\fR bytes long. Typically this will be a value from the \s-1IANA\s0 Exporter Label Registry (). Alternatively labels beginning with \*(L"\s-1EXPERIMENTAL\*(R"\s0 are permitted by the standard to be used without registration. TLSv1.3 imposes a maximum label length of 249 bytes. .PP Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and above. Attempting to use it in SSLv3 will result in an error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_export_keying_material()\fR returns 0 or \-1 on failure or 1 on success. .PP \&\fBSSL_export_keying_material_early()\fR returns 0 on failure or 1 on success. .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_export_keying_material_early()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!;ӿERR_get_error.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ERR_GET_ERROR 3" .TH ERR_GET_ERROR 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ERR_get_error, ERR_peek_error, ERR_peek_last_error, ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, ERR_get_error_line_data, ERR_peek_error_line_data, ERR_peek_last_error_line_data \- obtain error code and data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& unsigned long ERR_get_error(void); \& unsigned long ERR_peek_error(void); \& unsigned long ERR_peek_last_error(void); \& \& unsigned long ERR_get_error_line(const char **file, int *line); \& unsigned long ERR_peek_error_line(const char **file, int *line); \& unsigned long ERR_peek_last_error_line(const char **file, int *line); \& \& unsigned long ERR_get_error_line_data(const char **file, int *line, \& const char **data, int *flags); \& unsigned long ERR_peek_error_line_data(const char **file, int *line, \& const char **data, int *flags); \& unsigned long ERR_peek_last_error_line_data(const char **file, int *line, \& const char **data, int *flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBERR_get_error()\fR returns the earliest error code from the thread's error queue and removes the entry. This function can be called repeatedly until there are no more error codes to return. .PP \&\fBERR_peek_error()\fR returns the earliest error code from the thread's error queue without modifying it. .PP \&\fBERR_peek_last_error()\fR returns the latest error code from the thread's error queue without modifying it. .PP See \s-1\fBERR_GET_LIB\s0\fR\|(3) for obtaining information about location and reason of the error, and \&\fBERR_error_string\fR\|(3) for human-readable error messages. .PP \&\fBERR_get_error_line()\fR, \fBERR_peek_error_line()\fR and \&\fBERR_peek_last_error_line()\fR are the same as the above, but they additionally store the filename and line number where the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR. .PP \&\fBERR_get_error_line_data()\fR, \fBERR_peek_error_line_data()\fR and \&\fBERR_peek_last_error_line_data()\fR store additional data and flags associated with the error code in *\fBdata\fR and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true. .PP An application \fB\s-1MUST NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers returned by these functions) with \fBOPENSSL_free()\fR as freeing is handled automatically by the error library. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The error code, or 0 if there is no error in the queue. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_error_string\fR\|(3), \&\s-1\fBERR_GET_LIB\s0\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!88SSL_CTX_set_min_proto_version.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MIN_PROTO_VERSION 3" .TH SSL_CTX_SET_MIN_PROTO_VERSION 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version, SSL_set_min_proto_version, SSL_set_max_proto_version, SSL_get_min_proto_version, SSL_get_max_proto_version \- Get and set minimum and maximum supported protocol version .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version); \& int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version); \& int SSL_CTX_get_min_proto_version(SSL_CTX *ctx); \& int SSL_CTX_get_max_proto_version(SSL_CTX *ctx); \& \& int SSL_set_min_proto_version(SSL *ssl, int version); \& int SSL_set_max_proto_version(SSL *ssl, int version); \& int SSL_get_min_proto_version(SSL *ssl); \& int SSL_get_max_proto_version(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The functions get or set the minimum and maximum supported protocol versions for the \fBctx\fR or \fBssl\fR. This works in combination with the options set via \&\fBSSL_CTX_set_options\fR\|(3) that also make it possible to disable specific protocol versions. Use these functions instead of disabling specific protocol versions. .PP Setting the minimum or maximum version to 0, will enable protocol versions down to the lowest version, or up to the highest version supported by the library, respectively. .PP Getters return 0 in case \fBctx\fR or \fBssl\fR have been configured to automatically use the lowest or highest version supported by the library. .PP Currently supported versions are \fB\s-1SSL3_VERSION\s0\fR, \fB\s-1TLS1_VERSION\s0\fR, \&\fB\s-1TLS1_1_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR, \fB\s-1TLS1_3_VERSION\s0\fR for \s-1TLS\s0 and \&\fB\s-1DTLS1_VERSION\s0\fR, \fB\s-1DTLS1_2_VERSION\s0\fR for \s-1DTLS.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" These setter functions return 1 on success and 0 on failure. The getter functions return the configured version or 0 for auto-configuration of lowest or highest protocol, respectively. .SH "NOTES" .IX Header "NOTES" All these functions are implemented using macros. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CONF_cmd\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The setter functions were added in OpenSSL 1.1.0. The getter functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!SSL_get_peer_signature_nid.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_SIGNATURE_NID 3" .TH SSL_GET_PEER_SIGNATURE_NID 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, SSL_get_signature_nid, SSL_get_signature_type_nid \- get TLS message signing types .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid); \& int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid); \& int SSL_get_signature_nid(SSL *ssl, int *psig_nid); \& int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_get_peer_signature_nid()\fR sets \fB*psig_nid\fR to the \s-1NID\s0 of the digest used by the peer to sign \s-1TLS\s0 messages. It is implemented as a macro. .PP \&\fBSSL_get_peer_signature_type_nid()\fR sets \fB*psigtype_nid\fR to the signature type used by the peer to sign \s-1TLS\s0 messages. Currently the signature type is the \s-1NID\s0 of the public key type used for signing except for \s-1PSS\s0 signing where it is \fB\s-1EVP_PKEY_RSA_PSS\s0\fR. To differentiate between \&\fBrsa_pss_rsae_*\fR and \fBrsa_pss_pss_*\fR signatures, it's necessary to check the type of public key in the peer's certificate. .PP \&\fBSSL_get_signature_nid()\fR and \fBSSL_get_signature_type_nid()\fR return the equivalent information for the local end of the connection. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return 1 for success and 0 for failure. There are several possible reasons for failure: the cipher suite has no signature (e.g. it uses \s-1RSA\s0 key exchange or is anonymous), the \s-1TLS\s0 version is below 1.2 or the functions were called too early, e.g. before the peer signed a message. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_peer_certificate\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! (X509_STORE_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_STORE_NEW 3" .TH X509_STORE_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock, X509_STORE_unlock \- X509_STORE allocation, freeing and locking functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& X509_STORE *X509_STORE_new(void); \& void X509_STORE_free(X509_STORE *v); \& int X509_STORE_lock(X509_STORE *v); \& int X509_STORE_unlock(X509_STORE *v); \& int X509_STORE_up_ref(X509_STORE *v); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBX509_STORE_new()\fR function returns a new X509_STORE. .PP \&\fBX509_STORE_up_ref()\fR increments the reference count associated with the X509_STORE object. .PP \&\fBX509_STORE_lock()\fR locks the store from modification by other threads, \&\fBX509_STORE_unlock()\fR unlocks it. .PP \&\fBX509_STORE_free()\fR frees up a single X509_STORE object. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_STORE_new()\fR returns a newly created X509_STORE or \s-1NULL\s0 if the call fails. .PP \&\fBX509_STORE_up_ref()\fR, \fBX509_STORE_lock()\fR and \fBX509_STORE_unlock()\fR return 1 for success and 0 for failure. .PP \&\fBX509_STORE_free()\fR does not return values. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_STORE_set_verify_cb_func\fR\|(3) \&\fBX509_STORE_get0_param\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBX509_STORE_up_ref()\fR, \fBX509_STORE_lock()\fR and \fBX509_STORE_unlock()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!2<"BN_mod_inverse.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_MOD_INVERSE 3" .TH BN_MOD_INVERSE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_mod_inverse \- compute inverse modulo n .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n, \& BN_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. .PP \&\fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBN_mod_inverse()\fR returns the \fB\s-1BIGNUM\s0\fR containing the inverse, and \&\s-1NULL\s0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! Gd2i_SSL_SESSION.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "D2I_SSL_SESSION 3" .TH D2I_SSL_SESSION 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" d2i_SSL_SESSION, i2d_SSL_SESSION \- convert SSL_SESSION object from/to ASN1 representation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, \& long length); \& int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions decode and encode an \s-1SSL_SESSION\s0 object. For encoding details see \fBd2i_X509\fR\|(3). .PP \&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created from this \s-1SSL_CTX\s0 object). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBd2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0 object. In case of failure the NULL-pointer is returned and the error message can be retrieved from the error stack. .PP \&\fBi2d_SSL_SESSION()\fR returns the size of the \s-1ASN1\s0 representation in bytes. When the session is not valid, \fB0\fR is returned and no operation is performed. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_SESSION_free\fR\|(3), \&\fBSSL_CTX_sess_set_get_cb\fR\|(3), \&\fBd2i_X509\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!jC""SSL_key_update.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_KEY_UPDATE 3" .TH SSL_KEY_UPDATE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_key_update, SSL_get_key_update_type, SSL_renegotiate, SSL_renegotiate_abbreviated, SSL_renegotiate_pending \&\- initiate and obtain information about updating connection keys .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_key_update(SSL *s, int updatetype); \& int SSL_get_key_update_type(const SSL *s); \& \& int SSL_renegotiate(SSL *s); \& int SSL_renegotiate_abbreviated(SSL *s); \& int SSL_renegotiate_pending(const SSL *s); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_key_update()\fR schedules an update of the keys for the current \s-1TLS\s0 connection. If the \fBupdatetype\fR parameter is set to \fB\s-1SSL_KEY_UPDATE_NOT_REQUESTED\s0\fR then the sending keys for this connection will be updated and the peer will be informed of the change. If the \fBupdatetype\fR parameter is set to \&\fB\s-1SSL_KEY_UPDATE_REQUESTED\s0\fR then the sending keys for this connection will be updated and the peer will be informed of the change along with a request for the peer to additionally update its sending keys. It is an error if \fBupdatetype\fR is set to \fB\s-1SSL_KEY_UPDATE_NONE\s0\fR. .PP \&\fBSSL_key_update()\fR must only be called after the initial handshake has been completed and TLSv1.3 has been negotiated. The key update will not take place until the next time an \s-1IO\s0 operation such as \fBSSL_read_ex()\fR or \fBSSL_write_ex()\fR takes place on the connection. Alternatively \fBSSL_do_handshake()\fR can be called to force the update to take place immediately. .PP \&\fBSSL_get_key_update_type()\fR can be used to determine whether a key update operation has been scheduled but not yet performed. The type of the pending key update operation will be returned if there is one, or \s-1SSL_KEY_UPDATE_NONE\s0 otherwise. .PP \&\fBSSL_renegotiate()\fR and \fBSSL_renegotiate_abbreviated()\fR should only be called for connections that have negotiated TLSv1.2 or less. Calling them on any other connection will result in an error. .PP When called from the client side, \fBSSL_renegotiate()\fR schedules a completely new handshake over an existing \s-1SSL/TLS\s0 connection. The next time an \s-1IO\s0 operation such as \fBSSL_read_ex()\fR or \fBSSL_write_ex()\fR takes place on the connection a check will be performed to confirm that it is a suitable time to start a renegotiation. If so, then it will be initiated immediately. OpenSSL will not attempt to resume any session associated with the connection in the new handshake. .PP When called from the client side, \fBSSL_renegotiate_abbreviated()\fR works in the same was as \fBSSL_renegotiate()\fR except that OpenSSL will attempt to resume the session associated with the current connection in the new handshake. .PP When called from the server side, \fBSSL_renegotiate()\fR and \&\fBSSL_renegotiate_abbreviated()\fR behave identically. They both schedule a request for a new handshake to be sent to the client. The next time an \s-1IO\s0 operation is performed then the same checks as on the client side are performed and then, if appropriate, the request is sent. The client may or may not respond with a new handshake and it may or may not attempt to resume an existing session. If a new handshake is started then this will be handled transparently by calling any OpenSSL \s-1IO\s0 function. .PP If an OpenSSL client receives a renegotiation request from a server then again this will be handled transparently through calling any OpenSSL \s-1IO\s0 function. For a \s-1TLS\s0 connection the client will attempt to resume the current session in the new handshake. For historical reasons, \s-1DTLS\s0 clients will not attempt to resume the session in the new handshake. .PP The \fBSSL_renegotiate_pending()\fR function returns 1 if a renegotiation or renegotiation request has been scheduled but not yet acted on, or 0 otherwise. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_key_update()\fR, \fBSSL_renegotiate()\fR and \fBSSL_renegotiate_abbreviated()\fR return 1 on success or 0 on error. .PP \&\fBSSL_get_key_update_type()\fR returns the update type of the pending key update operation or \s-1SSL_KEY_UPDATE_NONE\s0 if there is none. .PP \&\fBSSL_renegotiate_pending()\fR returns 1 if a renegotiation or renegotiation request has been scheduled but not yet acted on, or 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_read_ex\fR\|(3), \&\fBSSL_write_ex\fR\|(3), \&\fBSSL_do_handshake\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_key_update()\fR and \fBSSL_get_key_update_type()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!p_NNEVP_PKEY_CTX_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_NEW 3" .TH EVP_PKEY_CTX_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free \- public key algorithm context functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); \& EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); \& EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); \& void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using the algorithm specified in \fBpkey\fR and \s-1ENGINE\s0 \fBe\fR. .PP The \fBEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context using the algorithm specified by \fBid\fR and \s-1ENGINE\s0 \fBe\fR. It is normally used when no \fB\s-1EVP_PKEY\s0\fR structure is associated with the operations, for example during parameter generation of key generation for some algorithms. .PP \&\fBEVP_PKEY_CTX_dup()\fR duplicates the context \fBctx\fR. .PP \&\fBEVP_PKEY_CTX_free()\fR frees up the context \fBctx\fR. If \fBctx\fR is \s-1NULL,\s0 nothing is done. .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP_PKEY_CTX\s0\fR structure is an opaque public key algorithm context used by the OpenSSL high-level public key \s-1API.\s0 Contexts \fB\s-1MUST NOT\s0\fR be shared between threads: that is it is not permissible to use the same context simultaneously in two threads. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_CTX_new()\fR, \fBEVP_PKEY_CTX_new_id()\fR, \fBEVP_PKEY_CTX_dup()\fR returns either the newly allocated \fB\s-1EVP_PKEY_CTX\s0\fR structure of \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBEVP_PKEY_CTX_free()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!KBIO_f_buffer.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_F_BUFFER 3" .TH BIO_F_BUFFER 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_get_buffer_num_lines, BIO_set_read_buffer_size, BIO_set_write_buffer_size, BIO_set_buffer_size, BIO_set_buffer_read_data, BIO_f_buffer \&\- buffering BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const BIO_METHOD *BIO_f_buffer(void); \& \& long BIO_get_buffer_num_lines(BIO *b); \& long BIO_set_read_buffer_size(BIO *b, long size); \& long BIO_set_write_buffer_size(BIO *b, long size); \& long BIO_set_buffer_size(BIO *b, long size); \& long BIO_set_buffer_read_data(BIO *b, void *buf, long num); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. .PP Data written to a buffering \s-1BIO\s0 is buffered and periodically written to the next \s-1BIO\s0 in the chain. Data read from a buffering \s-1BIO\s0 comes from an internal buffer which is filled from the next \s-1BIO\s0 in the chain. Both \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported. .PP Calling \fBBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data. .PP \&\fBBIO_get_buffer_num_lines()\fR returns the number of lines currently buffered. .PP \&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR set the read, write or both read and write buffer sizes to \fBsize\fR. The initial buffer size is \s-1DEFAULT_BUFFER_SIZE,\s0 currently 4096. Any attempt to reduce the buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared when the buffer is resized. .PP \&\fBBIO_set_buffer_read_data()\fR clears the read buffer and fills it with \fBnum\fR bytes of \fBbuf\fR. If \fBnum\fR is larger than the current buffer size the buffer is expanded. .SH "NOTES" .IX Header "NOTES" These functions, other than \fBBIO_f_buffer()\fR, are implemented as macros. .PP Buffering BIOs implement \fBBIO_read_ex()\fR and \fBBIO_gets()\fR by using \&\fBBIO_read_ex()\fR operations on the next \s-1BIO\s0 in the chain and storing the result in an internal buffer, from which bytes are given back to the caller as appropriate for the call; a \fBBIO_gets()\fR is guaranteed to give the caller a whole line, and \fBBIO_read_ex()\fR is guaranteed to give the caller the number of bytes it asks for, unless there's an error or end of communication is reached in the next \s-1BIO.\s0 By prepending a buffering \s-1BIO\s0 to a chain it is therefore possible to provide \&\fBBIO_gets()\fR or exact size \fBBIO_read_ex()\fR functionality if the following BIOs do not support it. .PP Do not add more than one \fBBIO_f_buffer()\fR to a \s-1BIO\s0 chain. The result of doing so will force a full read of the size of the internal buffer of the top \fBBIO_f_buffer()\fR, which is 4 KiB at a minimum. .PP Data is only written to the next \s-1BIO\s0 in the chain when the write buffer fills or when \fBBIO_flush()\fR is called. It is therefore important to call \fBBIO_flush()\fR whenever any pending data should be written such as when removing a buffering \&\s-1BIO\s0 using \fBBIO_pop()\fR. \fBBIO_flush()\fR may need to be retried if the ultimate source/sink \s-1BIO\s0 is non blocking. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. .PP \&\fBBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0). .PP \&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR return 1 if the buffer was successfully resized or 0 for failure. .PP \&\fBBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or 0 if there was an error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBbio\fR\|(7), \&\fBBIO_reset\fR\|(3), \&\fBBIO_flush\fR\|(3), \&\fBBIO_pop\fR\|(3), \&\fBBIO_ctrl\fR\|(3). .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!P7CTLOG_STORE_get0_log_by_id.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CTLOG_STORE_GET0_LOG_BY_ID 3" .TH CTLOG_STORE_GET0_LOG_BY_ID 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CTLOG_STORE_get0_log_by_id \- Get a Certificate Transparency log from a CTLOG_STORE .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, \& const uint8_t *log_id, \& size_t log_id_len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A Signed Certificate Timestamp (\s-1SCT\s0) identifies the Certificate Transparency (\s-1CT\s0) log that issued it using the log's LogID (see \s-1RFC 6962,\s0 Section 3.2). Therefore, it is useful to be able to look up more information about a log (e.g. its public key) using this LogID. .PP \&\fBCTLOG_STORE_get0_log_by_id()\fR provides a way to do this. It will find a \s-1CTLOG\s0 in a \s-1CTLOG_STORE\s0 that has a given LogID. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCTLOG_STORE_get0_log_by_id\fR returns a \s-1CTLOG\s0 with the given LogID, if it exists in the given \s-1CTLOG_STORE,\s0 otherwise it returns \s-1NULL.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBct\fR\|(7), \&\fBCTLOG_STORE_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBCTLOG_STORE_get0_log_by_id()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!kđLLSSL_get_psk_identity.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_PSK_IDENTITY 3" .TH SSL_GET_PSK_IDENTITY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get_psk_identity, SSL_get_psk_identity_hint \- get PSK client identity and hint .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const char *SSL_get_psk_identity_hint(const SSL *ssl); \& const char *SSL_get_psk_identity(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_get_psk_identity_hint()\fR is used to retrieve the \s-1PSK\s0 identity hint used during the connection setup related to \s-1SSL\s0 object \&\fBssl\fR. Similarly, \fBSSL_get_psk_identity()\fR is used to retrieve the \s-1PSK\s0 identity used during the connection setup. .SH "RETURN VALUES" .IX Header "RETURN VALUES" If non\-\fB\s-1NULL\s0\fR, \fBSSL_get_psk_identity_hint()\fR returns the \s-1PSK\s0 identity hint and \fBSSL_get_psk_identity()\fR returns the \s-1PSK\s0 identity. Both are \&\fB\s-1NULL\s0\fR\-terminated. \fBSSL_get_psk_identity_hint()\fR may return \fB\s-1NULL\s0\fR if no \s-1PSK\s0 identity hint was used during the connection setup. .PP Note that the return value is valid only during the lifetime of the \&\s-1SSL\s0 object \fBssl\fR. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ʩEC_GFp_simple_method.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EC_GFP_SIMPLE_METHOD 3" .TH EC_GFP_SIMPLE_METHOD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type \- Functions for obtaining EC_METHOD objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EC_METHOD *EC_GFp_simple_method(void); \& const EC_METHOD *EC_GFp_mont_method(void); \& const EC_METHOD *EC_GFp_nist_method(void); \& const EC_METHOD *EC_GFp_nistp224_method(void); \& const EC_METHOD *EC_GFp_nistp256_method(void); \& const EC_METHOD *EC_GFp_nistp521_method(void); \& \& const EC_METHOD *EC_GF2m_simple_method(void); \& \& int EC_METHOD_get_field_type(const EC_METHOD *meth); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The Elliptic Curve library provides a number of different implementations through a single common interface. When constructing a curve using EC_GROUP_new (see \fBEC_GROUP_new\fR\|(3)) an implementation method must be provided. The functions described here all return a const pointer to an \&\fB\s-1EC_METHOD\s0\fR structure that can be passed to \s-1EC_GROUP_NEW.\s0 It is important that the correct implementation type for the form of curve selected is used. .PP For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_method. .PP For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the use of montgomery multiplication (see \fBBN_mod_mul_montgomery\fR\|(3)). EC_GFp_nist_method offers an implementation optimised for use with \s-1NIST\s0 recommended curves (\s-1NIST\s0 curves are available through EC_GROUP_new_by_curve_name as described in \fBEC_GROUP_new\fR\|(3)). .PP The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit optimised implementations for the \s-1NIST P224, P256\s0 and P521 curves respectively. Note, however, that these implementations are not available on all platforms. .PP EC_METHOD_get_field_type identifies what type of field the \s-1EC_METHOD\s0 structure supports, which will be either F2^m or Fp. If the field type is Fp then the value \fBNID_X9_62_prime_field\fR is returned. If the field type is F2^m then the value \fBNID_X9_62_characteristic_two_field\fR is returned. These values are defined in the obj_mac.h header file. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to an \s-1EC_METHOD\s0 structure. .PP EC_METHOD_get_field_type returns an integer that identifies the type of field the \s-1EC_METHOD\s0 structure supports. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), \&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), \&\fBd2i_ECPKParameters\fR\|(3), \&\fBBN_mod_mul_montgomery\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!OOSMIME_read_PKCS7.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SMIME_READ_PKCS7 3" .TH SMIME_READ_PKCS7 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SMIME_read_PKCS7 \- parse S/MIME message .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSMIME_read_PKCS7()\fR parses a message in S/MIME format. .PP \&\fBin\fR is a \s-1BIO\s0 to read the message from. .PP If cleartext signing is used then the content is saved in a memory bio which is written to \fB*bcont\fR, otherwise \&\fB*bcont\fR is set to \fB\s-1NULL\s0\fR. .PP The parsed PKCS#7 structure is returned or \fB\s-1NULL\s0\fR if an error occurred. .SH "NOTES" .IX Header "NOTES" If \fB*bcont\fR is not \fB\s-1NULL\s0\fR then the message is clear text signed. \fB*bcont\fR can then be passed to \fBPKCS7_verify()\fR with the \fB\s-1PKCS7_DETACHED\s0\fR flag set. .PP Otherwise the type of the returned structure can be determined using \fBPKCS7_type_is_enveloped()\fR, etc. .PP To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR \&\fB*bcont\fR should be initialized to \fB\s-1NULL\s0\fR. For example: .PP .Vb 2 \& BIO *cont = NULL; \& PKCS7 *p7; \& \& p7 = SMIME_read_PKCS7(in, &cont); .Ve .SH "BUGS" .IX Header "BUGS" The \s-1MIME\s0 parser used by \fBSMIME_read_PKCS7()\fR is somewhat primitive. While it will handle most S/MIME messages more complex compound formats may not work. .PP The parser assumes that the \s-1PKCS7\s0 structure is always base64 encoded and will not handle the case where it is in binary format or uses quoted printable format. .PP The use of a memory \s-1BIO\s0 to hold the signed content limits the size of message which can be processed due to memory restraints: a streaming single pass option should be available. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \&\fBSMIME_read_PKCS7\fR\|(3), \fBPKCS7_sign\fR\|(3), \&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) \&\fBPKCS7_decrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!]i}SSL_load_client_CA_file.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_LOAD_CLIENT_CA_FILE 3" .TH SSL_LOAD_CLIENT_CA_FILE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_load_client_CA_file, SSL_add_file_cert_subjects_to_stack, SSL_add_dir_cert_subjects_to_stack \&\- load certificate names .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); \& \& int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, \& const char *file) \& int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, \& const char *dir) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_load_client_CA_file()\fR reads certificates from \fIfile\fR and returns a \s-1STACK_OF\s0(X509_NAME) with the subject names found. .PP \&\fBSSL_add_file_cert_subjects_to_stack()\fR reads certificates from \fIfile\fR, and adds their subject name to the already existing \fIstack\fR. .PP \&\fBSSL_add_dir_cert_subjects_to_stack()\fR reads certificates from every file in the directory \fIdir\fR, and adds their subject name to the already existing \fIstack\fR. .SH "NOTES" .IX Header "NOTES" \&\fBSSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and extracts the X509_NAMES of the certificates found. While the name suggests the specific usage as support function for \&\fBSSL_CTX_set_client_CA_list\fR\|(3), it is not limited to \s-1CA\s0 certificates. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "\s-1NULL\s0" 4 .IX Item "NULL" The operation failed, check out the error stack for the reason. .IP "Pointer to \s-1STACK_OF\s0(X509_NAME)" 4 .IX Item "Pointer to STACK_OF(X509_NAME)" Pointer to the subject names of the successfully read certificates. .SH "EXAMPLES" .IX Header "EXAMPLES" Load names of CAs from file and use it as a client \s-1CA\s0 list: .PP .Vb 2 \& SSL_CTX *ctx; \& STACK_OF(X509_NAME) *cert_names; \& \& ... \& cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); \& if (cert_names != NULL) \& SSL_CTX_set_client_CA_list(ctx, cert_names); \& else \& /* error */ \& ... .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_client_CA_list\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!g DH_size.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DH_SIZE 3" .TH DH_SIZE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DH_size, DH_bits, DH_security_bits \- get Diffie\-Hellman prime size and security bits .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int DH_size(const DH *dh); \& \& int DH_bits(const DH *dh); \& \& int DH_security_bits(const DH *dh); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBDH_size()\fR returns the Diffie-Hellman prime size in bytes. It can be used to determine how much memory must be allocated for the shared secret computed by \fBDH_compute_key\fR\|(3). .PP \&\fBDH_bits()\fR returns the number of significant bits. .PP \&\fBdh\fR and \fBdh\->p\fR must not be \fB\s-1NULL\s0\fR. .PP \&\fBDH_security_bits()\fR returns the number of security bits of the given \fBdh\fR key. See \fBBN_security_bits\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDH_size()\fR returns the prime size of Diffie-Hellman in bytes. .PP \&\fBDH_bits()\fR returns the number of bits in the key. .PP \&\fBDH_security_bits()\fR returns the number of security bits. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDH_new\fR\|(3), \fBDH_generate_key\fR\|(3), \&\fBBN_num_bits\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBDH_bits()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!O=SSL_CONF_CTX_set_ssl_ctx.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_SET_SSL_CTX 3" .TH SSL_CONF_CTX_SET_SSL_CTX 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl \- set context to configure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); \& void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CONF_CTX_set_ssl_ctx()\fR sets the context associated with \fBcctx\fR to the \&\fB\s-1SSL_CTX\s0\fR structure \fBctx\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with \&\fBcctx\fR is cleared. Subsequent calls to \fBSSL_CONF_cmd()\fR will be sent to \&\fBctx\fR. .PP \&\fBSSL_CONF_CTX_set_ssl()\fR sets the context associated with \fBcctx\fR to the \&\fB\s-1SSL\s0\fR structure \fBssl\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with \&\fBcctx\fR is cleared. Subsequent calls to \fBSSL_CONF_cmd()\fR will be sent to \&\fBssl\fR. .SH "NOTES" .IX Header "NOTES" The context need not be set or it can be set to \fB\s-1NULL\s0\fR in which case only syntax checking of commands is performed, where possible. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CONF_CTX_set_ssl_ctx()\fR and \fBSSL_CTX_set_ssl()\fR do not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CONF_CTX_new\fR\|(3), \&\fBSSL_CONF_CTX_set_flags\fR\|(3), \&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), \&\fBSSL_CONF_cmd\fR\|(3), \&\fBSSL_CONF_cmd_argv\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!8طwwECPKParameters_print.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ECPKPARAMETERS_PRINT 3" .TH ECPKPARAMETERS_PRINT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ECPKParameters_print, ECPKParameters_print_fp \- Functions for decoding and encoding ASN1 representations of elliptic curve entities .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); \& int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The ECPKParameters represent the public parameters for an \&\fB\s-1EC_GROUP\s0\fR structure, which represents a curve. .PP The \fBECPKParameters_print()\fR and \fBECPKParameters_print_fp()\fR functions print a human-readable output of the public parameters of the \s-1EC_GROUP\s0 to \fBbp\fR or \fBfp\fR. The output lines are indented by \fBoff\fR spaces. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBECPKParameters_print()\fR and \fBECPKParameters_print_fp()\fR return 1 for success and 0 if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), \&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!NEVP_PKEY_CTX_set1_pbe_pass.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET1_PBE_PASS 3" .TH EVP_PKEY_CTX_SET1_PBE_PASS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_CTX_set1_pbe_pass \&\- generic KDF support functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *pctx, unsigned char *pass, \& int passlen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions are generic support functions for all \s-1KDF\s0 algorithms. .PP \&\fBEVP_PKEY_CTX_set1_pbe_pass()\fR sets the password to the \fBpasslen\fR first bytes from \fBpass\fR. .SH "STRING CTRLS" .IX Header "STRING CTRLS" There is also support for string based control operations via \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). The \fBpassword\fR can be directly specified using the \fBtype\fR parameter \&\*(L"pass\*(R" or given in hex encoding using the \*(L"hexpass\*(R" parameter. .SH "NOTES" .IX Header "NOTES" All these functions are implemented as macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All these functions return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ۛBN_security_bits.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_SECURITY_BITS 3" .TH BN_SECURITY_BITS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_security_bits \- returns bits of security based on given numbers .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int BN_security_bits(int L, int N); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBN_security_bits()\fR returns the number of bits of security provided by a specific algorithm and a particular key size. The bits of security is defined in \s-1NIST SP800\-57.\s0 Currently, \fBBN_security_bits()\fR support two types of asymmetric algorithms: the \s-1FFC\s0 (Finite Field Cryptography) and \s-1IFC\s0 (Integer Factorization Cryptography). For \s-1FFC,\s0 e.g., \s-1DSA\s0 and \s-1DH,\s0 both parameters \fBL\fR and \fBN\fR are used to decide the bits of security, where \&\fBL\fR is the size of the public key and \fBN\fR is the size of the private key. For \s-1IFC,\s0 e.g., \s-1RSA,\s0 only \fBL\fR is used and it's commonly considered to be the key size (modulus). .SH "RETURN VALUES" .IX Header "RETURN VALUES" Number of security bits. .SH "NOTES" .IX Header "NOTES" \&\s-1ECC\s0 (Elliptic Curve Cryptography) is not covered by the \fBBN_security_bits()\fR function. The symmetric algorithms are not covered neither. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDH_security_bits\fR\|(3), \fBDSA_security_bits\fR\|(3), \fBRSA_security_bits\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBBN_security_bits()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!m>aaDH_generate_key.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DH_GENERATE_KEY 3" .TH DH_GENERATE_KEY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DH_generate_key, DH_compute_key, DH_compute_key_padded \- perform Diffie\-Hellman key exchange .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int DH_generate_key(DH *dh); \& \& int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); \& \& int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBDH_generate_key()\fR performs the first step of a Diffie-Hellman key exchange by generating private and public \s-1DH\s0 values. By calling \&\fBDH_compute_key()\fR or \fBDH_compute_key_padded()\fR, these are combined with the other party's public value to compute the shared key. .PP \&\fBDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters \&\fBdh\->p\fR and \fBdh\->g\fR. It generates a random private \s-1DH\s0 value unless \fBdh\->priv_key\fR is already set, and computes the corresponding public value \fBdh\->pub_key\fR, which can then be published. .PP \&\fBDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value in \fBdh\fR and the other party's public value in \fBpub_key\fR and stores it in \fBkey\fR. \fBkey\fR must point to \fBDH_size(dh)\fR bytes of memory. The padding style is \s-1RFC 5246\s0 (8.1.2) that strips leading zero bytes. It is not constant time due to the leading zero bytes being stripped. The return value should be considered public. .PP \&\fBDH_compute_key_padded()\fR is similar but stores a fixed number of bytes. The padding style is \s-1NIST SP 800\-56A\s0 (C.1) that retains leading zero bytes. It is constant time due to the leading zero bytes being retained. The return value should be considered public. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDH_generate_key()\fR returns 1 on success, 0 otherwise. .PP \&\fBDH_compute_key()\fR returns the size of the shared secret on success, \-1 on error. .PP \&\fBDH_compute_key_padded()\fR returns \fBDH_size(dh)\fR on success, \-1 on error. .PP The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \fBDH_size\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBDH_compute_key_padded()\fR was added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!|"%22ECDSA_SIG_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ECDSA_SIG_NEW 3" .TH ECDSA_SIG_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, ECDSA_do_sign_ex \- low\-level elliptic curve digital signature algorithm (ECDSA) functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& ECDSA_SIG *ECDSA_SIG_new(void); \& void ECDSA_SIG_free(ECDSA_SIG *sig); \& void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); \& const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); \& const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); \& int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); \& int ECDSA_size(const EC_KEY *eckey); \& \& int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, \& unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); \& ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, \& EC_KEY *eckey); \& \& int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, \& const unsigned char *sig, int siglen, EC_KEY *eckey); \& int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, \& const ECDSA_SIG *sig, EC_KEY* eckey); \& \& ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, \& const BIGNUM *kinv, const BIGNUM *rp, \& EC_KEY *eckey); \& int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); \& int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, \& unsigned char *sig, unsigned int *siglen, \& const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" Note: these functions provide a low-level interface to \s-1ECDSA.\s0 Most applications should use the higher level \fB\s-1EVP\s0\fR interface such as \&\fBEVP_DigestSignInit\fR\|(3) or \fBEVP_DigestVerifyInit\fR\|(3) instead. .PP \&\fB\s-1ECDSA_SIG\s0\fR is an opaque structure consisting of two BIGNUMs for the \&\fBr\fR and \fBs\fR value of an \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS 186\-2\s0). .PP \&\fBECDSA_SIG_new()\fR allocates an empty \fB\s-1ECDSA_SIG\s0\fR structure. Note: before OpenSSL 1.1.0 the: the \fBr\fR and \fBs\fR components were initialised. .PP \&\fBECDSA_SIG_free()\fR frees the \fB\s-1ECDSA_SIG\s0\fR structure \fBsig\fR. .PP \&\fBECDSA_SIG_get0()\fR returns internal pointers the \fBr\fR and \fBs\fR values contained in \fBsig\fR and stores them in \fB*pr\fR and \fB*ps\fR, respectively. The pointer \fBpr\fR or \fBps\fR can be \s-1NULL,\s0 in which case the corresponding value is not returned. .PP The values \fBr\fR, \fBs\fR can also be retrieved separately by the corresponding function \fBECDSA_SIG_get0_r()\fR and \fBECDSA_SIG_get0_s()\fR, respectively. .PP The \fBr\fR and \fBs\fR values can be set by calling \fBECDSA_SIG_set0()\fR and passing the new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this function transfers the memory management of the values to the \s-1ECDSA_SIG\s0 object, and therefore the values that have been passed in should not be freed directly after this function has been called. .PP See \fBi2d_ECDSA_SIG\fR\|(3) and \fBd2i_ECDSA_SIG\fR\|(3) for information about encoding and decoding \s-1ECDSA\s0 signatures to/from \s-1DER.\s0 .PP \&\fBECDSA_size()\fR returns the maximum length of a \s-1DER\s0 encoded \s-1ECDSA\s0 signature created with the private \s-1EC\s0 key \fBeckey\fR. .PP \&\fBECDSA_sign()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value \&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR. The \s-1DER\s0 encoded signatures is stored in \fBsig\fR and its length is returned in \fBsig_len\fR. Note: \fBsig\fR must point to ECDSA_size(eckey) bytes of memory. The parameter \fBtype\fR is currently ignored. \fBECDSA_sign()\fR is wrapper function for \fBECDSA_sign_ex()\fR with \fBkinv\fR and \fBrp\fR set to \s-1NULL.\s0 .PP \&\fBECDSA_do_sign()\fR is similar to \fBECDSA_sign()\fR except the signature is returned as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). \fBECDSA_do_sign()\fR is a wrapper function for \fBECDSA_do_sign_ex()\fR with \fBkinv\fR and \fBrp\fR set to \&\s-1NULL.\s0 .PP \&\fBECDSA_verify()\fR verifies that the signature in \fBsig\fR of size \fBsiglen\fR is a valid \s-1ECDSA\s0 signature of the hash value \fBdgst\fR of size \fBdgstlen\fR using the public key \fBeckey\fR. The parameter \fBtype\fR is ignored. .PP \&\fBECDSA_do_verify()\fR is similar to \fBECDSA_verify()\fR except the signature is presented in the form of a pointer to an \fB\s-1ECDSA_SIG\s0\fR structure. .PP The remaining functions utilise the internal \fBkinv\fR and \fBr\fR values used during signature computation. Most applications will never need to call these and some external \s-1ECDSA ENGINE\s0 implementations may not support them at all if either \fBkinv\fR or \fBr\fR is not \fB\s-1NULL\s0\fR. .PP \&\fBECDSA_sign_setup()\fR may be used to precompute parts of the signing operation. \&\fBeckey\fR is the private \s-1EC\s0 key and \fBctx\fR is a pointer to \fB\s-1BN_CTX\s0\fR structure (or \s-1NULL\s0). The precomputed values or returned in \fBkinv\fR and \fBrp\fR and can be used in a later call to \fBECDSA_sign_ex()\fR or \fBECDSA_do_sign_ex()\fR. .PP \&\fBECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value \&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR and the optional pre-computed values \&\fBkinv\fR and \fBrp\fR. The \s-1DER\s0 encoded signature is stored in \fBsig\fR and its length is returned in \fBsig_len\fR. Note: \fBsig\fR must point to ECDSA_size(eckey) bytes of memory. The parameter \fBtype\fR is ignored. .PP \&\fBECDSA_do_sign_ex()\fR is similar to \fBECDSA_sign_ex()\fR except the signature is returned as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBECDSA_SIG_new()\fR returns \s-1NULL\s0 if the allocation fails. .PP \&\fBECDSA_SIG_set0()\fR returns 1 on success or 0 on failure. .PP \&\fBECDSA_SIG_get0_r()\fR and \fBECDSA_SIG_get0_s()\fR return the corresponding value, or \s-1NULL\s0 if it is unset. .PP \&\fBECDSA_size()\fR returns the maximum length signature or 0 on error. .PP \&\fBECDSA_sign()\fR, \fBECDSA_sign_ex()\fR and \fBECDSA_sign_setup()\fR return 1 if successful or 0 on error. .PP \&\fBECDSA_do_sign()\fR and \fBECDSA_do_sign_ex()\fR return a pointer to an allocated \&\fB\s-1ECDSA_SIG\s0\fR structure or \s-1NULL\s0 on error. .PP \&\fBECDSA_verify()\fR and \fBECDSA_do_verify()\fR return 1 for a valid signature, 0 for an invalid signature and \-1 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "EXAMPLES" .IX Header "EXAMPLES" Creating an \s-1ECDSA\s0 signature of a given \s-1SHA\-256\s0 hash value using the named curve prime256v1 (aka P\-256). .PP First step: create an \s-1EC_KEY\s0 object (note: this part is \fBnot\fR \s-1ECDSA\s0 specific) .PP .Vb 3 \& int ret; \& ECDSA_SIG *sig; \& EC_KEY *eckey; \& \& eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); \& if (eckey == NULL) \& /* error */ \& if (EC_KEY_generate_key(eckey) == 0) \& /* error */ .Ve .PP Second step: compute the \s-1ECDSA\s0 signature of a \s-1SHA\-256\s0 hash value using \fBECDSA_do_sign()\fR: .PP .Vb 3 \& sig = ECDSA_do_sign(digest, 32, eckey); \& if (sig == NULL) \& /* error */ .Ve .PP or using \fBECDSA_sign()\fR: .PP .Vb 2 \& unsigned char *buffer, *pp; \& int buf_len; \& \& buf_len = ECDSA_size(eckey); \& buffer = OPENSSL_malloc(buf_len); \& pp = buffer; \& if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) \& /* error */ .Ve .PP Third step: verify the created \s-1ECDSA\s0 signature using \fBECDSA_do_verify()\fR: .PP .Vb 1 \& ret = ECDSA_do_verify(digest, 32, sig, eckey); .Ve .PP or using \fBECDSA_verify()\fR: .PP .Vb 1 \& ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey); .Ve .PP and finally evaluate the return value: .PP .Vb 6 \& if (ret == 1) \& /* signature ok */ \& else if (ret == 0) \& /* incorrect signature */ \& else \& /* error */ .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1ANSI X9.62, US\s0 Federal Information Processing Standard \s-1FIPS 186\-2\s0 (Digital Signature Standard, \s-1DSS\s0) .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEC_KEY_new\fR\|(3), \&\fBEVP_DigestSignInit\fR\|(3), \&\fBEVP_DigestVerifyInit\fR\|(3), \&\fBi2d_ECDSA_SIG\fR\|(3), \&\fBd2i_ECDSA_SIG\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2004\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!Z4  BIO_parse_hostserv.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_PARSE_HOSTSERV 3" .TH BIO_PARSE_HOSTSERV 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_hostserv_priorities, BIO_parse_hostserv \&\- utility routines to parse a standard host and service string .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& enum BIO_hostserv_priorities { \& BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV \& }; \& int BIO_parse_hostserv(const char *hostserv, char **host, char **service, \& enum BIO_hostserv_priorities hostserv_prio); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_parse_hostserv()\fR will parse the information given in \fBhostserv\fR, create strings with the hostname and service name and give those back via \fBhost\fR and \fBservice\fR. Those will need to be freed after they are used. \fBhostserv_prio\fR helps determine if \fBhostserv\fR shall be interpreted primarily as a hostname or a service name in ambiguous cases. .PP The syntax the \fBBIO_parse_hostserv()\fR recognises is: .PP .Vb 7 \& host + \*(Aq:\*(Aq + service \& host + \*(Aq:\*(Aq + \*(Aq*\*(Aq \& host + \*(Aq:\*(Aq \& \*(Aq:\*(Aq + service \& \*(Aq*\*(Aq + \*(Aq:\*(Aq + service \& host \& service .Ve .PP The host part can be a name or an \s-1IP\s0 address. If it's a IPv6 address, it \s-1MUST\s0 be enclosed in brackets, such as '[::1]'. .PP The service part can be a service name or its port number. .PP The returned values will depend on the given \fBhostserv\fR string and \fBhostserv_prio\fR, as follows: .PP .Vb 5 \& host + \*(Aq:\*(Aq + service => *host = "host", *service = "service" \& host + \*(Aq:\*(Aq + \*(Aq*\*(Aq => *host = "host", *service = NULL \& host + \*(Aq:\*(Aq => *host = "host", *service = NULL \& \*(Aq:\*(Aq + service => *host = NULL, *service = "service" \& \*(Aq*\*(Aq + \*(Aq:\*(Aq + service => *host = NULL, *service = "service" \& \& in case no \*(Aq:\*(Aq is present in the string, the result depends on \& hostserv_prio, as follows: \& \& when hostserv_prio == BIO_PARSE_PRIO_HOST \& host => *host = "host", *service untouched \& \& when hostserv_prio == BIO_PARSE_PRIO_SERV \& service => *host untouched, *service = "service" .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_parse_hostserv()\fR returns 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\s-1\fBBIO_ADDRINFO\s0\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!++EVP_DigestSignInit.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_DIGESTSIGNINIT 3" .TH EVP_DIGESTSIGNINIT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal, EVP_DigestSign \- EVP signing functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, \& const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); \& int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); \& int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen); \& \& int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, \& size_t *siglen, const unsigned char *tbs, \& size_t tbslen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1EVP\s0 signature routines are a high-level interface to digital signatures. .PP \&\fBEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from \&\s-1ENGINE\s0 \fBe\fR and private key \fBpkey\fR. \fBctx\fR must be created with \&\fBEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the \&\s-1EVP_PKEY_CTX\s0 of the signing operation will be written to \fB*pctx\fR: this can be used to set alternative signing options. Note that any existing value in \&\fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed directly by the application if \fBctx\fR is not assigned an \s-1EVP_PKEY_CTX\s0 value before being passed to \fBEVP_DigestSignInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created inside \fBEVP_DigestSignInit()\fR and it will be freed automatically when the \&\s-1EVP_MD_CTX\s0 is freed). .PP The digest \fBtype\fR may be \s-1NULL\s0 if the signing algorithm supports it. .PP No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigestSignInit()\fR if the passed \fBctx\fR has already been assigned one via \fBEVP_MD_CTX_set_pkey_ctx\fR\|(3). See also \s-1\fBSM2\s0\fR\|(7). .PP Only \s-1EVP_PKEY\s0 types that support signing can be used with these functions. This includes \s-1MAC\s0 algorithms where the \s-1MAC\s0 generation is considered as a form of \&\*(L"signing\*(R". Built-in \s-1EVP_PKEY\s0 types supported by these functions are \s-1CMAC,\s0 Poly1305, \s-1DSA, ECDSA, HMAC, RSA,\s0 SipHash, Ed25519 and Ed448. .PP Not all digests can be used for all key types. The following combinations apply. .IP "\s-1DSA\s0" 4 .IX Item "DSA" Supports \s-1SHA1, SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 .IP "\s-1ECDSA\s0" 4 .IX Item "ECDSA" Supports \s-1SHA1, SHA224, SHA256, SHA384, SHA512\s0 and \s-1SM3\s0 .IP "\s-1RSA\s0 with no padding" 4 .IX Item "RSA with no padding" Supports no digests (the digest \fBtype\fR must be \s-1NULL\s0) .IP "\s-1RSA\s0 with X931 padding" 4 .IX Item "RSA with X931 padding" Supports \s-1SHA1, SHA256, SHA384\s0 and \s-1SHA512\s0 .IP "All other \s-1RSA\s0 padding types" 4 .IX Item "All other RSA padding types" Support \s-1SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, SHA3\-224, SHA3\-256, SHA3\-384, SHA3\-512\s0 .IP "Ed25519 and Ed448" 4 .IX Item "Ed25519 and Ed448" Support no digests (the digest \fBtype\fR must be \s-1NULL\s0) .IP "\s-1HMAC\s0" 4 .IX Item "HMAC" Supports any digest .IP "\s-1CMAC,\s0 Poly1305 and SipHash" 4 .IX Item "CMAC, Poly1305 and SipHash" Will ignore any digest provided. .PP If RSA-PSS is used and restrictions apply then the digest must match. .PP \&\fBEVP_DigestSignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the signature context \fBctx\fR. This function can be called several times on the same \fBctx\fR to include additional data. This function is currently implemented using a macro. .PP \&\fBEVP_DigestSignFinal()\fR signs the data in \fBctx\fR and places the signature in \fBsig\fR. If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then before the call the \&\fBsiglen\fR parameter should contain the length of the \fBsig\fR buffer. If the call is successful the signature is written to \fBsig\fR and the amount of data written to \fBsiglen\fR. .PP \&\fBEVP_DigestSign()\fR signs \fBtbslen\fR bytes of data at \fBtbs\fR and places the signature in \fBsig\fR and its length in \fBsiglen\fR in a similar way to \&\fBEVP_DigestSignFinal()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR, \fBEVP_DigestSignFinal()\fR and \&\fBEVP_DigestSign()\fR return 1 for success and 0 for failure. .PP The error codes can be obtained from \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP \&\fBEVP_DigestSign()\fR is a one shot operation which signs a single block of data in one function. For algorithms that support streaming it is equivalent to calling \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR. For algorithms which do not support streaming (e.g. PureEdDSA) it is the only way to sign data. .PP In previous versions of OpenSSL there was a link between message digest types and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and the use of clone digest is now discouraged. .PP For some key types and parameters the random number generator must be seeded. If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. .PP The call to \fBEVP_DigestSignFinal()\fR internally finalizes a copy of the digest context. This means that calls to \fBEVP_DigestSignUpdate()\fR and \&\fBEVP_DigestSignFinal()\fR can be called later to digest and sign additional data. .PP Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak will occur. .PP The use of \fBEVP_PKEY_size()\fR with these functions is discouraged because some signature operations may have a signature length which depends on the parameters set. As a result \fBEVP_PKEY_size()\fR would have to return a value which indicates the maximum possible signature for any set of parameters. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_DigestVerifyInit\fR\|(3), \&\fBEVP_DigestInit\fR\|(3), \&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), \&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), \&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1), \&\s-1\fBRAND\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" \&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!;11"SSL_CTX_set_tlsext_ticket_key_cb.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3" .TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_tlsext_ticket_key_cb \- set a callback for session ticket processing .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx, \& int (*cb)(SSL *s, unsigned char key_name[16], \& unsigned char iv[EVP_MAX_IV_LENGTH], \& EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_tlsext_ticket_key_cb()\fR sets a callback function \fIcb\fR for handling session tickets for the ssl context \fIsslctx\fR. Session tickets, defined in \&\s-1RFC5077\s0 provide an enhanced session resumption capability where the server implementation is not required to maintain per session state. It only applies to \s-1TLS\s0 and there is no SSLv3 implementation. .PP The callback function \fIcb\fR will be called for every client instigated \s-1TLS\s0 session when session ticket extension is presented in the \s-1TLS\s0 hello message. It is the responsibility of this function to create or retrieve the cryptographic parameters and to maintain their state. .PP The OpenSSL library uses your callback function to help implement a common \s-1TLS\s0 ticket construction state according to \s-1RFC5077\s0 Section 4 such that per session state is unnecessary and a small set of cryptographic variables needs to be maintained by the callback function implementation. .PP In order to reuse a session, a \s-1TLS\s0 client must send the a session ticket extension to the server. The client can only send exactly one session ticket. The server, through the callback function, either agrees to reuse the session ticket information or it starts a full \s-1TLS\s0 handshake to create a new session ticket. .PP Before the callback function is started \fIctx\fR and \fIhctx\fR have been initialised with \fBEVP_CIPHER_CTX_reset\fR\|(3) and \fBHMAC_CTX_reset\fR\|(3) respectively. .PP For new sessions tickets, when the client doesn't present a session ticket, or an attempted retrieval of the ticket failed, or a renew option was indicated, the callback function will be called with \fIenc\fR equal to 1. The OpenSSL library expects that the function will set an arbitrary \fIname\fR, initialize \&\fIiv\fR, and set the cipher context \fIctx\fR and the hash context \fIhctx\fR. .PP The \fIname\fR is 16 characters long and is used as a key identifier. .PP The \fIiv\fR length is the length of the \s-1IV\s0 of the corresponding cipher. The maximum \s-1IV\s0 length is \fB\s-1EVP_MAX_IV_LENGTH\s0\fR bytes defined in \fBevp.h\fR. .PP The initialization vector \fIiv\fR should be a random value. The cipher context \&\fIctx\fR should use the initialisation vector \fIiv\fR. The cipher context can be set using \fBEVP_EncryptInit_ex\fR\|(3). The hmac context can be set using \&\fBHMAC_Init_ex\fR\|(3). .PP When the client presents a session ticket, the callback function with be called with \fIenc\fR set to 0 indicating that the \fIcb\fR function should retrieve a set of parameters. In this case \fIname\fR and \fIiv\fR have already been parsed out of the session ticket. The OpenSSL library expects that the \fIname\fR will be used to retrieve a cryptographic parameters and that the cryptographic context \&\fIctx\fR will be set with the retrieved parameters and the initialization vector \&\fIiv\fR. using a function like \fBEVP_DecryptInit_ex\fR\|(3). The \fIhctx\fR needs to be set using \fBHMAC_Init_ex\fR\|(3). .PP If the \fIname\fR is still valid but a renewal of the ticket is required the callback function should return 2. The library will call the callback again with an argument of enc equal to 1 to set the new ticket. .PP The return value of the \fIcb\fR function is used by OpenSSL to determine what further processing will occur. The following return values have meaning: .IP "2" 4 .IX Item "2" This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can continue on those parameters. Additionally it indicates that the session ticket is in a renewal period and should be replaced. The OpenSSL library will call \fIcb\fR again with an enc argument of 1 to set the new ticket (see \s-1RFC5077 3.3\s0 paragraph 2). .IP "1" 4 .IX Item "1" This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can continue on those parameters. .IP "0" 4 This indicates that it was not possible to set/retrieve a session ticket and the \s-1SSL/TLS\s0 session will continue by negotiating a set of cryptographic parameters or using the alternate \s-1SSL/TLS\s0 resumption mechanism, session ids. .Sp If called with enc equal to 0 the library will call the \fIcb\fR again to get a new set of parameters. .IP "less than 0" 4 .IX Item "less than 0" This indicates an error. .SH "NOTES" .IX Header "NOTES" Session resumption shortcuts the \s-1TLS\s0 so that the client certificate negotiation don't occur. It makes up for this by storing client certificate an all other negotiated state information encrypted within the ticket. In a resumed session the applications will have all this state information available exactly as if a full negotiation had occurred. .PP If an attacker can obtain the key used to encrypt a session ticket, they can obtain the master secret for any ticket using that key and decrypt any traffic using that session: even if the cipher suite supports forward secrecy. As a result applications may wish to use multiple keys and avoid using long term keys stored in files. .PP Applications can use longer keys to maintain a consistent level of security. For example if a cipher suite uses 256 bit ciphers but only a 128 bit ticket key the overall security is only 128 bits because breaking the ticket key will enable an attacker to obtain the session keys. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Returns 1 to indicate the callback function was set and 0 otherwise. .SH "EXAMPLES" .IX Header "EXAMPLES" Reference Implementation: .PP .Vb 2 \& SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb); \& ... \& \& static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], \& unsigned char *iv, EVP_CIPHER_CTX *ctx, \& HMAC_CTX *hctx, int enc) \& { \& your_type_t *key; /* something that you need to implement */ \& \& if (enc) { /* create new session */ \& if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0) \& return \-1; /* insufficient random */ \& \& key = currentkey(); /* something that you need to implement */ \& if (key == NULL) { \& /* current key doesn\*(Aqt exist or isn\*(Aqt valid */ \& key = createkey(); /* \& * Something that you need to implement. \& * createkey needs to initialise a name, \& * an aes_key, a hmac_key and optionally \& * an expire time. \& */ \& if (key == NULL) /* key couldn\*(Aqt be created */ \& return 0; \& } \& memcpy(key_name, key\->name, 16); \& \& EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key\->aes_key, iv); \& HMAC_Init_ex(&hctx, key\->hmac_key, 32, EVP_sha256(), NULL); \& \& return 1; \& \& } else { /* retrieve session */ \& time_t t = time(NULL); \& key = findkey(key_name); /* something that you need to implement */ \& \& if (key == NULL || key\->expire < t) \& return 0; \& \& HMAC_Init_ex(&hctx, key\->hmac_key, 32, EVP_sha256(), NULL); \& EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key\->aes_key, iv); \& \& if (key\->expire < t \- RENEW_TIME) { /* RENEW_TIME: implement */ \& /* \& * return 2 \- This session will get a new ticket even though the \& * current one is still valid. \& */ \& return 2; \& } \& return 1; \& } \& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), \&\fBSSL_session_reused\fR\|(3), \&\fBSSL_CTX_add_session\fR\|(3), \&\fBSSL_CTX_sess_number\fR\|(3), \&\fBSSL_CTX_sess_set_get_cb\fR\|(3), \&\fBSSL_CTX_set_session_id_context\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2014\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!q.''DSA_set_method.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DSA_SET_METHOD 3" .TH DSA_SET_METHOD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DSA_set_default_method, DSA_get_default_method, DSA_set_method, DSA_new_method, DSA_OpenSSL \- select DSA method .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void DSA_set_default_method(const DSA_METHOD *meth); \& \& const DSA_METHOD *DSA_get_default_method(void); \& \& int DSA_set_method(DSA *dsa, const DSA_METHOD *meth); \& \& DSA *DSA_new_method(ENGINE *engine); \& \& DSA_METHOD *DSA_OpenSSL(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0 operations. By modifying the method, alternative implementations such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for important information about how these \s-1DSA API\s0 functions are affected by the use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation, as returned by \fBDSA_OpenSSL()\fR. .PP \&\fBDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0 structures created later. \&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1DSA,\s0 so this function is no longer recommended. This function is not thread-safe and should not be called at the same time as other OpenSSL functions. .PP \&\fBDSA_get_default_method()\fR returns a pointer to the current default \&\s-1DSA_METHOD.\s0 However, the meaningfulness of this result is dependent on whether the \s-1ENGINE API\s0 is being used, so this function is no longer recommended. .PP \&\fBDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key \&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the change. It is possible to have \s-1DSA\s0 keys that only work with certain \s-1DSA_METHOD\s0 implementations (e.g. from an \s-1ENGINE\s0 module that supports embedded hardware-protected keys), and in such cases attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected results. See DSA_meth_new for information on constructing custom \s-1DSA_METHOD\s0 objects; .PP \&\fBDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default engine for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0 controlled by \fBDSA_set_default_method()\fR is used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDSA_OpenSSL()\fR and \fBDSA_get_default_method()\fR return pointers to the respective \&\fB\s-1DSA_METHOD\s0\fRs. .PP \&\fBDSA_set_default_method()\fR returns no value. .PP \&\fBDSA_set_method()\fR returns nonzero if the provided \fBmeth\fR was successfully set as the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous method was supplied by an \s-1ENGINE\s0). .PP \&\fBDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by \fBERR_get_error\fR\|(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!|8<<d2i_PKCS8PrivateKey_bio.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "D2I_PKCS8PRIVATEKEY_BIO 3" .TH D2I_PKCS8PRIVATEKEY_BIO 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp \- PKCS#8 format private key functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); \& EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); \& \& int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, \& char *kstr, int klen, \& pem_password_cb *cb, void *u); \& \& int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, \& char *kstr, int klen, \& pem_password_cb *cb, void *u); \& \& int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, \& char *kstr, int klen, \& pem_password_cb *cb, void *u); \& \& int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, \& char *kstr, int klen, \& pem_password_cb *cb, void *u); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The PKCS#8 functions encode and decode private keys in PKCS#8 format using both PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms. .PP Other than the use of \s-1DER\s0 as opposed to \s-1PEM\s0 these functions are identical to the corresponding \fB\s-1PEM\s0\fR function as described in \fBPEM_read_PrivateKey\fR\|(3). .SH "NOTES" .IX Header "NOTES" These functions are currently the only way to store encrypted private keys using \s-1DER\s0 format. .PP Currently all the functions use BIOs or \s-1FILE\s0 pointers, there are no functions which work directly on memory: this can be readily worked around by converting the buffers to memory BIOs, see \fBBIO_s_mem\fR\|(3) for details. .PP These functions make no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBd2i_PKCS8PrivateKey_bio()\fR and \fBd2i_PKCS8PrivateKey_fp()\fR return a valid \fB\s-1EVP_PKEY\s0\fR structure or \s-1NULL\s0 if an error occurred. .PP \&\fBi2d_PKCS8PrivateKey_bio()\fR, \fBi2d_PKCS8PrivateKey_fp()\fR, \fBi2d_PKCS8PrivateKey_nid_bio()\fR and \fBi2d_PKCS8PrivateKey_nid_fp()\fR return 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPEM_read_PrivateKey\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!оEVP_rc5_32_12_16_cbc.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_RC5_32_12_16_CBC 3" .TH EVP_RC5_32_12_16_CBC 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_rc5_32_12_16_cbc, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_cfb64, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_ofb \&\- EVP RC5 cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void) \& const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) \& const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void) \& const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void) \& const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1RC5\s0 encryption algorithm for \s-1EVP.\s0 .IP "\fBEVP_rc5_32_12_16_cbc()\fR, \fBEVP_rc5_32_12_16_cfb()\fR, \fBEVP_rc5_32_12_16_cfb64()\fR, \fBEVP_rc5_32_12_16_ecb()\fR, \fBEVP_rc5_32_12_16_ofb()\fR" 4 .IX Item "EVP_rc5_32_12_16_cbc(), EVP_rc5_32_12_16_cfb(), EVP_rc5_32_12_16_cfb64(), EVP_rc5_32_12_16_ecb(), EVP_rc5_32_12_16_ofb()" \&\s-1RC5\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length cipher with an additional \*(L"number of rounds\*(R" parameter. By default the key length is set to 128 bits and 12 rounds. Alternative key lengths can be set using \fBEVP_CIPHER_CTX_set_key_length\fR\|(3). The maximum key length is 2040 bits. .Sp The following rc5 specific \fIctrl\fRs are supported (see \&\fBEVP_CIPHER_CTX_ctrl\fR\|(3)). .RS 4 .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_SET_RC5_ROUNDS,\s0 rounds, \s-1NULL\s0)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)" Sets the number of rounds to \fBrounds\fR. This must be one of \s-1RC5_8_ROUNDS, RC5_12_ROUNDS\s0 or \s-1RC5_16_ROUNDS.\s0 .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_GET_RC5_ROUNDS, 0,\s0 &rounds)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &rounds)" Stores the number of rounds currently configured in \fB*rounds\fR where \fB*rounds\fR is an int. .RE .RS 4 .RE .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!l DSA_do_sign.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DSA_DO_SIGN 3" .TH DSA_DO_SIGN 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DSA_do_sign, DSA_do_verify \- raw DSA signature operations .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); \& \& int DSA_do_verify(const unsigned char *dgst, int dgst_len, \& DSA_SIG *sig, DSA *dsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message digest \fBdgst\fR using the private key \fBdsa\fR and returns it in a newly allocated \fB\s-1DSA_SIG\s0\fR structure. .PP \&\fBDSA_sign_setup\fR\|(3) may be used to precompute part of the signing operation in case signature generation is time-critical. .PP \&\fBDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given message digest \fBdgst\fR of size \fBlen\fR. \fBdsa\fR is the signer's public key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error. \fBDSA_do_verify()\fR returns 1 for a valid signature, 0 for an incorrect signature and \-1 on error. The error codes can be obtained by \&\fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \&\fBDSA_SIG_new\fR\|(3), \&\fBDSA_sign\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!mssd2i_DHparams.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "D2I_DHPARAMS 3" .TH D2I_DHPARAMS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" d2i_DHparams, i2d_DHparams \- PKCS#3 DH parameter functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); \& int i2d_DHparams(DH *a, unsigned char **pp); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions decode and encode PKCS#3 \s-1DH\s0 parameters using the DHparameter structure described in PKCS#3. .PP Otherwise these behave in a similar way to \fBd2i_X509()\fR and \fBi2d_X509()\fR described in the \fBd2i_X509\fR\|(3) manual page. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBd2i_DHparams()\fR returns a valid \fB\s-1DH\s0\fR structure or \s-1NULL\s0 if an error occurred. .PP \&\fBi2d_DHparams()\fR returns the length of encoded data on success or a value which is less than or equal to 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! Mʴ EVP_mdc2.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_MDC2 3" .TH EVP_MDC2 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_mdc2 \&\- MDC\-2 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_MD *EVP_mdc2(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1MDC\-2\s0 (Modification Detection Code 2 or Meyer-Schilling) is a cryptographic hash function based on a block cipher. .IP "\fBEVP_mdc2()\fR" 4 .IX Item "EVP_mdc2()" The \s-1MDC\-2DES\s0 algorithm of using \s-1MDC\-2\s0 with the \s-1DES\s0 block cipher. It produces a 128\-bit output from a given input. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1ISO/IEC 10118\-2:2000\s0 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!wrOCSP_REQUEST_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OCSP_REQUEST_NEW 3" .TH OCSP_REQUEST_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign, OCSP_request_add1_cert, OCSP_request_onereq_count, OCSP_request_onereq_get0 \- OCSP request functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& OCSP_REQUEST *OCSP_REQUEST_new(void); \& void OCSP_REQUEST_free(OCSP_REQUEST *req); \& \& OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); \& \& int OCSP_request_sign(OCSP_REQUEST *req, \& X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, \& STACK_OF(X509) *certs, unsigned long flags); \& \& int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); \& \& int OCSP_request_onereq_count(OCSP_REQUEST *req); \& OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBOCSP_REQUEST_new()\fR allocates and returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure. .PP \&\fBOCSP_REQUEST_free()\fR frees up the request structure \fBreq\fR. .PP \&\fBOCSP_request_add0_id()\fR adds certificate \s-1ID\s0 \fBcid\fR to \fBreq\fR. It returns the \fB\s-1OCSP_ONEREQ\s0\fR structure added so an application can add additional extensions to the request. The \fBid\fR parameter \fB\s-1MUST NOT\s0\fR be freed up after the operation. .PP \&\fBOCSP_request_sign()\fR signs \s-1OCSP\s0 request \fBreq\fR using certificate \&\fBsigner\fR, private key \fBkey\fR, digest \fBdgst\fR and additional certificates \&\fBcerts\fR. If the \fBflags\fR option \fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates will be included in the request. .PP \&\fBOCSP_request_add1_cert()\fR adds certificate \fBcert\fR to request \fBreq\fR. The application is responsible for freeing up \fBcert\fR after use. .PP \&\fBOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR structures in \fBreq\fR. .PP \&\fBOCSP_request_onereq_get0()\fR returns an internal pointer to the \fB\s-1OCSP_ONEREQ\s0\fR contained in \fBreq\fR of index \fBi\fR. The index value \fBi\fR runs from 0 to OCSP_request_onereq_count(req) \- 1. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOCSP_REQUEST_new()\fR returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBOCSP_request_add0_id()\fR returns the \fB\s-1OCSP_ONEREQ\s0\fR structure containing \fBcid\fR or \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBOCSP_request_sign()\fR and \fBOCSP_request_add1_cert()\fR return 1 for success and 0 for failure. .PP \&\fBOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR structures in \fBreq\fR. .PP \&\fBOCSP_request_onereq_get0()\fR returns a pointer to an \fB\s-1OCSP_ONEREQ\s0\fR structure or \fB\s-1NULL\s0\fR if the index value is out or range. .SH "NOTES" .IX Header "NOTES" An \s-1OCSP\s0 request structure contains one or more \fB\s-1OCSP_ONEREQ\s0\fR structures corresponding to each certificate. .PP \&\fBOCSP_request_onereq_count()\fR and \fBOCSP_request_onereq_get0()\fR are mainly used by \&\s-1OCSP\s0 responders. .SH "EXAMPLES" .IX Header "EXAMPLES" Create an \fB\s-1OCSP_REQUEST\s0\fR structure for certificate \fBcert\fR with issuer \&\fBissuer\fR: .PP .Vb 2 \& OCSP_REQUEST *req; \& OCSP_ID *cid; \& \& req = OCSP_REQUEST_new(); \& if (req == NULL) \& /* error */ \& cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer); \& if (cid == NULL) \& /* error */ \& \& if (OCSP_REQUEST_add0_id(req, cid) == NULL) \& /* error */ \& \& /* Do something with req, e.g. query responder */ \& \& OCSP_REQUEST_free(req); .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \&\fBOCSP_cert_to_id\fR\|(3), \&\fBOCSP_request_add1_nonce\fR\|(3), \&\fBOCSP_resp_find_status\fR\|(3), \&\fBOCSP_response_status\fR\|(3), \&\fBOCSP_sendreq_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! EVP_OpenInit.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_OPENINIT 3" .TH EVP_OPENINIT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- EVP envelope decryption .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek, \& int ekl, unsigned char *iv, EVP_PKEY *priv); \& int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl, unsigned char *in, int inl); \& int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1EVP\s0 envelope routines are a high-level interface to envelope decryption. They decrypt a public key encrypted symmetric key and then decrypt data using it. .PP \&\fBEVP_OpenInit()\fR initializes a cipher context \fBctx\fR for decryption with cipher \fBtype\fR. It decrypts the encrypted symmetric key of length \&\fBekl\fR bytes passed in the \fBek\fR parameter using the private key \fBpriv\fR. The \s-1IV\s0 is supplied in the \fBiv\fR parameter. .PP \&\fBEVP_OpenUpdate()\fR and \fBEVP_OpenFinal()\fR have exactly the same properties as the \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal()\fR routines, as documented on the \fBEVP_EncryptInit\fR\|(3) manual page. .SH "NOTES" .IX Header "NOTES" It is possible to call \fBEVP_OpenInit()\fR twice in the same way as \&\fBEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0 and (after setting any cipher parameters) it should be called again with \fBtype\fR set to \s-1NULL.\s0 .PP If the cipher passed in the \fBtype\fR parameter is a variable length cipher then the key length will be set to the value of the recovered key length. If the cipher is a fixed length cipher then the recovered key length must match the fixed cipher length. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_OpenInit()\fR returns 0 on error or a non zero integer (actually the recovered secret key size) if successful. .PP \&\fBEVP_OpenUpdate()\fR returns 1 for success or 0 for failure. .PP \&\fBEVP_OpenFinal()\fR returns 0 if the decrypt failed or 1 for success. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_SealInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!! DSA_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DSA_NEW 3" .TH DSA_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DSA_new, DSA_free \- allocate and free DSA objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& DSA* DSA_new(void); \& \& void DSA_free(DSA *dsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to calling DSA_new_method(\s-1NULL\s0). .PP \&\fBDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are erased before the memory is returned to the system. If \fBdsa\fR is \s-1NULL\s0 nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" If the allocation fails, \fBDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained by \&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP \&\fBDSA_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \&\fBDSA_generate_parameters\fR\|(3), \&\fBDSA_generate_key\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!1DD RC4_set_key.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RC4_SET_KEY 3" .TH RC4_SET_KEY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RC4_set_key, RC4 \- RC4 encryption .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); \& \& void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, \& unsigned char *outdata); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This library implements the Alleged \s-1RC4\s0 cipher, which is described for example in \fIApplied Cryptography\fR. It is believed to be compatible with RC4[\s-1TM\s0], a proprietary cipher of \s-1RSA\s0 Security Inc. .PP \&\s-1RC4\s0 is a stream cipher with variable key length. Typically, 128 bit (16 byte) keys are used for strong encryption, but shorter insecure key sizes have been widely used due to export restrictions. .PP \&\s-1RC4\s0 consists of a key setup phase and the actual encryption or decryption phase. .PP \&\fBRC4_set_key()\fR sets up the \fB\s-1RC4_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key at \fBdata\fR. .PP \&\s-1\fBRC4\s0()\fR encrypts or decrypts the \fBlen\fR bytes of data at \fBindata\fR using \&\fBkey\fR and places the result at \fBoutdata\fR. Repeated \s-1\fBRC4\s0()\fR calls with the same \fBkey\fR yield a continuous key stream. .PP Since \s-1RC4\s0 is a stream cipher (the input is XORed with a pseudo-random key stream to produce the output), decryption uses the same function calls as encryption. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRC4_set_key()\fR and \s-1\fBRC4\s0()\fR do not return values. .SH "NOTE" .IX Header "NOTE" Applications should use the higher level functions \&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these functions directly. .PP It is difficult to securely use stream ciphers. For example, do not perform multiple encryptions using the same key stream. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_EncryptInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!"!!SSL_get_client_random.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_CLIENT_RANDOM 3" .TH SSL_GET_CLIENT_RANDOM 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key, SSL_SESSION_set1_master_key \&\- get internal TLS/SSL random values and get/set master key .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen); \& size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen); \& size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, \& unsigned char *out, size_t outlen); \& int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in, \& size_t len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_get_client_random()\fR extracts the random value sent from the client to the server during the initial \s-1SSL/TLS\s0 handshake. It copies as many bytes as it can of this value into the buffer provided in \fBout\fR, which must have at least \fBoutlen\fR bytes available. It returns the total number of bytes that were actually copied. If \fBoutlen\fR is zero, \fBSSL_get_client_random()\fR copies nothing, and returns the total size of the client_random value. .PP \&\fBSSL_get_server_random()\fR behaves the same, but extracts the random value sent from the server to the client during the initial \s-1SSL/TLS\s0 handshake. .PP \&\fBSSL_SESSION_get_master_key()\fR behaves the same, but extracts the master secret used to guarantee the security of the \s-1SSL/TLS\s0 session. This one can be dangerous if misused; see \s-1NOTES\s0 below. .PP \&\fBSSL_SESSION_set1_master_key()\fR sets the master key value associated with the \&\s-1SSL_SESSION\s0 \fBsess\fR. For example, this could be used to set up a session based \&\s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). The master key of length \&\fBlen\fR should be provided at \fBin\fR. The supplied master key is copied by the function, so the caller is responsible for freeing and cleaning any memory associated with \fBin\fR. The caller must ensure that the length of the key is suitable for the ciphersuite associated with the \s-1SSL_SESSION.\s0 .SH "NOTES" .IX Header "NOTES" You probably shouldn't use these functions. .PP These functions expose internal values from the \s-1TLS\s0 handshake, for use in low-level protocols. You probably should not use them, unless you are implementing something that needs access to the internal protocol details. .PP Despite the names of \fBSSL_get_client_random()\fR and \fBSSL_get_server_random()\fR, they \&\s-1ARE NOT\s0 random number generators. Instead, they return the mostly-random values that were already generated and used in the \s-1TLS\s0 protocol. Using them in place of \fBRAND_bytes()\fR would be grossly foolish. .PP The security of your \s-1TLS\s0 session depends on keeping the master key secret: do not expose it, or any information about it, to anybody. If you need to calculate another secret value that depends on the master secret, you should probably use \fBSSL_export_keying_material()\fR instead, and forget that you ever saw these functions. .PP In current versions of the \s-1TLS\s0 protocols, the length of client_random (and also server_random) is always \s-1SSL3_RANDOM_SIZE\s0 bytes. Support for other outlen arguments to the SSL_get_*\fB_random()\fR functions is provided in case of the unlikely event that a future version or variant of \s-1TLS\s0 uses some other length there. .PP Finally, though the \*(L"client_random\*(R" and \*(L"server_random\*(R" values are called \&\*(L"random\*(R", many \s-1TLS\s0 implementations will generate four bytes of those values based on their view of the current time. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_SESSION_set1_master_key()\fR returns 1 on success or 0 on failure. .PP For the other functions, if \fBoutlen\fR is greater than 0 then these functions return the number of bytes actually copied, which will be less than or equal to \&\fBoutlen\fR. If \fBoutlen\fR is 0 then these functions return the maximum number of bytes they would copy \*(-- that is, the length of the underlying field. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBRAND_bytes\fR\|(3), \&\fBSSL_export_keying_material\fR\|(3), \&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!G?CMS_compress.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CMS_COMPRESS 3" .TH CMS_COMPRESS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CMS_compress \- create a CMS CompressedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBCMS_compress()\fR creates and returns a \s-1CMS\s0 CompressedData structure. \fBcomp_nid\fR is the compression algorithm to use or \fBNID_undef\fR to use the default algorithm (zlib compression). \fBin\fR is the content to be compressed. \&\fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" The only currently supported compression algorithm is zlib using the \s-1NID\s0 NID_zlib_compression. .PP If zlib support is not compiled into OpenSSL then \fBCMS_compress()\fR will return an error. .PP If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended to the data. .PP Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then \&\fB\s-1CMS_TEXT\s0\fR is ignored. .PP If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. .PP The compressed data is included in the CMS_ContentInfo structure, unless \&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in practice and is not supported by \fBSMIME_write_CMS()\fR. .SH "NOTES" .IX Header "NOTES" If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is \&\fBnot\fR complete and outputting its contents via a function that does not properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable results. .PP Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, \&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using \&\fBBIO_new_CMS()\fR. .PP Additional compression parameters such as the zlib compression level cannot currently be set. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_compress()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_uncompress\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fB\s-1CMS_STREAM\s0\fR flag was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!T((SSL_CTX_load_verify_locations.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_LOAD_VERIFY_LOCATIONS 3" .TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_load_verify_locations, SSL_CTX_set_default_verify_paths, SSL_CTX_set_default_verify_dir, SSL_CTX_set_default_verify_file \- set default locations for trusted CA certificates .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, \& const char *CApath); \& \& int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); \& \& int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); \& \& int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_load_verify_locations()\fR specifies the locations for \fBctx\fR, at which \s-1CA\s0 certificates for verification purposes are located. The certificates available via \fBCAfile\fR and \fBCApath\fR are trusted. .PP \&\fBSSL_CTX_set_default_verify_paths()\fR specifies that the default locations from which \s-1CA\s0 certificates are loaded should be used. There is one default directory and one default file. The default \s-1CA\s0 certificates directory is called \*(L"certs\*(R" in the default OpenSSL directory. Alternatively the \s-1SSL_CERT_DIR\s0 environment variable can be defined to override this location. The default \s-1CA\s0 certificates file is called \*(L"cert.pem\*(R" in the default OpenSSL directory. Alternatively the \&\s-1SSL_CERT_FILE\s0 environment variable can be defined to override this location. .PP \&\fBSSL_CTX_set_default_verify_dir()\fR is similar to \&\fBSSL_CTX_set_default_verify_paths()\fR except that just the default directory is used. .PP \&\fBSSL_CTX_set_default_verify_file()\fR is similar to \&\fBSSL_CTX_set_default_verify_paths()\fR except that just the default file is used. .SH "NOTES" .IX Header "NOTES" If \fBCAfile\fR is not \s-1NULL,\s0 it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0 format. The file can contain several \s-1CA\s0 certificates identified by .PP .Vb 3 \& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- \& ... (CA certificate in base64 encoding) ... \& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- .Ve .PP sequences. Before, between, and after the certificates text is allowed which can be used e.g. for descriptions of the certificates. .PP The \fBCAfile\fR is processed on execution of the \fBSSL_CTX_load_verify_locations()\fR function. .PP If \fBCApath\fR is not \s-1NULL,\s0 it points to a directory containing \s-1CA\s0 certificates in \s-1PEM\s0 format. The files each contain one \s-1CA\s0 certificate. The files are looked up by the \s-1CA\s0 subject name hash value, which must hence be available. If more than one \s-1CA\s0 certificate with the same name hash value exist, the extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is performed in the ordering of the extension number, regardless of other properties of the certificates. Use the \fBc_rehash\fR utility to create the necessary links. .PP The certificates in \fBCApath\fR are only looked up when required, e.g. when building the certificate chain or when actually performing the verification of a peer certificate. .PP When looking up \s-1CA\s0 certificates, the OpenSSL library will first search the certificates in \fBCAfile\fR, then those in \fBCApath\fR. Certificate matching is done based on the subject name, the key identifier (if present), and the serial number as taken from the certificate to be verified. If these data do not match, the next certificate will be tried. If a first certificate matching the parameters is found, the verification process will be performed; no other certificates for the same parameters will be searched in case of failure. .PP In server mode, when requesting a client certificate, the server must send the list of CAs of which it will accept client certificates. This list is not influenced by the contents of \fBCAfile\fR or \fBCApath\fR and must explicitly be set using the \&\fBSSL_CTX_set_client_CA_list\fR\|(3) family of functions. .PP When building its own certificate chain, an OpenSSL client/server will try to fill in missing certificates from \fBCAfile\fR/\fBCApath\fR, if the certificate chain was not explicitly specified (see \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), \&\fBSSL_CTX_use_certificate\fR\|(3). .SH "WARNINGS" .IX Header "WARNINGS" If several \s-1CA\s0 certificates matching the name, key identifier, and serial number condition are available, only the first one will be examined. This may lead to unexpected results if the same \s-1CA\s0 certificate is available with different expiration dates. If a \*(L"certificate expired\*(R" verification error occurs, no other certificate will be searched. Make sure to not have expired certificates mixed with valid ones. .SH "RETURN VALUES" .IX Header "RETURN VALUES" For SSL_CTX_load_verify_locations the following return values can occur: .IP "0" 4 The operation failed because \fBCAfile\fR and \fBCApath\fR are \s-1NULL\s0 or the processing at one of the locations specified failed. Check the error stack to find out the reason. .IP "1" 4 .IX Item "1" The operation succeeded. .PP \&\fBSSL_CTX_set_default_verify_paths()\fR, \fBSSL_CTX_set_default_verify_dir()\fR and \&\fBSSL_CTX_set_default_verify_file()\fR all return 1 on success or 0 on failure. A missing default location is still treated as a success. .SH "EXAMPLES" .IX Header "EXAMPLES" Generate a \s-1CA\s0 certificate file with descriptive text from the \s-1CA\s0 certificates ca1.pem ca2.pem ca3.pem: .PP .Vb 5 \& #!/bin/sh \& rm CAfile.pem \& for i in ca1.pem ca2.pem ca3.pem ; do \& openssl x509 \-in $i \-text >> CAfile.pem \& done .Ve .PP Prepare the directory /some/where/certs containing several \s-1CA\s0 certificates for use as \fBCApath\fR: .PP .Vb 2 \& cd /some/where/certs \& c_rehash . .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_client_CA_list\fR\|(3), \&\fBSSL_get_client_CA_list\fR\|(3), \&\fBSSL_CTX_use_certificate\fR\|(3), \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), \&\fBSSL_CTX_set_cert_store\fR\|(3), \&\fBSSL_CTX_set_client_CA_list\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!LNʌ RSA_public_encrypt.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RSA_PUBLIC_ENCRYPT 3" .TH RSA_PUBLIC_ENCRYPT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RSA_public_encrypt, RSA_private_decrypt \- RSA public key cryptography .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int RSA_public_encrypt(int flen, const unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); \& \& int RSA_private_decrypt(int flen, const unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBRSA_public_encrypt()\fR encrypts the \fBflen\fR bytes at \fBfrom\fR (usually a session key) using the public key \fBrsa\fR and stores the ciphertext in \&\fBto\fR. \fBto\fR must point to RSA_size(\fBrsa\fR) bytes of memory. .PP \&\fBpadding\fR denotes one of the following modes: .IP "\s-1RSA_PKCS1_PADDING\s0" 4 .IX Item "RSA_PKCS1_PADDING" \&\s-1PKCS\s0 #1 v1.5 padding. This currently is the most widely used mode. However, it is highly recommended to use \s-1RSA_PKCS1_OAEP_PADDING\s0 in new applications. \s-1SEE WARNING BELOW.\s0 .IP "\s-1RSA_PKCS1_OAEP_PADDING\s0" 4 .IX Item "RSA_PKCS1_OAEP_PADDING" EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1, MGF1\s0 and an empty encoding parameter. This mode is recommended for all new applications. .IP "\s-1RSA_SSLV23_PADDING\s0" 4 .IX Item "RSA_SSLV23_PADDING" \&\s-1PKCS\s0 #1 v1.5 padding with an SSL-specific modification that denotes that the server is \s-1SSL3\s0 capable. .IP "\s-1RSA_NO_PADDING\s0" 4 .IX Item "RSA_NO_PADDING" Raw \s-1RSA\s0 encryption. This mode should \fIonly\fR be used to implement cryptographically sound padding modes in the application code. Encrypting user data directly with \s-1RSA\s0 is insecure. .PP \&\fBflen\fR must not be more than RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 based padding modes, not more than RSA_size(\fBrsa\fR) \- 42 for \&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING.\s0 When a padding mode other than \s-1RSA_NO_PADDING\s0 is in use, then \&\fBRSA_public_encrypt()\fR will include some random bytes into the ciphertext and therefore the ciphertext will be different each time, even if the plaintext and the public key are exactly identical. The returned ciphertext in \fBto\fR will always be zero padded to exactly RSA_size(\fBrsa\fR) bytes. \&\fBto\fR and \fBfrom\fR may overlap. .PP \&\fBRSA_private_decrypt()\fR decrypts the \fBflen\fR bytes at \fBfrom\fR using the private key \fBrsa\fR and stores the plaintext in \fBto\fR. \fBflen\fR should be equal to RSA_size(\fBrsa\fR) but may be smaller, when leading zero bytes are in the ciphertext. Those are not important and may be removed, but \fBRSA_public_encrypt()\fR does not do that. \fBto\fR must point to a memory section large enough to hold the maximal possible decrypted data (which is equal to RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING,\s0 RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 based padding modes and RSA_size(\fBrsa\fR) \- 42 for \s-1RSA_PKCS1_OAEP_PADDING\s0). \&\fBpadding\fR is the padding mode that was used to encrypt the data. \&\fBto\fR and \fBfrom\fR may overlap. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRSA_public_encrypt()\fR returns the size of the encrypted data (i.e., RSA_size(\fBrsa\fR)). \fBRSA_private_decrypt()\fR returns the size of the recovered plaintext. A return value of 0 is not an error and means only that the plaintext was empty. .PP On error, \-1 is returned; the error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "WARNINGS" .IX Header "WARNINGS" Decryption failures in the \s-1RSA_PKCS1_PADDING\s0 mode leak information which can potentially be used to mount a Bleichenbacher padding oracle attack. This is an inherent weakness in the \s-1PKCS\s0 #1 v1.5 padding design. Prefer \s-1RSA_PKCS1_OAEP_PADDING.\s0 .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1SSL, PKCS\s0 #1 v2.0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \&\fBRSA_size\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!iSCT_validate.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SCT_VALIDATE 3" .TH SCT_VALIDATE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SCT_validate, SCT_LIST_validate, SCT_get_validation_status \- checks Signed Certificate Timestamps (SCTs) are valid .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef enum { \& SCT_VALIDATION_STATUS_NOT_SET, \& SCT_VALIDATION_STATUS_UNKNOWN_LOG, \& SCT_VALIDATION_STATUS_VALID, \& SCT_VALIDATION_STATUS_INVALID, \& SCT_VALIDATION_STATUS_UNVERIFIED, \& SCT_VALIDATION_STATUS_UNKNOWN_VERSION \& } sct_validation_status_t; \& \& int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); \& int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx); \& sct_validation_status_t SCT_get_validation_status(const SCT *sct); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSCT_validate()\fR will check that an \s-1SCT\s0 is valid and verify its signature. \&\fBSCT_LIST_validate()\fR performs the same checks on an entire stack of SCTs. The result of the validation checks can be obtained by passing the \s-1SCT\s0 to \&\fBSCT_get_validation_status()\fR. .PP A \s-1CT_POLICY_EVAL_CTX\s0 must be provided that specifies: .IP "\(bu" 2 The certificate the \s-1SCT\s0 was issued for. .Sp Failure to provide the certificate will result in the validation status being \&\s-1SCT_VALIDATION_STATUS_UNVERIFIED.\s0 .IP "\(bu" 2 The issuer of that certificate. .Sp This is only required if the \s-1SCT\s0 was issued for a pre-certificate (see \s-1RFC 6962\s0). If it is required but not provided, the validation status will be \s-1SCT_VALIDATION_STATUS_UNVERIFIED.\s0 .IP "\(bu" 2 A \s-1CTLOG_STORE\s0 that contains the \s-1CT\s0 log that issued this \s-1SCT.\s0 .Sp If the \s-1SCT\s0 was issued by a log that is not in this \s-1CTLOG_STORE,\s0 the validation status will be \s-1SCT_VALIDATION_STATUS_UNKNOWN_LOG.\s0 .PP If the \s-1SCT\s0 is of an unsupported version (only v1 is currently supported), the validation status will be \s-1SCT_VALIDATION_STATUS_UNKNOWN_VERSION.\s0 .PP If the \s-1SCT\s0's signature is incorrect, its timestamp is in the future (relative to the time in \s-1CT_POLICY_EVAL_CTX\s0), or if it is otherwise invalid, the validation status will be \s-1SCT_VALIDATION_STATUS_INVALID.\s0 .PP If all checks pass, the validation status will be \s-1SCT_VALIDATION_STATUS_VALID.\s0 .SH "NOTES" .IX Header "NOTES" A return value of 0 from \fBSCT_LIST_validate()\fR should not be interpreted as a failure. At a minimum, only one valid \s-1SCT\s0 may provide sufficient confidence that a certificate has been publicly logged. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSCT_validate()\fR returns a negative integer if an internal error occurs, 0 if the \&\s-1SCT\s0 fails validation, or 1 if the \s-1SCT\s0 passes validation. .PP \&\fBSCT_LIST_validate()\fR returns a negative integer if an internal error occurs, 0 if any of SCTs fails validation, or 1 if they all pass validation. .PP \&\fBSCT_get_validation_status()\fR returns the validation status of the \s-1SCT.\s0 If \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR have not been passed that \s-1SCT,\s0 the returned value will be \s-1SCT_VALIDATION_STATUS_NOT_SET.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBct\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!eqY SSL_set_bio.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SET_BIO 3" .TH SSL_SET_BIO 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio \- connect the SSL object with a BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); \& void SSL_set0_rbio(SSL *s, BIO *rbio); \& void SSL_set0_wbio(SSL *s, BIO *wbio); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_set0_rbio()\fR connects the \s-1BIO\s0 \fBrbio\fR for the read operations of the \fBssl\fR object. The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR. If the \s-1BIO\s0 is nonblocking then the \fBssl\fR object will also have nonblocking behaviour. This function transfers ownership of \fBrbio\fR to \fBssl\fR. It will be automatically freed using \fBBIO_free_all\fR\|(3) when the \fBssl\fR is freed. On calling this function, any existing \fBrbio\fR that was previously set will also be freed via a call to \fBBIO_free_all\fR\|(3) (this includes the case where the \fBrbio\fR is set to the same value as previously). .PP \&\fBSSL_set0_wbio()\fR works in the same as \fBSSL_set0_rbio()\fR except that it connects the \s-1BIO\s0 \fBwbio\fR for the write operations of the \fBssl\fR object. Note that if the rbio and wbio are the same then \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR each take ownership of one reference. Therefore, it may be necessary to increment the number of references available using \fBBIO_up_ref\fR\|(3) before calling the set0 functions. .PP \&\fBSSL_set_bio()\fR is similar to \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR except that it connects both the \fBrbio\fR and the \fBwbio\fR at the same time, and transfers the ownership of \fBrbio\fR and \fBwbio\fR to \fBssl\fR according to the following set of rules: .IP "\(bu" 2 If neither the \fBrbio\fR or \fBwbio\fR have changed from their previous values then nothing is done. .IP "\(bu" 2 If the \fBrbio\fR and \fBwbio\fR parameters are different and both are different to their previously set values then one reference is consumed for the rbio and one reference is consumed for the wbio. .IP "\(bu" 2 If the \fBrbio\fR and \fBwbio\fR parameters are the same and the \fBrbio\fR is not the same as the previously set value then one reference is consumed. .IP "\(bu" 2 If the \fBrbio\fR and \fBwbio\fR parameters are the same and the \fBrbio\fR is the same as the previously set value, then no additional references are consumed. .IP "\(bu" 2 If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBrbio\fR is the same as the previously set value then one reference is consumed for the \fBwbio\fR and no references are consumed for the \fBrbio\fR. .IP "\(bu" 2 If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBwbio\fR is the same as the previously set value and the old \fBrbio\fR and \fBwbio\fR values were the same as each other then one reference is consumed for the \fBrbio\fR and no references are consumed for the \fBwbio\fR. .IP "\(bu" 2 If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBwbio\fR is the same as the previously set value and the old \fBrbio\fR and \fBwbio\fR values were different to each other then one reference is consumed for the \fBrbio\fR and one reference is consumed for the \fBwbio\fR. .PP Because of this complexity, this function should be avoided; use \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_set_bio()\fR, \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR cannot fail. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_get_rbio\fR\|(3), \&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), \&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" \&\fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!g.uYOPENSSL_config.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OPENSSL_CONFIG 3" .TH OPENSSL_CONFIG 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OPENSSL_config, OPENSSL_no_config \- simple OpenSSL configuration functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& #if OPENSSL_API_COMPAT < 0x10100000L \& void OPENSSL_config(const char *appname); \& void OPENSSL_no_config(void); \& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBOPENSSL_config()\fR configures OpenSSL using the standard \fBopenssl.cnf\fR and reads from the application section \fBappname\fR. If \fBappname\fR is \s-1NULL\s0 then the default section, \fBopenssl_conf\fR, will be used. Errors are silently ignored. Multiple calls have no effect. .PP \&\fBOPENSSL_no_config()\fR disables configuration. If called before \fBOPENSSL_config()\fR no configuration takes place. .PP If the application is built with \fB\s-1OPENSSL_LOAD_CONF\s0\fR defined, then a call to \fBOpenSSL_add_all_algorithms()\fR will implicitly call \fBOPENSSL_config()\fR first. .SH "NOTES" .IX Header "NOTES" The \fBOPENSSL_config()\fR function is designed to be a very simple \*(L"call it and forget it\*(R" function. It is however \fBmuch\fR better than nothing. Applications which need finer control over their configuration functionality should use the configuration functions such as \fBCONF_modules_load()\fR directly. This function is deprecated and its use should be avoided. Applications should instead call \fBCONF_modules_load()\fR during initialization (that is before starting any threads). .PP There are several reasons why calling the OpenSSL configuration routines is advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs). However, very few applications currently support the control interface and so very few can load and use dynamic ENGINEs. Equally in future more sophisticated ENGINEs will require certain control operations to customize them. If an application calls \fBOPENSSL_config()\fR it doesn't need to know or care about \&\s-1ENGINE\s0 control operations because they can be performed by editing a configuration file. .SH "ENVIRONMENT" .IX Header "ENVIRONMENT" .IP "\fB\s-1OPENSSL_CONF\s0\fR" 4 .IX Item "OPENSSL_CONF" The path to the config file. Ignored in set-user-ID and set-group-ID programs. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Neither \fBOPENSSL_config()\fR nor \fBOPENSSL_no_config()\fR return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBconfig\fR\|(5), \&\fBCONF_modules_load_file\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBOPENSSL_no_config()\fR and \fBOPENSSL_config()\fR functions were deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2004\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!2EVP_seed_cbc.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_SEED_CBC 3" .TH EVP_SEED_CBC 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_seed_cbc, EVP_seed_cfb, EVP_seed_cfb128, EVP_seed_ecb, EVP_seed_ofb \&\- EVP SEED cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_CIPHER *EVP_seed_cbc(void) \& const EVP_CIPHER *EVP_seed_cfb(void) \& const EVP_CIPHER *EVP_seed_cfb128(void) \& const EVP_CIPHER *EVP_seed_ecb(void) \& const EVP_CIPHER *EVP_seed_ofb(void) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1SEED\s0 encryption algorithm for \s-1EVP.\s0 .PP All modes below use a key length of 128 bits and acts on blocks of 128\-bits. .IP "\fBEVP_seed_cbc()\fR, \fBEVP_seed_cfb()\fR, \fBEVP_seed_cfb128()\fR, \fBEVP_seed_ecb()\fR, \fBEVP_seed_ofb()\fR" 4 .IX Item "EVP_seed_cbc(), EVP_seed_cfb(), EVP_seed_cfb128(), EVP_seed_ecb(), EVP_seed_ofb()" The \s-1SEED\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!iZ BIO_printf.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_PRINTF 3" .TH BIO_PRINTF 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf \&\- formatted output to a BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int BIO_printf(BIO *bio, const char *format, ...) \& int BIO_vprintf(BIO *bio, const char *format, va_list args) \& \& int BIO_snprintf(char *buf, size_t n, const char *format, ...) \& int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_printf()\fR is similar to the standard C \fBprintf()\fR function, except that the output is sent to the specified \s-1BIO,\s0 \fBbio\fR, rather than standard output. All common format specifiers are supported. .PP \&\fBBIO_vprintf()\fR is similar to the \fBvprintf()\fR function found on many platforms, the output is sent to the specified \s-1BIO,\s0 \fBbio\fR, rather than standard output. All common format specifiers are supported. The argument list \fBargs\fR is a stdarg argument list. .PP \&\fBBIO_snprintf()\fR is for platforms that do not have the common \fBsnprintf()\fR function. It is like \fBsprintf()\fR except that the size parameter, \fBn\fR, specifies the size of the output buffer. .PP \&\fBBIO_vsnprintf()\fR is to \fBBIO_snprintf()\fR as \fBBIO_vprintf()\fR is to \fBBIO_printf()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All functions return the number of bytes written, or \-1 on error. For \fBBIO_snprintf()\fR and \fBBIO_vsnprintf()\fR this includes when the output buffer is too small. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!K}gg EVP_sm4_cbc.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_SM4_CBC 3" .TH EVP_SM4_CBC 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_sm4_cbc, EVP_sm4_ecb, EVP_sm4_cfb, EVP_sm4_cfb128, EVP_sm4_ofb, EVP_sm4_ctr \&\- EVP SM4 cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_CIPHER *EVP_sm4_cbc(void); \& const EVP_CIPHER *EVP_sm4_ecb(void); \& const EVP_CIPHER *EVP_sm4_cfb(void); \& const EVP_CIPHER *EVP_sm4_cfb128(void); \& const EVP_CIPHER *EVP_sm4_ofb(void); \& const EVP_CIPHER *EVP_sm4_ctr(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1SM4\s0 blockcipher (\s-1GB/T 32907\-2016\s0) for \s-1EVP.\s0 .PP All modes below use a key length of 128 bits and acts on blocks of 128 bits. .IP "\fBEVP_sm4_cbc()\fR, \fBEVP_sm4_ecb()\fR, \fBEVP_sm4_cfb()\fR, \fBEVP_sm4_cfb128()\fR, \fBEVP_sm4_ofb()\fR, \fBEVP_sm4_ctr()\fR" 4 .IX Item "EVP_sm4_cbc(), EVP_sm4_ecb(), EVP_sm4_cfb(), EVP_sm4_cfb128(), EVP_sm4_ofb(), EVP_sm4_ctr()" The \s-1SM4\s0 blockcipher with a 128\-bit key in \s-1CBC, ECB, CFB, OFB\s0 and \s-1CTR\s0 modes respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_CIPHER\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. Copyright 2017 Ribose Inc. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!Bw  SSL_CTX_set_cert_cb.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CERT_CB 3" .TH SSL_CTX_SET_CERT_CB 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_cert_cb, SSL_set_cert_cb \- handle certificate callback function .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), \& void *arg); \& void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg); \& \& int (*cert_cb)(SSL *ssl, void *arg); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_cert_cb()\fR and \fBSSL_set_cert_cb()\fR sets the \fBcert_cb()\fR callback, \&\fBarg\fR value is pointer which is passed to the application callback. .PP When \fBcert_cb()\fR is \s-1NULL,\s0 no callback function is used. .PP \&\fBcert_cb()\fR is the application defined callback. It is called before a certificate will be used by a client or server. The callback can then inspect the passed \fBssl\fR structure and set or clear any appropriate certificates. If the callback is successful it \fB\s-1MUST\s0\fR return 1 even if no certificates have been set. A zero is returned on error which will abort the handshake with a fatal internal error alert. A negative return value will suspend the handshake and the handshake function will return immediately. \&\fBSSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call of \fBcert_cb()\fR. It is the job of the \&\fBcert_cb()\fR to store information about the state of the last call, if required to continue. .SH "NOTES" .IX Header "NOTES" An application will typically call \fBSSL_use_certificate()\fR and \&\fBSSL_use_PrivateKey()\fR to set the end entity certificate and private key. It can add intermediate and optionally the root \s-1CA\s0 certificates using \&\fBSSL_add1_chain_cert()\fR. .PP It might also call \fBSSL_certs_clear()\fR to delete any certificates associated with the \fB\s-1SSL\s0\fR object. .PP The certificate callback functionality supersedes the (largely broken) functionality provided by the old client certificate callback interface. It is \fBalways\fR called even is a certificate is already set so the callback can modify or delete the existing certificate. .PP A more advanced callback might examine the handshake parameters and set whatever chain is appropriate. For example a legacy client supporting only TLSv1.0 might receive a certificate chain signed using \s-1SHA1\s0 whereas a TLSv1.2 or later client which advertises support for \s-1SHA256\s0 could receive a chain using \s-1SHA256.\s0 .PP Normal server sanity checks are performed on any certificates set by the callback. So if an \s-1EC\s0 chain is set for a curve the client does not support it will \fBnot\fR be used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_cert_cb()\fR and \fBSSL_set_cert_cb()\fR do not return values. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_use_certificate\fR\|(3), \&\fBSSL_add1_chain_cert\fR\|(3), \&\fBSSL_get_client_CA_list\fR\|(3), \&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!wEVP_PKEY_asn1_get_count.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_ASN1_GET_COUNT 3" .TH EVP_PKEY_ASN1_GET_COUNT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_asn1_find, EVP_PKEY_asn1_find_str, EVP_PKEY_asn1_get_count, EVP_PKEY_asn1_get0, EVP_PKEY_asn1_get0_info \&\- enumerate public key ASN.1 methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_PKEY_asn1_get_count(void); \& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); \& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); \& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, \& const char *str, int len); \& int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, \& int *ppkey_flags, const char **pinfo, \& const char **ppem_str, \& const EVP_PKEY_ASN1_METHOD *ameth); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBEVP_PKEY_asn1_count()\fR returns a count of the number of public key \&\s-1ASN.1\s0 methods available: it includes standard methods and any methods added by the application. .PP \&\fBEVP_PKEY_asn1_get0()\fR returns the public key \s-1ASN.1\s0 method \fBidx\fR. The value of \fBidx\fR must be between zero and \fBEVP_PKEY_asn1_get_count()\fR \&\- 1. .PP \&\fBEVP_PKEY_asn1_find()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 \&\fBtype\fR. If \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will look up an engine implementing a \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 \fBtype\fR and return that instead, and also set \fB*pe\fR to point at the engine that implements it. .PP \&\fBEVP_PKEY_asn1_find_str()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1PEM\s0 type string \fBstr\fR. Just like \fBEVP_PKEY_asn1_find()\fR, if \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will look up an engine implementing a \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 \&\fBtype\fR and return that instead, and also set \fB*pe\fR to point at the engine that implements it. .PP \&\fBEVP_PKEY_asn1_get0_info()\fR returns the public key \s-1ID,\s0 base public key \&\s-1ID\s0 (both NIDs), any flags, the method description and \s-1PEM\s0 type string associated with the public key \s-1ASN.1\s0 method \fB*ameth\fR. .PP \&\fBEVP_PKEY_asn1_count()\fR, \fBEVP_PKEY_asn1_get0()\fR, \fBEVP_PKEY_asn1_find()\fR and \&\fBEVP_PKEY_asn1_find_str()\fR are not thread safe, but as long as all \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are added before the application gets threaded, using them is safe. See \fBEVP_PKEY_asn1_add0\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_asn1_count()\fR returns the number of available public key methods. .PP \&\fBEVP_PKEY_asn1_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is out of range. .PP \&\fBEVP_PKEY_asn1_get0_info()\fR returns 0 on failure, 1 on success. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_asn1_new\fR\|(3), \fBEVP_PKEY_asn1_add0\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!*EVP_cast5_cbc.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_CAST5_CBC 3" .TH EVP_CAST5_CBC 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_cast5_cbc, EVP_cast5_cfb, EVP_cast5_cfb64, EVP_cast5_ecb, EVP_cast5_ofb \&\- EVP CAST cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_CIPHER *EVP_cast5_cbc(void) \& const EVP_CIPHER *EVP_cast5_cfb(void) \& const EVP_CIPHER *EVP_cast5_cfb64(void) \& const EVP_CIPHER *EVP_cast5_ecb(void) \& const EVP_CIPHER *EVP_cast5_ofb(void) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1CAST\s0 encryption algorithm for \s-1EVP.\s0 .PP This is a variable key length cipher. .IP "\fBEVP_cast5_cbc()\fR, \fBEVP_cast5_ecb()\fR, \fBEVP_cast5_cfb()\fR, \fBEVP_cast5_cfb64()\fR, \fBEVP_cast5_ofb()\fR" 4 .IX Item "EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb(), EVP_cast5_cfb64(), EVP_cast5_ofb()" \&\s-1CAST\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for details of the \fB\s-1EVP_CIPHER\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_EncryptInit\fR\|(3), \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!P066EVP_PKEY_verify_recover.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_VERIFY_RECOVER 3" .TH EVP_PKEY_VERIFY_RECOVER 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover \- recover signature using a public key algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); \& int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, \& unsigned char *rout, size_t *routlen, \& const unsigned char *sig, size_t siglen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBEVP_PKEY_verify_recover_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for a verify recover operation. .PP The \fBEVP_PKEY_verify_recover()\fR function recovers signed data using \fBctx\fR. The signature is specified using the \fBsig\fR and \&\fBsiglen\fR parameters. If \fBrout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to the \fBroutlen\fR parameter. If \fBrout\fR is not \fB\s-1NULL\s0\fR then before the call the \fBroutlen\fR parameter should contain the length of the \&\fBrout\fR buffer, if the call is successful recovered data is written to \&\fBrout\fR and the amount of data written to \fBroutlen\fR. .SH "NOTES" .IX Header "NOTES" Normally an application is only interested in whether a signature verification operation is successful in those cases the \fBEVP_verify()\fR function should be used. .PP Sometimes however it is useful to obtain the data originally signed using a signing operation. Only certain public key algorithms can recover a signature in this way (for example \s-1RSA\s0 in \s-1PKCS\s0 padding mode). .PP After the call to \fBEVP_PKEY_verify_recover_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation. .PP The function \fBEVP_PKEY_verify_recover()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_verify_recover_init()\fR and \fBEVP_PKEY_verify_recover()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLES" .IX Header "EXAMPLES" Recover digest originally signed using PKCS#1 and \s-1SHA256\s0 digest: .PP .Vb 2 \& #include \& #include \& \& EVP_PKEY_CTX *ctx; \& unsigned char *rout, *sig; \& size_t routlen, siglen; \& EVP_PKEY *verify_key; \& \& /* \& * NB: assumes verify_key, sig and siglen are already set up \& * and that verify_key is an RSA public key \& */ \& ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */); \& if (!ctx) \& /* Error occurred */ \& if (EVP_PKEY_verify_recover_init(ctx) <= 0) \& /* Error */ \& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) \& /* Error */ \& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) \& /* Error */ \& \& /* Determine buffer length */ \& if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0) \& /* Error */ \& \& rout = OPENSSL_malloc(routlen); \& \& if (!rout) \& /* malloc failure */ \& \& if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0) \& /* Error */ \& \& /* Recovered data is routlen bytes written to buffer rout */ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_encrypt\fR\|(3), \&\fBEVP_PKEY_decrypt\fR\|(3), \&\fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_verify\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!YZi&&SSL_CTX_ctrl.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_CTRL 3" .TH SSL_CTX_CTRL 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for SSL_CTX and SSL objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); \& long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)()); \& \& long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); \& long SSL_callback_ctrl(SSL *, int cmd, void (*fp)()); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The SSL_*\fB_ctrl()\fR family of functions is used to manipulate settings of the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects. Depending on the command \fBcmd\fR the arguments \&\fBlarg\fR, \fBparg\fR, or \fBfp\fR are evaluated. These functions should never be called directly. All functionalities needed are made available via other functions or macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The return values of the SSL*\fB_ctrl()\fR functions depend on the command supplied via the \fBcmd\fR parameter. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!^nnEVP_PKEY_size.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_SIZE 3" .TH EVP_PKEY_SIZE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_size, EVP_PKEY_bits, EVP_PKEY_security_bits \&\- EVP_PKEY information functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_PKEY_size(const EVP_PKEY *pkey); \& int EVP_PKEY_bits(const EVP_PKEY *pkey); \& int EVP_PKEY_security_bits(const EVP_PKEY *pkey); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBEVP_PKEY_size()\fR returns the maximum suitable size for the output buffers for almost all operations that can be done with \fIpkey\fR. The primary documented use is with \fBEVP_SignFinal\fR\|(3) and \&\fBEVP_SealInit\fR\|(3), but it isn't limited there. The returned size is also large enough for the output buffer of \fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_encrypt\fR\|(3), \fBEVP_PKEY_decrypt\fR\|(3), \fBEVP_PKEY_derive\fR\|(3). .PP It must be stressed that, unless the documentation for the operation that's being performed says otherwise, the size returned by \&\fBEVP_PKEY_size()\fR is only preliminary and not exact, so the final contents of the target buffer may be smaller. It is therefore crucial to take note of the size given back by the function that performs the operation, such as \fBEVP_PKEY_sign\fR\|(3) (the \fIsiglen\fR argument will receive that length), to avoid bugs. .PP \&\fBEVP_PKEY_bits()\fR returns the cryptographic length of the cryptosystem to which the key in \fIpkey\fR belongs, in bits. Note that the definition of cryptographic length is specific to the key cryptosystem. .PP \&\fBEVP_PKEY_security_bits()\fR returns the number of security bits of the given \&\fIpkey\fR, bits of security is defined in \s-1NIST SP800\-57.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_size()\fR, \fBEVP_PKEY_bits()\fR and \fBEVP_PKEY_security_bits()\fR return a positive number, or 0 if this size isn't available. .SH "NOTES" .IX Header "NOTES" Most functions that have an output buffer and are mentioned with \&\fBEVP_PKEY_size()\fR have a functionality where you can pass \s-1NULL\s0 for the buffer and still pass a pointer to an integer and get the exact size that this function call delivers in the context that it's called in. This allows those functions to be called twice, once to find out the exact buffer size, then allocate the buffer in between, and call that function again actually output the data. For those functions, it isn't strictly necessary to call \fBEVP_PKEY_size()\fR to find out the buffer size, but may be useful in cases where it's desirable to know the upper limit in advance. .PP It should also be especially noted that \fBEVP_PKEY_size()\fR shouldn't be used to get the output size for \fBEVP_DigestSignFinal()\fR, according to \&\*(L"\s-1NOTES\*(R"\s0 in \fBEVP_DigestSignFinal\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_SignFinal\fR\|(3), \&\fBEVP_SealInit\fR\|(3), \&\fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_encrypt\fR\|(3), \&\fBEVP_PKEY_decrypt\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!HEVP_PKEY_meth_get_count.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_METH_GET_COUNT 3" .TH EVP_PKEY_METH_GET_COUNT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info \- enumerate public key methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& size_t EVP_PKEY_meth_get_count(void); \& const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); \& void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, \& const EVP_PKEY_METHOD *meth); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBEVP_PKEY_meth_count()\fR returns a count of the number of public key methods available: it includes standard methods and any methods added by the application. .PP \&\fBEVP_PKEY_meth_get0()\fR returns the public key method \fBidx\fR. The value of \fBidx\fR must be between zero and \fBEVP_PKEY_meth_get_count()\fR \- 1. .PP \&\fBEVP_PKEY_meth_get0_info()\fR returns the public key \s-1ID\s0 (a \s-1NID\s0) and any flags associated with the public key method \fB*meth\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_meth_count()\fR returns the number of available public key methods. .PP \&\fBEVP_PKEY_meth_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is out of range. .PP \&\fBEVP_PKEY_meth_get0_info()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!"SSL_CTX_set_max_cert_list.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_MAX_CERT_LIST 3" .TH SSL_CTX_SET_MAX_CERT_LIST 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list \- manipulate allowed size for the peer's certificate chain .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size); \& long SSL_CTX_get_max_cert_list(SSL_CTX *ctx); \& \& long SSL_set_max_cert_list(SSL *ssl, long size); \& long SSL_get_max_cert_list(SSL *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's certificate chain for all \s-1SSL\s0 objects created from \fBctx\fR to be bytes. The \s-1SSL\s0 objects inherit the setting valid for \fBctx\fR at the time \&\fBSSL_new\fR\|(3) is being called. .PP \&\fBSSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR. .PP \&\fBSSL_set_max_cert_list()\fR sets the maximum size allowed for the peer's certificate chain for \fBssl\fR to be bytes. This setting stays valid until a new value is set. .PP \&\fBSSL_get_max_cert_list()\fR returns the currently set maximum size for \fBssl\fR. .SH "NOTES" .IX Header "NOTES" During the handshake process, the peer may send a certificate chain. The \s-1TLS/SSL\s0 standard does not give any maximum size of the certificate chain. The OpenSSL library handles incoming data by a dynamically allocated buffer. In order to prevent this buffer from growing without bounds due to data received from a faulty or malicious peer, a maximum size for the certificate chain is set. .PP The default value for the maximum certificate chain size is 100kB (30kB on the 16\-bit \s-1DOS\s0 platform). This should be sufficient for usual certificate chains (OpenSSL's default maximum chain length is 10, see \&\fBSSL_CTX_set_verify\fR\|(3), and certificates without special extensions have a typical size of 1\-2kB). .PP For special applications it can be necessary to extend the maximum certificate chain size allowed to be sent by the peer, see e.g. the work on \&\*(L"Internet X.509 Public Key Infrastructure Proxy Certificate Profile\*(R" and \*(L"\s-1TLS\s0 Delegation Protocol\*(R" at http://www.ietf.org/ and http://www.globus.org/ . .PP Under normal conditions it should never be necessary to set a value smaller than the default, as the buffer is handled dynamically and only uses the memory actually required by the data sent by the peer. .PP If the maximum certificate chain size allowed is exceeded, the handshake will fail with a \s-1SSL_R_EXCESSIVE_MESSAGE_SIZE\s0 error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_max_cert_list()\fR and \fBSSL_set_max_cert_list()\fR return the previously set value. .PP \&\fBSSL_CTX_get_max_cert_list()\fR and \fBSSL_get_max_cert_list()\fR return the currently set value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \&\fBSSL_CTX_set_verify\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!:fd`)`)PKCS7_verify.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PKCS7_VERIFY 3" .TH PKCS7_VERIFY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" PKCS7_verify, PKCS7_get0_signers \- verify a PKCS#7 signedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, \& BIO *indata, BIO *out, int flags); \& \& STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBPKCS7_verify()\fR is very similar to \fBCMS_verify\fR\|(3). It verifies a PKCS#7 signedData structure given in \fIp7\fR. The optional \fIcerts\fR parameter refers to a set of certificates in which to search for signer's certificates. \&\fIp7\fR may contain extra untrusted \s-1CA\s0 certificates that may be used for chain building as well as CRLs that may be used for certificate validation. \&\fIstore\fR may be \s-1NULL\s0 or point to the trusted certificate store to use for chain verification. \&\fIindata\fR refers to the signed data if the content is detached from \fIp7\fR. Otherwise \fIindata\fR should be \s-1NULL,\s0 and then the signed data must be in \fIp7\fR. The content is written to the \s-1BIO\s0 \fIout\fR unless it is \s-1NULL.\s0 \&\fIflags\fR is an optional set of flags, which can be used to modify the operation. .PP \&\fBPKCS7_get0_signers()\fR retrieves the signer's certificates from \fIp7\fR, it does \&\fBnot\fR check their validity or whether any signatures are valid. The \fIcerts\fR and \fIflags\fR parameters have the same meanings as in \fBPKCS7_verify()\fR. .SH "VERIFY PROCESS" .IX Header "VERIFY PROCESS" Normally the verify process proceeds as follows. .PP Initially some sanity checks are performed on \fIp7\fR. The type of \fIp7\fR must be SignedData. There must be at least one signature on the data and if the content is detached \fIindata\fR cannot be \s-1NULL.\s0 If the content is not detached and \fIindata\fR is not \s-1NULL\s0 then the structure has both embedded and external content. To treat this as an error, use the flag \&\fB\s-1PKCS7_NO_DUAL_CONTENT\s0\fR. The default behavior allows this, for compatibility with older versions of OpenSSL. .PP An attempt is made to locate all the signer's certificates, first looking in the \fIcerts\fR parameter (if it is not \s-1NULL\s0). Then they are looked up in any certificates contained in the \fIp7\fR structure unless \fB\s-1PKCS7_NOINTERN\s0\fR is set. If any signer's certificates cannot be located the operation fails. .PP Each signer's certificate is chain verified using the \fBsmimesign\fR purpose and using the trusted certificate store \fIstore\fR if supplied. Any internal certificates in the message, which may have been added using \&\fBPKCS7_add_certificate\fR\|(3), are used as untrusted CAs unless \fB\s-1PKCS7_NOCHAIN\s0\fR is set. If \s-1CRL\s0 checking is enabled in \fIstore\fR and \fB\s-1PKCS7_NOCRL\s0\fR is not set, any internal CRLs, which may have been added using \fBPKCS7_add_crl\fR\|(3), are used in addition to attempting to look them up in \fIstore\fR. If \fIstore\fR is not \s-1NULL\s0 and any chain verify fails an error code is returned. .PP Finally the signed content is read (and written to \fIout\fR unless it is \s-1NULL\s0) and the signature is checked. .PP If all signatures verify correctly then the function is successful. .PP Any of the following flags (ored together) can be passed in the \fIflags\fR parameter to change the default verify behaviour. Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is meaningful to \fBPKCS7_get0_signers()\fR. .PP If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not searched when locating the signer's certificates. This means that all the signer's certificates must be in the \fIcerts\fR parameter. .PP If \fB\s-1PKCS7_NOCRL\s0\fR is set and \s-1CRL\s0 checking is enabled in \fIstore\fR then any CRLs in the message itself are ignored. .PP If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \f(CW\*(C`text/plain\*(C'\fR are deleted from the content. If the content is not of type \f(CW\*(C`text/plain\*(C'\fR then an error is returned. .PP If \fB\s-1PKCS7_NOVERIFY\s0\fR is set the signer's certificates are not chain verified. .PP If \fB\s-1PKCS7_NOCHAIN\s0\fR is set then the certificates contained in the message are not used as untrusted CAs. This means that the whole verify chain (apart from the signer's certificates) must be contained in the trusted store. .PP If \fB\s-1PKCS7_NOSIGS\s0\fR is set then the signatures on the data are not checked. .SH "NOTES" .IX Header "NOTES" One application of \fB\s-1PKCS7_NOINTERN\s0\fR is to only accept messages signed by a small number of certificates. The acceptable certificates would be passed in the \fIcerts\fR parameter. In this case if the signer's certificate is not one of the certificates supplied in \fIcerts\fR then the verify will fail because the signer cannot be found. .PP Care should be taken when modifying the default verify behaviour, for example setting \fBPKCS7_NOVERIFY|PKCS7_NOSIGS\fR will totally disable all verification and any signed message will be considered valid. This combination is however useful if one merely wishes to write the content to \fIout\fR and its validity is not considered important. .PP Chain verification should arguably be performed using the signing time rather than the current time. However, since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPKCS7_verify()\fR returns 1 for a successful verification and 0 if an error occurs. .PP \&\fBPKCS7_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred. .PP The error can be obtained from \fBERR_get_error\fR\|(3). .SH "BUGS" .IX Header "BUGS" The trusted certificate store is not searched for the signer's certificates. This is primarily due to the inadequacies of the current \fBX509_STORE\fR functionality. .PP The lack of single pass processing means that the signed content must all be held in memory if it is not detached. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBCMS_verify\fR\|(3), \fBPKCS7_add_certificate\fR\|(3), \fBPKCS7_add_crl\fR\|(3), \&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!t,BN_num_bytes.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_NUM_BYTES 3" .TH BN_NUM_BYTES 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_num_bits, BN_num_bytes, BN_num_bits_word \- get BIGNUM size .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int BN_num_bytes(const BIGNUM *a); \& \& int BN_num_bits(const BIGNUM *a); \& \& int BN_num_bits_word(BN_ULONG w); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBN_num_bytes()\fR returns the size of a \fB\s-1BIGNUM\s0\fR in bytes. .PP \&\fBBN_num_bits_word()\fR returns the number of significant bits in a word. If we take 0x00000432 as an example, it returns 11, not 16, not 32. Basically, except for a zero, it returns \fIfloor(log2(w))+1\fR. .PP \&\fBBN_num_bits()\fR returns the number of significant bits in a \fB\s-1BIGNUM\s0\fR, following the same principle as \fBBN_num_bits_word()\fR. .PP \&\fBBN_num_bytes()\fR is a macro. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The size. .SH "NOTES" .IX Header "NOTES" Some have tried using \fBBN_num_bits()\fR on individual numbers in \s-1RSA\s0 keys, \&\s-1DH\s0 keys and \s-1DSA\s0 keys, and found that they don't always come up with the number of bits they expected (something like 512, 1024, 2048, \&...). This is because generating a number with some specific number of bits doesn't always set the highest bits, thereby making the number of \fIsignificant\fR bits a little lower. If you want to know the \*(L"key size\*(R" of such a key, either use functions like \fBRSA_size()\fR, \fBDH_size()\fR and \fBDSA_size()\fR, or use \fBBN_num_bytes()\fR and multiply with 8 (although there's no real guarantee that will match the \*(L"key size\*(R", just a lot more probability). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDH_size\fR\|(3), \fBDSA_size\fR\|(3), \&\fBRSA_size\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!K{HBIO_f_base64.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_F_BASE64 3" .TH BIO_F_BASE64 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_f_base64 \- base64 BIO filter .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 \& #include \& #include \& \& const BIO_METHOD *BIO_f_base64(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. This is a filter \&\s-1BIO\s0 that base64 encodes any data written through it and decodes any data read through it. .PP Base64 BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR. .PP For writing, output is by default divided to lines of length 64 characters and there is always a newline at the end of output. .PP For reading, first line should be at most 1024 characters long. If it is longer then it is ignored completely. Other input lines can be of any length. There must be a newline at the end of input. .PP This behavior can be changed with \s-1BIO_FLAGS_BASE64_NO_NL\s0 flag. .PP \&\fBBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is used to signal that no more data is to be encoded: this is used to flush the final block through the \s-1BIO.\s0 .PP The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fBBIO_set_flags()\fR. For writing, it causes all data to be written on one line without newline at the end. For reading, it expects the data to be all on one line (with or without a trailing newline). .SH "NOTES" .IX Header "NOTES" Because of the format of base64 encoding the end of the encoded block cannot always be reliably determined. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. .SH "EXAMPLES" .IX Header "EXAMPLES" Base64 encode the string \*(L"Hello World\en\*(R" and write the result to standard output: .PP .Vb 2 \& BIO *bio, *b64; \& char message[] = "Hello World \en"; \& \& b64 = BIO_new(BIO_f_base64()); \& bio = BIO_new_fp(stdout, BIO_NOCLOSE); \& BIO_push(b64, bio); \& BIO_write(b64, message, strlen(message)); \& BIO_flush(b64); \& \& BIO_free_all(b64); .Ve .PP Read Base64 encoded data from standard input and write the decoded data to standard output: .PP .Vb 3 \& BIO *bio, *b64, *bio_out; \& char inbuf[512]; \& int inlen; \& \& b64 = BIO_new(BIO_f_base64()); \& bio = BIO_new_fp(stdin, BIO_NOCLOSE); \& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); \& BIO_push(b64, bio); \& while ((inlen = BIO_read(b64, inbuf, 512)) > 0) \& BIO_write(bio_out, inbuf, inlen); \& \& BIO_flush(bio_out); \& BIO_free_all(b64); .Ve .SH "BUGS" .IX Header "BUGS" The ambiguity of \s-1EOF\s0 in base64 encoded data can cause additional data following the base64 encoded block to be misinterpreted. .PP There should be some way of specifying a test that the \s-1BIO\s0 can perform to reliably determine \s-1EOF\s0 (for example a \s-1MIME\s0 boundary). .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!)\SSL_CTX_set_keylog_callback.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_KEYLOG_CALLBACK 3" .TH SSL_CTX_SET_KEYLOG_CALLBACK 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_keylog_callback, SSL_CTX_get_keylog_callback, SSL_CTX_keylog_cb_func \- logging TLS key material .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); \& \& void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); \& SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_keylog_callback()\fR sets the \s-1TLS\s0 key logging callback. This callback is called whenever \s-1TLS\s0 key material is generated or received, in order to allow applications to store this keying material for debugging purposes. .PP \&\fBSSL_CTX_get_keylog_callback()\fR retrieves the previously set \s-1TLS\s0 key logging callback. If no callback has been set, this will return \s-1NULL.\s0 When there is no key logging callback, or if SSL_CTX_set_keylog_callback is called with \s-1NULL\s0 as the value of cb, no logging of key material will be done. .PP The key logging callback is called with two items: the \fBssl\fR object associated with the connection, and \fBline\fR, a string containing the key material in the format used by \s-1NSS\s0 for its \fB\s-1SSLKEYLOGFILE\s0\fR debugging output. To recreate that file, the key logging callback should log \fBline\fR, followed by a newline. \&\fBline\fR will always be a NULL-terminated string. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_get_keylog_callback()\fR returns a pointer to \fBSSL_CTX_keylog_cb_func\fR or \&\s-1NULL\s0 if the callback is not set. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!]_33CRYPTO_memcmp.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CRYPTO_MEMCMP 3" .TH CRYPTO_MEMCMP 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CRYPTO_memcmp \- Constant time memory comparison .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int CRYPTO_memcmp(const void *a, const void *b, size_t len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The CRYPTO_memcmp function compares the \fBlen\fR bytes pointed to by \fBa\fR and \fBb\fR for equality. It takes an amount of time dependent on \fBlen\fR, but independent of the contents of the memory regions pointed to by \fBa\fR and \fBb\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCRYPTO_memcmp()\fR returns 0 if the memory regions are equal and nonzero otherwise. .SH "NOTES" .IX Header "NOTES" Unlike \fBmemcmp\fR\|(2), this function cannot be used to order the two memory regions as the return value when they differ is undefined, other than being nonzero. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!~,+BN_mod_mul_montgomery.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_MOD_MUL_MONTGOMERY 3" .TH BN_MOD_MUL_MONTGOMERY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy, BN_from_montgomery, BN_to_montgomery \- Montgomery multiplication .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& BN_MONT_CTX *BN_MONT_CTX_new(void); \& void BN_MONT_CTX_free(BN_MONT_CTX *mont); \& \& int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx); \& BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); \& \& int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, \& BN_MONT_CTX *mont, BN_CTX *ctx); \& \& int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, \& BN_CTX *ctx); \& \& int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, \& BN_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions implement Montgomery multiplication. They are used automatically when \fBBN_mod_exp\fR\|(3) is called with suitable input, but they may be useful when several operations are to be performed using the same modulus. .PP \&\fBBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure. .PP \&\fBBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR by precomputing its inverse and a value R. .PP \&\fBBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR. .PP \&\fBBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if it was created by \fBBN_MONT_CTX_new()\fR, also the structure itself. If \fBmont\fR is \s-1NULL,\s0 nothing is done. .PP \&\fBBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places the result in \fIr\fR. .PP \&\fBBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1. .PP \&\fBBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R. Note that \fIa\fR must be nonnegative and smaller than the modulus. .PP For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBN_MONT_CTX_new()\fR returns the newly allocated \fB\s-1BN_MONT_CTX\s0\fR, and \s-1NULL\s0 on error. .PP \&\fBBN_MONT_CTX_free()\fR has no return value. .PP For the other functions, 1 is returned for success, 0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "WARNINGS" .IX Header "WARNINGS" The inputs must be reduced modulo \fBm\fR, otherwise the result will be outside the expected range. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), \&\fBBN_CTX_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBBN_MONT_CTX_init()\fR was removed in OpenSSL 1.1.0 .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!z   DSA_dup_DH.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DSA_DUP_DH 3" .TH DSA_DUP_DH 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DSA_dup_DH \- create a DH structure out of DSA structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& DH *DSA_dup_DH(const DSA *r); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q is lost during that conversion, but the resulting \s-1DH\s0 parameters contain its length. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "NOTE" .IX Header "NOTE" Be careful to avoid small subgroup attacks when using this. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDH_new\fR\|(3), \fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!--SSL_shutdown.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SHUTDOWN 3" .TH SSL_SHUTDOWN 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_shutdown \- shut down a TLS/SSL connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_shutdown(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the close_notify shutdown alert to the peer. .SH "NOTES" .IX Header "NOTES" \&\fBSSL_shutdown()\fR tries to send the close_notify shutdown alert to the peer. Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and a currently open session is considered closed and good and will be kept in the session cache for further reuse. .PP Note that \fBSSL_shutdown()\fR must not be called if a previous fatal error has occurred on a connection i.e. if \fBSSL_get_error()\fR has returned \s-1SSL_ERROR_SYSCALL\s0 or \s-1SSL_ERROR_SSL.\s0 .PP The shutdown procedure consists of two steps: sending of the close_notify shutdown alert, and reception of the peer's close_notify shutdown alert. The order of those two steps depends on the application. .PP It is acceptable for an application to only send its shutdown alert and then close the underlying connection without waiting for the peer's response. This way resources can be saved, as the process can already terminate or serve another connection. This should only be done when it is known that the other side will not send more data, otherwise there is a risk of a truncation attack. .PP When a client only writes and never reads from the connection, and the server has sent a session ticket to establish a session, the client might not be able to resume the session because it did not received and process the session ticket from the server. In case the application wants to be able to resume the session, it is recommended to do a complete shutdown procedure (bidirectional close_notify alerts). .PP When the underlying connection shall be used for more communications, the complete shutdown procedure must be performed, so that the peers stay synchronized. .PP \&\fBSSL_shutdown()\fR only closes the write direction. It is not possible to call \fBSSL_write()\fR after calling \fBSSL_shutdown()\fR. The read direction is closed by the peer. .SS "First to close the connection" .IX Subsection "First to close the connection" When the application is the first party to send the close_notify alert, \fBSSL_shutdown()\fR will only send the alert and then set the \&\s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in the cache). If successful, \fBSSL_shutdown()\fR will return 0. .PP If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first successful call to \fBSSL_shutdown()\fR is sufficient. .PP In order to complete the bidirectional shutdown handshake, the peer needs to send back a close_notify alert. The \s-1SSL_RECEIVED_SHUTDOWN\s0 flag will be set after receiving and processing it. .PP The peer is still allowed to send data after receiving the close_notify event. When it is done sending data, it will send the close_notify alert. \&\fBSSL_read()\fR should be called until all data is received. \&\fBSSL_read()\fR will indicate the end of the peer data by returning <= 0 and \fBSSL_get_error()\fR returning \s-1SSL_ERROR_ZERO_RETURN.\s0 .SS "Peer closes the connection" .IX Subsection "Peer closes the connection" If the peer already sent the close_notify alert \fBand\fR it was already processed implicitly inside another function (\fBSSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \&\fBSSL_read()\fR will return <= 0 in that case, and \fBSSL_get_error()\fR will return \&\s-1SSL_ERROR_ZERO_RETURN.\s0 \&\fBSSL_shutdown()\fR will send the close_notify alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag. If successful, \fBSSL_shutdown()\fR will return 1. .PP Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \&\fBSSL_get_shutdown()\fR (see also \fBSSL_set_shutdown\fR\|(3) call. .SH "NOTES" .IX Header "NOTES" The behaviour of \fBSSL_shutdown()\fR additionally depends on the underlying \s-1BIO.\s0 If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_shutdown()\fR will only return once the handshake step has been finished or an error occurred. .PP If the underlying \s-1BIO\s0 is \fBnonblocking\fR, \fBSSL_shutdown()\fR will also return when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_shutdown()\fR to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the return value of \fBSSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fBSSL_shutdown()\fR. The action depends on the underlying \s-1BIO.\s0 When using a nonblocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .PP After \fBSSL_shutdown()\fR returned 0, it is possible to call \fBSSL_shutdown()\fR again to wait for the peer's close_notify alert. \&\fBSSL_shutdown()\fR will return 1 in that case. However, it is recommended to wait for it using \fBSSL_read()\fR instead. .PP \&\fBSSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" state but not actually send the close_notify alert messages, see \fBSSL_CTX_set_quiet_shutdown\fR\|(3). When \*(L"quiet shutdown\*(R" is enabled, \fBSSL_shutdown()\fR will always succeed and return 1. Note that this is not standard compliant behaviour. It should only be done when the peer has a way to make sure all data has been received and doesn't wait for the close_notify alert message, otherwise an unexpected \s-1EOF\s0 will be reported. .PP There are implementations that do not send the required close_notify alert. If there is a need to communicate with such an implementation, and it's clear that all data has been received, do not wait for the peer's close_notify alert. Waiting for the close_notify alert when the peer just closes the connection will result in an error being generated. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "0" 4 The shutdown is not yet finished: the close_notify was sent but the peer did not send it back yet. Call \fBSSL_read()\fR to do a bidirectional shutdown. .Sp Unlike most other function, returning 0 does not indicate an error. \&\fBSSL_get_error\fR\|(3) should not get called, it may misleadingly indicate an error even though no error occurred. .IP "1" 4 .IX Item "1" The shutdown was successfully completed. The close_notify alert was sent and the peer's close_notify alert was received. .IP "<0" 4 .IX Item "<0" The shutdown was not successful. Call \fBSSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. It can occur if an action is needed to continue the operation for nonblocking BIOs. .Sp It can also occur when not all data was read using \fBSSL_read()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), \&\fBSSL_accept\fR\|(3), \fBSSL_set_shutdown\fR\|(3), \&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), \&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3), \&\fBssl\fR\|(7), \fBbio\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!Gƀ##SSL_set1_host.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SET1_HOST 3" .TH SSL_SET1_HOST 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername \- SSL server verification parameters .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_set1_host(SSL *s, const char *hostname); \& int SSL_add1_host(SSL *s, const char *hostname); \& void SSL_set_hostflags(SSL *s, unsigned int flags); \& const char *SSL_get0_peername(SSL *s); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions configure server hostname checks in the \s-1SSL\s0 client. .PP \&\fBSSL_set1_host()\fR sets the expected \s-1DNS\s0 hostname to \fBname\fR clearing any previously specified hostname or names. If \fBname\fR is \s-1NULL,\s0 or the empty string the list of hostnames is cleared, and name checks are not performed on the peer certificate. When a nonempty \&\fBname\fR is specified, certificate verification automatically checks the peer hostname via \fBX509_check_host\fR\|(3) with \fBflags\fR as specified via \fBSSL_set_hostflags()\fR. Clients that enable \s-1DANE TLSA\s0 authentication via \fBSSL_dane_enable\fR\|(3) should leave it to that function to set the primary reference identifier of the peer, and should not call \&\fBSSL_set1_host()\fR. .PP \&\fBSSL_add1_host()\fR adds \fBname\fR as an additional reference identifier that can match the peer's certificate. Any previous names set via \&\fBSSL_set1_host()\fR or \fBSSL_add1_host()\fR are retained, no change is made if \fBname\fR is \s-1NULL\s0 or empty. When multiple names are configured, the peer is considered verified when any name matches. This function is required for \s-1DANE TLSA\s0 in the presence of service name indirection via \s-1CNAME, MX\s0 or \s-1SRV\s0 records as specified in \s-1RFC7671, RFC7672\s0 or \&\s-1RFC7673.\s0 .PP \&\fBSSL_set_hostflags()\fR sets the \fBflags\fR that will be passed to \&\fBX509_check_host\fR\|(3) when name checks are applicable, by default the \fBflags\fR value is 0. See \fBX509_check_host\fR\|(3) for the list of available flags and their meaning. .PP \&\fBSSL_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject CommonName from the peer certificate that matched one of the reference identifiers. When wildcard matching is not disabled, the name matched in the peer certificate may be a wildcard name. When one of the reference identifiers configured via \fBSSL_set1_host()\fR or \&\fBSSL_add1_host()\fR starts with \*(L".\*(R", which indicates a parent domain prefix rather than a fixed name, the matched peer name may be a sub-domain of the reference identifier. The returned string is allocated by the library and is no longer valid once the associated \fBssl\fR handle is cleared or freed, or a renegotiation takes place. Applications must not free the return value. .PP \&\s-1SSL\s0 clients are advised to use these functions in preference to explicitly calling \fBX509_check_host\fR\|(3). Hostname checks may be out of scope with the \s-1RFC7671 \fBDANE\-EE\s0\fR\|(3) certificate usage, and the internal check will be suppressed as appropriate when \s-1DANE\s0 is enabled. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_set1_host()\fR and \fBSSL_add1_host()\fR return 1 for success and 0 for failure. .PP \&\fBSSL_get0_peername()\fR returns \s-1NULL\s0 if peername verification is not applicable (as with \s-1RFC7671 \fBDANE\-EE\s0\fR\|(3)), or no trusted peername was matched. Otherwise, it returns the matched peername. To determine whether verification succeeded call \fBSSL_get_verify_result\fR\|(3). .SH "EXAMPLES" .IX Header "EXAMPLES" Suppose \*(L"smtp.example.com\*(R" is the \s-1MX\s0 host of the domain \*(L"example.com\*(R". The calls below will arrange to match either the \s-1MX\s0 hostname or the destination domain name in the \s-1SMTP\s0 server certificate. Wildcards are supported, but must match the entire label. The actual name matched in the certificate (which might be a wildcard) is retrieved, and must be copied by the application if it is to be retained beyond the lifetime of the \s-1SSL\s0 connection. .PP .Vb 5 \& SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); \& if (!SSL_set1_host(ssl, "smtp.example.com")) \& /* error */ \& if (!SSL_add1_host(ssl, "example.com")) \& /* error */ \& \& /* XXX: Perform SSL_connect() handshake and handle errors here */ \& \& if (SSL_get_verify_result(ssl) == X509_V_OK) { \& const char *peername = SSL_get0_peername(ssl); \& \& if (peername != NULL) \& /* Name checks were in scope and matched the peername */ \& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_check_host\fR\|(3), \&\fBSSL_get_verify_result\fR\|(3). \&\fBSSL_dane_enable\fR\|(3). .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!tzSSL_session_reused.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SESSION_REUSED 3" .TH SSL_SESSION_REUSED 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_session_reused \- query whether a reused session was negotiated during handshake .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_session_reused(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" Query, whether a reused session was negotiated during the handshake. .SH "NOTES" .IX Header "NOTES" During the negotiation, a client can propose to reuse a session. The server then looks up the session in its cache. If both client and server agree on the session, it will be reused and a flag is being set that can be queried by the application. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "0" 4 A new session was negotiated. .IP "1" 4 .IX Item "1" A session was reused. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), \&\fBSSL_CTX_set_session_cache_mode\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!\xxBN_CTX_start.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_CTX_START 3" .TH BN_CTX_START 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary BIGNUM variables .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void BN_CTX_start(BN_CTX *ctx); \& \& BIGNUM *BN_CTX_get(BN_CTX *ctx); \& \& void BN_CTX_end(BN_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions are used to obtain temporary \fB\s-1BIGNUM\s0\fR variables from a \fB\s-1BN_CTX\s0\fR (which can been created by using \fBBN_CTX_new\fR\|(3)) in order to save the overhead of repeatedly creating and freeing \fB\s-1BIGNUM\s0\fRs in functions that are called from inside a loop. .PP A function must call \fBBN_CTX_start()\fR first. Then, \fBBN_CTX_get()\fR may be called repeatedly to obtain temporary \fB\s-1BIGNUM\s0\fRs. All \fBBN_CTX_get()\fR calls must be made before calling any other functions that use the \&\fBctx\fR as an argument. .PP Finally, \fBBN_CTX_end()\fR must be called before returning from the function. If \fBctx\fR is \s-1NULL,\s0 nothing is done. When \fBBN_CTX_end()\fR is called, the \fB\s-1BIGNUM\s0\fR pointers obtained from \&\fBBN_CTX_get()\fR become invalid. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBN_CTX_start()\fR and \fBBN_CTX_end()\fR return no values. .PP \&\fBBN_CTX_get()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR, or \fB\s-1NULL\s0\fR on error. Once \fBBN_CTX_get()\fR has failed, the subsequent calls will return \fB\s-1NULL\s0\fR as well, so it is sufficient to check the return value of the last \&\fBBN_CTX_get()\fR call. In case of an error, an error code is set, which can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBN_CTX_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!HF$$EVP_DigestVerifyInit.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_DIGESTVERIFYINIT 3" .TH EVP_DIGESTVERIFYINIT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_DigestVerify \- EVP signature verification functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, \& const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); \& int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); \& int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, \& size_t siglen); \& int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, \& size_t siglen, const unsigned char *tbs, size_t tbslen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1EVP\s0 signature routines are a high-level interface to digital signatures. .PP \&\fBEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest \&\fBtype\fR from \s-1ENGINE\s0 \fBe\fR and public key \fBpkey\fR. \fBctx\fR must be created with \fBEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the \&\s-1EVP_PKEY_CTX\s0 of the verification operation will be written to \fB*pctx\fR: this can be used to set alternative verification options. Note that any existing value in \fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed directly by the application if \fBctx\fR is not assigned an \s-1EVP_PKEY_CTX\s0 value before being passed to \fBEVP_DigestVerifyInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created inside \fBEVP_DigestVerifyInit()\fR and it will be freed automatically when the \&\s-1EVP_MD_CTX\s0 is freed). .PP No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigestSignInit()\fR if the passed \fBctx\fR has already been assigned one via \fBEVP_MD_CTX_set_pkey_ctx\fR\|(3). See also \s-1\fBSM2\s0\fR\|(7). .PP \&\fBEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the verification context \fBctx\fR. This function can be called several times on the same \fBctx\fR to include additional data. This function is currently implemented using a macro. .PP \&\fBEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in \&\fBsig\fR of length \fBsiglen\fR. .PP \&\fBEVP_DigestVerify()\fR verifies \fBtbslen\fR bytes at \fBtbs\fR against the signature in \fBsig\fR of length \fBsiglen\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_DigestVerifyInit()\fR and \fBEVP_DigestVerifyUpdate()\fR return 1 for success and 0 for failure. .PP \&\fBEVP_DigestVerifyFinal()\fR and \fBEVP_DigestVerify()\fR return 1 for success; any other value indicates failure. A return value of zero indicates that the signature did not verify successfully (that is, \fBtbs\fR did not match the original data or the signature had an invalid form), while other values indicate a more serious error (and sometimes also indicate an invalid signature form). .PP The error codes can be obtained from \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP \&\fBEVP_DigestVerify()\fR is a one shot operation which verifies a single block of data in one function. For algorithms that support streaming it is equivalent to calling \fBEVP_DigestVerifyUpdate()\fR and \fBEVP_DigestVerifyFinal()\fR. For algorithms which do not support streaming (e.g. PureEdDSA) it is the only way to verify data. .PP In previous versions of OpenSSL there was a link between message digest types and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and the use of clone digest is now discouraged. .PP For some key types and parameters the random number generator must be seeded. If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. .PP The call to \fBEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest context. This means that \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can be called later to digest and verify additional data. .PP Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak will occur. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_DigestSignInit\fR\|(3), \&\fBEVP_DigestInit\fR\|(3), \&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), \&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), \&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1), \&\s-1\fBRAND\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" \&\fBEVP_DigestVerifyInit()\fR, \fBEVP_DigestVerifyUpdate()\fR and \fBEVP_DigestVerifyFinal()\fR were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!OjpSSL_CTX_set_ctlog_list_file.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CTLOG_LIST_FILE 3" .TH SSL_CTX_SET_CTLOG_LIST_FILE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_default_ctlog_list_file, SSL_CTX_set_ctlog_list_file \- load a Certificate Transparency log list from a file .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); \& int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_default_ctlog_list_file()\fR loads a list of Certificate Transparency (\s-1CT\s0) logs from the default file location, \*(L"ct_log_list.cnf\*(R", found in the directory where OpenSSL is installed. .PP \&\fBSSL_CTX_set_ctlog_list_file()\fR loads a list of \s-1CT\s0 logs from a specific path. See \fBCTLOG_STORE_new\fR\|(3) for the file format. .SH "NOTES" .IX Header "NOTES" These functions will not clear the existing \s-1CT\s0 log list \- it will be appended to. To replace the existing list, use SSL_CTX_set0_ctlog_store first. .PP If an error occurs whilst parsing a particular log entry in the file, that log entry will be skipped. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_default_ctlog_list_file()\fR and \fBSSL_CTX_set_ctlog_list_file()\fR return 1 if the log list is successfully loaded, and 0 if an error occurs. In the case of an error, the log list may have been partially loaded. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_ct_validation_callback\fR\|(3), \&\fBCTLOG_STORE_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!{<X509_get0_uids.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_GET0_UIDS 3" .TH X509_GET0_UIDS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_get0_uids \- get certificate unique identifiers .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, \& const ASN1_BIT_STRING **psuid); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_get0_uids()\fR sets \fB*piuid\fR and \fB*psuid\fR to the issuer and subject unique identifiers of certificate \fBx\fR or \s-1NULL\s0 if the fields are not present. .SH "NOTES" .IX Header "NOTES" The issuer and subject unique identifier fields are very rarely encountered in practice outside test cases. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_get0_uids()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), \&\fBERR_get_error\fR\|(3), \&\fBX509_CRL_get0_by_serial\fR\|(3), \&\fBX509_get0_signature\fR\|(3), \&\fBX509_get_ext_d2i\fR\|(3), \&\fBX509_get_extension_flags\fR\|(3), \&\fBX509_get_pubkey\fR\|(3), \&\fBX509_get_subject_name\fR\|(3), \&\fBX509_get_version\fR\|(3), \&\fBX509_NAME_add_entry_by_txt\fR\|(3), \&\fBX509_NAME_ENTRY_get_object\fR\|(3), \&\fBX509_NAME_get_index_by_NID\fR\|(3), \&\fBX509_NAME_print_ex\fR\|(3), \&\fBX509_new\fR\|(3), \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!22OPENSSL_instrument_bus.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OPENSSL_INSTRUMENT_BUS 3" .TH OPENSSL_INSTRUMENT_BUS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OPENSSL_instrument_bus, OPENSSL_instrument_bus2 \- instrument references to memory bus .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 4 \& #ifdef OPENSSL_CPUID_OBJ \& size_t OPENSSL_instrument_bus(int *vector, size_t num); \& size_t OPENSSL_instrument_bus2(int *vector, size_t num, size_t max); \& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" It was empirically found that timings of references to primary memory are subject to irregular, apparently non-deterministic variations. The subroutines in question instrument these references for purposes of gathering randomness for random number generator. In order to make it bus-bound a 'flush cache line' instruction is used between probes. In addition probes are added to \fBvector\fR elements in atomic or interlocked manner, which should contribute additional noise on multi-processor systems. This also means that \fBvector[num]\fR should be zeroed upon invocation (if you want to retrieve actual probe values). .PP \&\fBOPENSSL_instrument_bus()\fR performs \fBnum\fR probes and records the number of oscillator cycles every probe took. .PP \&\fBOPENSSL_instrument_bus2()\fR on the other hand \fBaccumulates\fR consecutive probes with the same value, i.e. in a way it records duration of periods when probe values appeared deterministic. The subroutine performs at most \fBmax\fR probes in attempt to fill the \fBvector[num]\fR, with \fBmax\fR value of 0 meaning \*(L"as many as it takes.\*(R" .SH "RETURN VALUES" .IX Header "RETURN VALUES" Return value of 0 indicates that \s-1CPU\s0 is not capable of performing the benchmark, either because oscillator counter or 'flush cache line' is not available on current platform. For reference, on x86 'flush cache line' was introduced with the \s-1SSE2\s0 extensions. .PP Otherwise number of recorded values is returned. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2011\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ywOPENSSL_fork_prepare.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OPENSSL_FORK_PREPARE 3" .TH OPENSSL_FORK_PREPARE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OPENSSL_fork_prepare, OPENSSL_fork_parent, OPENSSL_fork_child \&\- OpenSSL fork handlers .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void OPENSSL_fork_prepare(void); \& void OPENSSL_fork_parent(void); \& void OPENSSL_fork_child(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" OpenSSL has state that should be reset when a process forks. For example, the entropy pool used to generate random numbers (and therefore encryption keys) should not be shared across multiple programs. The \fBOPENSSL_fork_prepare()\fR, \fBOPENSSL_fork_parent()\fR, and \fBOPENSSL_fork_child()\fR functions are used to reset this internal state. .PP Platforms without \fBfork\fR\|(2) will probably not need to use these functions. Platforms with \fBfork\fR\|(2) but without \fBpthread_atfork\fR\|(3) will probably need to call them manually, as described in the following paragraph. Platforms such as Linux that have both functions will normally not need to call these functions as the OpenSSL library will do so automatically. .PP \&\fBOPENSSL_init_crypto\fR\|(3) will register these functions with the appropriate handler, when the \fB\s-1OPENSSL_INIT_ATFORK\s0\fR flag is used. For other applications, these functions can be called directly. They should be used according to the calling sequence described by the \fBpthread_atfork\fR\|(3) documentation, which is summarized here. \fBOPENSSL_fork_prepare()\fR should be called before a \fBfork()\fR is done. After the \fBfork()\fR returns, the parent process should call \fBOPENSSL_fork_parent()\fR and the child process should call \fBOPENSSL_fork_child()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOPENSSL_fork_prepare()\fR, \fBOPENSSL_fork_parent()\fR and \fBOPENSSL_fork_child()\fR do not return values. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOPENSSL_init_crypto\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ASN1_ITEM_lookup.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ASN1_ITEM_LOOKUP 3" .TH ASN1_ITEM_LOOKUP 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ASN1_ITEM_lookup, ASN1_ITEM_get \- lookup ASN.1 structures .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const ASN1_ITEM *ASN1_ITEM_lookup(const char *name); \& const ASN1_ITEM *ASN1_ITEM_get(size_t i); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBASN1_ITEM_lookup()\fR returns the \fB\s-1ASN1_ITEM\s0 name\fR. .PP \&\fBASN1_ITEM_get()\fR returns the \fB\s-1ASN1_ITEM\s0\fR with index \fBi\fR. This function returns \fB\s-1NULL\s0\fR if the index \fBi\fR is out of range. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASN1_ITEM_lookup()\fR and \fBASN1_ITEM_get()\fR return a valid \fB\s-1ASN1_ITEM\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!+\\ RSA_size.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RSA_SIZE 3" .TH RSA_SIZE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RSA_size, RSA_bits, RSA_security_bits \- get RSA modulus size or security bits .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int RSA_size(const RSA *rsa); \& \& int RSA_bits(const RSA *rsa); \& \& int RSA_security_bits(const RSA *rsa) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBRSA_size()\fR returns the \s-1RSA\s0 modulus size in bytes. It can be used to determine how much memory must be allocated for an \s-1RSA\s0 encrypted value. .PP \&\fBRSA_bits()\fR returns the number of significant bits. .PP \&\fBrsa\fR and \fBrsa\->n\fR must not be \fB\s-1NULL\s0\fR. .PP \&\fBRSA_security_bits()\fR returns the number of security bits of the given \fBrsa\fR key. See \fBBN_security_bits\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRSA_size()\fR returns the size of modulus in bytes. .PP \&\fBDSA_bits()\fR returns the number of bits in the key. .PP \&\fBRSA_security_bits()\fR returns the number of security bits. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBN_num_bits\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBRSA_bits()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!)')'RAND_DRBG_set_callbacks.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RAND_DRBG_SET_CALLBACKS 3" .TH RAND_DRBG_SET_CALLBACKS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RAND_DRBG_set_callbacks, RAND_DRBG_get_entropy_fn, RAND_DRBG_cleanup_entropy_fn, RAND_DRBG_get_nonce_fn, RAND_DRBG_cleanup_nonce_fn \&\- set callbacks for reseeding .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& \& int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, \& RAND_DRBG_get_entropy_fn get_entropy, \& RAND_DRBG_cleanup_entropy_fn cleanup_entropy, \& RAND_DRBG_get_nonce_fn get_nonce, \& RAND_DRBG_cleanup_nonce_fn cleanup_nonce); .Ve .SS "Callback Functions" .IX Subsection "Callback Functions" .Vb 6 \& typedef size_t (*RAND_DRBG_get_entropy_fn)( \& RAND_DRBG *drbg, \& unsigned char **pout, \& int entropy, \& size_t min_len, size_t max_len, \& int prediction_resistance); \& \& typedef void (*RAND_DRBG_cleanup_entropy_fn)( \& RAND_DRBG *drbg, \& unsigned char *out, size_t outlen); \& \& typedef size_t (*RAND_DRBG_get_nonce_fn)( \& RAND_DRBG *drbg, \& unsigned char **pout, \& int entropy, \& size_t min_len, size_t max_len); \& \& typedef void (*RAND_DRBG_cleanup_nonce_fn)( \& RAND_DRBG *drbg, \& unsigned char *out, size_t outlen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBRAND_DRBG_set_callbacks()\fR sets the callbacks for obtaining fresh entropy and the nonce when reseeding the given \fBdrbg\fR. The callback functions are implemented and provided by the caller. Their parameter lists need to match the function prototypes above. .PP Setting the callbacks is allowed only if the \s-1DRBG\s0 has not been initialized yet. Otherwise, the operation will fail. To change the settings for one of the three shared DRBGs it is necessary to call \&\fBRAND_DRBG_uninstantiate()\fR first. .PP The \fBget_entropy\fR() callback is called by the \fBdrbg\fR when it requests fresh random input. It is expected that the callback allocates and fills a random buffer of size \&\fBmin_len\fR <= size <= \fBmax_len\fR (in bytes) which contains at least \fBentropy\fR bits of randomness. The \fBprediction_resistance\fR flag indicates whether the reseeding was triggered by a prediction resistance request. .PP The buffer's address is to be returned in *\fBpout\fR and the number of collected randomness bytes as return value. .PP If the callback fails to acquire at least \fBentropy\fR bits of randomness, it must indicate an error by returning a buffer length of 0. .PP If \fBprediction_resistance\fR was requested and the random source of the \s-1DRBG\s0 does not satisfy the conditions requested by [\s-1NIST SP 800\-90C\s0], then it must also indicate an error by returning a buffer length of 0. See \s-1NOTES\s0 section for more details. .PP The \fBcleanup_entropy\fR() callback is called from the \fBdrbg\fR to clear and free the buffer allocated previously by \fBget_entropy()\fR. The values \fBout\fR and \fBoutlen\fR are the random buffer's address and length, as returned by the \fBget_entropy()\fR callback. .PP The \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks are used to obtain a nonce and free it again. A nonce is only required for instantiation (not for reseeding) and only in the case where the \s-1DRBG\s0 uses a derivation function. The callbacks are analogous to \fBget_entropy()\fR and \fBcleanup_entropy()\fR, except for the missing prediction_resistance flag. .PP If the derivation function is disabled, then no nonce is used for instantiation, and the \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks can be omitted by setting them to \s-1NULL.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_DRBG_set_callbacks()\fR return 1 on success, and 0 on failure .SH "NOTES" .IX Header "NOTES" It is important that \fBcleanup_entropy\fR() and \fBcleanup_nonce\fR() clear the buffer contents safely before freeing it, in order not to leave sensitive information about the \s-1DRBG\s0's state in memory. .PP A request for prediction resistance can only be satisfied by pulling fresh entropy from one of the approved entropy sources listed in section 5.5.2 of [\s-1NIST SP 800\-90C\s0]. Since the default implementation of the get_entropy callback does not have access to such an approved entropy source, a request for prediction resistance will always fail. In other words, prediction resistance is currently not supported yet by the \s-1DRBG.\s0 .PP The derivation function is disabled during initialization by calling the \&\fBRAND_DRBG_set()\fR function with the \s-1RAND_DRBG_FLAG_CTR_NO_DF\s0 flag. For more information on the derivation function and when it can be omitted, see [\s-1NIST SP 800\-90A\s0 Rev. 1]. Roughly speaking it can be omitted if the random source has \*(L"full entropy\*(R", i.e., contains 8 bits of entropy per byte. .PP Even if a nonce is required, the \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks can be omitted by setting them to \s-1NULL.\s0 In this case the \s-1DRBG\s0 will automatically request an extra amount of entropy (using the \fBget_entropy\fR() and \fBcleanup_entropy\fR() callbacks) which it will utilize for the nonce, following the recommendations of [\s-1NIST SP 800\-90A\s0 Rev. 1], section 8.6.7. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRAND_DRBG_new\fR\|(3), \&\fBRAND_DRBG_reseed\fR\|(3), \&\s-1\fBRAND_DRBG\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!`<$$ERR_error_string.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ERR_ERROR_STRING 3" .TH ERR_ERROR_STRING 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ERR_error_string, ERR_error_string_n, ERR_lib_error_string, ERR_func_error_string, ERR_reason_error_string \- obtain human\-readable error message .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& char *ERR_error_string(unsigned long e, char *buf); \& void ERR_error_string_n(unsigned long e, char *buf, size_t len); \& \& const char *ERR_lib_error_string(unsigned long e); \& const char *ERR_func_error_string(unsigned long e); \& const char *ERR_reason_error_string(unsigned long e); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBERR_error_string()\fR generates a human-readable string representing the error code \fIe\fR, and places it at \fIbuf\fR. \fIbuf\fR must be at least 256 bytes long. If \fIbuf\fR is \fB\s-1NULL\s0\fR, the error string is placed in a static buffer. Note that this function is not thread-safe and does no checks on the size of the buffer; use \fBERR_error_string_n()\fR instead. .PP \&\fBERR_error_string_n()\fR is a variant of \fBERR_error_string()\fR that writes at most \fIlen\fR characters (including the terminating 0) and truncates the string if necessary. For \fBERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR. .PP The string will have the following format: .PP .Vb 1 \& error:[error code]:[library name]:[function name]:[reason string] .Ve .PP \&\fIerror code\fR is an 8 digit hexadecimal number, \fIlibrary name\fR, \&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text. .PP \&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and \&\fBERR_reason_error_string()\fR return the library name, function name and reason string respectively. .PP If there is no text string registered for the given error code, the error string will contain the numeric code. .PP \&\fBERR_print_errors\fR\|(3) can be used to print all error codes currently in the queue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBERR_error_string()\fR returns a pointer to a static buffer containing the string if \fIbuf\fR \fB== \s-1NULL\s0\fR, \fIbuf\fR otherwise. .PP \&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and \&\fBERR_reason_error_string()\fR return the strings, and \fB\s-1NULL\s0\fR if none is registered for the error code. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \&\fBERR_print_errors\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!aDBIO_find_type.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_FIND_TYPE 3" .TH BIO_FIND_TYPE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_find_type, BIO_next, BIO_method_type \- BIO chain traversal .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& BIO *BIO_find_type(BIO *b, int bio_type); \& BIO *BIO_next(BIO *b); \& int BIO_method_type(const BIO *b); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \fB\s-1BIO_TYPE_MEM\s0\fR) then a search is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as \&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is searched for. \fBBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is found. .PP The following general types are defined: \&\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR, \fB\s-1BIO_TYPE_FILTER\s0\fR, and \fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR. .PP For a list of the specific types, see the \fBopenssl/bio.h\fR header file. .PP \&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs in a chain or used in conjunction with \fBBIO_find_type()\fR to find all BIOs of a certain type. .PP \&\fBBIO_method_type()\fR returns the type of a \s-1BIO.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match. .PP \&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. .PP \&\fBBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR. .SH "EXAMPLES" .IX Header "EXAMPLES" Traverse a chain looking for digest BIOs: .PP .Vb 1 \& BIO *btmp; \& \& btmp = in_bio; /* in_bio is chain to search through */ \& do { \& btmp = BIO_find_type(btmp, BIO_TYPE_MD); \& if (btmp == NULL) \& break; /* Not found */ \& /* btmp is a digest BIO, do something with it ...*/ \& ... \& \& btmp = BIO_next(btmp); \& } while (btmp); .Ve .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!݅EVP_whirlpool.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_WHIRLPOOL 3" .TH EVP_WHIRLPOOL 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_whirlpool \&\- WHIRLPOOL For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_MD *EVP_whirlpool(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1WHIRLPOOL\s0 is a cryptographic hash function standardized in \s-1ISO/IEC 10118\-3:2004\s0 designed by Vincent Rijmen and Paulo S. L. M. Barreto. .IP "\fBEVP_whirlpool()\fR" 4 .IX Item "EVP_whirlpool()" The \s-1WHIRLPOOL\s0 algorithm that produces a message digest of 512\-bits from a given input. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1ISO/IEC 10118\-3:2004.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! BIO_f_cipher.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_F_CIPHER 3" .TH BIO_F_CIPHER 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher BIO filter .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 \& #include \& #include \& \& const BIO_METHOD *BIO_f_cipher(void); \& void BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher, \& unsigned char *key, unsigned char *iv, int enc); \& int BIO_get_cipher_status(BIO *b) \& int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. This is a filter \&\s-1BIO\s0 that encrypts any data written through it, and decrypts any data read from it. It is a \s-1BIO\s0 wrapper for the cipher routines \&\fBEVP_CipherInit()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal()\fR. .PP Cipher BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR. .PP \&\fBBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is used to signal that no more data is to be encrypted: this is used to flush and possibly pad the final block through the \s-1BIO.\s0 .PP \&\fBBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for decryption. .PP When reading from an encryption \s-1BIO\s0 the final block is automatically decrypted and checked when \s-1EOF\s0 is detected. \fBBIO_get_cipher_status()\fR is a \fBBIO_ctrl()\fR macro which can be called to determine whether the decryption operation was successful. .PP \&\fBBIO_get_cipher_ctx()\fR is a \fBBIO_ctrl()\fR macro which retrieves the internal \&\s-1BIO\s0 cipher context. The retrieved context can be used in conjunction with the standard cipher routines to set it up. This is useful when \&\fBBIO_set_cipher()\fR is not flexible enough for the applications needs. .SH "NOTES" .IX Header "NOTES" When encrypting \fBBIO_flush()\fR \fBmust\fR be called to flush the final block through the \s-1BIO.\s0 If it is not then the final block will fail a subsequent decrypt. .PP When decrypting an error on the final block is signaled by a zero return value from the read operation. A successful decrypt followed by \s-1EOF\s0 will also return zero for the final read. \fBBIO_get_cipher_status()\fR should be called to determine if the decrypt was successful. .PP As always, if \fBBIO_gets()\fR or \fBBIO_puts()\fR support is needed then it can be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. .PP \&\fBBIO_set_cipher()\fR does not return a value. .PP \&\fBBIO_get_cipher_status()\fR returns 1 for a successful decrypt and 0 for failure. .PP \&\fBBIO_get_cipher_ctx()\fR currently always returns 1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!;ԺSSL_CTX_add_extra_chain_cert.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_ADD_EXTRA_CHAIN_CERT 3" .TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs \- add or clear extra chain certificates .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); \& long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the extra chain certificates associated with \fBctx\fR. Several certificates can be added one after another. .PP \&\fBSSL_CTX_clear_extra_chain_certs()\fR clears all extra chain certificates associated with \fBctx\fR. .PP These functions are implemented as macros. .SH "NOTES" .IX Header "NOTES" When sending a certificate chain, extra chain certificates are sent in order following the end entity certificate. .PP If no chain is specified, the library will try to complete the chain from the available \s-1CA\s0 certificates in the trusted \s-1CA\s0 storage, see \&\fBSSL_CTX_load_verify_locations\fR\|(3). .PP The \fBx509\fR certificate provided to \fBSSL_CTX_add_extra_chain_cert()\fR will be freed by the library when the \fB\s-1SSL_CTX\s0\fR is destroyed. An application \&\fBshould not\fR free the \fBx509\fR object. .SH "RESTRICTIONS" .IX Header "RESTRICTIONS" Only one set of extra chain certificates can be specified per \s-1SSL_CTX\s0 structure. Different chains for different certificates (for example if both \&\s-1RSA\s0 and \s-1DSA\s0 certificates are specified by the same server) or different \s-1SSL\s0 structures with the same parent \s-1SSL_CTX\s0 cannot be specified using this function. For more flexibility functions such as \fBSSL_add1_chain_cert()\fR should be used instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_add_extra_chain_cert()\fR and \fBSSL_CTX_clear_extra_chain_certs()\fR return 1 on success and 0 for failure. Check out the error stack to find out the reason for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_use_certificate\fR\|(3), \&\fBSSL_CTX_set_client_cert_cb\fR\|(3), \&\fBSSL_CTX_load_verify_locations\fR\|(3) \&\fBSSL_CTX_set0_chain\fR\|(3) \&\fBSSL_CTX_set1_chain\fR\|(3) \&\fBSSL_CTX_add0_chain_cert\fR\|(3) \&\fBSSL_CTX_add1_chain_cert\fR\|(3) \&\fBSSL_set0_chain\fR\|(3) \&\fBSSL_set1_chain\fR\|(3) \&\fBSSL_add0_chain_cert\fR\|(3) \&\fBSSL_add1_chain_cert\fR\|(3) \&\fBSSL_CTX_build_cert_chain\fR\|(3) \&\fBSSL_build_cert_chain\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!yhX509_STORE_get0_param.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_STORE_GET0_PARAM 3" .TH X509_STORE_GET0_PARAM 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_STORE_get0_param, X509_STORE_set1_param, X509_STORE_get0_objects \- X509_STORE setter and getter functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); \& int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); \& STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_STORE_set1_param()\fR sets the verification parameters to \fBpm\fR for \fBctx\fR. .PP \&\fBX509_STORE_get0_param()\fR retrieves an internal pointer to the verification parameters for \fBctx\fR. The returned pointer must not be freed by the calling application .PP \&\fBX509_STORE_get0_objects()\fR retrieve an internal pointer to the store's X509 object cache. The cache contains \fBX509\fR and \fBX509_CRL\fR objects. The returned pointer must not be freed by the calling application. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_STORE_get0_param()\fR returns a pointer to an \&\fBX509_VERIFY_PARAM\fR structure. .PP \&\fBX509_STORE_set1_param()\fR returns 1 for success and 0 for failure. .PP \&\fBX509_STORE_get0_objects()\fR returns a pointer to a stack of \fBX509_OBJECT\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_STORE_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBX509_STORE_get0_param\fR and \fBX509_STORE_get0_objects\fR were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!(bSSL_rstate_string.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_RSTATE_STRING 3" .TH SSL_RSTATE_STRING 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an SSL object during read operation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const char *SSL_rstate_string(SSL *ssl); \& const char *SSL_rstate_string_long(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_rstate_string()\fR returns a 2 letter string indicating the current read state of the \s-1SSL\s0 object \fBssl\fR. .PP \&\fBSSL_rstate_string_long()\fR returns a string indicating the current read state of the \s-1SSL\s0 object \fBssl\fR. .SH "NOTES" .IX Header "NOTES" When performing a read operation, the \s-1SSL/TLS\s0 engine must parse the record, consisting of header and body. When working in a blocking environment, SSL_rstate_string[_long]() should always return \*(L"\s-1RD\*(R"/\s0\*(L"read done\*(R". .PP This function should only seldom be needed in applications. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_rstate_string()\fR and \fBSSL_rstate_string_long()\fR can return the following values: .ie n .IP """\s-1RH""/\s0""read header""" 4 .el .IP "``\s-1RH''/\s0``read header''" 4 .IX Item "RH/read header" The header of the record is being evaluated. .ie n .IP """\s-1RB""/\s0""read body""" 4 .el .IP "``\s-1RB''/\s0``read body''" 4 .IX Item "RB/read body" The body of the record is being evaluated. .ie n .IP """\s-1RD""/\s0""read done""" 4 .el .IP "``\s-1RD''/\s0``read done''" 4 .IX Item "RD/read done" The record has been completely processed. .ie n .IP """unknown""/""unknown""" 4 .el .IP "``unknown''/``unknown''" 4 .IX Item "unknown/unknown" The read state is unknown. This should never happen. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!v=iii2d_CMS_bio_stream.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "I2D_CMS_BIO_STREAM 3" .TH I2D_CMS_BIO_STREAM 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" i2d_CMS_bio_stream \- output CMS_ContentInfo structure in BER format .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBi2d_CMS_bio_stream()\fR outputs a CMS_ContentInfo structure in \s-1BER\s0 format. .PP It is otherwise identical to the function \fBSMIME_write_CMS()\fR. .SH "NOTES" .IX Header "NOTES" This function is effectively a version of the \fBi2d_CMS_bio()\fR supporting streaming. .SH "BUGS" .IX Header "BUGS" The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBi2d_CMS_bio_stream()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), \&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) \&\fBCMS_decrypt\fR\|(3), \&\fBSMIME_write_CMS\fR\|(3), \&\fBPEM_write_bio_CMS_stream\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBi2d_CMS_bio_stream()\fR function was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!CMS_add1_recipient_cert.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CMS_ADD1_RECIPIENT_CERT 3" .TH CMS_ADD1_RECIPIENT_CERT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CMS_add1_recipient_cert, CMS_add0_recipient_key \- add recipients to a CMS enveloped data structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, \& X509 *recip, unsigned int flags); \& \& CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, \& unsigned char *key, size_t keylen, \& unsigned char *id, size_t idlen, \& ASN1_GENERALIZEDTIME *date, \& ASN1_OBJECT *otherTypeId, \& ASN1_TYPE *otherType); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBCMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped data structure \fBcms\fR as a KeyTransRecipientInfo structure. .PP \&\fBCMS_add0_recipient_key()\fR adds symmetric key \fBkey\fR of length \fBkeylen\fR using wrapping algorithm \fBnid\fR, identifier \fBid\fR of length \fBidlen\fR and optional values \fBdate\fR, \fBotherTypeId\fR and \fBotherType\fR to CMS_ContentInfo enveloped data structure \fBcms\fR as a KEKRecipientInfo structure. .PP The CMS_ContentInfo structure should be obtained from an initial call to \&\fBCMS_encrypt()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set. .SH "NOTES" .IX Header "NOTES" The main purpose of this function is to provide finer control over a \s-1CMS\s0 enveloped data structure where the simpler \fBCMS_encrypt()\fR function defaults are not appropriate. For example if one or more KEKRecipientInfo structures need to be added. New attributes can also be added using the returned CMS_RecipientInfo structure and the \s-1CMS\s0 attribute utility functions. .PP OpenSSL will by default identify recipient certificates using issuer name and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key identifier value instead. An error occurs if all recipient certificates do not have a subject key identifier extension. .PP Currently only \s-1AES\s0 based key wrapping algorithms are supported for \fBnid\fR, specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap. If \fBnid\fR is set to \fBNID_undef\fR then an \s-1AES\s0 wrap algorithm will be used consistent with \fBkeylen\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_add1_recipient_cert()\fR and \fBCMS_add0_recipient_key()\fR return an internal pointer to the CMS_RecipientInfo structure just added or \s-1NULL\s0 if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3), \&\fBCMS_final\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! ellSMIME_write_CMS.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SMIME_WRITE_CMS 3" .TH SMIME_WRITE_CMS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SMIME_write_CMS \- convert CMS structure to S/MIME format .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSMIME_write_CMS()\fR adds the appropriate \s-1MIME\s0 headers to a \s-1CMS\s0 structure to produce an S/MIME message. .PP \&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBcms\fR is the appropriate \&\fBCMS_ContentInfo\fR structure. If streaming is enabled then the content must be supplied in the \fBdata\fR argument. \fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" The following flags can be passed in the \fBflags\fR parameter. .PP If \fB\s-1CMS_DETACHED\s0\fR is set then cleartext signing will be used, this option only makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when \fBCMS_sign()\fR is called. .PP If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to the content, this only makes sense if \fB\s-1CMS_DETACHED\s0\fR is also set. .PP If the \fB\s-1CMS_STREAM\s0\fR flag is set streaming is performed. This flag should only be set if \fB\s-1CMS_STREAM\s0\fR was also set in the previous call to a CMS_ContentInfo creation function. .PP If cleartext signing is being used and \fB\s-1CMS_STREAM\s0\fR not set then the data must be read twice: once to compute the signature in \fBCMS_sign()\fR and once to output the S/MIME message. .PP If streaming is performed the content is output in \s-1BER\s0 format using indefinite length constructed encoding except in the case of signed data with detached content where the content is absent and \s-1DER\s0 format is used. .SH "BUGS" .IX Header "BUGS" \&\fBSMIME_write_CMS()\fR always base64 encodes \s-1CMS\s0 structures, there should be an option to disable this. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSMIME_write_CMS()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), \&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) \&\fBCMS_decrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!H]DDRSA_check_key.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RSA_CHECK_KEY 3" .TH RSA_CHECK_KEY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RSA_check_key_ex, RSA_check_key \- validate private RSA keys .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int RSA_check_key_ex(RSA *rsa, BN_GENCB *cb); \& \& int RSA_check_key(RSA *rsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBRSA_check_key_ex()\fR function validates \s-1RSA\s0 keys. It checks that \fBp\fR and \fBq\fR are in fact prime, and that \fBn = p*q\fR. .PP It does not work on \s-1RSA\s0 public keys that have only the modulus and public exponent elements populated. It also checks that \fBd*e = 1 mod (p\-1*q\-1)\fR, and that \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR are set correctly or are \fB\s-1NULL\s0\fR. It performs integrity checks on all the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private key data too. Therefore, it cannot be used with any arbitrary \s-1RSA\s0 key object, even if it is otherwise fit for regular \s-1RSA\s0 operation. .PP The \fBcb\fR parameter is a callback that will be invoked in the same manner as \fBBN_is_prime_ex\fR\|(3). .PP \&\fBRSA_check_key()\fR is equivalent to \fBRSA_check_key_ex()\fR with a \s-1NULL\s0 \fBcb\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRSA_check_key_ex()\fR and \fBRSA_check_key()\fR return 1 if \fBrsa\fR is a valid \s-1RSA\s0 key, and 0 otherwise. They return \-1 if an error occurs while checking the key. .PP If the key is invalid or an error occurred, the reason code can be obtained using \fBERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work transparently with any underlying \s-1ENGINE\s0 implementation because it uses the key data in the \s-1RSA\s0 structure directly. An \s-1ENGINE\s0 implementation can override the way key data is stored and handled, and can even provide support for \s-1HSM\s0 keys \- in which case the \s-1RSA\s0 structure may contain \fBno\fR key data at all! If the \s-1ENGINE\s0 in question is only being used for acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key data is complete and untouched, but this can't be assumed in the general case. .SH "BUGS" .IX Header "BUGS" A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA API\s0 functions might need to be considered. Right now \fBRSA_check_key()\fR simply uses the \s-1RSA\s0 structure elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and completely violating encapsulation and object-orientation in the process). The best fix will probably be to introduce a \*(L"\fBcheck_key()\fR\*(R" handler to the \&\s-1RSA_METHOD\s0 function table so that alternative implementations can also provide their own verifiers. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBN_is_prime_ex\fR\|(3), \&\fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBRSA_check_key_ex()\fR appeared after OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!*hhPKCS7_decrypt.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PKCS7_DECRYPT 3" .TH PKCS7_DECRYPT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and \&\fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" Although the recipients certificate is not needed to decrypt the data it is needed to locate the appropriate (of possible several) recipients in the PKCS#7 structure. .PP The following flags can be passed in the \fBflags\fR parameter. .PP If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted from the content. If the content is not of type \fBtext/plain\fR then an error is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPKCS7_decrypt()\fR returns either 1 for success or 0 for failure. The error can be obtained from \fBERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" \&\fBPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would be better if it could look up the correct key and certificate from a database. .PP The lack of single pass processing and need to hold all data in memory as mentioned in \fBPKCS7_sign()\fR also applies to \fBPKCS7_verify()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBPKCS7_encrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!==X509_cmp_time.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_CMP_TIME 3" .TH X509_CMP_TIME 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_cmp_time, X509_cmp_current_time, X509_time_adj, X509_time_adj_ex \&\- X509 time functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 5 \& int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm); \& int X509_cmp_current_time(const ASN1_TIME *asn1_time); \& ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm); \& ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long \& offset_sec, time_t *in_tm); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_cmp_time()\fR compares the \s-1ASN1_TIME\s0 in \fBasn1_time\fR with the time in . \fBX509_cmp_current_time()\fR compares the \s-1ASN1_TIME\s0 in \&\fBasn1_time\fR with the current time, expressed as time_t. \fBasn1_time\fR must satisfy the \s-1ASN1_TIME\s0 format mandated by \s-1RFC 5280,\s0 i.e., its format must be either \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ.\s0 .PP \&\fBX509_time_adj_ex()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time \&\fBoffset_day\fR and \fBoffset_sec\fR after \fBin_tm\fR. .PP \&\fBX509_time_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time \&\fBoffset_sec\fR after \fBin_tm\fR. This method can only handle second offsets up to the capacity of long, so the newer \fBX509_time_adj_ex()\fR \&\s-1API\s0 should be preferred. .PP In both methods, if \fBasn1_time\fR is \s-1NULL,\s0 a new \s-1ASN1_TIME\s0 structure is allocated and returned. .PP In all methods, if \fBin_tm\fR is \s-1NULL,\s0 the current time, expressed as time_t, is used. .SH "BUGS" .IX Header "BUGS" Unlike many standard comparison functions, \fBX509_cmp_time()\fR and \&\fBX509_cmp_current_time()\fR return 0 on error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_cmp_time()\fR and \fBX509_cmp_current_time()\fR return \-1 if \fBasn1_time\fR is earlier than, or equal to, \fBcmp_time\fR (resp. current time), and 1 otherwise. These methods return 0 on error. .PP \&\fBX509_time_adj()\fR and \fBX509_time_adj_ex()\fR return a pointer to the updated \&\s-1ASN1_TIME\s0 structure, and \s-1NULL\s0 on error. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!E EVP_md2.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_MD2 3" .TH EVP_MD2 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_md2 \&\- MD2 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_MD *EVP_md2(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1MD2\s0 is a cryptographic hash function standardized in \s-1RFC 1319\s0 and designed by Ronald Rivest. .IP "\fBEVP_md2()\fR" 4 .IX Item "EVP_md2()" The \s-1MD2\s0 algorithm which produces a 128\-bit output from a given input. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1IETF RFC 1319.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!_jDH_new_by_nid.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DH_NEW_BY_NID 3" .TH DH_NEW_BY_NID 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DH_new_by_nid, DH_get_nid \- get or find DH named parameters .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 3 \& #include \& DH *DH_new_by_nid(int nid); \& int *DH_get_nid(const DH *dh); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBDH_new_by_nid()\fR creates and returns a \s-1DH\s0 structure containing named parameters \&\fBnid\fR. Currently \fBnid\fR must be \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, \&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR or \fBNID_ffdhe8192\fR. .PP \&\fBDH_get_nid()\fR determines if the parameters contained in \fBdh\fR match any named set. It returns the \s-1NID\s0 corresponding to the matching parameters or \&\fBNID_undef\fR if there is no match. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDH_new_by_nid()\fR returns a set of \s-1DH\s0 parameters or \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBDH_get_nid()\fR returns the \s-1NID\s0 of the matching set of parameters or \&\fBNID_undef\fR if there is no match. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ThSSL_CONF_CTX_set_flags.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_SET_FLAGS 3" .TH SSL_CONF_CTX_SET_FLAGS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags \- Set or clear SSL configuration context flags .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); \& unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The function \fBSSL_CONF_CTX_set_flags()\fR sets \fBflags\fR in the context \fBcctx\fR. .PP The function \fBSSL_CONF_CTX_clear_flags()\fR clears \fBflags\fR in the context \fBcctx\fR. .SH "NOTES" .IX Header "NOTES" The flags set affect how subsequent calls to \fBSSL_CONF_cmd()\fR or \&\fBSSL_CONF_argv()\fR behave. .PP Currently the following \fBflags\fR values are recognised: .IP "\s-1SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE\s0" 4 .IX Item "SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE" recognise options intended for command line or configuration file use. At least one of these flags must be set. .IP "\s-1SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER\s0" 4 .IX Item "SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER" recognise options intended for use in \s-1SSL/TLS\s0 clients or servers. One or both of these flags must be set. .IP "\s-1SSL_CONF_FLAG_CERTIFICATE\s0" 4 .IX Item "SSL_CONF_FLAG_CERTIFICATE" recognise certificate and private key options. .IP "\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0" 4 .IX Item "SSL_CONF_FLAG_REQUIRE_PRIVATE" If this option is set then if a private key is not specified for a certificate it will attempt to load a private key from the certificate file when \&\fBSSL_CONF_CTX_finish()\fR is called. If a key cannot be loaded from the certificate file an error occurs. .IP "\s-1SSL_CONF_FLAG_SHOW_ERRORS\s0" 4 .IX Item "SSL_CONF_FLAG_SHOW_ERRORS" indicate errors relating to unrecognised options or missing arguments in the error queue. If this option isn't set such errors are only reflected in the return values of \fBSSL_CONF_set_cmd()\fR or \fBSSL_CONF_set_argv()\fR .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CONF_CTX_set_flags()\fR and \fBSSL_CONF_CTX_clear_flags()\fR returns the new flags value after setting or clearing flags. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CONF_CTX_new\fR\|(3), \&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), \&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), \&\fBSSL_CONF_cmd\fR\|(3), \&\fBSSL_CONF_cmd_argv\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!T{L DSA_sign.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DSA_SIGN 3" .TH DSA_SIGN 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DSA_sign, DSA_sign_setup, DSA_verify \- DSA signatures .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int DSA_sign(int type, const unsigned char *dgst, int len, \& unsigned char *sigret, unsigned int *siglen, DSA *dsa); \& \& int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, BIGNUM **rp); \& \& int DSA_verify(int type, const unsigned char *dgst, int len, \& unsigned char *sigbuf, int siglen, DSA *dsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN.1 DER\s0 encoding at \fBsigret\fR. The length of the signature is places in *\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory. .PP \&\fBDSA_sign_setup()\fR is defined only for backward binary compatibility and should not be used. Since OpenSSL 1.1.0 the \s-1DSA\s0 type is opaque and the output of \&\fBDSA_sign_setup()\fR cannot be used anyway: calling this function will only cause overhead, and does not affect the actual signature (pre\-)computation. .PP \&\fBDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR matches a given message digest \fBdgst\fR of size \fBlen\fR. \&\fBdsa\fR is the signer's public key. .PP The \fBtype\fR parameter is ignored. .PP The random generator must be seeded when \fBDSA_sign()\fR (or \fBDSA_sign_setup()\fR) is called. If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDSA_sign()\fR and \fBDSA_sign_setup()\fR return 1 on success, 0 on error. \&\fBDSA_verify()\fR returns 1 for a valid signature, 0 for an incorrect signature and \-1 on error. The error codes can be obtained by \&\fBERR_get_error\fR\|(3). .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186\s0 (Digital Signature Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \&\fBDSA_do_sign\fR\|(3), \&\s-1\fBRAND\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!Ωu$u$SSL_CTX_set_client_cert_cb.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CLIENT_CERT_CB 3" .TH SSL_CTX_SET_CLIENT_CERT_CB 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, \& int (*client_cert_cb)(SSL *ssl, X509 **x509, \& EVP_PKEY **pkey)); \& int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, \& EVP_PKEY **pkey); \& int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_client_cert_cb()\fR sets the \fBclient_cert_cb()\fR callback, that is called when a client certificate is requested by a server and no certificate was yet set for the \s-1SSL\s0 object. .PP When \fBclient_cert_cb()\fR is \s-1NULL,\s0 no callback function is used. .PP \&\fBSSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback function. .PP \&\fBclient_cert_cb()\fR is the application defined callback. If it wants to set a certificate, a certificate/private key combination must be set using the \fBx509\fR and \fBpkey\fR arguments and \*(L"1\*(R" must be returned. The certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate will be sent. A negative return value will suspend the handshake and the handshake function will return immediately. \fBSSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call of \fBclient_cert_cb()\fR. It is the job of the \fBclient_cert_cb()\fR to store information about the state of the last call, if required to continue. .SH "NOTES" .IX Header "NOTES" During a handshake (or renegotiation) a server may request a certificate from the client. A client certificate must only be sent, when the server did send the request. .PP When a certificate was set using the \&\fBSSL_CTX_use_certificate\fR\|(3) family of functions, it will be sent to the server. The \s-1TLS\s0 standard requires that only a certificate is sent, if it matches the list of acceptable CAs sent by the server. This constraint is violated by the default behavior of the OpenSSL library. Using the callback function it is possible to implement a proper selection routine or to allow a user interaction to choose the certificate to be sent. .PP If a callback function is defined and no certificate was yet defined for the \&\s-1SSL\s0 object, the callback function will be called. If the callback function returns a certificate, the OpenSSL library will try to load the private key and certificate data into the \s-1SSL\s0 object using the \fBSSL_use_certificate()\fR and \fBSSL_use_private_key()\fR functions. Thus it will permanently install the certificate and key for this \s-1SSL\s0 object. It will not be reset by calling \fBSSL_clear\fR\|(3). If the callback returns no certificate, the OpenSSL library will not send a certificate. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_get_client_cert_cb()\fR returns function pointer of \fBclient_cert_cb()\fR or \&\s-1NULL\s0 if the callback is not set. .SH "BUGS" .IX Header "BUGS" The \fBclient_cert_cb()\fR cannot return a complete certificate chain, it can only return one client certificate. If the chain only has a length of 2, the root \s-1CA\s0 certificate may be omitted according to the \s-1TLS\s0 standard and thus a standard conforming answer can be sent to the server. For a longer chain, the client must send the complete chain (with the option to leave out the root \s-1CA\s0 certificate). This can only be accomplished by either adding the intermediate \s-1CA\s0 certificates into the trusted certificate store for the \s-1SSL_CTX\s0 object (resulting in having to add \&\s-1CA\s0 certificates that otherwise maybe would not be trusted), or by adding the chain certificates using the \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) function, which is only available for the \s-1SSL_CTX\s0 object as a whole and that therefore probably can only apply for one client certificate, making the concept of the callback function (to allow the choice from several certificates) questionable. .PP Once the \s-1SSL\s0 object has been used in conjunction with the callback function, the certificate will be set for the \s-1SSL\s0 object and will not be cleared even when \fBSSL_clear\fR\|(3) is being called. It is therefore mandatory to destroy the \s-1SSL\s0 object using \fBSSL_free\fR\|(3) and create a new one to return to the previous state. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_use_certificate\fR\|(3), \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), \&\fBSSL_get_client_CA_list\fR\|(3), \&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!쑰X509_check_private_key.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_CHECK_PRIVATE_KEY 3" .TH X509_CHECK_PRIVATE_KEY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_check_private_key, X509_REQ_check_private_key \- check the consistency of a private key with the public key in an X509 certificate or certificate request .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_check_private_key(X509 *x, EVP_PKEY *k); \& \& int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_check_private_key()\fR function checks the consistency of private key \fBk\fR with the public key in \fBx\fR. .PP \&\fBX509_REQ_check_private_key()\fR is equivalent to \fBX509_check_private_key()\fR except that \fBx\fR represents a certificate request of structure \fBX509_REQ\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_check_private_key()\fR and \fBX509_REQ_check_private_key()\fR return 1 if the keys match each other, and 0 if not. .PP If the key is invalid or an error occurred, the reason code can be obtained using \fBERR_get_error\fR\|(3). .SH "BUGS" .IX Header "BUGS" The \fBcheck_private_key\fR functions don't check if \fBk\fR itself is indeed a private key or not. It merely compares the public materials (e.g. exponent and modulus of an \s-1RSA\s0 key) and/or key parameters (e.g. \s-1EC\s0 params of an \s-1EC\s0 key) of a key pair. So if you pass a public key to these functions in \fBk\fR, it will return success. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!k##PEM_write_bio_PKCS7_stream.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PEM_WRITE_BIO_PKCS7_STREAM 3" .TH PEM_WRITE_BIO_PKCS7_STREAM 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" PEM_write_bio_PKCS7_stream \- output PKCS7 structure in PEM format .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBPEM_write_bio_PKCS7_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1PEM\s0 format. .PP It is otherwise identical to the function \fBSMIME_write_PKCS7()\fR. .SH "NOTES" .IX Header "NOTES" This function is effectively a version of the \fBPEM_write_bio_PKCS7()\fR supporting streaming. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPEM_write_bio_PKCS7_stream()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), \&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) \&\fBPKCS7_decrypt\fR\|(3), \&\fBSMIME_write_PKCS7\fR\|(3), \&\fBi2d_PKCS7_bio_stream\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBPEM_write_bio_PKCS7_stream()\fR function was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!NjSSL_CTX_get0_param.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_GET0_PARAM 3" .TH SSL_CTX_GET0_PARAM 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param \- get and set verification parameters .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) \& X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) \& int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) \& int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_get0_param()\fR and \fBSSL_get0_param()\fR retrieve an internal pointer to the verification parameters for \fBctx\fR or \fBssl\fR respectively. The returned pointer must not be freed by the calling application. .PP \&\fBSSL_CTX_set1_param()\fR and \fBSSL_set1_param()\fR set the verification parameters to \fBvpm\fR for \fBctx\fR or \fBssl\fR. .SH "NOTES" .IX Header "NOTES" Typically parameters are retrieved from an \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structure using \fBSSL_CTX_get0_param()\fR or \fBSSL_get0_param()\fR and an application modifies them to suit its needs: for example to add a hostname check. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_get0_param()\fR and \fBSSL_get0_param()\fR return a pointer to an \&\fBX509_VERIFY_PARAM\fR structure. .PP \&\fBSSL_CTX_set1_param()\fR and \fBSSL_set1_param()\fR return 1 for success and 0 for failure. .SH "EXAMPLES" .IX Header "EXAMPLES" Check hostname matches \*(L"www.foo.com\*(R" in peer certificate: .PP .Vb 2 \& X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl); \& X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0); .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!7JJEVP_blake2b512.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_BLAKE2B512 3" .TH EVP_BLAKE2B512 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_blake2b512, EVP_blake2s256 \&\- BLAKE2 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_MD *EVP_blake2b512(void); \& const EVP_MD *EVP_blake2s256(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1BLAKE2\s0 is an improved version of \s-1BLAKE,\s0 which was submitted to the \s-1NIST SHA\-3\s0 algorithm competition. The BLAKE2s and BLAKE2b algorithms are described in \&\s-1RFC 7693.\s0 .IP "\fBEVP_blake2s256()\fR" 4 .IX Item "EVP_blake2s256()" The BLAKE2s algorithm that produces a 256\-bit output from a given input. .IP "\fBEVP_blake2b512()\fR" 4 .IX Item "EVP_blake2b512()" The BLAKE2b algorithm that produces a 512\-bit output from a given input. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1RFC 7693.\s0 .SH "NOTES" .IX Header "NOTES" While the BLAKE2b and BLAKE2s algorithms supports a variable length digest, this implementation outputs a digest of a fixed length (the maximum length supported), which is 512\-bits for BLAKE2b and 256\-bits for BLAKE2s. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!}ZmmEVP_PKEY_print_private.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_PRINT_PRIVATE 3" .TH EVP_PKEY_PRINT_PRIVATE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params \- public key algorithm printing routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, \& int indent, ASN1_PCTX *pctx); \& int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, \& int indent, ASN1_PCTX *pctx); \& int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, \& int indent, ASN1_PCTX *pctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The functions \fBEVP_PKEY_print_public()\fR, \fBEVP_PKEY_print_private()\fR and \&\fBEVP_PKEY_print_params()\fR print out the public, private or parameter components of key \fBpkey\fR respectively. The key is sent to \s-1BIO\s0 \fBout\fR in human readable form. The parameter \fBindent\fR indicated how far the printout should be indented. .PP The \fBpctx\fR parameter allows the print output to be finely tuned by using \&\s-1ASN1\s0 printing options. If \fBpctx\fR is set to \s-1NULL\s0 then default values will be used. .SH "NOTES" .IX Header "NOTES" Currently no public key algorithms include any options in the \fBpctx\fR parameter. .PP If the key does not include all the components indicated by the function then only those contained in the key will be printed. For example passing a public key to \fBEVP_PKEY_print_private()\fR will only print the public components. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions all return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_keygen\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!e}XX BIO_s_fd.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_S_FD 3" .TH BIO_S_FD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const BIO_METHOD *BIO_s_fd(void); \& \& int BIO_set_fd(BIO *b, int fd, int c); \& int BIO_get_fd(BIO *b, int *c); \& \& BIO *BIO_new_fd(int fd, int close_flag); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. This is a wrapper round the platforms file descriptor routines such as \fBread()\fR and \fBwrite()\fR. .PP \&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read or write the underlying descriptor. \&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not. .PP If the close flag is set then \fBclose()\fR is called on the underlying file descriptor when the \s-1BIO\s0 is freed. .PP \&\fBBIO_reset()\fR attempts to change the file pointer to the start of file such as by using \fBlseek(fd, 0, 0)\fR. .PP \&\fBBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file such as by using \fBlseek(fd, ofs, 0)\fR. .PP \&\fBBIO_tell()\fR returns the current file position such as by calling \&\fBlseek(fd, 0, 1)\fR. .PP \&\fBBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close flag to \fBc\fR. .PP \&\fBBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also returns the file descriptor. .PP \&\fBBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR. .SH "NOTES" .IX Header "NOTES" The behaviour of \fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR depends on the behavior of the platforms \fBread()\fR and \fBwrite()\fR calls on the descriptor. If the underlying file descriptor is in a non blocking mode then the \s-1BIO\s0 will behave in the manner described in the \fBBIO_read_ex\fR\|(3) and \fBBIO_should_retry\fR\|(3) manual pages. .PP File descriptor BIOs should not be used for socket I/O. Use socket BIOs instead. .PP \&\fBBIO_set_fd()\fR and \fBBIO_get_fd()\fR are implemented as macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. .PP \&\fBBIO_set_fd()\fR always returns 1. .PP \&\fBBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not been initialized. .PP \&\fBBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error occurred. .SH "EXAMPLES" .IX Header "EXAMPLES" This is a file descriptor \s-1BIO\s0 version of \*(L"Hello World\*(R": .PP .Vb 1 \& BIO *out; \& \& out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE); \& BIO_printf(out, "Hello World\en"); \& BIO_free(out); .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBIO_seek\fR\|(3), \fBBIO_tell\fR\|(3), \&\fBBIO_reset\fR\|(3), \fBBIO_read_ex\fR\|(3), \&\fBBIO_write_ex\fR\|(3), \fBBIO_puts\fR\|(3), \&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3), \&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!> x$EVP_PKEY_CTX_set_rsa_pss_keygen_md.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3" .TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_CTX_set_rsa_pss_keygen_md, EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen \&\- EVP_PKEY RSA\-PSS algorithm support functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *pctx, \& const EVP_MD *md); \& int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx, \& const EVP_MD *md); \& int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx, \& int saltlen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These are the functions that implement \s-1\fBRSA\-PSS\s0\fR\|(7). .SS "Signing and Verification" .IX Subsection "Signing and Verification" The macro \fBEVP_PKEY_CTX_set_rsa_padding()\fR is supported but an error is returned if an attempt is made to set the padding mode to anything other than \fB\s-1PSS\s0\fR. It is otherwise similar to the \fB\s-1RSA\s0\fR version. .PP The \fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro is used to set the salt length. If the key has usage restrictions then an error is returned if an attempt is made to set the salt length below the minimum value. It is otherwise similar to the \fB\s-1RSA\s0\fR operation except detection of the salt length (using \&\s-1RSA_PSS_SALTLEN_AUTO\s0) is not supported for verification if the key has usage restrictions. .PP The \fBEVP_PKEY_CTX_set_signature_md()\fR and \fBEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macros are used to set the digest and \s-1MGF1\s0 algorithms respectively. If the key has usage restrictions then an error is returned if an attempt is made to set the digest to anything other than the restricted value. Otherwise these are similar to the \fB\s-1RSA\s0\fR versions. .SS "Key Generation" .IX Subsection "Key Generation" As with \s-1RSA\s0 key generation the \fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR and \fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macros are supported for RSA-PSS: they have exactly the same meaning as for the \s-1RSA\s0 algorithm. .PP Optional parameter restrictions can be specified when generating a \s-1PSS\s0 key. If any restrictions are set (using the macros described below) then \fBall\fR parameters are restricted. For example, setting a minimum salt length also restricts the digest and \s-1MGF1\s0 algorithms. If any restrictions are in place then they are reflected in the corresponding parameters of the public key when (for example) a certificate request is signed. .PP \&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_md()\fR restricts the digest algorithm the generated key can use to \fBmd\fR. .PP \&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md()\fR restricts the \s-1MGF1\s0 algorithm the generated key can use to \fBmd\fR. .PP \&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen()\fR restricts the minimum salt length to \fBsaltlen\fR. .SH "NOTES" .IX Header "NOTES" A context for the \fBRSA-PSS\fR algorithm can be obtained by calling: .PP .Vb 1 \& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL); .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" All these functions return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\s-1\fBRSA\-PSS\s0\fR\|(7), \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!h SSL_CTX_flush_sessions.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_FLUSH_SESSIONS 3" .TH SSL_CTX_FLUSH_SESSIONS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_flush_sessions \- remove expired sessions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_flush_sessions()\fR causes a run through the session cache of \&\fBctx\fR to remove sessions expired at time \fBtm\fR. .SH "NOTES" .IX Header "NOTES" If enabled, the internal session cache will collect all sessions established up to the specified maximum number (see \fBSSL_CTX_sess_set_cache_size()\fR). As sessions will not be reused ones they are expired, they should be removed from the cache to save resources. This can either be done automatically whenever 255 new sessions were established (see \&\fBSSL_CTX_set_session_cache_mode\fR\|(3)) or manually by calling \fBSSL_CTX_flush_sessions()\fR. .PP The parameter \fBtm\fR specifies the time which should be used for the expiration test, in most cases the actual time given by \fBtime\fR\|(0) will be used. .PP \&\fBSSL_CTX_flush_sessions()\fR will only check sessions stored in the internal cache. When a session is found and removed, the remove_session_cb is however called to synchronize with the external cache (see \&\fBSSL_CTX_sess_set_get_cb\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_flush_sessions()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_session_cache_mode\fR\|(3), \&\fBSSL_CTX_set_timeout\fR\|(3), \&\fBSSL_CTX_sess_set_get_cb\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!\DTLS_set_timer_cb.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DTLS_SET_TIMER_CB 3" .TH DTLS_SET_TIMER_CB 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DTLS_timer_cb, DTLS_set_timer_cb \&\- Set callback for controlling DTLS timer duration .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); \& \& void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This function sets an optional callback function for controlling the timeout interval on the \s-1DTLS\s0 protocol. The callback function will be called by \s-1DTLS\s0 for every new \s-1DTLS\s0 packet that is sent. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Returns void. .SH "HISTORY" .IX Header "HISTORY" The \fBDTLS_set_timer_cb()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ZZSSL_set_shutdown.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SET_SHUTDOWN 3" .TH SSL_SET_SHUTDOWN 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an SSL connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_set_shutdown(SSL *ssl, int mode); \& \& int SSL_get_shutdown(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_set_shutdown()\fR sets the shutdown state of \fBssl\fR to \fBmode\fR. .PP \&\fBSSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR. .SH "NOTES" .IX Header "NOTES" The shutdown state of an ssl connection is a bit mask of: .IP "0" 4 No shutdown setting, yet. .IP "\s-1SSL_SENT_SHUTDOWN\s0" 4 .IX Item "SSL_SENT_SHUTDOWN" A close_notify shutdown alert was sent to the peer, the connection is being considered closed and the session is closed and correct. .IP "\s-1SSL_RECEIVED_SHUTDOWN\s0" 4 .IX Item "SSL_RECEIVED_SHUTDOWN" A shutdown alert was received form the peer, either a normal close_notify or a fatal error. .PP \&\s-1SSL_SENT_SHUTDOWN\s0 and \s-1SSL_RECEIVED_SHUTDOWN\s0 can be set at the same time. .PP The shutdown state of the connection is used to determine the state of the ssl session. If the session is still open, when \&\fBSSL_clear\fR\|(3) or \fBSSL_free\fR\|(3) is called, it is considered bad and removed according to \s-1RFC2246.\s0 The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0 (according to the \s-1TLS RFC,\s0 it is acceptable to only send the close_notify alert but to not wait for the peer's answer, when the underlying connection is closed). \&\fBSSL_set_shutdown()\fR can be used to set this state without sending a close alert to the peer (see \fBSSL_shutdown\fR\|(3)). .PP If a close_notify was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set, for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call \&\fBSSL_shutdown\fR\|(3) or \fBSSL_set_shutdown()\fR itself. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_set_shutdown()\fR does not return diagnostic information. .PP \&\fBSSL_get_shutdown()\fR returns the current setting. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_shutdown\fR\|(3), \&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), \&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!mFDSA_generate_key.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DSA_GENERATE_KEY 3" .TH DSA_GENERATE_KEY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DSA_generate_key \- generate DSA key pair .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int DSA_generate_key(DSA *a); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates a new key pair and stores it in \fBa\->pub_key\fR and \fBa\->priv_key\fR. .PP The random generator must be seeded prior to calling \fBDSA_generate_key()\fR. If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDSA_generate_key()\fR returns 1 on success, 0 otherwise. The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \&\fBDSA_generate_parameters_ex\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!LL BN_swap.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BN_SWAP 3" .TH BN_SWAP 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BN_swap \- exchange BIGNUMs .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void BN_swap(BIGNUM *a, BIGNUM *b); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBN_swap()\fR does not return a value. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!<SSL_CTX_sess_set_cache_size.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SESS_SET_CACHE_SIZE 3" .TH SSL_CTX_SESS_SET_CACHE_SIZE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t); \& long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache of context \fBctx\fR to \fBt\fR. This value is a hint and not an absolute; see the notes below. .PP \&\fBSSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size. .SH "NOTES" .IX Header "NOTES" The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,\s0 currently 1024*20, so that up to 20000 sessions can be held. This size can be modified using the \fBSSL_CTX_sess_set_cache_size()\fR call. A special case is the size 0, which is used for unlimited size. .PP If adding the session makes the cache exceed its size, then unused sessions are dropped from the end of the cache. Cache space may also be reclaimed by calling \&\fBSSL_CTX_flush_sessions\fR\|(3) to remove expired sessions. .PP If the size of the session cache is reduced and more sessions are already in the session cache, old session will be removed at the next time a session shall be added. This removal is not synchronized with the expiration of sessions. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_sess_set_cache_size()\fR returns the previously valid size. .PP \&\fBSSL_CTX_sess_get_cache_size()\fR returns the currently valid size. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_session_cache_mode\fR\|(3), \&\fBSSL_CTX_sess_number\fR\|(3), \&\fBSSL_CTX_flush_sessions\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!$/[** SSL_read.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_READ 3" .TH SSL_READ 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_read_ex, SSL_read, SSL_peek_ex, SSL_peek \&\- read bytes from a TLS/SSL connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); \& int SSL_read(SSL *ssl, void *buf, int num); \& \& int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); \& int SSL_peek(SSL *ssl, void *buf, int num); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_read_ex()\fR and \fBSSL_read()\fR try to read \fBnum\fR bytes from the specified \fBssl\fR into the buffer \fBbuf\fR. On success \fBSSL_read_ex()\fR will store the number of bytes actually read in \fB*readbytes\fR. .PP \&\fBSSL_peek_ex()\fR and \fBSSL_peek()\fR are identical to \fBSSL_read_ex()\fR and \fBSSL_read()\fR respectively except no bytes are actually removed from the underlying \s-1BIO\s0 during the read, so that a subsequent call to \fBSSL_read_ex()\fR or \fBSSL_read()\fR will yield at least the same bytes. .SH "NOTES" .IX Header "NOTES" In the paragraphs below a \*(L"read function\*(R" is defined as one of \fBSSL_read_ex()\fR, \&\fBSSL_read()\fR, \fBSSL_peek_ex()\fR or \fBSSL_peek()\fR. .PP If necessary, a read function will negotiate a \s-1TLS/SSL\s0 session, if not already explicitly performed by \fBSSL_connect\fR\|(3) or \fBSSL_accept\fR\|(3). If the peer requests a re-negotiation, it will be performed transparently during the read function operation. The behaviour of the read functions depends on the underlying \s-1BIO.\s0 .PP For the transparent negotiation to succeed, the \fBssl\fR must have been initialized to client or server mode. This is being done by calling \&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state()\fR before the first invocation of a read function. .PP The read functions work based on the \s-1SSL/TLS\s0 records. The data are received in records (with a maximum record size of 16kB). Only when a record has been completely received, can it be processed (decryption and check of integrity). Therefore, data that was not retrieved at the last read call can still be buffered inside the \s-1SSL\s0 layer and will be retrieved on the next read call. If \fBnum\fR is higher than the number of bytes buffered then the read functions will return with the bytes buffered. If no more bytes are in the buffer, the read functions will trigger the processing of the next record. Only when the record has been received and processed completely will the read functions return reporting success. At most the contents of one record will be returned. As the size of an \s-1SSL/TLS\s0 record may exceed the maximum packet size of the underlying transport (e.g. \s-1TCP\s0), it may be necessary to read several packets from the transport layer before the record is complete and the read call can succeed. .PP If \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR has been switched off and a non-application data record has been processed, the read function can return and set the error to \&\fB\s-1SSL_ERROR_WANT_READ\s0\fR. In this case there might still be unprocessed data available in the \fB\s-1BIO\s0\fR. If read ahead was set using \fBSSL_CTX_set_read_ahead\fR\|(3), there might also still be unprocessed data available in the \fB\s-1SSL\s0\fR. This behaviour can be controlled using the \fBSSL_CTX_set_mode\fR\|(3) call. .PP If the underlying \s-1BIO\s0 is \fBblocking\fR, a read function will only return once the read operation has been finished or an error occurred, except when a non-application data record has been processed and \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is not set. Note that if \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is set and only non-application data is available the call will hang. .PP If the underlying \s-1BIO\s0 is \fBnonblocking\fR, a read function will also return when the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue the operation. In this case a call to \fBSSL_get_error\fR\|(3) with the return value of the read function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time it's possible that non-application data needs to be sent, a read function can also cause write operations. The calling process then must repeat the call after taking appropriate action to satisfy the needs of the read function. The action depends on the underlying \s-1BIO.\s0 When using a nonblocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .PP \&\fBSSL_pending\fR\|(3) can be used to find out whether there are buffered bytes available for immediate retrieval. In this case the read function can be called without blocking or actually receiving new data from the underlying socket. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_read_ex()\fR and \fBSSL_peek_ex()\fR will return 1 for success or 0 for failure. Success means that 1 or more application data bytes have been read from the \s-1SSL\s0 connection. Failure means that no bytes could be read from the \s-1SSL\s0 connection. Failures can be retryable (e.g. we are waiting for more bytes to be delivered by the network) or non-retryable (e.g. a fatal network error). In the event of a failure call \fBSSL_get_error\fR\|(3) to find out the reason which indicates whether the call is retryable or not. .PP For \fBSSL_read()\fR and \fBSSL_peek()\fR the following return values can occur: .IP "> 0" 4 .IX Item "> 0" The read operation was successful. The return value is the number of bytes actually read from the \s-1TLS/SSL\s0 connection. .IP "<= 0" 4 .IX Item "<= 0" The read operation was not successful, because either the connection was closed, an error occurred or action must be taken by the calling process. Call \fBSSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. .Sp Old documentation indicated a difference between 0 and \-1, and that \-1 was retryable. You should instead call \fBSSL_get_error()\fR to find out if it's retryable. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_get_error\fR\|(3), \fBSSL_write_ex\fR\|(3), \&\fBSSL_CTX_set_mode\fR\|(3), \fBSSL_CTX_new\fR\|(3), \&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3) \&\fBSSL_set_connect_state\fR\|(3), \&\fBSSL_pending\fR\|(3), \&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), \&\fBssl\fR\|(7), \fBbio\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_read_ex()\fR and \fBSSL_peek_ex()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!kuSSL_SESSION_is_resumable.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SESSION_IS_RESUMABLE 3" .TH SSL_SESSION_IS_RESUMABLE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_SESSION_is_resumable \&\- determine whether an SSL_SESSION object can be used for resumption .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_SESSION_is_resumable(const SSL_SESSION *s); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_SESSION_is_resumable()\fR determines whether an \s-1SSL_SESSION\s0 object can be used to resume a session or not. Returns 1 if it can or 0 if not. Note that attempting to resume with a non-resumable session will result in a full handshake. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_SESSION_is_resumable()\fR returns 1 if the session is resumable or 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_get_session\fR\|(3), \&\fBSSL_CTX_sess_set_new_cb\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_SESSION_is_resumable()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!xmEVP_PKEY_verify.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_VERIFY 3" .TH EVP_PKEY_VERIFY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_verify_init, EVP_PKEY_verify \- signature verification using a public key algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); \& int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, \& const unsigned char *sig, size_t siglen, \& const unsigned char *tbs, size_t tbslen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBEVP_PKEY_verify_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for a signature verification operation. .PP The \fBEVP_PKEY_verify()\fR function performs a public key verification operation using \fBctx\fR. The signature is specified using the \fBsig\fR and \&\fBsiglen\fR parameters. The verified data (i.e. the data believed originally signed) is specified using the \fBtbs\fR and \fBtbslen\fR parameters. .SH "NOTES" .IX Header "NOTES" After the call to \fBEVP_PKEY_verify_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation. .PP The function \fBEVP_PKEY_verify()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_verify_init()\fR and \fBEVP_PKEY_verify()\fR return 1 if the verification was successful and 0 if it failed. Unlike other functions the return value 0 from \&\fBEVP_PKEY_verify()\fR only indicates that the signature did not verify successfully (that is tbs did not match the original data or the signature was of invalid form) it is not an indication of a more serious error. .PP A negative value indicates an error other that signature verification failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLES" .IX Header "EXAMPLES" Verify signature using PKCS#1 and \s-1SHA256\s0 digest: .PP .Vb 2 \& #include \& #include \& \& EVP_PKEY_CTX *ctx; \& unsigned char *md, *sig; \& size_t mdlen, siglen; \& EVP_PKEY *verify_key; \& \& /* \& * NB: assumes verify_key, sig, siglen md and mdlen are already set up \& * and that verify_key is an RSA public key \& */ \& ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */); \& if (!ctx) \& /* Error occurred */ \& if (EVP_PKEY_verify_init(ctx) <= 0) \& /* Error */ \& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) \& /* Error */ \& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) \& /* Error */ \& \& /* Perform operation */ \& ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen); \& \& /* \& * ret == 1 indicates success, 0 verify failure and < 0 for some \& * other error. \& */ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_encrypt\fR\|(3), \&\fBEVP_PKEY_decrypt\fR\|(3), \&\fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_verify_recover\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!y::SMIME_read_CMS.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SMIME_READ_CMS 3" .TH SMIME_READ_CMS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SMIME_read_CMS \- parse S/MIME message .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSMIME_read_CMS()\fR parses a message in S/MIME format. .PP \&\fBin\fR is a \s-1BIO\s0 to read the message from. .PP If cleartext signing is used then the content is saved in a memory bio which is written to \fB*bcont\fR, otherwise \fB*bcont\fR is set to \s-1NULL.\s0 .PP The parsed CMS_ContentInfo structure is returned or \s-1NULL\s0 if an error occurred. .SH "NOTES" .IX Header "NOTES" If \fB*bcont\fR is not \s-1NULL\s0 then the message is clear text signed. \fB*bcont\fR can then be passed to \fBCMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set. .PP Otherwise the type of the returned structure can be determined using \fBCMS_get0_type()\fR. .PP To support future functionality if \fBbcont\fR is not \s-1NULL\s0 \fB*bcont\fR should be initialized to \s-1NULL.\s0 For example: .PP .Vb 2 \& BIO *cont = NULL; \& CMS_ContentInfo *cms; \& \& cms = SMIME_read_CMS(in, &cont); .Ve .SH "BUGS" .IX Header "BUGS" The \s-1MIME\s0 parser used by \fBSMIME_read_CMS()\fR is somewhat primitive. While it will handle most S/MIME messages more complex compound formats may not work. .PP The parser assumes that the CMS_ContentInfo structure is always base64 encoded and will not handle the case where it is in binary format or uses quoted printable format. .PP The use of a memory \s-1BIO\s0 to hold the signed content limits the size of message which can be processed due to memory restraints: a streaming single pass option should be available. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSMIME_read_CMS()\fR returns a valid \fBCMS_ContentInfo\fR structure or \fB\s-1NULL\s0\fR if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_type\fR\|(3), \&\fBSMIME_read_CMS\fR\|(3), \fBCMS_sign\fR\|(3), \&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3), \&\fBCMS_decrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!Q##SSL_get_rbio.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_RBIO 3" .TH SSL_GET_RBIO 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get_rbio, SSL_get_wbio \- get BIO linked to an SSL object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& BIO *SSL_get_rbio(SSL *ssl); \& BIO *SSL_get_wbio(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_get_rbio()\fR and \fBSSL_get_wbio()\fR return pointers to the BIOs for the read or the write channel, which can be different. The reference count of the \s-1BIO\s0 is not incremented. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "\s-1NULL\s0" 4 .IX Item "NULL" No \s-1BIO\s0 was connected to the \s-1SSL\s0 object .IP "Any other pointer" 4 .IX Item "Any other pointer" The \s-1BIO\s0 linked to \fBssl\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ug/]X509_check_ca.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_CHECK_CA 3" .TH X509_CHECK_CA 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_check_ca \- check if given certificate is CA certificate .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_check_ca(X509 *cert); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This function checks if given certificate is \s-1CA\s0 certificate (can be used to sign other certificates). .SH "RETURN VALUES" .IX Header "RETURN VALUES" Function return 0, if it is not \s-1CA\s0 certificate, 1 if it is proper X509v3 \&\s-1CA\s0 certificate with \fBbasicConstraints\fR extension \s-1CA:TRUE, 3,\s0 if it is self-signed X509 v1 certificate, 4, if it is certificate with \&\fBkeyUsage\fR extension with bit \fBkeyCertSign\fR set, but without \&\fBbasicConstraints\fR, and 5 if it has outdated Netscape Certificate Type extension telling that it is \s-1CA\s0 certificate. .PP Actually, any nonzero value means that this certificate could have been used to sign other certificates. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_verify_cert\fR\|(3), \&\fBX509_check_issued\fR\|(3), \&\fBX509_check_purpose\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! ASN1_OBJECT_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ASN1_OBJECT_NEW 3" .TH ASN1_OBJECT_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ASN1_OBJECT_new, ASN1_OBJECT_free \- object allocation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& ASN1_OBJECT *ASN1_OBJECT_new(void); \& void ASN1_OBJECT_free(ASN1_OBJECT *a); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an \&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1 OBJECT IDENTIFIER.\s0 .PP \&\fBASN1_OBJECT_new()\fR allocates and initializes an \s-1ASN1_OBJECT\s0 structure. .PP \&\fBASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR. If \fBa\fR is \s-1NULL,\s0 nothing is done. .SH "NOTES" .IX Header "NOTES" Although \fBASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it is almost never used in applications. The \s-1ASN1\s0 object utility functions such as \fBOBJ_nid2obj()\fR are used instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" If the allocation fails, \fBASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP \&\fBASN1_OBJECT_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBd2i_ASN1_OBJECT\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!` RSA_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RSA_NEW 3" .TH RSA_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RSA_new, RSA_free \- allocate and free RSA objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& RSA *RSA_new(void); \& \& void RSA_free(RSA *rsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to calling RSA_new_method(\s-1NULL\s0). .PP \&\fBRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is erased before the memory is returned to the system. If \fBrsa\fR is \s-1NULL\s0 nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" If the allocation fails, \fBRSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP \&\fBRSA_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \&\fBRSA_generate_key\fR\|(3), \&\fBRSA_new_method\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!2s(s( CMS_verify.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CMS_VERIFY 3" .TH CMS_VERIFY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CMS_verify, CMS_get0_signers \- verify a CMS SignedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store, \& BIO *indata, BIO *out, unsigned int flags); \& \& STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBCMS_verify()\fR is very similar to \fBPKCS7_verify\fR\|(3). It verifies a \&\fB\s-1CMS\s0 SignedData\fR structure contained in a structure of type \fBCMS_ContentInfo\fR. \&\fIcms\fR points to the \fBCMS_ContentInfo\fR structure to verify. The optional \fIcerts\fR parameter refers to a set of certificates in which to search for signing certificates. \&\fIcms\fR may contain extra untrusted \s-1CA\s0 certificates that may be used for chain building as well as CRLs that may be used for certificate validation. \&\fIstore\fR may be \s-1NULL\s0 or point to the trusted certificate store to use for chain verification. \&\fIindata\fR refers to the signed data if the content is detached from \fIcms\fR. Otherwise \fIindata\fR should be \s-1NULL\s0 and the signed data must be in \fIcms\fR. The content is written to the \s-1BIO\s0 \fIout\fR unless it is \s-1NULL.\s0 \&\fIflags\fR is an optional set of flags, which can be used to modify the operation. .PP \&\fBCMS_get0_signers()\fR retrieves the signing certificate(s) from \fIcms\fR, it may only be called after a successful \fBCMS_verify()\fR operation. .SH "VERIFY PROCESS" .IX Header "VERIFY PROCESS" Normally the verify process proceeds as follows. .PP Initially some sanity checks are performed on \fIcms\fR. The type of \fIcms\fR must be SignedData. There must be at least one signature on the data and if the content is detached \fIindata\fR cannot be \s-1NULL.\s0 .PP An attempt is made to locate all the signing certificate(s), first looking in the \fIcerts\fR parameter (if it is not \s-1NULL\s0) and then looking in any certificates contained in the \fIcms\fR structure unless \fB\s-1CMS_NOINTERN\s0\fR is set. If any signing certificate cannot be located the operation fails. .PP Each signing certificate is chain verified using the \fIsmimesign\fR purpose and using the trusted certificate store \fIstore\fR if supplied. Any internal certificates in the message, which may have been added using \&\fBCMS_add1_cert\fR\|(3), are used as untrusted CAs. If \s-1CRL\s0 checking is enabled in \fIstore\fR and \fB\s-1CMS_NOCRL\s0\fR is not set, any internal CRLs, which may have been added using \fBCMS_add1_crl\fR\|(3), are used in addition to attempting to look them up in \fIstore\fR. If \fIstore\fR is not \s-1NULL\s0 and any chain verify fails an error code is returned. .PP Finally the signed content is read (and written to \fIout\fR unless it is \s-1NULL\s0) and the signature is checked. .PP If all signatures verify correctly then the function is successful. .PP Any of the following flags (ored together) can be passed in the \fIflags\fR parameter to change the default verify behaviour. .PP If \fB\s-1CMS_NOINTERN\s0\fR is set the certificates in the message itself are not searched when locating the signing certificate(s). This means that all the signing certificates must be in the \fIcerts\fR parameter. .PP If \fB\s-1CMS_NOCRL\s0\fR is set and \s-1CRL\s0 checking is enabled in \fIstore\fR then any CRLs in the message itself are ignored. .PP If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted from the content. If the content is not of type \fBtext/plain\fR then an error is returned. .PP If \fB\s-1CMS_NO_SIGNER_CERT_VERIFY\s0\fR is set the signing certificates are not chain verified. .PP If \fB\s-1CMS_NO_ATTR_VERIFY\s0\fR is set the signed attributes signature is not verified. .PP If \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR is set then the content digest is not checked. .SH "NOTES" .IX Header "NOTES" One application of \fB\s-1CMS_NOINTERN\s0\fR is to only accept messages signed by a small number of certificates. The acceptable certificates would be passed in the \fIcerts\fR parameter. In this case if the signer certificate is not one of the certificates supplied in \fIcerts\fR then the verify will fail because the signer cannot be found. .PP In some cases the standard techniques for looking up and validating certificates are not appropriate: for example an application may wish to lookup certificates in a database or perform customised verification. This can be achieved by setting and verifying the signer certificates manually using the signed data utility functions. .PP Care should be taken when modifying the default verify behaviour, for example setting \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR will totally disable all content verification and any modified content will be considered valid. This combination is however useful if one merely wishes to write the content to \fIout\fR and its validity is not considered important. .PP Chain verification should arguably be performed using the signing time rather than the current time. However, since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_verify()\fR returns 1 for a successful verification and 0 if an error occurred. .PP \&\fBCMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred. .PP The error can be obtained from \fBERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" The trusted certificate store is not searched for the signing certificate. This is primarily due to the inadequacies of the current \fBX509_STORE\fR functionality. .PP The lack of single pass processing means that the signed content must all be held in memory if it is not detached. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS7_verify\fR\|(3), \fBCMS_add1_cert\fR\|(3), \fBCMS_add1_crl\fR\|(3), \&\fBOSSL_ESS_check_signing_certs\fR\|(3), \&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!VEISSL_SESSION_get0_peer.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_PEER 3" .TH SSL_SESSION_GET0_PEER 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_SESSION_get0_peer \&\- get details about peer's certificate for a session .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_SESSION_get0_peer()\fR returns the peer certificate associated with the session \&\fBs\fR or \s-1NULL\s0 if no peer certificate is available. The caller should not free the returned value (unless \fBX509_up_ref\fR\|(3) has also been called). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_SESSION_get0_peer()\fR returns a pointer to the peer certificate or \s-1NULL\s0 if no peer certificate is available. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!^uOO RSA_sign.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RSA_SIGN 3" .TH RSA_SIGN 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RSA_sign, RSA_verify \- RSA signatures .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int RSA_sign(int type, const unsigned char *m, unsigned int m_len, \& unsigned char *sigret, unsigned int *siglen, RSA *rsa); \& \& int RSA_verify(int type, const unsigned char *m, unsigned int m_len, \& unsigned char *sigbuf, unsigned int siglen, RSA *rsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBRSA_sign()\fR signs the message digest \fBm\fR of size \fBm_len\fR using the private key \fBrsa\fR using RSASSA\-PKCS1\-v1_5 as specified in \s-1RFC 3447.\s0 It stores the signature in \fBsigret\fR and the signature size in \fBsiglen\fR. \&\fBsigret\fR must point to RSA_size(\fBrsa\fR) bytes of memory. Note that \s-1PKCS\s0 #1 adds meta-data, placing limits on the size of the key that can be used. See \fBRSA_private_encrypt\fR\|(3) for lower-level operations. .PP \&\fBtype\fR denotes the message digest algorithm that was used to generate \&\fBm\fR. If \fBtype\fR is \fBNID_md5_sha1\fR, an \s-1SSL\s0 signature (\s-1MD5\s0 and \s-1SHA1\s0 message digests with \s-1PKCS\s0 #1 padding and no algorithm identifier) is created. .PP \&\fBRSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR matches a given message digest \fBm\fR of size \fBm_len\fR. \fBtype\fR denotes the message digest algorithm that was used to generate the signature. \&\fBrsa\fR is the signer's public key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRSA_sign()\fR returns 1 on success. \&\fBRSA_verify()\fR returns 1 on successful verification. .PP The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1SSL, PKCS\s0 #1 v2.0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \&\fBRSA_private_encrypt\fR\|(3), \&\fBRSA_public_decrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!EVP_PKEY_sign.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_SIGN 3" .TH EVP_PKEY_SIGN 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_sign_init, EVP_PKEY_sign \- sign using a public key algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); \& int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, \& unsigned char *sig, size_t *siglen, \& const unsigned char *tbs, size_t tbslen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBEVP_PKEY_sign_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for a signing operation. .PP The \fBEVP_PKEY_sign()\fR function performs a public key signing operation using \fBctx\fR. The data to be signed is specified using the \fBtbs\fR and \&\fBtbslen\fR parameters. If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then before the call the \fBsiglen\fR parameter should contain the length of the \&\fBsig\fR buffer, if the call is successful the signature is written to \&\fBsig\fR and the amount of data written to \fBsiglen\fR. .SH "NOTES" .IX Header "NOTES" \&\fBEVP_PKEY_sign()\fR does not hash the data to be signed, and therefore is normally used to sign digests. For signing arbitrary messages, see the \&\fBEVP_DigestSignInit\fR\|(3) and \&\fBEVP_SignInit\fR\|(3) signing interfaces instead. .PP After the call to \fBEVP_PKEY_sign_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation (see \fBEVP_PKEY_CTX_ctrl\fR\|(3)). .PP The function \fBEVP_PKEY_sign()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_sign_init()\fR and \fBEVP_PKEY_sign()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLES" .IX Header "EXAMPLES" Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest: .PP .Vb 2 \& #include \& #include \& \& EVP_PKEY_CTX *ctx; \& /* md is a SHA\-256 digest in this example. */ \& unsigned char *md, *sig; \& size_t mdlen = 32, siglen; \& EVP_PKEY *signing_key; \& \& /* \& * NB: assumes signing_key and md are set up before the next \& * step. signing_key must be an RSA private key and md must \& * point to the SHA\-256 digest to be signed. \& */ \& ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); \& if (!ctx) \& /* Error occurred */ \& if (EVP_PKEY_sign_init(ctx) <= 0) \& /* Error */ \& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) \& /* Error */ \& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) \& /* Error */ \& \& /* Determine buffer length */ \& if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) \& /* Error */ \& \& sig = OPENSSL_malloc(siglen); \& \& if (!sig) \& /* malloc failure */ \& \& if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) \& /* Error */ \& \& /* Signature is siglen bytes written to buffer sig */ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_CTX_ctrl\fR\|(3), \&\fBEVP_PKEY_encrypt\fR\|(3), \&\fBEVP_PKEY_decrypt\fR\|(3), \&\fBEVP_PKEY_verify\fR\|(3), \&\fBEVP_PKEY_verify_recover\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!H[iiEVP_PKEY_derive.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_DERIVE 3" .TH EVP_PKEY_DERIVE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive \- derive public key algorithm shared secret .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); \& int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); \& int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBEVP_PKEY_derive_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for shared secret derivation. .PP The \fBEVP_PKEY_derive_set_peer()\fR function sets the peer key: this will normally be a public key. .PP The \fBEVP_PKEY_derive()\fR derives a shared secret using \fBctx\fR. If \fBkey\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to the \fBkeylen\fR parameter. If \fBkey\fR is not \fB\s-1NULL\s0\fR then before the call the \&\fBkeylen\fR parameter should contain the length of the \fBkey\fR buffer, if the call is successful the shared secret is written to \fBkey\fR and the amount of data written to \fBkeylen\fR. .SH "NOTES" .IX Header "NOTES" After the call to \fBEVP_PKEY_derive_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation. .PP The function \fBEVP_PKEY_derive()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_derive_init()\fR and \fBEVP_PKEY_derive()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLES" .IX Header "EXAMPLES" Derive shared secret (for example \s-1DH\s0 or \s-1EC\s0 keys): .PP .Vb 2 \& #include \& #include \& \& EVP_PKEY_CTX *ctx; \& ENGINE *eng; \& unsigned char *skey; \& size_t skeylen; \& EVP_PKEY *pkey, *peerkey; \& /* NB: assumes pkey, eng, peerkey have been already set up */ \& \& ctx = EVP_PKEY_CTX_new(pkey, eng); \& if (!ctx) \& /* Error occurred */ \& if (EVP_PKEY_derive_init(ctx) <= 0) \& /* Error */ \& if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0) \& /* Error */ \& \& /* Determine buffer length */ \& if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0) \& /* Error */ \& \& skey = OPENSSL_malloc(skeylen); \& \& if (!skey) \& /* malloc failure */ \& \& if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0) \& /* Error */ \& \& /* Shared secret is skey bytes written to buffer skey */ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_encrypt\fR\|(3), \&\fBEVP_PKEY_decrypt\fR\|(3), \&\fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_verify\fR\|(3), \&\fBEVP_PKEY_verify_recover\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!2j=  SSL_SESSION_set1_id.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SESSION_SET1_ID 3" .TH SSL_SESSION_SET1_ID 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_SESSION_get_id, SSL_SESSION_set1_id \&\- get and set the SSL session ID .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, \& unsigned int *len) \& int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, \& unsigned int sid_len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_SESSION_get_id()\fR returns a pointer to the internal session id value for the session \fBs\fR. The length of the id in bytes is stored in \fB*len\fR. The length may be 0. The caller should not free the returned pointer directly. .PP \&\fBSSL_SESSION_set1_id()\fR sets the session \s-1ID\s0 for the \fBssl\fR \s-1SSL/TLS\s0 session to \fBsid\fR of length \fBsid_len\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_SESSION_get_id()\fR returns a pointer to the session id value. \&\fBSSL_SESSION_set1_id()\fR returns 1 for success and 0 for failure, for example if the supplied session \s-1ID\s0 length exceeds \fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_SESSION_set1_id()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!]AtmSSL_get_extms_support.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_EXTMS_SUPPORT 3" .TH SSL_GET_EXTMS_SUPPORT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get_extms_support \- extended master secret support .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_get_extms_support(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_get_extms_support()\fR indicates whether the current session used extended master secret. .PP This function is implemented as a macro. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_get_extms_support()\fR returns 1 if the current session used extended master secret, 0 if it did not and \-1 if a handshake is currently in progress i.e. it is not possible to determine if extended master secret was used. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!P3""SSL_CTX_set_tlsext_use_srtp.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_TLSEXT_USE_SRTP 3" .TH SSL_CTX_SET_TLSEXT_USE_SRTP 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_tlsext_use_srtp, SSL_set_tlsext_use_srtp, SSL_get_srtp_profiles, SSL_get_selected_srtp_profile \&\- Configure and query SRTP support .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); \& int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); \& \& STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); \& SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1SRTP\s0 is the Secure Real-Time Transport Protocol. OpenSSL implements support for the \*(L"use_srtp\*(R" \s-1DTLS\s0 extension defined in \s-1RFC5764.\s0 This provides a mechanism for establishing \s-1SRTP\s0 keying material, algorithms and parameters using \s-1DTLS.\s0 This capability may be used as part of an implementation that conforms to \s-1RFC5763.\s0 OpenSSL does not implement \s-1SRTP\s0 itself or \s-1RFC5763.\s0 Note that OpenSSL does not support the use of \s-1SRTP\s0 Master Key Identifiers (MKIs). Also note that this extension is only supported in \s-1DTLS.\s0 Any \s-1SRTP\s0 configuration will be ignored if a \&\s-1TLS\s0 connection is attempted. .PP An OpenSSL client wishing to send the \*(L"use_srtp\*(R" extension should call \&\fBSSL_CTX_set_tlsext_use_srtp()\fR to set its use for all \s-1SSL\s0 objects subsequently created from an \s-1SSL_CTX.\s0 Alternatively a client may call \&\fBSSL_set_tlsext_use_srtp()\fR to set its use for an individual \s-1SSL\s0 object. The \&\fBprofiles\fR parameters should point to a NUL-terminated, colon delimited list of \&\s-1SRTP\s0 protection profile names. .PP The currently supported protection profile names are: .IP "\s-1SRTP_AES128_CM_SHA1_80\s0" 4 .IX Item "SRTP_AES128_CM_SHA1_80" This corresponds to \s-1SRTP_AES128_CM_HMAC_SHA1_80\s0 defined in \s-1RFC5764.\s0 .IP "\s-1SRTP_AES128_CM_SHA1_32\s0" 4 .IX Item "SRTP_AES128_CM_SHA1_32" This corresponds to \s-1SRTP_AES128_CM_HMAC_SHA1_32\s0 defined in \s-1RFC5764.\s0 .IP "\s-1SRTP_AEAD_AES_128_GCM\s0" 4 .IX Item "SRTP_AEAD_AES_128_GCM" This corresponds to the profile of the same name defined in \s-1RFC7714.\s0 .IP "\s-1SRTP_AEAD_AES_256_GCM\s0" 4 .IX Item "SRTP_AEAD_AES_256_GCM" This corresponds to the profile of the same name defined in \s-1RFC7714.\s0 .PP Supplying an unrecognised protection profile name will result in an error. .PP An OpenSSL server wishing to support the \*(L"use_srtp\*(R" extension should also call \&\fBSSL_CTX_set_tlsext_use_srtp()\fR or \fBSSL_set_tlsext_use_srtp()\fR to indicate the protection profiles that it is willing to negotiate. .PP The currently configured list of protection profiles for either a client or a server can be obtained by calling \fBSSL_get_srtp_profiles()\fR. This returns a stack of \s-1SRTP_PROTECTION_PROFILE\s0 objects. The memory pointed to in the return value of this function should not be freed by the caller. .PP After a handshake has been completed the negotiated \s-1SRTP\s0 protection profile (if any) can be obtained (on the client or the server) by calling \&\fBSSL_get_selected_srtp_profile()\fR. This function will return \s-1NULL\s0 if no \s-1SRTP\s0 protection profile was negotiated. The memory returned from this function should not be freed by the caller. .PP If an \s-1SRTP\s0 protection profile has been successfully negotiated then the \s-1SRTP\s0 keying material (on both the client and server) should be obtained via a call to \&\fBSSL_export_keying_material\fR\|(3). This call should provide a label value of \&\*(L"EXTRACTOR\-dtls_srtp\*(R" and a \s-1NULL\s0 context value (use_context is 0). The total length of keying material obtained should be equal to two times the sum of the master key length and the salt length as defined for the protection profile in use. This provides the client write master key, the server write master key, the client write master salt and the server write master salt in that order. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_tlsext_use_srtp()\fR and \fBSSL_set_tlsext_use_srtp()\fR return 0 on success or 1 on error. .PP \&\fBSSL_get_srtp_profiles()\fR returns a stack of \s-1SRTP_PROTECTION_PROFILE\s0 objects on success or \s-1NULL\s0 on error or if no protection profiles have been configured. .PP \&\fBSSL_get_selected_srtp_profile()\fR returns a pointer to an \s-1SRTP_PROTECTION_PROFILE\s0 object if one has been negotiated or \s-1NULL\s0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_export_keying_material\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!|-BSSL_get_shared_sigalgs.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_SHARED_SIGALGS 3" .TH SSL_GET_SHARED_SIGALGS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get_shared_sigalgs, SSL_get_sigalgs \- get supported signature algorithms .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_get_shared_sigalgs(SSL *s, int idx, \& int *psign, int *phash, int *psignhash, \& unsigned char *rsig, unsigned char *rhash); \& \& int SSL_get_sigalgs(SSL *s, int idx, \& int *psign, int *phash, int *psignhash, \& unsigned char *rsig, unsigned char *rhash); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_get_shared_sigalgs()\fR returns information about the shared signature algorithms supported by peer \fBs\fR. The parameter \fBidx\fR indicates the index of the shared signature algorithm to return starting from zero. The signature algorithm \s-1NID\s0 is written to \fB*psign\fR, the hash \s-1NID\s0 to \fB*phash\fR and the sign and hash \s-1NID\s0 to \fB*psignhash\fR. The raw signature and hash values are written to \fB*rsig\fR and \fB*rhash\fR. .PP \&\fBSSL_get_sigalgs()\fR is similar to \fBSSL_get_shared_sigalgs()\fR except it returns information about all signature algorithms supported by \fBs\fR in the order they were sent by the peer. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_get_shared_sigalgs()\fR and \fBSSL_get_sigalgs()\fR return the number of signature algorithms or \fB0\fR if the \fBidx\fR parameter is out of range. .SH "NOTES" .IX Header "NOTES" These functions are typically called for debugging purposes (to report the peer's preferences) or where an application wants finer control over certificate selection. Most applications will rely on internal handling and will not need to call them. .PP If an application is only interested in the highest preference shared signature algorithm it can just set \fBidx\fR to zero. .PP Any or all of the parameters \fBpsign\fR, \fBphash\fR, \fBpsignhash\fR, \fBrsig\fR or \&\fBrhash\fR can be set to \fB\s-1NULL\s0\fR if the value is not required. By setting them all to \fB\s-1NULL\s0\fR and setting \fBidx\fR to zero the total number of signature algorithms can be determined: which can be zero. .PP These functions must be called after the peer has sent a list of supported signature algorithms: after a client hello (for servers) or a certificate request (for clients). They can (for example) be called in the certificate callback. .PP Only \s-1TLS 1.2, TLS 1.3\s0 and \s-1DTLS 1.2\s0 currently support signature algorithms. If these functions are called on an earlier version of \s-1TLS\s0 or \s-1DTLS\s0 zero is returned. .PP The shared signature algorithms returned by \fBSSL_get_shared_sigalgs()\fR are ordered according to configuration and peer preferences. .PP The raw values correspond to the on the wire form as defined by \s-1RFC5246\s0 et al. The NIDs are OpenSSL equivalents. For example if the peer sent \fBsha256\fR\|(4) and \&\fBrsa\fR\|(1) then \fB*rhash\fR would be 4, \fB*rsign\fR 1, \fB*phash\fR NID_sha256, \fB*psig\fR NID_rsaEncryption and \fB*psighash\fR NID_sha256WithRSAEncryption. .PP If a signature algorithm is not recognised the corresponding NIDs will be set to \fBNID_undef\fR. This may be because the value is not supported, is not an appropriate combination (for example \s-1MD5\s0 and \s-1DSA\s0) or the signature algorithm does not use a hash (for example Ed25519). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_set_cert_cb\fR\|(3), \&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!CKKSSL_CONF_CTX_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_NEW 3" .TH SSL_CONF_CTX_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CONF_CTX_new, SSL_CONF_CTX_free \- SSL configuration allocation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& SSL_CONF_CTX *SSL_CONF_CTX_new(void); \& void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The function \fBSSL_CONF_CTX_new()\fR allocates and initialises an \fB\s-1SSL_CONF_CTX\s0\fR structure for use with the \s-1SSL_CONF\s0 functions. .PP The function \fBSSL_CONF_CTX_free()\fR frees up the context \fBcctx\fR. If \fBcctx\fR is \s-1NULL\s0 nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CONF_CTX_new()\fR returns either the newly allocated \fB\s-1SSL_CONF_CTX\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurs. .PP \&\fBSSL_CONF_CTX_free()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CONF_CTX_set_flags\fR\|(3), \&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), \&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), \&\fBSSL_CONF_cmd\fR\|(3), \&\fBSSL_CONF_cmd_argv\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!.. BIO_push.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_PUSH 3" .TH BIO_PUSH 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_push, BIO_pop, BIO_set_next \- add and remove BIOs from a chain .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& BIO *BIO_push(BIO *b, BIO *next); \& BIO *BIO_pop(BIO *b); \& void BIO_set_next(BIO *b, BIO *next); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_push()\fR pushes \fIb\fR on \fInext\fR. If \fIb\fR is \s-1NULL\s0 the function does nothing and returns \fInext\fR. Otherwise it prepends \fIb\fR, which may be a single \s-1BIO\s0 or a chain of BIOs, to \fInext\fR (unless \fInext\fR is \s-1NULL\s0). It then makes a control call on \fIb\fR and returns \fIb\fR. .PP \&\fBBIO_pop()\fR removes the \s-1BIO\s0 \fIb\fR from any chain is is part of. If \fIb\fR is \s-1NULL\s0 the function does nothing and returns \s-1NULL.\s0 Otherwise it makes a control call on \fIb\fR and returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next \s-1BIO.\s0 The removed \s-1BIO\s0 becomes a single \s-1BIO\s0 with no association with the original chain, it can thus be freed or be made part of a different chain. .PP \&\fBBIO_set_next()\fR replaces the existing next \s-1BIO\s0 in a chain with the \s-1BIO\s0 pointed to by \fInext\fR. The new chain may include some of the same BIOs from the old chain or it may be completely different. .SH "NOTES" .IX Header "NOTES" The names of these functions are perhaps a little misleading. \fBBIO_push()\fR joins two \s-1BIO\s0 chains whereas \fBBIO_pop()\fR deletes a single \s-1BIO\s0 from a chain, the deleted \s-1BIO\s0 does not need to be at the end of a chain. .PP The process of calling \fBBIO_push()\fR and \fBBIO_pop()\fR on a \s-1BIO\s0 may have additional consequences (a control call is made to the affected BIOs). Any effects will be noted in the descriptions of individual BIOs. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_push()\fR returns the head of the chain, which usually is \fIb\fR, or \fInext\fR if \fIb\fR is \s-1NULL.\s0 .PP \&\fBBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next \s-1BIO.\s0 .SH "EXAMPLES" .IX Header "EXAMPLES" For these examples suppose \fImd1\fR and \fImd2\fR are digest BIOs, \&\fIb64\fR is a base64 \s-1BIO\s0 and \fIf\fR is a file \s-1BIO.\s0 .PP If the call: .PP .Vb 1 \& BIO_push(b64, f); .Ve .PP is made then the new chain will be \fIb64\-f\fR. After making the calls .PP .Vb 2 \& BIO_push(md2, b64); \& BIO_push(md1, md2); .Ve .PP the new chain is \fImd1\-md2\-b64\-f\fR. Data written to \fImd1\fR will be digested by \fImd1\fR and \fImd2\fR, base64 encoded, and finally written to \fIf\fR. .PP It should be noted that reading causes data to pass in the reverse direction, that is data is read from \fIf\fR, base64 decoded, and digested by \fImd2\fR and then \fImd1\fR. .PP The call: .PP .Vb 1 \& BIO_pop(md2); .Ve .PP will return \fIb64\fR and the new chain will be \fImd1\-b64\-f\fR. Data can be written to and read from \fImd1\fR as before, except that \fImd2\fR will no more be applied. .SH "SEE ALSO" .IX Header "SEE ALSO" bio .SH "HISTORY" .IX Header "HISTORY" The \fBBIO_set_next()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!W66SSL_SESSION_get0_id_context.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_ID_CONTEXT 3" .TH SSL_SESSION_GET0_ID_CONTEXT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_SESSION_get0_id_context, SSL_SESSION_set1_id_context \&\- get and set the SSL ID context associated with a session .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, \& unsigned int *len) \& int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, \& unsigned int sid_ctx_len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" See \fBSSL_CTX_set_session_id_context\fR\|(3) for further details on session \s-1ID\s0 contexts. .PP \&\fBSSL_SESSION_get0_id_context()\fR returns the \s-1ID\s0 context associated with the \s-1SSL/TLS\s0 session \fBs\fR. The length of the \s-1ID\s0 context is written to \&\fB*len\fR if \fBlen\fR is not \s-1NULL.\s0 .PP The value returned is a pointer to an object maintained within \fBs\fR and should not be released. .PP \&\fBSSL_SESSION_set1_id_context()\fR takes a copy of the provided \s-1ID\s0 context given in \&\fBsid_ctx\fR and associates it with the session \fBs\fR. The length of the \s-1ID\s0 context is given by \fBsid_ctx_len\fR which must not exceed \s-1SSL_MAX_SID_CTX_LENGTH\s0 bytes. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_SESSION_set1_id_context()\fR returns 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_set_session_id_context\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_SESSION_get0_id_context()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!OuRAND_load_file.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RAND_LOAD_FILE 3" .TH RAND_LOAD_FILE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RAND_load_file, RAND_write_file, RAND_file_name \- PRNG seed file .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int RAND_load_file(const char *filename, long max_bytes); \& \& int RAND_write_file(const char *filename); \& \& const char *RAND_file_name(char *buf, size_t num); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and adds them to the \s-1PRNG.\s0 If \fBmax_bytes\fR is nonnegative, up to \fBmax_bytes\fR are read; if \fBmax_bytes\fR is \-1, the complete file is read. Do not load the same file multiple times unless its contents have been updated by \fBRAND_write_file()\fR between reads. Also, note that \fBfilename\fR should be adequately protected so that an attacker cannot replace or examine the contents. If \fBfilename\fR is not a regular file, then user is considered to be responsible for any side effects, e.g. non-anticipated blocking or capture of controlling terminal. .PP \&\fBRAND_write_file()\fR writes a number of random bytes (currently 128) to file \fBfilename\fR which can be used to initialize the \s-1PRNG\s0 by calling \&\fBRAND_load_file()\fR in a later session. .PP \&\fBRAND_file_name()\fR generates a default path for the random seed file. \fBbuf\fR points to a buffer of size \fBnum\fR in which to store the filename. .PP On all systems, if the environment variable \fB\s-1RANDFILE\s0\fR is set, its value will be used as the seed filename. Otherwise, the file is called \f(CW\*(C`.rnd\*(C'\fR, found in platform dependent locations: .IP "On Windows (in order of preference)" 4 .IX Item "On Windows (in order of preference)" .Vb 1 \& %HOME%, %USERPROFILE%, %SYSTEMROOT%, C:\e .Ve .IP "On \s-1VMS\s0" 4 .IX Item "On VMS" .Vb 1 \& SYS$LOGIN: .Ve .IP "On all other systems" 4 .IX Item "On all other systems" .Vb 1 \& $HOME .Ve .PP If \f(CW$HOME\fR (on non-Windows and non-VMS system) is not set either, or \&\fBnum\fR is too small for the pathname, an error occurs. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_load_file()\fR returns the number of bytes read or \-1 on error. .PP \&\fBRAND_write_file()\fR returns the number of bytes written, or \-1 if the bytes written were generated without appropriate seeding. .PP \&\fBRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and \s-1NULL\s0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRAND_add\fR\|(3), \&\fBRAND_bytes\fR\|(3), \&\s-1\fBRAND\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!vSSL_check_chain.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CHECK_CHAIN 3" .TH SSL_CHECK_CHAIN 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_check_chain \- check certificate chain suitability .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_check_chain()\fR checks whether certificate \fBx\fR, private key \fBpk\fR and certificate chain \fBchain\fR is suitable for use with the current session \&\fBs\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_check_chain()\fR returns a bitmap of flags indicating the validity of the chain. .PP \&\fB\s-1CERT_PKEY_VALID\s0\fR: the chain can be used with the current session. If this flag is \fBnot\fR set then the certificate will never be used even if the application tries to set it because it is inconsistent with the peer preferences. .PP \&\fB\s-1CERT_PKEY_SIGN\s0\fR: the \s-1EE\s0 key can be used for signing. .PP \&\fB\s-1CERT_PKEY_EE_SIGNATURE\s0\fR: the signature algorithm of the \s-1EE\s0 certificate is acceptable. .PP \&\fB\s-1CERT_PKEY_CA_SIGNATURE\s0\fR: the signature algorithms of all \s-1CA\s0 certificates are acceptable. .PP \&\fB\s-1CERT_PKEY_EE_PARAM\s0\fR: the parameters of the end entity certificate are acceptable (e.g. it is a supported curve). .PP \&\fB\s-1CERT_PKEY_CA_PARAM\s0\fR: the parameters of all \s-1CA\s0 certificates are acceptable. .PP \&\fB\s-1CERT_PKEY_EXPLICIT_SIGN\s0\fR: the end entity certificate algorithm can be used explicitly for signing (i.e. it is mentioned in the signature algorithms extension). .PP \&\fB\s-1CERT_PKEY_ISSUER_NAME\s0\fR: the issuer name is acceptable. This is only meaningful for client authentication. .PP \&\fB\s-1CERT_PKEY_CERT_TYPE\s0\fR: the certificate type is acceptable. Only meaningful for client authentication. .PP \&\fB\s-1CERT_PKEY_SUITEB\s0\fR: chain is suitable for Suite B use. .SH "NOTES" .IX Header "NOTES" \&\fBSSL_check_chain()\fR must be called in servers after a client hello message or in clients after a certificate request message. It will typically be called in the certificate callback. .PP An application wishing to support multiple certificate chains may call this function on each chain in turn: starting with the one it considers the most secure. It could then use the chain of the first set which returns suitable flags. .PP As a minimum the flag \fB\s-1CERT_PKEY_VALID\s0\fR must be set for a chain to be usable. An application supporting multiple chains with different \s-1CA\s0 signature algorithms may also wish to check \fB\s-1CERT_PKEY_CA_SIGNATURE\s0\fR too. If no chain is suitable a server should fall back to the most secure chain which sets \fB\s-1CERT_PKEY_VALID\s0\fR. .PP The validity of a chain is determined by checking if it matches a supported signature algorithm, supported curves and in the case of client authentication certificate types and issuer names. .PP Since the supported signature algorithms extension is only used in \s-1TLS 1.2, TLS 1.3\s0 and \s-1DTLS 1.2\s0 the results for earlier versions of \s-1TLS\s0 and \s-1DTLS\s0 may not be very useful. Applications may wish to specify a different \*(L"legacy\*(R" chain for earlier versions of \s-1TLS\s0 or \s-1DTLS.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_set_cert_cb\fR\|(3), \&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!쩟33PEM_write_bio_CMS_stream.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PEM_WRITE_BIO_CMS_STREAM 3" .TH PEM_WRITE_BIO_CMS_STREAM 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" PEM_write_bio_CMS_stream \- output CMS_ContentInfo structure in PEM format .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBPEM_write_bio_CMS_stream()\fR outputs a CMS_ContentInfo structure in \s-1PEM\s0 format. .PP It is otherwise identical to the function \fBSMIME_write_CMS()\fR. .SH "NOTES" .IX Header "NOTES" This function is effectively a version of the \fBPEM_write_bio_CMS()\fR supporting streaming. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPEM_write_bio_CMS_stream()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), \&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) \&\fBCMS_decrypt\fR\|(3), \&\fBPEM_write\fR\|(3), \&\fBSMIME_write_CMS\fR\|(3), \&\fBi2d_CMS_bio_stream\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBPEM_write_bio_CMS_stream()\fR function was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!F=$X509_check_purpose.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_CHECK_PURPOSE 3" .TH X509_CHECK_PURPOSE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_check_purpose \- Check the purpose of a certificate .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_check_purpose(X509 *x, int id, int ca) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This function checks if certificate \fIx\fR was created with the purpose represented by \fIid\fR. If \fIca\fR is nonzero, then certificate \fIx\fR is checked to determine if it's a possible \s-1CA\s0 with various levels of certainty possibly returned. .PP Below are the potential \s-1ID\s0's that can be checked: .PP .Vb 9 \& # define X509_PURPOSE_SSL_CLIENT 1 \& # define X509_PURPOSE_SSL_SERVER 2 \& # define X509_PURPOSE_NS_SSL_SERVER 3 \& # define X509_PURPOSE_SMIME_SIGN 4 \& # define X509_PURPOSE_SMIME_ENCRYPT 5 \& # define X509_PURPOSE_CRL_SIGN 6 \& # define X509_PURPOSE_ANY 7 \& # define X509_PURPOSE_OCSP_HELPER 8 \& # define X509_PURPOSE_TIMESTAMP_SIGN 9 .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" For non-CA checks .IP "\-1 an error condition has occurred" 4 .IX Item "-1 an error condition has occurred" .PD 0 .IP " 1 if the certificate was created to perform the purpose represented by \fIid\fR" 4 .IX Item " 1 if the certificate was created to perform the purpose represented by id" .IP " 0 if the certificate was not created to perform the purpose represented by \fIid\fR" 4 .IX Item " 0 if the certificate was not created to perform the purpose represented by id" .PD .PP For \s-1CA\s0 checks the below integers could be returned with the following meanings: .IP "\-1 an error condition has occurred" 4 .IX Item "-1 an error condition has occurred" .PD 0 .IP " 0 not a \s-1CA\s0 or does not have the purpose represented by \fIid\fR" 4 .IX Item " 0 not a CA or does not have the purpose represented by id" .IP " 1 is a \s-1CA.\s0" 4 .IX Item " 1 is a CA." .IP " 2 Only possible in old versions of openSSL when basicConstraints are absent. New versions will not return this value. May be a \s-1CA\s0" 4 .IX Item " 2 Only possible in old versions of openSSL when basicConstraints are absent. New versions will not return this value. May be a CA" .IP " 3 basicConstraints absent but self signed V1." 4 .IX Item " 3 basicConstraints absent but self signed V1." .IP " 4 basicConstraints absent but keyUsage present and keyCertSign asserted." 4 .IX Item " 4 basicConstraints absent but keyUsage present and keyCertSign asserted." .IP " 5 legacy Netscape specific \s-1CA\s0 Flags present" 4 .IX Item " 5 legacy Netscape specific CA Flags present" .PD .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \&\s-1LICENSE\s0 in the source distribution or at . PK!bCmmSSL_CONF_cmd.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CONF_CMD 3" .TH SSL_CONF_CMD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CONF_cmd_value_type, SSL_CONF_cmd \- send configuration command .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); \& int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The function \fBSSL_CONF_cmd()\fR performs configuration operation \fBcmd\fR with optional parameter \fBvalue\fR on \fBctx\fR. Its purpose is to simplify application configuration of \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structures by providing a common framework for command line options or configuration files. .PP \&\fBSSL_CONF_cmd_value_type()\fR returns the type of value that \fBcmd\fR refers to. .SH "SUPPORTED COMMAND LINE COMMANDS" .IX Header "SUPPORTED COMMAND LINE COMMANDS" Currently supported \fBcmd\fR names for command lines (i.e. when the flag \fB\s-1SSL_CONF_CMDLINE\s0\fR is set) are listed below. Note: all \fBcmd\fR names are case sensitive. Unless otherwise stated commands can be used by both clients and servers and the \fBvalue\fR parameter is not used. The default prefix for command line commands is \fB\-\fR and that is reflected below. .IP "\fB\-sigalgs\fR" 4 .IX Item "-sigalgs" This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. For clients this value is used directly for the supported signature algorithms extension. For servers it is used to determine which signature algorithms to support. .Sp The \fBvalue\fR argument should be a colon separated list of signature algorithms in order of decreasing preference of the form \fBalgorithm+hash\fR or \&\fBsignature_scheme\fR. \fBalgorithm\fR is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and \fBhash\fR is a supported algorithm \&\s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, \fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. Note: algorithm and hash names are case sensitive. \&\fBsignature_scheme\fR is one of the signature schemes defined in TLSv1.3, specified using the \s-1IETF\s0 name, e.g., \fBecdsa_secp256r1_sha256\fR, \fBed25519\fR, or \fBrsa_pss_pss_sha256\fR. .Sp If this option is not set then all signature algorithms supported by the OpenSSL library are permissible. .Sp Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by using \fB\s-1RSA\s0\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR identifiers) are ignored in TLSv1.3 and will not be negotiated. .IP "\fB\-client_sigalgs\fR" 4 .IX Item "-client_sigalgs" This sets the supported signature algorithms associated with client authentication for TLSv1.2 and TLSv1.3. For servers the value is used in the \&\fBsignature_algorithms\fR field of a \fBCertificateRequest\fR message. For clients it is used to determine which signature algorithm to use with the client certificate. If a server does not request a certificate this option has no effect. .Sp The syntax of \fBvalue\fR is identical to \fB\-sigalgs\fR. If not set then the value set for \fB\-sigalgs\fR will be used instead. .IP "\fB\-groups\fR" 4 .IX Item "-groups" This sets the supported groups. For clients, the groups are sent using the supported groups extension. For servers, it is used to determine which group to use. This setting affects groups used for signatures (in TLSv1.2 and earlier) and key exchange. The first group listed will also be used for the \fBkey_share\fR sent by a client in a TLSv1.3 \&\fBClientHello\fR. .Sp The \fBvalue\fR argument is a colon separated list of groups. The group can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g. \fBprime256v1\fR). Group names are case sensitive. The list should be in order of preference with the most preferred group first. .IP "\fB\-curves\fR" 4 .IX Item "-curves" This is a synonym for the \*(L"\-groups\*(R" command. .IP "\fB\-named_curve\fR" 4 .IX Item "-named_curve" This sets the temporary curve used for ephemeral \s-1ECDH\s0 modes. Only used by servers .Sp The \fBvalue\fR argument is a curve name or the special value \fBauto\fR which picks an appropriate curve based on client and server preferences. The curve can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name (e.g. \fBprime256v1\fR). Curve names are case sensitive. .IP "\fB\-cipher\fR" 4 .IX Item "-cipher" Sets the TLSv1.2 and below ciphersuite list to \fBvalue\fR. This list will be combined with any configured TLSv1.3 ciphersuites. Note: syntax checking of \fBvalue\fR is currently not performed unless a \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR structure is associated with \fBcctx\fR. .IP "\fB\-ciphersuites\fR" 4 .IX Item "-ciphersuites" Sets the available ciphersuites for TLSv1.3 to value. This is a simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names in order of preference. This list will be combined any configured TLSv1.2 and below ciphersuites. See \fBciphers\fR\|(1) for more information. .IP "\fB\-cert\fR" 4 .IX Item "-cert" Attempts to use the file \fBvalue\fR as the certificate for the appropriate context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR structure is set. This option is only supported if certificate operations are permitted. .IP "\fB\-key\fR" 4 .IX Item "-key" Attempts to use the file \fBvalue\fR as the private key for the appropriate context. This option is only supported if certificate operations are permitted. Note: if no \fB\-key\fR option is set then a private key is not loaded unless the flag \fB\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0\fR is set. .IP "\fB\-dhparam\fR" 4 .IX Item "-dhparam" Attempts to use the file \fBvalue\fR as the set of temporary \s-1DH\s0 parameters for the appropriate context. This option is only supported if certificate operations are permitted. .IP "\fB\-record_padding\fR" 4 .IX Item "-record_padding" Attempts to pad TLSv1.3 records so that they are a multiple of \fBvalue\fR in length on send. A \fBvalue\fR of 0 or 1 turns off padding. Otherwise, the \&\fBvalue\fR must be >1 or <=16384. .IP "\fB\-no_renegotiation\fR" 4 .IX Item "-no_renegotiation" Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting \&\fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. .IP "\fB\-min_protocol\fR, \fB\-max_protocol\fR" 4 .IX Item "-min_protocol, -max_protocol" Sets the minimum and maximum supported protocol. Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, \&\fBTLSv1.2\fR, \fBTLSv1.3\fR for \s-1TLS\s0; \fBDTLSv1\fR, \fBDTLSv1.2\fR for \s-1DTLS,\s0 and \fBNone\fR for no limit. If either the lower or upper bound is not specified then only the other bound applies, if specified. If your application supports both \s-1TLS\s0 and \s-1DTLS\s0 you can specify any of these options twice, once with a bound for \s-1TLS\s0 and again with an appropriate bound for \s-1DTLS.\s0 To restrict the supported protocol versions use these commands rather than the deprecated alternative commands below. .IP "\fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 .IX Item "-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by setting the corresponding options \fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, \&\fBSSL_OP_NO_TLSv1_1\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR respectively. These options are deprecated, instead use \fB\-min_protocol\fR and \&\fB\-max_protocol\fR. .IP "\fB\-bugs\fR" 4 .IX Item "-bugs" Various bug workarounds are set, same as setting \fB\s-1SSL_OP_ALL\s0\fR. .IP "\fB\-comp\fR" 4 .IX Item "-comp" Enables support for \s-1SSL/TLS\s0 compression, same as clearing \&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. This command was introduced in OpenSSL 1.1.0. As of OpenSSL 1.1.0, compression is off by default. .IP "\fB\-no_comp\fR" 4 .IX Item "-no_comp" Disables support for \s-1SSL/TLS\s0 compression, same as setting \&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. As of OpenSSL 1.1.0, compression is off by default. .IP "\fB\-no_ticket\fR" 4 .IX Item "-no_ticket" Disables support for session tickets, same as setting \fB\s-1SSL_OP_NO_TICKET\s0\fR. .IP "\fB\-serverpref\fR" 4 .IX Item "-serverpref" Use server and not client preference order when determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. Equivalent to \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. .IP "\fB\-prioritize_chacha\fR" 4 .IX Item "-prioritize_chacha" Prioritize ChaCha ciphers when the client has a ChaCha20 cipher at the top of its preference list. This usually indicates a client without \s-1AES\s0 hardware acceleration (e.g. mobile) is in use. Equivalent to \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR. Only used by servers. Requires \fB\-serverpref\fR. .IP "\fB\-no_resumption_on_reneg\fR" 4 .IX Item "-no_resumption_on_reneg" set \s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0 flag. Only used by servers. .IP "\fB\-legacyrenegotiation\fR" 4 .IX Item "-legacyrenegotiation" permits the use of unsafe legacy renegotiation. Equivalent to setting \&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. .IP "\fB\-legacy_server_connect\fR, \fB\-no_legacy_server_connect\fR" 4 .IX Item "-legacy_server_connect, -no_legacy_server_connect" permits or prohibits the use of unsafe legacy renegotiation for OpenSSL clients only. Equivalent to setting or clearing \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. Set by default. .IP "\fB\-allow_no_dhe_kex\fR" 4 .IX Item "-allow_no_dhe_kex" In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means that there will be no forward secrecy for the resumed session. .IP "\fB\-strict\fR" 4 .IX Item "-strict" enables strict mode protocol handling. Equivalent to setting \&\fB\s-1SSL_CERT_FLAG_TLS_STRICT\s0\fR. .IP "\fB\-anti_replay\fR, \fB\-no_anti_replay\fR" 4 .IX Item "-anti_replay, -no_anti_replay" Switches replay protection, on or off respectively. With replay protection on, OpenSSL will automatically detect if a session ticket has been used more than once, TLSv1.3 has been negotiated, and early data is enabled on the server. A full handshake is forced if a session ticket is used a second or subsequent time. Anti-Replay is on by default unless overridden by a configuration file and is only used by servers. Anti-replay measures are required for compliance with the TLSv1.3 specification. Some applications may be able to mitigate the replay risks in other ways and in such cases the built-in OpenSSL functionality is not required. Switching off anti-replay is equivalent to \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR. .SH "SUPPORTED CONFIGURATION FILE COMMANDS" .IX Header "SUPPORTED CONFIGURATION FILE COMMANDS" Currently supported \fBcmd\fR names for configuration files (i.e. when the flag \fB\s-1SSL_CONF_FLAG_FILE\s0\fR is set) are listed below. All configuration file \&\fBcmd\fR names are case insensitive so \fBsignaturealgorithms\fR is recognised as well as \fBSignatureAlgorithms\fR. Unless otherwise stated the \fBvalue\fR names are also case insensitive. .PP Note: the command prefix (if set) alters the recognised \fBcmd\fR values. .IP "\fBCipherString\fR" 4 .IX Item "CipherString" Sets the ciphersuite list for TLSv1.2 and below to \fBvalue\fR. This list will be combined with any configured TLSv1.3 ciphersuites. Note: syntax checking of \fBvalue\fR is currently not performed unless an \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR structure is associated with \fBcctx\fR. .IP "\fBCiphersuites\fR" 4 .IX Item "Ciphersuites" Sets the available ciphersuites for TLSv1.3 to \fBvalue\fR. This is a simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names in order of preference. This list will be combined any configured TLSv1.2 and below ciphersuites. See \fBciphers\fR\|(1) for more information. .IP "\fBCertificate\fR" 4 .IX Item "Certificate" Attempts to use the file \fBvalue\fR as the certificate for the appropriate context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR structure is set. This option is only supported if certificate operations are permitted. .IP "\fBPrivateKey\fR" 4 .IX Item "PrivateKey" Attempts to use the file \fBvalue\fR as the private key for the appropriate context. This option is only supported if certificate operations are permitted. Note: if no \fBPrivateKey\fR option is set then a private key is not loaded unless the \fB\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0\fR is set. .IP "\fBChainCAFile\fR, \fBChainCAPath\fR, \fBVerifyCAFile\fR, \fBVerifyCAPath\fR" 4 .IX Item "ChainCAFile, ChainCAPath, VerifyCAFile, VerifyCAPath" These options indicate a file or directory used for building certificate chains or verifying certificate chains. These options are only supported if certificate operations are permitted. .IP "\fBRequestCAFile\fR" 4 .IX Item "RequestCAFile" This option indicates a file containing a set of certificates in \s-1PEM\s0 form. The subject names of the certificates are sent to the peer in the \&\fBcertificate_authorities\fR extension for \s-1TLS 1.3\s0 (in ClientHello or CertificateRequest) or in a certificate request for previous versions or \&\s-1TLS.\s0 .IP "\fBServerInfoFile\fR" 4 .IX Item "ServerInfoFile" Attempts to use the file \fBvalue\fR in the \*(L"serverinfo\*(R" extension using the function SSL_CTX_use_serverinfo_file. .IP "\fBDHParameters\fR" 4 .IX Item "DHParameters" Attempts to use the file \fBvalue\fR as the set of temporary \s-1DH\s0 parameters for the appropriate context. This option is only supported if certificate operations are permitted. .IP "\fBRecordPadding\fR" 4 .IX Item "RecordPadding" Attempts to pad TLSv1.3 records so that they are a multiple of \fBvalue\fR in length on send. A \fBvalue\fR of 0 or 1 turns off padding. Otherwise, the \&\fBvalue\fR must be >1 or <=16384. .IP "\fBSignatureAlgorithms\fR" 4 .IX Item "SignatureAlgorithms" This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. For clients this value is used directly for the supported signature algorithms extension. For servers it is used to determine which signature algorithms to support. .Sp The \fBvalue\fR argument should be a colon separated list of signature algorithms in order of decreasing preference of the form \fBalgorithm+hash\fR or \&\fBsignature_scheme\fR. \fBalgorithm\fR is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and \fBhash\fR is a supported algorithm \&\s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, \fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. Note: algorithm and hash names are case sensitive. \&\fBsignature_scheme\fR is one of the signature schemes defined in TLSv1.3, specified using the \s-1IETF\s0 name, e.g., \fBecdsa_secp256r1_sha256\fR, \fBed25519\fR, or \fBrsa_pss_pss_sha256\fR. .Sp If this option is not set then all signature algorithms supported by the OpenSSL library are permissible. .Sp Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by using \fB\s-1RSA\s0\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR identifiers) are ignored in TLSv1.3 and will not be negotiated. .IP "\fBClientSignatureAlgorithms\fR" 4 .IX Item "ClientSignatureAlgorithms" This sets the supported signature algorithms associated with client authentication for TLSv1.2 and TLSv1.3. For servers the value is used in the \&\fBsignature_algorithms\fR field of a \fBCertificateRequest\fR message. For clients it is used to determine which signature algorithm to use with the client certificate. If a server does not request a certificate this option has no effect. .Sp The syntax of \fBvalue\fR is identical to \fBSignatureAlgorithms\fR. If not set then the value set for \fBSignatureAlgorithms\fR will be used instead. .IP "\fBGroups\fR" 4 .IX Item "Groups" This sets the supported groups. For clients, the groups are sent using the supported groups extension. For servers, it is used to determine which group to use. This setting affects groups used for signatures (in TLSv1.2 and earlier) and key exchange. The first group listed will also be used for the \fBkey_share\fR sent by a client in a TLSv1.3 \&\fBClientHello\fR. .Sp The \fBvalue\fR argument is a colon separated list of groups. The group can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g. \fBprime256v1\fR). Group names are case sensitive. The list should be in order of preference with the most preferred group first. .IP "\fBCurves\fR" 4 .IX Item "Curves" This is a synonym for the \*(L"Groups\*(R" command. .IP "\fBMinProtocol\fR" 4 .IX Item "MinProtocol" This sets the minimum supported \s-1SSL, TLS\s0 or \s-1DTLS\s0 version. .Sp Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, \&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. The \s-1SSL\s0 and \s-1TLS\s0 bounds apply only to TLS-based contexts, while the \s-1DTLS\s0 bounds apply only to DTLS-based contexts. The command can be repeated with one instance setting a \s-1TLS\s0 bound, and the other setting a \s-1DTLS\s0 bound. The value \fBNone\fR applies to both types of contexts and disables the limits. .IP "\fBMaxProtocol\fR" 4 .IX Item "MaxProtocol" This sets the maximum supported \s-1SSL, TLS\s0 or \s-1DTLS\s0 version. .Sp Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, \&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. The \s-1SSL\s0 and \s-1TLS\s0 bounds apply only to TLS-based contexts, while the \s-1DTLS\s0 bounds apply only to DTLS-based contexts. The command can be repeated with one instance setting a \s-1TLS\s0 bound, and the other setting a \s-1DTLS\s0 bound. The value \fBNone\fR applies to both types of contexts and disables the limits. .IP "\fBProtocol\fR" 4 .IX Item "Protocol" This can be used to enable or disable certain versions of the \s-1SSL, TLS\s0 or \s-1DTLS\s0 protocol. .Sp The \fBvalue\fR argument is a comma separated list of supported protocols to enable or disable. If a protocol is preceded by \fB\-\fR that version is disabled. .Sp All protocol versions are enabled by default. You need to disable at least one protocol version for this setting have any effect. Only enabling some protocol versions does not disable the other protocol versions. .Sp Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, \&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. The special value \fB\s-1ALL\s0\fR refers to all supported versions. .Sp This can't enable protocols that are disabled using \fBMinProtocol\fR or \fBMaxProtocol\fR, but can disable protocols that are still allowed by them. .Sp The \fBProtocol\fR command is fragile and deprecated; do not use it. Use \fBMinProtocol\fR and \fBMaxProtocol\fR instead. If you do use \fBProtocol\fR, make sure that the resulting range of enabled protocols has no \*(L"holes\*(R", e.g. if \s-1TLS 1.0\s0 and \s-1TLS 1.2\s0 are both enabled, make sure to also leave \s-1TLS 1.1\s0 enabled. .IP "\fBOptions\fR" 4 .IX Item "Options" The \fBvalue\fR argument is a comma separated list of various flags to set. If a flag string is preceded \fB\-\fR it is disabled. See the \fBSSL_CTX_set_options\fR\|(3) function for more details of individual options. .Sp Each option is listed below. Where an operation is enabled by default the \fB\-flag\fR syntax is needed to disable it. .Sp \&\fBSessionTicket\fR: session ticket support, enabled by default. Inverse of \&\fB\s-1SSL_OP_NO_TICKET\s0\fR: that is \fB\-SessionTicket\fR is the same as setting \&\fB\s-1SSL_OP_NO_TICKET\s0\fR. .Sp \&\fBCompression\fR: \s-1SSL/TLS\s0 compression support, disabled by default. Inverse of \fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. .Sp \&\fBEmptyFragments\fR: use empty fragments as a countermeasure against a \&\s-1SSL 3.0/TLS 1.0\s0 protocol vulnerability affecting \s-1CBC\s0 ciphers. It is set by default. Inverse of \fB\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0\fR. .Sp \&\fBBugs\fR: enable various bug workarounds. Same as \fB\s-1SSL_OP_ALL\s0\fR. .Sp \&\fBDHSingle\fR: enable single use \s-1DH\s0 keys, set by default. Inverse of \&\fB\s-1SSL_OP_DH_SINGLE\s0\fR. Only used by servers. .Sp \&\fBECDHSingle\fR: enable single use \s-1ECDH\s0 keys, set by default. Inverse of \&\fB\s-1SSL_OP_ECDH_SINGLE\s0\fR. Only used by servers. .Sp \&\fBServerPreference\fR: use server and not client preference order when determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. Equivalent to \&\fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. .Sp \&\fBPrioritizeChaCha\fR: prioritizes ChaCha ciphers when the client has a ChaCha20 cipher at the top of its preference list. This usually indicates a mobile client is in use. Equivalent to \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR. Only used by servers. .Sp \&\fBNoResumptionOnRenegotiation\fR: set \&\fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR flag. Only used by servers. .Sp \&\fBNoRenegotiation\fR: disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. .Sp \&\fBUnsafeLegacyRenegotiation\fR: permits the use of unsafe legacy renegotiation. Equivalent to \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. .Sp \&\fBUnsafeLegacyServerConnect\fR: permits the use of unsafe legacy renegotiation for OpenSSL clients only. Equivalent to \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. Set by default. .Sp \&\fBEncryptThenMac\fR: use encrypt-then-mac extension, enabled by default. Inverse of \fB\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0\fR: that is, \&\fB\-EncryptThenMac\fR is the same as setting \fB\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0\fR. .Sp \&\fBAllowNoDHEKEX\fR: In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means that there will be no forward secrecy for the resumed session. Equivalent to \fB\s-1SSL_OP_ALLOW_NO_DHE_KEX\s0\fR. .Sp \&\fBMiddleboxCompat\fR: If set then dummy Change Cipher Spec (\s-1CCS\s0) messages are sent in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that do not understand TLSv1.3 will not drop the connection. This option is set by default. A future version of OpenSSL may not set this by default. Equivalent to \fB\s-1SSL_OP_ENABLE_MIDDLEBOX_COMPAT\s0\fR. .Sp \&\fBAntiReplay\fR: If set then OpenSSL will automatically detect if a session ticket has been used more than once, TLSv1.3 has been negotiated, and early data is enabled on the server. A full handshake is forced if a session ticket is used a second or subsequent time. This option is set by default and is only used by servers. Anti-replay measures are required to comply with the TLSv1.3 specification. Some applications may be able to mitigate the replay risks in other ways and in such cases the built-in OpenSSL functionality is not required. Disabling anti-replay is equivalent to setting \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR. .IP "\fBVerifyMode\fR" 4 .IX Item "VerifyMode" The \fBvalue\fR argument is a comma separated list of flags to set. .Sp \&\fBPeer\fR enables peer verification: for clients only. .Sp \&\fBRequest\fR requests but does not require a certificate from the client. Servers only. .Sp \&\fBRequire\fR requests and requires a certificate from the client: an error occurs if the client does not present a certificate. Servers only. .Sp \&\fBOnce\fR requests a certificate from a client only on the initial connection: not when renegotiating. Servers only. .Sp \&\fBRequestPostHandshake\fR configures the connection to support requests but does not require a certificate from the client post-handshake. A certificate will not be requested during the initial handshake. The server application must provide a mechanism to request a certificate post-handshake. Servers only. TLSv1.3 only. .Sp \&\fBRequiresPostHandshake\fR configures the connection to support requests and requires a certificate from the client post-handshake: an error occurs if the client does not present a certificate. A certificate will not be requested during the initial handshake. The server application must provide a mechanism to request a certificate post-handshake. Servers only. TLSv1.3 only. .IP "\fBClientCAFile\fR, \fBClientCAPath\fR" 4 .IX Item "ClientCAFile, ClientCAPath" A file or directory of certificates in \s-1PEM\s0 format whose names are used as the set of acceptable names for client CAs. Servers only. This option is only supported if certificate operations are permitted. .SH "SUPPORTED COMMAND TYPES" .IX Header "SUPPORTED COMMAND TYPES" The function \fBSSL_CONF_cmd_value_type()\fR currently returns one of the following types: .IP "\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR" 4 .IX Item "SSL_CONF_TYPE_UNKNOWN" The \fBcmd\fR string is unrecognised, this return value can be use to flag syntax errors. .IP "\fB\s-1SSL_CONF_TYPE_STRING\s0\fR" 4 .IX Item "SSL_CONF_TYPE_STRING" The value is a string without any specific structure. .IP "\fB\s-1SSL_CONF_TYPE_FILE\s0\fR" 4 .IX Item "SSL_CONF_TYPE_FILE" The value is a filename. .IP "\fB\s-1SSL_CONF_TYPE_DIR\s0\fR" 4 .IX Item "SSL_CONF_TYPE_DIR" The value is a directory name. .IP "\fB\s-1SSL_CONF_TYPE_NONE\s0\fR" 4 .IX Item "SSL_CONF_TYPE_NONE" The value string is not used e.g. a command line option which doesn't take an argument. .SH "NOTES" .IX Header "NOTES" The order of operations is significant. This can be used to set either defaults or values which cannot be overridden. For example if an application calls: .PP .Vb 2 \& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); \& SSL_CONF_cmd(ctx, userparam, uservalue); .Ve .PP it will disable SSLv3 support by default but the user can override it. If however the call sequence is: .PP .Vb 2 \& SSL_CONF_cmd(ctx, userparam, uservalue); \& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); .Ve .PP SSLv3 is \fBalways\fR disabled and attempt to override this by the user are ignored. .PP By checking the return code of \fBSSL_CONF_cmd()\fR it is possible to query if a given \fBcmd\fR is recognised, this is useful if \fBSSL_CONF_cmd()\fR values are mixed with additional application specific operations. .PP For example an application might call \fBSSL_CONF_cmd()\fR and if it returns \&\-2 (unrecognised command) continue with processing of application specific commands. .PP Applications can also use \fBSSL_CONF_cmd()\fR to process command lines though the utility function \fBSSL_CONF_cmd_argv()\fR is normally used instead. One way to do this is to set the prefix to an appropriate value using \&\fBSSL_CONF_CTX_set1_prefix()\fR, pass the current argument to \fBcmd\fR and the following argument to \fBvalue\fR (which may be \s-1NULL\s0). .PP In this case if the return value is positive then it is used to skip that number of arguments as they have been processed by \fBSSL_CONF_cmd()\fR. If \-2 is returned then \fBcmd\fR is not recognised and application specific arguments can be checked instead. If \-3 is returned a required argument is missing and an error is indicated. If 0 is returned some other error occurred and this can be reported back to the user. .PP The function \fBSSL_CONF_cmd_value_type()\fR can be used by applications to check for the existence of a command or to perform additional syntax checking or translation of the command value. For example if the return value is \fB\s-1SSL_CONF_TYPE_FILE\s0\fR an application could translate a relative pathname to an absolute pathname. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CONF_cmd()\fR returns 1 if the value of \fBcmd\fR is recognised and \fBvalue\fR is \&\fB\s-1NOT\s0\fR used and 2 if both \fBcmd\fR and \fBvalue\fR are used. In other words it returns the number of arguments processed. This is useful when processing command lines. .PP A return value of \-2 means \fBcmd\fR is not recognised. .PP A return value of \-3 means \fBcmd\fR is recognised and the command requires a value but \fBvalue\fR is \s-1NULL.\s0 .PP A return code of 0 indicates that both \fBcmd\fR and \fBvalue\fR are valid but an error occurred attempting to perform the operation: for example due to an error in the syntax of \fBvalue\fR in this case the error queue may provide additional information. .SH "EXAMPLES" .IX Header "EXAMPLES" Set supported signature algorithms: .PP .Vb 1 \& SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256"); .Ve .PP There are various ways to select the supported protocols. .PP This set the minimum protocol version to TLSv1, and so disables SSLv3. This is the recommended way to disable protocols. .PP .Vb 1 \& SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1"); .Ve .PP The following also disables SSLv3: .PP .Vb 1 \& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); .Ve .PP The following will first enable all protocols, and then disable SSLv3. If no protocol versions were disabled before this has the same effect as \&\*(L"\-SSLv3\*(R", but if some versions were disables this will re-enable them before disabling SSLv3. .PP .Vb 1 \& SSL_CONF_cmd(ctx, "Protocol", "ALL,\-SSLv3"); .Ve .PP Only enable TLSv1.2: .PP .Vb 2 \& SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1.2"); \& SSL_CONF_cmd(ctx, "MaxProtocol", "TLSv1.2"); .Ve .PP This also only enables TLSv1.2: .PP .Vb 1 \& SSL_CONF_cmd(ctx, "Protocol", "\-ALL,TLSv1.2"); .Ve .PP Disable \s-1TLS\s0 session tickets: .PP .Vb 1 \& SSL_CONF_cmd(ctx, "Options", "\-SessionTicket"); .Ve .PP Enable compression: .PP .Vb 1 \& SSL_CONF_cmd(ctx, "Options", "Compression"); .Ve .PP Set supported curves to P\-256, P\-384: .PP .Vb 1 \& SSL_CONF_cmd(ctx, "Curves", "P\-256:P\-384"); .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CONF_CTX_new\fR\|(3), \&\fBSSL_CONF_CTX_set_flags\fR\|(3), \&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), \&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), \&\fBSSL_CONF_cmd_argv\fR\|(3), \&\fBSSL_CTX_set_options\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_CONF_cmd()\fR function was added in OpenSSL 1.0.2. .PP The \fB\s-1SSL_OP_NO_SSL2\s0\fR option doesn't have effect since 1.1.0, but the macro is retained for backwards compatibility. .PP The \fB\s-1SSL_CONF_TYPE_NONE\s0\fR was added in OpenSSL 1.1.0. In earlier versions of OpenSSL passing a command which didn't take an argument would return \&\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR. .PP \&\fBMinProtocol\fR and \fBMaxProtocol\fR where added in OpenSSL 1.1.0. .PP \&\fBAllowNoDHEKEX\fR and \fBPrioritizeChaCha\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2012\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!_SSL_SESSION_has_ticket.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SESSION_HAS_TICKET 3" .TH SSL_SESSION_HAS_TICKET 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_SESSION_get0_ticket, SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint \&\- get details about the ticket associated with a session .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_SESSION_has_ticket(const SSL_SESSION *s); \& unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); \& void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, \& size_t *len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_SESSION_has_ticket()\fR returns 1 if there is a Session Ticket associated with this session, and 0 otherwise. .PP SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds associated with the session ticket. .PP SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a session. The length of the ticket is written to \fB*len\fR. If \fBtick\fR is non \&\s-1NULL\s0 then a pointer to the ticket is written to \fB*tick\fR. The pointer is only valid while the connection is in use. The session (and hence the ticket pointer) may also become invalid as a result of a call to \fBSSL_CTX_flush_sessions()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_SESSION_has_ticket()\fR returns 1 if session ticket exists or 0 otherwise. .PP \&\fBSSL_SESSION_get_ticket_lifetime_hint()\fR returns the number of seconds. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBd2i_SSL_SESSION\fR\|(3), \&\fBSSL_SESSION_get_time\fR\|(3), \&\fBSSL_SESSION_free\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_SESSION_has_ticket()\fR, \fBSSL_SESSION_get_ticket_lifetime_hint()\fR and \fBSSL_SESSION_get0_ticket()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!7O SSL_connect.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CONNECT 3" .TH SSL_CONNECT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_connect \- initiate the TLS/SSL handshake with an TLS/SSL server .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_connect(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication channel must already have been set and assigned to the \fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR. .SH "NOTES" .IX Header "NOTES" The behaviour of \fBSSL_connect()\fR depends on the underlying \s-1BIO.\s0 .PP If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_connect()\fR will only return once the handshake has been finished or an error occurred. .PP If the underlying \s-1BIO\s0 is \fBnonblocking\fR, \fBSSL_connect()\fR will also return when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_connect()\fR to continue the handshake, indicating the problem by the return value \-1. In this case a call to \fBSSL_get_error()\fR with the return value of \fBSSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fBSSL_connect()\fR. The action depends on the underlying \s-1BIO.\s0 When using a nonblocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .PP Many systems implement Nagle's algorithm by default which means that it will buffer outgoing \s-1TCP\s0 data if a \s-1TCP\s0 packet has already been sent for which no corresponding \s-1ACK\s0 has been received yet from the peer. This can have performance impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below) resumption handshake, because the last peer to communicate in the handshake is the client. If the client is also the first to send application data (as is typical for many protocols) then this data could be buffered until an \s-1ACK\s0 has been received for the final handshake message. .PP The \fB\s-1TCP_NODELAY\s0\fR socket option is often available to disable Nagle's algorithm. If an application opts to disable Nagle's algorithm consideration should be given to turning it back on again later if appropriate. The helper function \fBBIO_set_tcp_ndelay()\fR can be used to turn on or off the \fB\s-1TCP_NODELAY\s0\fR option. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "0" 4 The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .IP "1" 4 .IX Item "1" The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been established. .IP "<0" 4 .IX Item "<0" The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation for nonblocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_get_error\fR\|(3), \fBSSL_accept\fR\|(3), \&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), \&\fBSSL_set_connect_state\fR\|(3), \&\fBSSL_do_handshake\fR\|(3), \&\fBSSL_CTX_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! ̦SSL_SESSION_print.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SESSION_PRINT 3" .TH SSL_SESSION_PRINT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_SESSION_print, SSL_SESSION_print_fp, SSL_SESSION_print_keylog \&\- printf information about a session .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); \& int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); \& int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_SESSION_print()\fR prints summary information about the session provided in \&\fBses\fR to the \s-1BIO\s0 \fBfp\fR. .PP \&\fBSSL_SESSION_print_fp()\fR does the same as \fBSSL_SESSION_print()\fR except it prints it to the \s-1FILE\s0 \fBfp\fR. .PP \&\fBSSL_SESSION_print_keylog()\fR prints session information to the provided \s-1BIO\s0 in \s-1NSS\s0 keylog format. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_SESSION_print()\fR, \fBSSL_SESSION_print_fp()\fR and SSL_SESSION_print_keylog return 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!" CMS_encrypt.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CMS_ENCRYPT 3" .TH CMS_ENCRYPT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CMS_encrypt \- create a CMS envelopedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, \& const EVP_CIPHER *cipher, unsigned int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBCMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR is a list of recipient certificates. \fBin\fR is the content to be encrypted. \&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" Only certificates carrying \s-1RSA,\s0 Diffie-Hellman or \s-1EC\s0 keys are supported by this function. .PP \&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use because most clients will support it. .PP The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of its parameters. .PP Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to \&\fBCMS_encrypt()\fR. .PP The following flags can be passed in the \fBflags\fR parameter. .PP If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended to the data. .PP Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then \&\fB\s-1CMS_TEXT\s0\fR is ignored. .PP OpenSSL will by default identify recipient certificates using issuer name and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key identifier value instead. An error occurs if all recipient certificates do not have a subject key identifier extension. .PP If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. .PP If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is returned to which additional recipients and attributes can be added before finalization. .PP The data being encrypted is included in the CMS_ContentInfo structure, unless \&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in practice and is not supported by \fBSMIME_write_CMS()\fR. .SH "NOTES" .IX Header "NOTES" If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is \&\fBnot\fR complete and outputting its contents via a function that does not properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable results. .PP Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, \&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using \&\fBBIO_new_CMS()\fR. .PP The recipients specified in \fBcerts\fR use a \s-1CMS\s0 KeyTransRecipientInfo info structure. KEKRecipientInfo is also supported using the flag \fB\s-1CMS_PARTIAL\s0\fR and \fBCMS_add0_recipient_key()\fR. .PP The parameter \fBcerts\fR may be \s-1NULL\s0 if \fB\s-1CMS_PARTIAL\s0\fR is set and recipients added later using \fBCMS_add1_recipient_cert()\fR or \fBCMS_add0_recipient_key()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ndddEVP_BytesToKey.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_BYTESTOKEY 3" .TH EVP_BYTESTOKEY 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_BytesToKey \- password based encryption routine .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, \& const unsigned char *salt, \& const unsigned char *data, int datal, int count, \& unsigned char *key, unsigned char *iv); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use. The \fBsalt\fR parameter is used as a salt in the derivation: it should point to an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing \&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR and \fBiv\fR respectively. .SH "NOTES" .IX Header "NOTES" A typical application of this function is to derive keying material for an encryption algorithm from a password in the \fBdata\fR parameter. .PP Increasing the \fBcount\fR parameter slows down the algorithm which makes it harder for an attacker to perform a brute force attack using a large number of candidate passwords. .PP If the total key and \s-1IV\s0 length is less than the digest length and \&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5 otherwise a non standard extension is used to derive the extra data. .PP Newer applications should use a more modern algorithm such as \s-1PBKDF2\s0 as defined in PKCS#5v2.1 and provided by \s-1PKCS5_PBKDF2_HMAC.\s0 .SH "KEY DERIVATION ALGORITHM" .IX Header "KEY DERIVATION ALGORITHM" The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until enough data is available for the key and \s-1IV.\s0 D_i is defined as: .PP .Vb 1 \& D_i = HASH^count(D_(i\-1) || data || salt) .Ve .PP where || denotes concatenation, D_0 is empty, \s-1HASH\s0 is the digest algorithm in use, HASH^1(data) is simply \s-1HASH\s0(data), HASH^2(data) is \s-1HASH\s0(\s-1HASH\s0(data)) and so on. .PP The initial bytes are used for the key and the subsequent bytes for the \s-1IV.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" If \fBdata\fR is \s-1NULL,\s0 then \fBEVP_BytesToKey()\fR returns the number of bytes needed to store the derived key. Otherwise, \fBEVP_BytesToKey()\fR returns the size of the derived key in bytes, or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), \&\s-1\fBPKCS5_PBKDF2_HMAC\s0\fR\|(3), \&\fBEVP_EncryptInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!@JPKCS5_PBKDF2_HMAC.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PKCS5_PBKDF2_HMAC 3" .TH PKCS5_PBKDF2_HMAC 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 \- password based derivation routines with salt and iteration count .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, \& const unsigned char *salt, int saltlen, int iter, \& const EVP_MD *digest, \& int keylen, unsigned char *out); \& \& int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, \& const unsigned char *salt, int saltlen, int iter, \& int keylen, unsigned char *out); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR derives a key from a password using a salt and iteration count as specified in \s-1RFC 2898.\s0 .PP \&\fBpass\fR is the password used in the derivation of length \fBpasslen\fR. \fBpass\fR is an optional parameter and can be \s-1NULL.\s0 If \fBpasslen\fR is \-1, then the function will calculate the length of \fBpass\fR using \fBstrlen()\fR. .PP \&\fBsalt\fR is the salt used in the derivation of length \fBsaltlen\fR. If the \&\fBsalt\fR is \s-1NULL,\s0 then \fBsaltlen\fR must be 0. The function will not attempt to calculate the length of the \fBsalt\fR because it is not assumed to be \s-1NULL\s0 terminated. .PP \&\fBiter\fR is the iteration count and its value should be greater than or equal to 1. \s-1RFC 2898\s0 suggests an iteration count of at least 1000. Any \&\fBiter\fR less than 1 is treated as a single iteration. .PP \&\fBdigest\fR is the message digest function used in the derivation. Values include any of the EVP_* message digests. \s-1\fBPKCS5_PBKDF2_HMAC_SHA1\s0()\fR calls \&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR with \fBEVP_sha1()\fR. .PP The derived key will be written to \fBout\fR. The size of the \fBout\fR buffer is specified via \fBkeylen\fR. .SH "NOTES" .IX Header "NOTES" A typical application of this function is to derive keying material for an encryption algorithm from a password in the \fBpass\fR, a salt in \fBsalt\fR, and an iteration count. .PP Increasing the \fBiter\fR parameter slows down the algorithm which makes it harder for an attacker to perform a brute force attack using a large number of candidate passwords. .PP These functions make no assumption regarding the given password. It will simply be treated as a byte sequence. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR and \s-1\fBPBKCS5_PBKDF2_HMAC_SHA1\s0()\fR return 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), \&\fBEVP_BytesToKey\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!&'==SSL_get_peer_certificate.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_PEER_CERTIFICATE 3" .TH SSL_GET_PEER_CERTIFICATE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get_peer_certificate \- get the X509 certificate of the peer .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& X509 *SSL_get_peer_certificate(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_get_peer_certificate()\fR returns a pointer to the X509 certificate the peer presented. If the peer did not present a certificate, \s-1NULL\s0 is returned. .SH "NOTES" .IX Header "NOTES" Due to the protocol definition, a \s-1TLS/SSL\s0 server will always send a certificate, if present. A client will only send a certificate when explicitly requested to do so by the server (see \&\fBSSL_CTX_set_verify\fR\|(3)). If an anonymous cipher is used, no certificates are sent. .PP That a certificate is returned does not indicate information about the verification state, use \fBSSL_get_verify_result\fR\|(3) to check the verification state. .PP The reference count of the X509 object is incremented by one, so that it will not be destroyed when the session containing the peer certificate is freed. The X509 object must be explicitly freed using \fBX509_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "\s-1NULL\s0" 4 .IX Item "NULL" No certificate was presented by the peer or no connection was established. .IP "Pointer to an X509 certificate" 4 .IX Item "Pointer to an X509 certificate" The return value points to the certificate presented by the peer. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_verify_result\fR\|(3), \&\fBSSL_CTX_set_verify\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!kdL BIO_f_null.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_F_NULL 3" .TH BIO_F_NULL 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_f_null \- null filter .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const BIO_METHOD *BIO_f_null(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. This is a filter \s-1BIO\s0 that does nothing. .PP All requests to a null filter \s-1BIO\s0 are passed through to the next \s-1BIO\s0 in the chain: this means that a \s-1BIO\s0 chain containing a null filter \s-1BIO\s0 behaves just as though the \s-1BIO\s0 was not there. .SH "NOTES" .IX Header "NOTES" As may be apparent a null filter \s-1BIO\s0 is not particularly useful. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!7dwwSSL_CTX_use_serverinfo.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_USE_SERVERINFO 3" .TH SSL_CTX_USE_SERVERINFO 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_use_serverinfo_ex, SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file \&\- use serverinfo extension .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, \& const unsigned char *serverinfo, \& size_t serverinfo_length); \& \& int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, \& size_t serverinfo_length); \& \& int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions load \*(L"serverinfo\*(R" \s-1TLS\s0 extensions into the \s-1SSL_CTX. A\s0 \&\*(L"serverinfo\*(R" extension is returned in response to an empty ClientHello Extension. .PP \&\fBSSL_CTX_use_serverinfo_ex()\fR loads one or more serverinfo extensions from a byte array into \fBctx\fR. The \fBversion\fR parameter specifies the format of the byte array provided in \fB*serverinfo\fR which is of length \fBserverinfo_length\fR. .PP If \fBversion\fR is \fB\s-1SSL_SERVERINFOV2\s0\fR then the extensions in the array must consist of a 4\-byte context, a 2\-byte Extension Type, a 2\-byte length, and then length bytes of extension_data. The context and type values have the same meaning as for \fBSSL_CTX_add_custom_ext\fR\|(3). If serverinfo is being loaded for extensions to be added to a Certificate message, then the extension will only be added for the first certificate in the message (which is always the end-entity certificate). .PP If \fBversion\fR is \fB\s-1SSL_SERVERINFOV1\s0\fR then the extensions in the array must consist of a 2\-byte Extension Type, a 2\-byte length, and then length bytes of extension_data. The type value has the same meaning as for \&\fBSSL_CTX_add_custom_ext\fR\|(3). The following default context value will be used in this case: .PP .Vb 2 \& SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO \& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION .Ve .PP \&\fBSSL_CTX_use_serverinfo()\fR does the same thing as \fBSSL_CTX_use_serverinfo_ex()\fR except that there is no \fBversion\fR parameter so a default version of \&\s-1SSL_SERVERINFOV1\s0 is used instead. .PP \&\fBSSL_CTX_use_serverinfo_file()\fR loads one or more serverinfo extensions from \&\fBfile\fR into \fBctx\fR. The extensions must be in \s-1PEM\s0 format. Each extension must be in a format as described above for \fBSSL_CTX_use_serverinfo_ex()\fR. Each \&\s-1PEM\s0 extension name must begin with the phrase \*(L"\s-1BEGIN SERVERINFOV2 FOR \*(R"\s0 for \&\s-1SSL_SERVERINFOV2\s0 data or \*(L"\s-1BEGIN SERVERINFO FOR \*(R"\s0 for \s-1SSL_SERVERINFOV1\s0 data. .PP If more than one certificate (\s-1RSA/DSA\s0) is installed using \&\fBSSL_CTX_use_certificate()\fR, the serverinfo extension will be loaded into the last certificate installed. If e.g. the last item was a \s-1RSA\s0 certificate, the loaded serverinfo extension data will be loaded for that certificate. To use the serverinfo extension for multiple certificates, \&\fBSSL_CTX_use_serverinfo()\fR needs to be called multiple times, once \fBafter\fR each time a certificate is loaded via a call to \fBSSL_CTX_use_certificate()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" On success, the functions return 1. On failure, the functions return 0. Check out the error stack to find out the reason. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK![[;00 EVP_md4.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_MD4 3" .TH EVP_MD4 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_md4 \&\- MD4 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_MD *EVP_md4(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1MD4\s0 is a cryptographic hash function standardized in \s-1RFC 1320\s0 and designed by Ronald Rivest, first published in 1990. .IP "\fBEVP_md4()\fR" 4 .IX Item "EVP_md4()" The \s-1MD4\s0 algorithm which produces a 128\-bit output from a given input. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1IETF RFC 1320.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ˋQQSSL_get0_peer_scts.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET0_PEER_SCTS 3" .TH SSL_GET0_PEER_SCTS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get0_peer_scts \- get SCTs received .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_get0_peer_scts()\fR returns the signed certificate timestamps (SCTs) that have been received. If this is the first time that this function has been called for a given \fB\s-1SSL\s0\fR instance, it will examine the \s-1TLS\s0 extensions, \s-1OCSP\s0 response and the peer's certificate for SCTs. Future calls will return the same SCTs. .SH "RESTRICTIONS" .IX Header "RESTRICTIONS" If no Certificate Transparency validation callback has been set (using \&\fBSSL_CTX_set_ct_validation_callback\fR or \fBSSL_set_ct_validation_callback\fR), this function is not guaranteed to return all of the SCTs that the peer is capable of sending. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_get0_peer_scts()\fR returns a list of SCTs found, or \s-1NULL\s0 if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_set_ct_validation_callback\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!"\ 88SSL_set_verify_result.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SET_VERIFY_RESULT 3" .TH SSL_SET_VERIFY_RESULT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_set_verify_result \- override result of peer certificate verification .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_set_verify_result(SSL *ssl, long verify_result); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_set_verify_result()\fR sets \fBverify_result\fR of the object \fBssl\fR to be the result of the verification of the X509 certificate presented by the peer, if any. .SH "NOTES" .IX Header "NOTES" \&\fBSSL_set_verify_result()\fR overrides the verification result. It only changes the verification result of the \fBssl\fR object. It does not become part of the established session, so if the session is to be reused later, the original value will reappear. .PP The valid codes for \fBverify_result\fR are documented in \fBverify\fR\|(1). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_set_verify_result()\fR does not provide a return value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_verify_result\fR\|(3), \&\fBSSL_get_peer_certificate\fR\|(3), \&\fBverify\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!*4 SSL_free.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_FREE 3" .TH SSL_FREE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_free \- free an allocated SSL structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_free(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_free()\fR decrements the reference count of \fBssl\fR, and removes the \s-1SSL\s0 structure pointed to by \fBssl\fR and frees up the allocated memory if the reference count has reached 0. If \fBssl\fR is \s-1NULL\s0 nothing is done. .SH "NOTES" .IX Header "NOTES" \&\fBSSL_free()\fR also calls the \fBfree()\fRing procedures for indirectly affected items, if applicable: the buffering \s-1BIO,\s0 the read and write BIOs, cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR. Do not explicitly free these indirectly freed up items before or after calling \fBSSL_free()\fR, as trying to free things twice may lead to program failure. .PP The ssl session has reference counts from two users: the \s-1SSL\s0 object, for which the reference count is removed by \fBSSL_free()\fR and the internal session cache. If the session is considered bad, because \&\fBSSL_shutdown\fR\|(3) was not called for the connection and \fBSSL_set_shutdown\fR\|(3) was not used to set the \&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed from the session cache as required by \s-1RFC2246.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_free()\fR does not provide diagnostic information. .PP \&\fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), \&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), \&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ۚ-SS!EVP_PKEY_get_default_digest_nid.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_GET_DEFAULT_DIGEST_NID 3" .TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_get_default_digest_nid \- get default signature digest .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 \& #include \& int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBEVP_PKEY_get_default_digest_nid()\fR function sets \fBpnid\fR to the default message digest \s-1NID\s0 for the public key signature operations associated with key \&\fBpkey\fR. Note that some signature algorithms (i.e. Ed25519 and Ed448) do not use a digest during signing. In this case \fBpnid\fR will be set to NID_undef. .SH "NOTES" .IX Header "NOTES" For all current standard OpenSSL public key algorithms \s-1SHA1\s0 is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The \fBEVP_PKEY_get_default_digest_nid()\fR function returns 1 if the message digest is advisory (that is other digests can be used) and 2 if it is mandatory (other digests can not be used). It returns 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_verify\fR\|(3), \&\fBEVP_PKEY_verify_recover\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" This function was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!;OPENSSL_load_builtin_modules.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OPENSSL_LOAD_BUILTIN_MODULES 3" .TH OPENSSL_LOAD_BUILTIN_MODULES 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module \- add standard configuration modules .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void OPENSSL_load_builtin_modules(void); \& void ASN1_add_oid_module(void); \& void ENGINE_add_conf_module(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The function \fBOPENSSL_load_builtin_modules()\fR adds all the standard OpenSSL configuration modules to the internal list. They can then be used by the OpenSSL configuration code. .PP \&\fBASN1_add_oid_module()\fR adds just the \s-1ASN1 OBJECT\s0 module. .PP \&\fBENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module. .SH "NOTES" .IX Header "NOTES" If the simple configuration function \fBOPENSSL_config()\fR is called then \&\fBOPENSSL_load_builtin_modules()\fR is called automatically. .PP Applications which use the configuration functions directly will need to call \fBOPENSSL_load_builtin_modules()\fR themselves \fIbefore\fR any other configuration code. .PP Applications should call \fBOPENSSL_load_builtin_modules()\fR to load all configuration modules instead of adding modules selectively: otherwise functionality may be missing from the application if an when new modules are added. .SH "RETURN VALUES" .IX Header "RETURN VALUES" None of the functions return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!we++DTLSv1_listen.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DTLSV1_LISTEN 3" .TH DTLSV1_LISTEN 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_stateless, DTLSv1_listen \&\- Statelessly listen for incoming connections .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_stateless(SSL *s); \& int DTLSv1_listen(SSL *ssl, BIO_ADDR *peer); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_stateless()\fR statelessly listens for new incoming TLSv1.3 connections. \&\fBDTLSv1_listen()\fR statelessly listens for new incoming \s-1DTLS\s0 connections. If a ClientHello is received that does not contain a cookie, then they respond with a request for a new ClientHello that does contain a cookie. If a ClientHello is received with a cookie that is verified then the function returns in order to enable the handshake to be completed (for example by using \fBSSL_accept()\fR). .SH "NOTES" .IX Header "NOTES" Some transport protocols (such as \s-1UDP\s0) can be susceptible to amplification attacks. Unlike \s-1TCP\s0 there is no initial connection setup in \s-1UDP\s0 that validates that the client can actually receive messages on its advertised source address. An attacker could forge its source \s-1IP\s0 address and then send handshake initiation messages to the server. The server would then send its response to the forged source \s-1IP.\s0 If the response messages are larger than the original message then the amplification attack has succeeded. .PP If \s-1DTLS\s0 is used over \s-1UDP\s0 (or any datagram based protocol that does not validate the source \s-1IP\s0) then it is susceptible to this type of attack. TLSv1.3 is designed to operate over a stream-based transport protocol (such as \s-1TCP\s0). If \s-1TCP\s0 is being used then there is no need to use \fBSSL_stateless()\fR. However, some stream-based transport protocols (e.g. \s-1QUIC\s0) may not validate the source address. In this case a TLSv1.3 application would be susceptible to this attack. .PP As a countermeasure to this issue TLSv1.3 and \s-1DTLS\s0 include a stateless cookie mechanism. The idea is that when a client attempts to connect to a server it sends a ClientHello message. The server responds with a HelloRetryRequest (in TLSv1.3) or a HelloVerifyRequest (in \s-1DTLS\s0) which contains a unique cookie. The client then resends the ClientHello, but this time includes the cookie in the message thus proving that the client is capable of receiving messages sent to that address. All of this can be done by the server without allocating any state, and thus without consuming expensive resources. .PP OpenSSL implements this capability via the \fBSSL_stateless()\fR and \fBDTLSv1_listen()\fR functions. The \fBssl\fR parameter should be a newly allocated \s-1SSL\s0 object with its read and write BIOs set, in the same way as might be done for a call to \&\fBSSL_accept()\fR. Typically, for \s-1DTLS,\s0 the read \s-1BIO\s0 will be in an \*(L"unconnected\*(R" state and thus capable of receiving messages from any peer. .PP When a ClientHello is received that contains a cookie that has been verified, then these functions will return with the \fBssl\fR parameter updated into a state where the handshake can be continued by a call to (for example) \fBSSL_accept()\fR. Additionally, for \fBDTLSv1_listen()\fR, the \fB\s-1BIO_ADDR\s0\fR pointed to by \fBpeer\fR will be filled in with details of the peer that sent the ClientHello. If the underlying \&\s-1BIO\s0 is unable to obtain the \fB\s-1BIO_ADDR\s0\fR of the peer (for example because the \s-1BIO\s0 does not support this), then \fB*peer\fR will be cleared and the family set to \&\s-1AF_UNSPEC.\s0 Typically user code is expected to \*(L"connect\*(R" the underlying socket to the peer and continue the handshake in a connected state. .PP Prior to calling \fBDTLSv1_listen()\fR user code must ensure that cookie generation and verification callbacks have been set up using \&\fBSSL_CTX_set_cookie_generate_cb\fR\|(3) and \fBSSL_CTX_set_cookie_verify_cb\fR\|(3) respectively. For \fBSSL_stateless()\fR, \fBSSL_CTX_set_stateless_cookie_generate_cb\fR\|(3) and \fBSSL_CTX_set_stateless_cookie_verify_cb\fR\|(3) must be used instead. .PP Since \fBDTLSv1_listen()\fR operates entirely statelessly whilst processing incoming ClientHellos it is unable to process fragmented messages (since this would require the allocation of state). An implication of this is that \fBDTLSv1_listen()\fR \&\fBonly\fR supports ClientHellos that fit inside a single datagram. .PP For \fBSSL_stateless()\fR if an entire ClientHello message cannot be read without the \&\*(L"read\*(R" \s-1BIO\s0 becoming empty then the \fBSSL_stateless()\fR call will fail. It is the application's responsibility to ensure that data read from the \*(L"read\*(R" \s-1BIO\s0 during a single \fBSSL_stateless()\fR call is all from the same peer. .PP \&\fBSSL_stateless()\fR will fail (with a 0 return value) if some \s-1TLS\s0 version less than TLSv1.3 is used. .PP Both \fBSSL_stateless()\fR and \fBDTLSv1_listen()\fR will clear the error queue when they start. .SH "RETURN VALUES" .IX Header "RETURN VALUES" For \fBSSL_stateless()\fR a return value of 1 indicates success and the \fBssl\fR object will be set up ready to continue the handshake. A return value of 0 or \-1 indicates failure. If the value is 0 then a HelloRetryRequest was sent. A value of \-1 indicates any other error. User code may retry the \fBSSL_stateless()\fR call. .PP For \fBDTLSv1_listen()\fR a return value of >= 1 indicates success. The \fBssl\fR object will be set up ready to continue the handshake. the \fBpeer\fR value will also be filled in. .PP A return value of 0 indicates a non-fatal error. This could (for example) be because of nonblocking \s-1IO,\s0 or some invalid message having been received from a peer. Errors may be placed on the OpenSSL error queue with further information if appropriate. Typically user code is expected to retry the call to \fBDTLSv1_listen()\fR in the event of a non-fatal error. .PP A return value of <0 indicates a fatal error. This could (for example) be because of a failure to allocate sufficient memory for the operation. .PP For \fBDTLSv1_listen()\fR, prior to OpenSSL 1.1.0, fatal and non-fatal errors both produce return codes <= 0 (in typical implementations user code treats all errors as non-fatal), whilst return codes >0 indicate success. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_set_cookie_generate_cb\fR\|(3), \fBSSL_CTX_set_cookie_verify_cb\fR\|(3), \&\fBSSL_CTX_set_stateless_cookie_generate_cb\fR\|(3), \&\fBSSL_CTX_set_stateless_cookie_verify_cb\fR\|(3), \fBSSL_get_error\fR\|(3), \&\fBSSL_accept\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_stateless()\fR function was added in OpenSSL 1.1.1. .PP The \fBDTLSv1_listen()\fR return codes were clarified in OpenSSL 1.1.0. The type of \*(L"peer\*(R" also changed in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!/GsCMS_verify_receipt.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CMS_VERIFY_RECEIPT 3" .TH CMS_VERIFY_RECEIPT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CMS_verify_receipt \- verify a CMS signed receipt .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, \& STACK_OF(X509) *certs, X509_STORE *store, \& unsigned int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBCMS_verify_receipt()\fR verifies a \s-1CMS\s0 signed receipt. \fBrcms\fR is the signed receipt to verify. \fBocms\fR is the original SignedData structure containing the receipt request. \fBcerts\fR is a set of certificates in which to search for the signing certificate. \fBstore\fR is a trusted certificate store (used for chain verification). .PP \&\fBflags\fR is an optional set of flags, which can be used to modify the verify operation. .SH "NOTES" .IX Header "NOTES" This functions behaves in a similar way to \fBCMS_verify()\fR except the flag values \&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR are not supported since they do not make sense in the context of signed receipts. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_verify_receipt()\fR returns 1 for a successful verification and zero if an error occurred. .PP The error can be obtained from \fBERR_get_error\fR\|(3) .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \&\fBCMS_sign_receipt\fR\|(3), \&\fBCMS_verify\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!tz@@SSL_CTX_free.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_FREE 3" .TH SSL_CTX_FREE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_free \- free an allocated SSL_CTX object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CTX_free(SSL_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_free()\fR decrements the reference count of \fBctx\fR, and removes the \&\s-1SSL_CTX\s0 object pointed to by \fBctx\fR and frees up the allocated memory if the reference count has reached 0. .PP It also calls the \fBfree()\fRing procedures for indirectly affected items, if applicable: the session cache, the list of ciphers, the list of Client CAs, the certificates and keys. .PP If \fBctx\fR is \s-1NULL\s0 nothing is done. .SH "WARNINGS" .IX Header "WARNINGS" If a session-remove callback is set (\fBSSL_CTX_sess_set_remove_cb()\fR), this callback will be called for each session being freed from \fBctx\fR's session cache. This implies, that all corresponding sessions from an external session cache are removed as well. If this is not desired, the user should explicitly unset the callback by calling SSL_CTX_sess_set_remove_cb(\fBctx\fR, \s-1NULL\s0) prior to calling \fBSSL_CTX_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_free()\fR does not provide diagnostic information. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_new\fR\|(3), \fBssl\fR\|(7), \&\fBSSL_CTX_sess_set_get_cb\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ϦSSL_CTX_has_client_custom_ext.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3" .TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_has_client_custom_ext \- check whether a handler exists for a particular client extension type .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_has_client_custom_ext()\fR checks whether a handler has been set for a client extension of type \fBext_type\fR using \fBSSL_CTX_add_client_custom_ext()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Returns 1 if a handler has been set, 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBSSL_CTX_add_client_custom_ext\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!V_3X509_get_serialNumber.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_GET_SERIALNUMBER 3" .TH X509_GET_SERIALNUMBER 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_get_serialNumber, X509_get0_serialNumber, X509_set_serialNumber \&\- get or set certificate serial number .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& ASN1_INTEGER *X509_get_serialNumber(X509 *x); \& const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); \& int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_get_serialNumber()\fR returns the serial number of certificate \fBx\fR as an \&\fB\s-1ASN1_INTEGER\s0\fR structure which can be examined or initialised. The value returned is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed up after the call. .PP \&\fBX509_get0_serialNumber()\fR is the same as \fBX509_get_serialNumber()\fR except it accepts a const parameter and returns a const result. .PP \&\fBX509_set_serialNumber()\fR sets the serial number of certificate \fBx\fR to \&\fBserial\fR. A copy of the serial number is used internally so \fBserial\fR should be freed up after use. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_get_serialNumber()\fR and \fBX509_get0_serialNumber()\fR return an \fB\s-1ASN1_INTEGER\s0\fR structure. .PP \&\fBX509_set_serialNumber()\fR returns 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), \&\fBERR_get_error\fR\|(3), \&\fBX509_CRL_get0_by_serial\fR\|(3), \&\fBX509_get0_signature\fR\|(3), \&\fBX509_get_ext_d2i\fR\|(3), \&\fBX509_get_extension_flags\fR\|(3), \&\fBX509_get_pubkey\fR\|(3), \&\fBX509_get_subject_name\fR\|(3), \&\fBX509_NAME_add_entry_by_txt\fR\|(3), \&\fBX509_NAME_ENTRY_get_object\fR\|(3), \&\fBX509_NAME_get_index_by_NID\fR\|(3), \&\fBX509_NAME_print_ex\fR\|(3), \&\fBX509_new\fR\|(3), \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBX509_get_serialNumber()\fR and \fBX509_set_serialNumber()\fR functions are available in all versions of OpenSSL. The \fBX509_get0_serialNumber()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! # SSL_clear.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CLEAR 3" .TH SSL_CLEAR 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_clear \- reset SSL object to allow another connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_clear(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" Reset \fBssl\fR to allow another connection. All settings (method, ciphers, BIOs) are kept. .SH "NOTES" .IX Header "NOTES" SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While all settings are kept, a side effect is the handling of the current \s-1SSL\s0 session. If a session is still \fBopen\fR, it is considered bad and will be removed from the session cache, as required by \s-1RFC2246. A\s0 session is considered open, if \fBSSL_shutdown\fR\|(3) was not called for the connection or at least \fBSSL_set_shutdown\fR\|(3) was used to set the \s-1SSL_SENT_SHUTDOWN\s0 state. .PP If a session was closed cleanly, the session object will be kept and all settings corresponding. This explicitly means, that e.g. the special method used during the session will be kept for the next handshake. So if the session was a TLSv1 session, a \s-1SSL\s0 client object will use a TLSv1 client method for the next handshake and a \s-1SSL\s0 server object will use a TLSv1 server method, even if TLS_*_methods were chosen on startup. This will might lead to connection failures (see \fBSSL_new\fR\|(3)) for a description of the method's properties. .SH "WARNINGS" .IX Header "WARNINGS" \&\fBSSL_clear()\fR resets the \s-1SSL\s0 object to allow for another connection. The reset operation however keeps several settings of the last sessions (some of these settings were made automatically during the last handshake). It only makes sense for a new connection with the exact same peer that shares these settings, and may fail if that peer changes its settings between connections. Use the sequence \&\fBSSL_get_session\fR\|(3); \&\fBSSL_new\fR\|(3); \&\fBSSL_set_session\fR\|(3); \&\fBSSL_free\fR\|(3) instead to avoid such failures (or simply \fBSSL_free\fR\|(3); \fBSSL_new\fR\|(3) if session reuse is not desired). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "0" 4 The \fBSSL_clear()\fR operation could not be performed. Check the error stack to find out the reason. .IP "1" 4 .IX Item "1" The \fBSSL_clear()\fR operation was successful. .PP \&\fBSSL_new\fR\|(3), \fBSSL_free\fR\|(3), \&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), \&\fBSSL_CTX_set_options\fR\|(3), \fBssl\fR\|(7), \&\fBSSL_CTX_set_client_cert_cb\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!h1GX509_NAME_get0_der.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_NAME_GET0_DER 3" .TH X509_NAME_GET0_DER 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_NAME_get0_der \- get X509_NAME DER encoding .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, \& size_t *pderlen) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The function \fBX509_NAME_get0_der()\fR returns an internal pointer to the encoding of an \fBX509_NAME\fR structure in \fB*pder\fR and consisting of \&\fB*pderlen\fR bytes. It is useful for applications that wish to examine the encoding of an \fBX509_NAME\fR structure without copying it. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The function \fBX509_NAME_get0_der()\fR returns 1 for success and 0 if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!( KKSSL_SESSION_get0_cipher.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_SESSION_GET0_CIPHER 3" .TH SSL_SESSION_GET0_CIPHER 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_SESSION_get0_cipher, SSL_SESSION_set_cipher \&\- set and retrieve the SSL cipher associated with a session .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); \& int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_SESSION_get0_cipher()\fR retrieves the cipher that was used by the connection when the session was created, or \s-1NULL\s0 if it cannot be determined. .PP The value returned is a pointer to an object maintained within \fBs\fR and should not be released. .PP \&\fBSSL_SESSION_set_cipher()\fR can be used to set the ciphersuite associated with the \&\s-1SSL_SESSION\s0 \fBs\fR to \fBcipher\fR. For example, this could be used to set up a session based \s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_SESSION_get0_cipher()\fR returns the \s-1SSL_CIPHER\s0 associated with the \s-1SSL_SESSION\s0 or \s-1NULL\s0 if it cannot be determined. .PP \&\fBSSL_SESSION_set_cipher()\fR returns 1 on success or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \&\fBd2i_SSL_SESSION\fR\|(3), \&\fBSSL_SESSION_get_time\fR\|(3), \&\fBSSL_SESSION_get0_hostname\fR\|(3), \&\fBSSL_SESSION_free\fR\|(3), \&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_SESSION_get0_cipher()\fR function was added in OpenSSL 1.1.0. The \fBSSL_SESSION_set_cipher()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! RAND_set_rand_method.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RAND_SET_RAND_METHOD 3" .TH RAND_SET_RAND_METHOD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL \- select RAND method .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& RAND_METHOD *RAND_OpenSSL(void); \& \& int RAND_set_rand_method(const RAND_METHOD *meth); \& \& const RAND_METHOD *RAND_get_rand_method(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number generation. .PP \&\fBRAND_OpenSSL()\fR returns the default \fB\s-1RAND_METHOD\s0\fR implementation by OpenSSL. This implementation ensures that the \s-1PRNG\s0 state is unique for each thread. .PP If an \fB\s-1ENGINE\s0\fR is loaded that provides the \s-1RAND API,\s0 however, it will be used instead of the method returned by \fBRAND_OpenSSL()\fR. .PP \&\fBRAND_set_rand_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. If an \&\s-1ENGINE\s0 was providing the method, it will be released first. .PP \&\fBRAND_get_rand_method()\fR returns a pointer to the current \fB\s-1RAND_METHOD\s0\fR. .SH "THE RAND_METHOD STRUCTURE" .IX Header "THE RAND_METHOD STRUCTURE" .Vb 8 \& typedef struct rand_meth_st { \& int (*seed)(const void *buf, int num); \& int (*bytes)(unsigned char *buf, int num); \& void (*cleanup)(void); \& int (*add)(const void *buf, int num, double entropy); \& int (*pseudorand)(unsigned char *buf, int num); \& int (*status)(void); \& } RAND_METHOD; .Ve .PP The fields point to functions that are used by, in order, \&\fBRAND_seed()\fR, \fBRAND_bytes()\fR, internal \s-1RAND\s0 cleanup, \fBRAND_add()\fR, \fBRAND_pseudo_rand()\fR and \fBRAND_status()\fR. Each pointer may be \s-1NULL\s0 if the function is not implemented. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_set_rand_method()\fR returns 1 on success and 0 on failure. \&\fBRAND_get_rand_method()\fR and \fBRAND_OpenSSL()\fR return pointers to the respective methods. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBRAND_bytes\fR\|(3), \&\fBENGINE_by_id\fR\|(3), \&\s-1\fBRAND\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!gKX509_check_issued.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "X509_CHECK_ISSUED 3" .TH X509_CHECK_ISSUED 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" X509_check_issued \- checks if certificate is apparently issued by another certificate .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int X509_check_issued(X509 *issuer, X509 *subject); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_check_issued()\fR checks if certificate \fIsubject\fR was apparently issued using (\s-1CA\s0) certificate \fIissuer\fR. This function takes into account not only matching of the issuer field of \fIsubject\fR with the subject field of \fIissuer\fR, but also compares all sub-fields of the \fBauthorityKeyIdentifier\fR extension of \&\fIsubject\fR, as far as present, with the respective \fBsubjectKeyIdentifier\fR, serial number, and issuer fields of \fIissuer\fR, as far as present. It also checks if the \fBkeyUsage\fR field (if present) of \fIissuer\fR allows certificate signing. It does not check the certificate signature. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Function return \fBX509_V_OK\fR if certificate \fIsubject\fR is issued by \&\fIissuer\fR or some \fBX509_V_ERR*\fR constant to indicate an error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_verify_cert\fR\|(3), \&\fBX509_check_ca\fR\|(3), \&\fBverify\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!9j"EVP_PKEY_CTX_set_tls1_prf_md.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_SET_TLS1_PRF_MD 3" .TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_CTX_set_tls1_prf_md, EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed \- TLS PRF key derivation algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); \& int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx, \& unsigned char *sec, int seclen); \& int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx, \& unsigned char *seed, int seedlen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fB\s-1EVP_PKEY_TLS1_PRF\s0\fR algorithm implements the \s-1PRF\s0 key derivation function for \&\s-1TLS.\s0 It has no associated private key and only implements key derivation using \fBEVP_PKEY_derive\fR\|(3). .PP \&\fBEVP_PKEY_set_tls1_prf_md()\fR sets the message digest associated with the \&\s-1TLS PRF.\s0 \fBEVP_md5_sha1()\fR is treated as a special case which uses the \s-1PRF\s0 algorithm using both \fB\s-1MD5\s0\fR and \fB\s-1SHA1\s0\fR as used in \s-1TLS 1.0\s0 and 1.1. .PP \&\fBEVP_PKEY_CTX_set_tls1_prf_secret()\fR sets the secret value of the \s-1TLS PRF\s0 to \fBseclen\fR bytes of the buffer \fBsec\fR. Any existing secret value is replaced and any seed is reset. .PP \&\fBEVP_PKEY_CTX_add1_tls1_prf_seed()\fR sets the seed to \fBseedlen\fR bytes of \fBseed\fR. If a seed is already set it is appended to the existing value. .SH "STRING CTRLS" .IX Header "STRING CTRLS" The \s-1TLS PRF\s0 also supports string based control operations using \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest algorithm to use. The \fBtype\fR parameters \*(L"secret\*(R" and \*(L"seed\*(R" use the supplied \fBvalue\fR parameter as a secret or seed value. The names \*(L"hexsecret\*(R" and \*(L"hexseed\*(R" are similar except they take a hex string which is converted to binary. .SH "NOTES" .IX Header "NOTES" All these functions are implemented as macros. .PP A context for the \s-1TLS PRF\s0 can be obtained by calling: .PP .Vb 1 \& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); .Ve .PP The digest, secret value and seed must be set before a key is derived or an error occurs. .PP The total length of all seeds cannot exceed 1024 bytes in length: this should be more than enough for any normal use of the \s-1TLS PRF.\s0 .PP The output length of the \s-1PRF\s0 is specified by the length parameter in the \&\fBEVP_PKEY_derive()\fR function. Since the output length is variable, setting the buffer to \fB\s-1NULL\s0\fR is not meaningful for the \s-1TLS PRF.\s0 .PP Optimised versions of the \s-1TLS PRF\s0 can be implemented in an \s-1ENGINE.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" All these functions return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLES" .IX Header "EXAMPLES" This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R" and seed value \*(L"seed\*(R": .PP .Vb 3 \& EVP_PKEY_CTX *pctx; \& unsigned char out[10]; \& size_t outlen = sizeof(out); \& \& pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); \& if (EVP_PKEY_derive_init(pctx) <= 0) \& /* Error */ \& if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0) \& /* Error */ \& if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0) \& /* Error */ \& if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0) \& /* Error */ \& if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) \& /* Error */ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!&&& SSL_write.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_WRITE 3" .TH SSL_WRITE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_write_ex, SSL_write \- write bytes to a TLS/SSL connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); \& int SSL_write(SSL *ssl, const void *buf, int num); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_write_ex()\fR and \fBSSL_write()\fR write \fBnum\fR bytes from the buffer \fBbuf\fR into the specified \fBssl\fR connection. On success \fBSSL_write_ex()\fR will store the number of bytes written in \fB*written\fR. .SH "NOTES" .IX Header "NOTES" In the paragraphs below a \*(L"write function\*(R" is defined as one of either \&\fBSSL_write_ex()\fR, or \fBSSL_write()\fR. .PP If necessary, a write function will negotiate a \s-1TLS/SSL\s0 session, if not already explicitly performed by \fBSSL_connect\fR\|(3) or \fBSSL_accept\fR\|(3). If the peer requests a re-negotiation, it will be performed transparently during the write function operation. The behaviour of the write functions depends on the underlying \s-1BIO.\s0 .PP For the transparent negotiation to succeed, the \fBssl\fR must have been initialized to client or server mode. This is being done by calling \&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state()\fR before the first call to a write function. .PP If the underlying \s-1BIO\s0 is \fBblocking\fR, the write functions will only return, once the write operation has been finished or an error occurred. .PP If the underlying \s-1BIO\s0 is \fBnonblocking\fR the write functions will also return when the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue the operation. In this case a call to \fBSSL_get_error\fR\|(3) with the return value of the write function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a call to a write function can also cause read operations! The calling process then must repeat the call after taking appropriate action to satisfy the needs of the write function. The action depends on the underlying \s-1BIO.\s0 When using a nonblocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .PP The write functions will only return with success when the complete contents of \&\fBbuf\fR of length \fBnum\fR has been written. This default behaviour can be changed with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of \fBSSL_CTX_set_mode\fR\|(3). When this flag is set the write functions will also return with success when a partial write has been successfully completed. In this case the write function operation is considered completed. The bytes are sent and a new write call with a new buffer (with the already sent bytes removed) must be started. A partial write is performed with the size of a message block, which is 16kB. .SH "WARNINGS" .IX Header "WARNINGS" When a write function call has to be repeated because \fBSSL_get_error\fR\|(3) returned \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated with the same arguments. The data that was passed might have been partially processed. When \fB\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0\fR was set using \fBSSL_CTX_set_mode\fR\|(3) the pointer can be different, but the data and length should still be the same. .PP You should not call \fBSSL_write()\fR with num=0, it will return an error. \&\fBSSL_write_ex()\fR can be called with num=0, but will not send application data to the peer. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_write_ex()\fR will return 1 for success or 0 for failure. Success means that all requested application data bytes have been written to the \s-1SSL\s0 connection or, if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use, at least 1 application data byte has been written to the \s-1SSL\s0 connection. Failure means that not all the requested bytes have been written yet (if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is not in use) or no bytes could be written to the \s-1SSL\s0 connection (if \&\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use). Failures can be retryable (e.g. the network write buffer has temporarily filled up) or non-retryable (e.g. a fatal network error). In the event of a failure call \fBSSL_get_error\fR\|(3) to find out the reason which indicates whether the call is retryable or not. .PP For \fBSSL_write()\fR the following return values can occur: .IP "> 0" 4 .IX Item "> 0" The write operation was successful, the return value is the number of bytes actually written to the \s-1TLS/SSL\s0 connection. .IP "<= 0" 4 .IX Item "<= 0" The write operation was not successful, because either the connection was closed, an error occurred or action must be taken by the calling process. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .Sp Old documentation indicated a difference between 0 and \-1, and that \-1 was retryable. You should instead call \fBSSL_get_error()\fR to find out if it's retryable. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_get_error\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3) \&\fBSSL_CTX_set_mode\fR\|(3), \fBSSL_CTX_new\fR\|(3), \&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3) \&\fBSSL_set_connect_state\fR\|(3), \&\fBssl\fR\|(7), \fBbio\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_write_ex()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!x^RSA_blinding_on.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RSA_BLINDING_ON 3" .TH RSA_BLINDING_ON 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RSA_blinding_on, RSA_blinding_off \- protect the RSA operation from timing attacks .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); \& \& void RSA_blinding_off(RSA *rsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1RSA\s0 is vulnerable to timing attacks. In a setup where attackers can measure the time of \s-1RSA\s0 decryption or signature operations, blinding must be used to protect the \s-1RSA\s0 operation from that attack. .PP \&\fBRSA_blinding_on()\fR turns blinding on for key \fBrsa\fR and generates a random blinding factor. \fBctx\fR is \fB\s-1NULL\s0\fR or a preallocated and initialized \fB\s-1BN_CTX\s0\fR. .PP \&\fBRSA_blinding_off()\fR turns blinding off and frees the memory used for the blinding factor. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRSA_blinding_on()\fR returns 1 on success, and 0 if an error occurred. .PP \&\fBRSA_blinding_off()\fR returns no value. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!URWOPENSSL_init_ssl.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OPENSSL_INIT_SSL 3" .TH OPENSSL_INIT_SSL 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OPENSSL_init_ssl \- OpenSSL (libssl and libcrypto) initialisation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" During normal operation OpenSSL (libssl and libcrypto) will allocate various resources at start up that must, subsequently, be freed on close down of the library. Additionally some resources are allocated on a per thread basis (if the application is multi-threaded), and these resources must be freed prior to the thread closing. .PP As of version 1.1.0 OpenSSL will automatically allocate all resources that it needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required. .PP However, there may be situations when explicit initialisation is desirable or needed, for example when some nondefault initialisation is required. The function \fBOPENSSL_init_ssl()\fR can be used for this purpose. Calling this function will explicitly initialise \s-1BOTH\s0 libcrypto and libssl. To explicitly initialise \s-1ONLY\s0 libcrypto see the \&\fBOPENSSL_init_crypto\fR\|(3) function. .PP Numerous internal OpenSSL functions call \fBOPENSSL_init_ssl()\fR. Therefore, in order to perform nondefault initialisation, \&\fBOPENSSL_init_ssl()\fR \s-1MUST\s0 be called by application code prior to any other OpenSSL function calls. .PP The \fBopts\fR parameter specifies which aspects of libssl and libcrypto should be initialised. Valid options for libcrypto are described on the \&\fBOPENSSL_init_crypto\fR\|(3) page. In addition to any libcrypto specific option the following libssl options can also be used: .IP "\s-1OPENSSL_INIT_NO_LOAD_SSL_STRINGS\s0" 4 .IX Item "OPENSSL_INIT_NO_LOAD_SSL_STRINGS" Suppress automatic loading of the libssl error strings. This option is not a default option. Once selected subsequent calls to \&\fBOPENSSL_init_ssl()\fR with the option \&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored. .IP "\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0" 4 .IX Item "OPENSSL_INIT_LOAD_SSL_STRINGS" Automatic loading of the libssl error strings. This option is a default option. Once selected subsequent calls to \&\fBOPENSSL_init_ssl()\fR with the option \&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored. .PP \&\fBOPENSSL_init_ssl()\fR takes a \fBsettings\fR parameter which can be used to set parameter values. See \fBOPENSSL_init_crypto\fR\|(3) for details. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The function \fBOPENSSL_init_ssl()\fR returns 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOPENSSL_init_crypto\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBOPENSSL_init_ssl()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!J(( SSL_new.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_NEW 3" .TH SSL_NEW 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_dup, SSL_new, SSL_up_ref \- create an SSL structure for a connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& SSL *SSL_dup(SSL *s); \& SSL *SSL_new(SSL_CTX *ctx); \& int SSL_up_ref(SSL *s); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_new()\fR creates a new \fB\s-1SSL\s0\fR structure which is needed to hold the data for a \s-1TLS/SSL\s0 connection. The new structure inherits the settings of the underlying context \fBctx\fR: connection method, options, verification settings, timeout settings. An \fB\s-1SSL\s0\fR structure is reference counted. Creating an \fB\s-1SSL\s0\fR structure for the first time increments the reference count. Freeing it (using SSL_free) decrements it. When the reference count drops to zero, any memory or resources allocated to the \fB\s-1SSL\s0\fR structure are freed. .PP \&\fBSSL_up_ref()\fR increments the reference count for an existing \fB\s-1SSL\s0\fR structure. .PP The function \fBSSL_dup()\fR creates and returns a new \fB\s-1SSL\s0\fR structure from the same \&\fB\s-1SSL_CTX\s0\fR that was used to create \fIs\fR. It additionally duplicates a subset of the settings in \fIs\fR into the new \fB\s-1SSL\s0\fR object. .PP For \fBSSL_dup()\fR to work, the connection \s-1MUST\s0 be in its initial state and \&\s-1MUST NOT\s0 have yet started the \s-1SSL\s0 handshake. For connections that are not in their initial state \fBSSL_dup()\fR just increments an internal reference count and returns the \fIsame\fR handle. It may be possible to use \fBSSL_clear\fR\|(3) to recycle an \s-1SSL\s0 handle that is not in its initial state for re-use, but this is best avoided. Instead, save and restore the session, if desired, and construct a fresh handle for each connection. .PP The subset of settings in \fIs\fR that are duplicated are: .IP "any session data if configured (including the session_id_context)" 4 .IX Item "any session data if configured (including the session_id_context)" .PD 0 .IP "any tmp_dh settings set via \fBSSL_set_tmp_dh\fR\|(3), \fBSSL_set_tmp_dh_callback\fR\|(3), or \fBSSL_set_dh_auto\fR\|(3)" 4 .IX Item "any tmp_dh settings set via SSL_set_tmp_dh, SSL_set_tmp_dh_callback, or SSL_set_dh_auto" .IP "any configured certificates, private keys or certificate chains" 4 .IX Item "any configured certificates, private keys or certificate chains" .IP "any configured signature algorithms, or client signature algorithms" 4 .IX Item "any configured signature algorithms, or client signature algorithms" .IP "any \s-1DANE\s0 settings" 4 .IX Item "any DANE settings" .IP "any Options set via \fBSSL_set_options\fR\|(3)" 4 .IX Item "any Options set via SSL_set_options" .IP "any Mode set via \fBSSL_set_mode\fR\|(3)" 4 .IX Item "any Mode set via SSL_set_mode" .IP "any minimum or maximum protocol settings set via \fBSSL_set_min_proto_version\fR\|(3) or \fBSSL_set_max_proto_version\fR\|(3) (Note: Only from OpenSSL 1.1.1h and above)" 4 .IX Item "any minimum or maximum protocol settings set via SSL_set_min_proto_version or SSL_set_max_proto_version (Note: Only from OpenSSL 1.1.1h and above)" .IP "any Verify mode, callback or depth set via \fBSSL_set_verify\fR\|(3) or \fBSSL_set_verify_depth\fR\|(3) or any configured X509 verification parameters" 4 .IX Item "any Verify mode, callback or depth set via SSL_set_verify or SSL_set_verify_depth or any configured X509 verification parameters" .IP "any msg callback or info callback set via \fBSSL_set_msg_callback\fR\|(3) or \fBSSL_set_info_callback\fR\|(3)" 4 .IX Item "any msg callback or info callback set via SSL_set_msg_callback or SSL_set_info_callback" .IP "any default password callback set via \fBSSL_set_default_passwd_cb\fR\|(3)" 4 .IX Item "any default password callback set via SSL_set_default_passwd_cb" .IP "any session id generation callback set via \fBSSL_set_generate_session_id\fR\|(3)" 4 .IX Item "any session id generation callback set via SSL_set_generate_session_id" .IP "any configured Cipher List" 4 .IX Item "any configured Cipher List" .IP "initial accept (server) or connect (client) state" 4 .IX Item "initial accept (server) or connect (client) state" .IP "the max cert list value set via \fBSSL_set_max_cert_list\fR\|(3)" 4 .IX Item "the max cert list value set via SSL_set_max_cert_list" .IP "the read_ahead value set via \fBSSL_set_read_ahead\fR\|(3)" 4 .IX Item "the read_ahead value set via SSL_set_read_ahead" .IP "application specific data set via \fBSSL_set_ex_data\fR\|(3)" 4 .IX Item "application specific data set via SSL_set_ex_data" .IP "any \s-1CA\s0 list or client \s-1CA\s0 list set via \fBSSL_set0_CA_list\fR\|(3), \fBSSL_set0_client_CA_list()\fR or similar functions" 4 .IX Item "any CA list or client CA list set via SSL_set0_CA_list, SSL_set0_client_CA_list() or similar functions" .IP "any security level settings or callbacks" 4 .IX Item "any security level settings or callbacks" .IP "any configured serverinfo data" 4 .IX Item "any configured serverinfo data" .IP "any configured \s-1PSK\s0 identity hint" 4 .IX Item "any configured PSK identity hint" .IP "any configured custom extensions" 4 .IX Item "any configured custom extensions" .IP "any client certificate types configured via SSL_set1_client_certificate_types" 4 .IX Item "any client certificate types configured via SSL_set1_client_certificate_types" .PD .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "\s-1NULL\s0" 4 .IX Item "NULL" The creation of a new \s-1SSL\s0 structure failed. Check the error stack to find out the reason. .IP "Pointer to an \s-1SSL\s0 structure" 4 .IX Item "Pointer to an SSL structure" The return value points to an allocated \s-1SSL\s0 structure. .Sp \&\fBSSL_up_ref()\fR returns 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_free\fR\|(3), \fBSSL_clear\fR\|(3), \&\fBSSL_CTX_set_options\fR\|(3), \&\fBSSL_get_SSL_CTX\fR\|(3), \&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!6 33 SSL_accept.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_ACCEPT 3" .TH SSL_ACCEPT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_accept \- wait for a TLS/SSL client to initiate a TLS/SSL handshake .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_accept(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_accept()\fR waits for a \s-1TLS/SSL\s0 client to initiate the \s-1TLS/SSL\s0 handshake. The communication channel must already have been set and assigned to the \&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR. .SH "NOTES" .IX Header "NOTES" The behaviour of \fBSSL_accept()\fR depends on the underlying \s-1BIO.\s0 .PP If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_accept()\fR will only return once the handshake has been finished or an error occurred. .PP If the underlying \s-1BIO\s0 is \fBnonblocking\fR, \fBSSL_accept()\fR will also return when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_accept()\fR to continue the handshake, indicating the problem by the return value \-1. In this case a call to \fBSSL_get_error()\fR with the return value of \fBSSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fBSSL_accept()\fR. The action depends on the underlying \s-1BIO.\s0 When using a nonblocking socket, nothing is to be done, but \fBselect()\fR can be used to check for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: .IP "0" 4 The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .IP "1" 4 .IX Item "1" The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been established. .IP "<0" 4 .IX Item "<0" The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation for nonblocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), \&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), \&\fBSSL_set_connect_state\fR\|(3), \&\fBSSL_do_handshake\fR\|(3), \&\fBSSL_CTX_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!a. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OPENSSL_IA32CAP 3" .TH OPENSSL_IA32CAP 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" OPENSSL_ia32cap \- the x86[_64] processor capabilities vector .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& env OPENSSL_ia32cap=... .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" OpenSSL supports a range of x86[_64] instruction set extensions. These extensions are denoted by individual bits in capability vector returned by processor in \s-1EDX:ECX\s0 register pair after executing \s-1CPUID\s0 instruction with EAX=1 input value (see Intel Application Note #241618). This vector is copied to memory upon toolkit initialization and used to choose between different code paths to provide optimal performance across wide range of processors. For the moment of this writing following bits are significant: .IP "bit #4 denoting presence of Time-Stamp Counter." 4 .IX Item "bit #4 denoting presence of Time-Stamp Counter." .PD 0 .IP "bit #19 denoting availability of \s-1CLFLUSH\s0 instruction;" 4 .IX Item "bit #19 denoting availability of CLFLUSH instruction;" .IP "bit #20, reserved by Intel, is used to choose among \s-1RC4\s0 code paths;" 4 .IX Item "bit #20, reserved by Intel, is used to choose among RC4 code paths;" .IP "bit #23 denoting \s-1MMX\s0 support;" 4 .IX Item "bit #23 denoting MMX support;" .IP "bit #24, \s-1FXSR\s0 bit, denoting availability of \s-1XMM\s0 registers;" 4 .IX Item "bit #24, FXSR bit, denoting availability of XMM registers;" .IP "bit #25 denoting \s-1SSE\s0 support;" 4 .IX Item "bit #25 denoting SSE support;" .IP "bit #26 denoting \s-1SSE2\s0 support;" 4 .IX Item "bit #26 denoting SSE2 support;" .IP "bit #28 denoting Hyperthreading, which is used to distinguish cores with shared cache;" 4 .IX Item "bit #28 denoting Hyperthreading, which is used to distinguish cores with shared cache;" .IP "bit #30, reserved by Intel, denotes specifically Intel CPUs;" 4 .IX Item "bit #30, reserved by Intel, denotes specifically Intel CPUs;" .IP "bit #33 denoting availability of \s-1PCLMULQDQ\s0 instruction;" 4 .IX Item "bit #33 denoting availability of PCLMULQDQ instruction;" .IP "bit #41 denoting \s-1SSSE3,\s0 Supplemental \s-1SSE3,\s0 support;" 4 .IX Item "bit #41 denoting SSSE3, Supplemental SSE3, support;" .IP "bit #43 denoting \s-1AMD XOP\s0 support (forced to zero on non-AMD CPUs);" 4 .IX Item "bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);" .IP "bit #54 denoting availability of \s-1MOVBE\s0 instruction;" 4 .IX Item "bit #54 denoting availability of MOVBE instruction;" .IP "bit #57 denoting AES-NI instruction set extension;" 4 .IX Item "bit #57 denoting AES-NI instruction set extension;" .IP "bit #58, \s-1XSAVE\s0 bit, lack of which in combination with \s-1MOVBE\s0 is used to identify Atom Silvermont core;" 4 .IX Item "bit #58, XSAVE bit, lack of which in combination with MOVBE is used to identify Atom Silvermont core;" .IP "bit #59, \s-1OSXSAVE\s0 bit, denoting availability of \s-1YMM\s0 registers;" 4 .IX Item "bit #59, OSXSAVE bit, denoting availability of YMM registers;" .IP "bit #60 denoting \s-1AVX\s0 extension;" 4 .IX Item "bit #60 denoting AVX extension;" .IP "bit #62 denoting availability of \s-1RDRAND\s0 instruction;" 4 .IX Item "bit #62 denoting availability of RDRAND instruction;" .PD .PP For example, in 32\-bit application context clearing bit #26 at run-time disables high-performance \s-1SSE2\s0 code present in the crypto library, while clearing bit #24 disables \s-1SSE2\s0 code operating on 128\-bit \s-1XMM\s0 register bank. You might have to do the latter if target OpenSSL application is executed on \s-1SSE2\s0 capable \s-1CPU,\s0 but under control of \s-1OS\s0 that does not enable \s-1XMM\s0 registers. Historically address of the capability vector copy was exposed to application through \fBOPENSSL_ia32cap_loc()\fR, but not anymore. Now the only way to affect the capability detection is to set OPENSSL_ia32cap environment variable prior target application start. To give a specific example, on Intel P4 processor 'env OPENSSL_ia32cap=0x16980010 apps/openssl', or better yet 'env OPENSSL_ia32cap=~0x1000000 apps/openssl' would achieve the desired effect. Alternatively you can reconfigure the toolkit with no\-sse2 option and recompile. .PP Less intuitive is clearing bit #28, or ~0x10000000 in the \*(L"environment variable\*(R" terms. The truth is that it's not copied from \s-1CPUID\s0 output verbatim, but is adjusted to reflect whether or not the data cache is actually shared between logical cores. This in turn affects the decision on whether or not expensive countermeasures against cache-timing attacks are applied, most notably in \s-1AES\s0 assembler module. .PP The capability vector is further extended with \s-1EBX\s0 value returned by \&\s-1CPUID\s0 with EAX=7 and ECX=0 as input. Following bits are significant: .IP "bit #64+3 denoting availability of \s-1BMI1\s0 instructions, e.g. \s-1ANDN\s0;" 4 .IX Item "bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;" .PD 0 .IP "bit #64+5 denoting availability of \s-1AVX2\s0 instructions;" 4 .IX Item "bit #64+5 denoting availability of AVX2 instructions;" .IP "bit #64+8 denoting availability of \s-1BMI2\s0 instructions, e.g. \s-1MULX\s0 and \s-1RORX\s0;" 4 .IX Item "bit #64+8 denoting availability of BMI2 instructions, e.g. MULX and RORX;" .IP "bit #64+16 denoting availability of \s-1AVX512F\s0 extension;" 4 .IX Item "bit #64+16 denoting availability of AVX512F extension;" .IP "bit #64+18 denoting availability of \s-1RDSEED\s0 instruction;" 4 .IX Item "bit #64+18 denoting availability of RDSEED instruction;" .IP "bit #64+19 denoting availability of \s-1ADCX\s0 and \s-1ADOX\s0 instructions;" 4 .IX Item "bit #64+19 denoting availability of ADCX and ADOX instructions;" .IP "bit #64+21 denoting availability of VPMADD52[\s-1LH\s0]UQ instructions, aka \s-1AVX512IFMA\s0 extension;" 4 .IX Item "bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, aka AVX512IFMA extension;" .IP "bit #64+29 denoting availability of \s-1SHA\s0 extension;" 4 .IX Item "bit #64+29 denoting availability of SHA extension;" .IP "bit #64+30 denoting availability of \s-1AVX512BW\s0 extension;" 4 .IX Item "bit #64+30 denoting availability of AVX512BW extension;" .IP "bit #64+31 denoting availability of \s-1AVX512VL\s0 extension;" 4 .IX Item "bit #64+31 denoting availability of AVX512VL extension;" .IP "bit #64+41 denoting availability of \s-1VAES\s0 extension;" 4 .IX Item "bit #64+41 denoting availability of VAES extension;" .IP "bit #64+42 denoting availability of \s-1VPCLMULQDQ\s0 extension;" 4 .IX Item "bit #64+42 denoting availability of VPCLMULQDQ extension;" .PD .PP To control this extended capability word use ':' as delimiter when setting up OPENSSL_ia32cap environment variable. For example assigning \&':~0x20' would disable \s-1AVX2\s0 code paths, and ':0' \- all post-AVX extensions. .PP It should be noted that whether or not some of the most \*(L"fancy\*(R" extension code paths are actually assembled depends on current assembler version. Base minimum of \s-1AES\-NI/PCLMULQDQ, SSSE3\s0 and \s-1SHA\s0 extension code paths are always assembled. Apart from that, minimum assembler version requirements are summarized in below table: .PP .Vb 8 \& Extension | GNU as | nasm | llvm \& \-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\- \& AVX | 2.19 | 2.09 | 3.0 \& AVX2 | 2.22 | 2.10 | 3.1 \& ADCX/ADOX | 2.23 | 2.10 | 3.3 \& AVX512 | 2.25 | 2.11.8 | see NOTES \& AVX512IFMA | 2.26 | 2.11.8 | see NOTES \& VAES | 2.30 | 2.13.3 | .Ve .SH "NOTES" .IX Header "NOTES" Even though \s-1AVX512\s0 support was implemented in llvm 3.6, compilation of assembly modules apparently requires explicit \-march flag. But then compiler generates processor-specific code, which in turn contradicts the mere idea of run-time switch execution facilitated by the variable in question. Till the limitation is lifted, it's possible to work around the problem by making build procedure use following script: .PP .Vb 2 \& #!/bin/sh \& exec clang \-no\-integrated\-as "$@" .Ve .PP instead of real clang. In which case it doesn't matter which clang version is used, as it is \s-1GNU\s0 assembler version that will be checked. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Not available. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2004\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!{l0EVP_ripemd160.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_RIPEMD160 3" .TH EVP_RIPEMD160 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_ripemd160 \&\- RIPEMD160 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_MD *EVP_ripemd160(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1RIPEMD\-160\s0 is a cryptographic hash function first published in 1996 belonging to the \s-1RIPEMD\s0 family (\s-1RACE\s0 Integrity Primitives Evaluation Message Digest). .IP "\fBEVP_ripemd160()\fR" 4 .IX Item "EVP_ripemd160()" The \s-1RIPEMD\-160\s0 algorithm which produces a 160\-bit output from a given input. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1ISO/IEC 10118\-3:2016\s0 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!WfEC_KEY_get_enc_flags.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EC_KEY_GET_ENC_FLAGS 3" .TH EC_KEY_GET_ENC_FLAGS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EC_KEY_get_enc_flags, EC_KEY_set_enc_flags \&\- Get and set flags for encoding EC_KEY structures .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& unsigned int EC_KEY_get_enc_flags(const EC_KEY *key); \& void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The format of the external representation of the public key written by \&\fBi2d_ECPrivateKey()\fR (such as whether it is stored in a compressed form or not) is described by the point_conversion_form. See \fBEC_GROUP_copy\fR\|(3) for a description of point_conversion_form. .PP When reading a private key encoded without an associated public key (e.g. if \&\s-1EC_PKEY_NO_PUBKEY\s0 has been used \- see below), then \fBd2i_ECPrivateKey()\fR generates the missing public key automatically. Private keys encoded without parameters (e.g. if \s-1EC_PKEY_NO_PARAMETERS\s0 has been used \- see below) cannot be loaded using \&\fBd2i_ECPrivateKey()\fR. .PP The functions \fBEC_KEY_get_enc_flags()\fR and \fBEC_KEY_set_enc_flags()\fR get and set the value of the encoding flags for the \fBkey\fR. There are two encoding flags currently defined \- \s-1EC_PKEY_NO_PARAMETERS\s0 and \s-1EC_PKEY_NO_PUBKEY.\s0 These flags define the behaviour of how the \fBkey\fR is converted into \s-1ASN1\s0 in a call to \&\fBi2d_ECPrivateKey()\fR. If \s-1EC_PKEY_NO_PARAMETERS\s0 is set then the public parameters for the curve are not encoded along with the private key. If \s-1EC_PKEY_NO_PUBKEY\s0 is set then the public key is not encoded along with the private key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEC_KEY_get_enc_flags()\fR returns the value of the current encoding flags for the \&\s-1EC_KEY.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3), \&\fBEC_POINT_add\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), \&\fBd2i_ECPKParameters\fR\|(3), \&\fBd2i_ECPrivateKey\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!a2MDSSL_CTX_config.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_CONFIG 3" .TH SSL_CTX_CONFIG 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_config, SSL_config \- configure SSL_CTX or SSL structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CTX_config(SSL_CTX *ctx, const char *name); \& int SSL_config(SSL *s, const char *name); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The functions \fBSSL_CTX_config()\fR and \fBSSL_config()\fR configure an \fB\s-1SSL_CTX\s0\fR or \&\fB\s-1SSL\s0\fR structure using the configuration \fBname\fR. .SH "NOTES" .IX Header "NOTES" By calling \fBSSL_CTX_config()\fR or \fBSSL_config()\fR an application can perform many complex tasks based on the contents of the configuration file: greatly simplifying application configuration code. A degree of future proofing can also be achieved: an application can support configuration features in newer versions of OpenSSL automatically. .PP A configuration file must have been previously loaded, for example using \&\fBCONF_modules_load_file()\fR. See \fBconfig\fR\|(5) for details of the configuration file syntax. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_config()\fR and \fBSSL_config()\fR return 1 for success or 0 if an error occurred. .SH "EXAMPLES" .IX Header "EXAMPLES" If the file \*(L"config.cnf\*(R" contains the following: .PP .Vb 1 \& testapp = test_sect \& \& [test_sect] \& # list of configuration modules \& \& ssl_conf = ssl_sect \& \& [ssl_sect] \& server = server_section \& \& [server_section] \& RSA.Certificate = server\-rsa.pem \& ECDSA.Certificate = server\-ecdsa.pem \& Ciphers = ALL:!RC4 .Ve .PP An application could call: .PP .Vb 4 \& if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) { \& fprintf(stderr, "Error processing config file\en"); \& goto err; \& } \& \& ctx = SSL_CTX_new(TLS_server_method()); \& \& if (SSL_CTX_config(ctx, "server") == 0) { \& fprintf(stderr, "Error configuring server.\en"); \& goto err; \& } .Ve .PP In this example two certificates and the cipher list are configured without the need for any additional application code. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBconfig\fR\|(5), \&\fBSSL_CONF_cmd\fR\|(3), \&\fBCONF_modules_load_file\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_CTX_config()\fR and \fBSSL_config()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!VEVP_PKEY_encrypt.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_PKEY_ENCRYPT 3" .TH EVP_PKEY_ENCRYPT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_PKEY_encrypt_init, EVP_PKEY_encrypt \- encrypt using a public key algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); \& int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, \& unsigned char *out, size_t *outlen, \& const unsigned char *in, size_t inlen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBEVP_PKEY_encrypt_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for an encryption operation. .PP The \fBEVP_PKEY_encrypt()\fR function performs a public key encryption operation using \fBctx\fR. The data to be encrypted is specified using the \fBin\fR and \&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then before the call the \fBoutlen\fR parameter should contain the length of the \&\fBout\fR buffer, if the call is successful the encrypted data is written to \&\fBout\fR and the amount of data written to \fBoutlen\fR. .SH "NOTES" .IX Header "NOTES" After the call to \fBEVP_PKEY_encrypt_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the operation. .PP The function \fBEVP_PKEY_encrypt()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_encrypt_init()\fR and \fBEVP_PKEY_encrypt()\fR return 1 for success and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "EXAMPLES" .IX Header "EXAMPLES" Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys). See also \fBPEM_read_PUBKEY\fR\|(3) or \&\fBd2i_X509\fR\|(3) for means to load a public key. You may also simply set 'eng = \s-1NULL\s0;' to start with the default OpenSSL \s-1RSA\s0 implementation: .PP .Vb 3 \& #include \& #include \& #include \& \& EVP_PKEY_CTX *ctx; \& ENGINE *eng; \& unsigned char *out, *in; \& size_t outlen, inlen; \& EVP_PKEY *key; \& \& /* \& * NB: assumes eng, key, in, inlen are already set up, \& * and that key is an RSA public key \& */ \& ctx = EVP_PKEY_CTX_new(key, eng); \& if (!ctx) \& /* Error occurred */ \& if (EVP_PKEY_encrypt_init(ctx) <= 0) \& /* Error */ \& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) \& /* Error */ \& \& /* Determine buffer length */ \& if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0) \& /* Error */ \& \& out = OPENSSL_malloc(outlen); \& \& if (!out) \& /* malloc failure */ \& \& if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) \& /* Error */ \& \& /* Encrypted data is outlen bytes written to buffer out */ .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), \&\fBENGINE_by_id\fR\|(3), \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_decrypt\fR\|(3), \&\fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_verify\fR\|(3), \&\fBEVP_PKEY_verify_recover\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! ދPKCS12_create.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PKCS12_CREATE 3" .TH PKCS12_CREATE 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" PKCS12_create \- create a PKCS#12 structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, \& X509 *cert, STACK_OF(X509) *ca, \& int nid_key, int nid_cert, int iter, int mac_iter, int keytype); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBPKCS12_create()\fR creates a PKCS#12 structure. .PP \&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for the supplied certificate and key. \fBpkey\fR is the private key to include in the structure and \fBcert\fR its corresponding certificates. \fBca\fR, if not \fB\s-1NULL\s0\fR is an optional set of certificates to also include in the structure. .PP \&\fBnid_key\fR and \fBnid_cert\fR are the encryption algorithms that should be used for the key and certificate respectively. The modes \&\s-1GCM, CCM, XTS,\s0 and \s-1OCB\s0 are unsupported. \fBiter\fR is the encryption algorithm iteration count to use and \fBmac_iter\fR is the \s-1MAC\s0 iteration count to use. \&\fBkeytype\fR is the type of key. .SH "NOTES" .IX Header "NOTES" The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBiter\fR, \fBmac_iter\fR and \fBkeytype\fR can all be set to zero and sensible defaults will be used. .PP These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0 encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0 (currently 2048) and a \s-1MAC\s0 iteration count of 1. .PP The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER.\s0 .PP \&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension that is only currently interpreted by \s-1MSIE.\s0 If set to zero the flag is omitted, if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR it can be used for signing and encryption. This option was useful for old export grade software which could use signing only keys of arbitrary size but had restrictions on the permissible sizes of keys which could be used for encryption. .PP If a certificate contains an \fBalias\fR or \fBkeyid\fR then this will be used for the corresponding \fBfriendlyName\fR or \fBlocalKeyID\fR in the \&\s-1PKCS12\s0 structure. .PP Either \fBpkey\fR, \fBcert\fR or both can be \fB\s-1NULL\s0\fR to indicate that no key or certificate is required. In previous versions both had to be present or a fatal error is returned. .PP \&\fBnid_key\fR or \fBnid_cert\fR can be set to \-1 indicating that no encryption should be used. .PP \&\fBmac_iter\fR can be set to \-1 and the \s-1MAC\s0 will then be omitted entirely. .PP \&\fBPKCS12_create()\fR makes assumptions regarding the encoding of the given pass phrase. See \fBpassphrase\-encoding\fR\|(7) for more information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPKCS12_create()\fR returns a valid \fB\s-1PKCS12\s0\fR structure or \s-1NULL\s0 if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_PKCS12\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!X]PKCS7_encrypt.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PKCS7_ENCRYPT 3" .TH PKCS7_ENCRYPT 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" PKCS7_encrypt \- create a PKCS#7 envelopedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, \& int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR is a list of recipient certificates. \fBin\fR is the content to be encrypted. \&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient certificates supplied to this function must all contain \s-1RSA\s0 public keys, though they do not have to be signed using the \s-1RSA\s0 algorithm. .PP \&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use because most clients will support it. .PP Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 bit \s-1RC2.\s0 These can be used by passing \fBEVP_rc2_40_cbc()\fR and \fBEVP_rc2_64_cbc()\fR respectively. .PP The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of its parameters. .PP Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to \&\fBPKCS7_encrypt()\fR. .PP The following flags can be passed in the \fBflags\fR parameter. .PP If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended to the data. .PP Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then \&\fB\s-1PKCS7_TEXT\s0\fR is ignored. .PP If the \fB\s-1PKCS7_STREAM\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. .SH "NOTES" .IX Header "NOTES" If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR complete and outputting its contents via a function that does not properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results. .PP Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream()\fR, \&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using \&\fBBIO_new_PKCS7()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPKCS7_encrypt()\fR returns either a \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBPKCS7_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!x66ASN1_generate_nconf.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ASN1_GENERATE_NCONF 3" .TH ASN1_GENERATE_NCONF 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ASN1_generate_nconf, ASN1_generate_v3 \- ASN1 generation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); \& ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions generate the \s-1ASN1\s0 encoding of a string in an \fB\s-1ASN1_TYPE\s0\fR structure. .PP \&\fBstr\fR contains the string to encode \fBnconf\fR or \fBcnf\fR contains the optional configuration information where additional strings will be read from. \fBnconf\fR will typically come from a config file whereas \fBcnf\fR is obtained from an \fBX509V3_CTX\fR structure which will typically be used by X509 v3 certificate extension functions. \fBcnf\fR or \fBnconf\fR can be set to \fB\s-1NULL\s0\fR if no additional configuration will be used. .SH "GENERATION STRING FORMAT" .IX Header "GENERATION STRING FORMAT" The actual data encoded is determined by the string \fBstr\fR and the configuration information. The general format of the string is: .IP "\fB[modifier,]type[:value]\fR" 4 .IX Item "[modifier,]type[:value]" .PP That is zero or more comma separated modifiers followed by a type followed by an optional colon and a value. The formats of \fBtype\fR, \&\fBvalue\fR and \fBmodifier\fR are explained below. .SS "Supported Types" .IX Subsection "Supported Types" The supported types are listed below. Unless otherwise specified only the \fB\s-1ASCII\s0\fR format is permissible. .IP "\fB\s-1BOOLEAN\s0\fR, \fB\s-1BOOL\s0\fR" 4 .IX Item "BOOLEAN, BOOL" This encodes a boolean type. The \fBvalue\fR string is mandatory and should be \fB\s-1TRUE\s0\fR or \fB\s-1FALSE\s0\fR. Additionally \fB\s-1TRUE\s0\fR, \fBtrue\fR, \fBY\fR, \&\fBy\fR, \fB\s-1YES\s0\fR, \fByes\fR, \fB\s-1FALSE\s0\fR, \fBfalse\fR, \fBN\fR, \fBn\fR, \fB\s-1NO\s0\fR and \fBno\fR are acceptable. .IP "\fB\s-1NULL\s0\fR" 4 .IX Item "NULL" Encode the \fB\s-1NULL\s0\fR type, the \fBvalue\fR string must not be present. .IP "\fB\s-1INTEGER\s0\fR, \fB\s-1INT\s0\fR" 4 .IX Item "INTEGER, INT" Encodes an \s-1ASN1\s0 \fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents the value of the integer, it can be prefaced by a minus sign and is normally interpreted as a decimal value unless the prefix \fB0x\fR is included. .IP "\fB\s-1ENUMERATED\s0\fR, \fB\s-1ENUM\s0\fR" 4 .IX Item "ENUMERATED, ENUM" Encodes the \s-1ASN1\s0 \fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to \&\fB\s-1INTEGER\s0\fR. .IP "\fB\s-1OBJECT\s0\fR, \fB\s-1OID\s0\fR" 4 .IX Item "OBJECT, OID" Encodes an \s-1ASN1\s0 \fB\s-1OBJECT IDENTIFIER\s0\fR, the \fBvalue\fR string can be a short name, a long name or numerical format. .IP "\fB\s-1UTCTIME\s0\fR, \fB\s-1UTC\s0\fR" 4 .IX Item "UTCTIME, UTC" Encodes an \s-1ASN1\s0 \fBUTCTime\fR structure, the value should be in the format \fB\s-1YYMMDDHHMMSSZ\s0\fR. .IP "\fB\s-1GENERALIZEDTIME\s0\fR, \fB\s-1GENTIME\s0\fR" 4 .IX Item "GENERALIZEDTIME, GENTIME" Encodes an \s-1ASN1\s0 \fBGeneralizedTime\fR structure, the value should be in the format \fB\s-1YYYYMMDDHHMMSSZ\s0\fR. .IP "\fB\s-1OCTETSTRING\s0\fR, \fB\s-1OCT\s0\fR" 4 .IX Item "OCTETSTRING, OCT" Encodes an \s-1ASN1\s0 \fB\s-1OCTET STRING\s0\fR. \fBvalue\fR represents the contents of this structure, the format strings \fB\s-1ASCII\s0\fR and \fB\s-1HEX\s0\fR can be used to specify the format of \fBvalue\fR. .IP "\fB\s-1BITSTRING\s0\fR, \fB\s-1BITSTR\s0\fR" 4 .IX Item "BITSTRING, BITSTR" Encodes an \s-1ASN1\s0 \fB\s-1BIT STRING\s0\fR. \fBvalue\fR represents the contents of this structure, the format strings \fB\s-1ASCII\s0\fR, \fB\s-1HEX\s0\fR and \fB\s-1BITLIST\s0\fR can be used to specify the format of \fBvalue\fR. .Sp If the format is anything other than \fB\s-1BITLIST\s0\fR the number of unused bits is set to zero. .IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR, \fB\s-1NUMERICSTRING\s0\fR, \fB\s-1NUMERIC\s0\fR" 4 .IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString, NUMERICSTRING, NUMERIC" These encode the corresponding string types. \fBvalue\fR represents the contents of this structure. The format can be \fB\s-1ASCII\s0\fR or \fB\s-1UTF8\s0\fR. .IP "\fB\s-1SEQUENCE\s0\fR, \fB\s-1SEQ\s0\fR, \fB\s-1SET\s0\fR" 4 .IX Item "SEQUENCE, SEQ, SET" Formats the result as an \s-1ASN1\s0 \fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fBvalue\fR should be a section name which will contain the contents. The field names in the section are ignored and the values are in the generated string format. If \fBvalue\fR is absent then an empty \s-1SEQUENCE\s0 will be encoded. .SS "Modifiers" .IX Subsection "Modifiers" Modifiers affect the following structure, they can be used to add \s-1EXPLICIT\s0 or \s-1IMPLICIT\s0 tagging, add wrappers or to change the string format of the final type and value. The supported formats are documented below. .IP "\fB\s-1EXPLICIT\s0\fR, \fB\s-1EXP\s0\fR" 4 .IX Item "EXPLICIT, EXP" Add an explicit tag to the following structure. This string should be followed by a colon and the tag value to use as a decimal value. .Sp By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR \s-1UNIVERSAL, APPLICATION, PRIVATE\s0 or \s-1CONTEXT SPECIFIC\s0 tagging can be used, the default is \s-1CONTEXT SPECIFIC.\s0 .IP "\fB\s-1IMPLICIT\s0\fR, \fB\s-1IMP\s0\fR" 4 .IX Item "IMPLICIT, IMP" This is the same as \fB\s-1EXPLICIT\s0\fR except \s-1IMPLICIT\s0 tagging is used instead. .IP "\fB\s-1OCTWRAP\s0\fR, \fB\s-1SEQWRAP\s0\fR, \fB\s-1SETWRAP\s0\fR, \fB\s-1BITWRAP\s0\fR" 4 .IX Item "OCTWRAP, SEQWRAP, SETWRAP, BITWRAP" The following structure is surrounded by an \s-1OCTET STRING,\s0 a \s-1SEQUENCE,\s0 a \s-1SET\s0 or a \s-1BIT STRING\s0 respectively. For a \s-1BIT STRING\s0 the number of unused bits is set to zero. .IP "\fB\s-1FORMAT\s0\fR" 4 .IX Item "FORMAT" This specifies the format of the ultimate value. It should be followed by a colon and one of the strings \fB\s-1ASCII\s0\fR, \fB\s-1UTF8\s0\fR, \fB\s-1HEX\s0\fR or \fB\s-1BITLIST\s0\fR. .Sp If no format specifier is included then \fB\s-1ASCII\s0\fR is used. If \fB\s-1UTF8\s0\fR is specified then the value string must be a valid \fB\s-1UTF8\s0\fR string. For \fB\s-1HEX\s0\fR the output must be a set of hex digits. \fB\s-1BITLIST\s0\fR (which is only valid for a \s-1BIT STRING\s0) is a comma separated list of the indices of the set bits, all other bits are zero. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASN1_generate_nconf()\fR and \fBASN1_generate_v3()\fR return the encoded data as an \fB\s-1ASN1_TYPE\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .PP The error codes that can be obtained by \fBERR_get_error\fR\|(3). .SH "EXAMPLES" .IX Header "EXAMPLES" A simple IA5String: .PP .Vb 1 \& IA5STRING:Hello World .Ve .PP An IA5String explicitly tagged: .PP .Vb 1 \& EXPLICIT:0,IA5STRING:Hello World .Ve .PP An IA5String explicitly tagged using \s-1APPLICATION\s0 tagging: .PP .Vb 1 \& EXPLICIT:0A,IA5STRING:Hello World .Ve .PP A \s-1BITSTRING\s0 with bits 1 and 5 set and all others zero: .PP .Vb 1 \& FORMAT:BITLIST,BITSTRING:1,5 .Ve .PP A more complex example using a config file to produce a \&\s-1SEQUENCE\s0 consisting of a \s-1BOOL\s0 an \s-1OID\s0 and a UTF8String: .PP .Vb 1 \& asn1 = SEQUENCE:seq_section \& \& [seq_section] \& \& field1 = BOOLEAN:TRUE \& field2 = OID:commonName \& field3 = UTF8:Third field .Ve .PP This example produces an RSAPrivateKey structure, this is the key contained in the file client.pem in all OpenSSL distributions (note: the field names such as 'coeff' are ignored and are present just for clarity): .PP .Vb 3 \& asn1=SEQUENCE:private_key \& [private_key] \& version=INTEGER:0 \& \& n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e \& D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 \& \& e=INTEGER:0x010001 \& \& d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\e \& F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D \& \& p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\e \& D4BD57 \& \& q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\e \& 46EC4F \& \& exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\e \& 9C0A39B9 \& \& exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\e \& E7B2458F \& \& coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\e \& 628657053A .Ve .PP This example is the corresponding public key in a SubjectPublicKeyInfo structure: .PP .Vb 2 \& # Start with a SEQUENCE \& asn1=SEQUENCE:pubkeyinfo \& \& # pubkeyinfo contains an algorithm identifier and the public key wrapped \& # in a BIT STRING \& [pubkeyinfo] \& algorithm=SEQUENCE:rsa_alg \& pubkey=BITWRAP,SEQUENCE:rsapubkey \& \& # algorithm ID for RSA is just an OID and a NULL \& [rsa_alg] \& algorithm=OID:rsaEncryption \& parameter=NULL \& \& # Actual public key: modulus and exponent \& [rsapubkey] \& n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e \& D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 \& \& e=INTEGER:0x010001 .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!)8Q2Q2SSL_get_error.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_GET_ERROR 3" .TH SSL_GET_ERROR 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_get_error \- obtain result code for TLS/SSL I/O operation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_get_error(const SSL *ssl, int ret); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R" statement) for a preceding call to \fBSSL_connect()\fR, \fBSSL_accept()\fR, \fBSSL_do_handshake()\fR, \&\fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, \fBSSL_peek()\fR, \fBSSL_shutdown()\fR, \&\fBSSL_write_ex()\fR or \fBSSL_write()\fR on \fBssl\fR. The value returned by that \s-1TLS/SSL I/O\s0 function must be passed to \fBSSL_get_error()\fR in parameter \fBret\fR. .PP In addition to \fBssl\fR and \fBret\fR, \fBSSL_get_error()\fR inspects the current thread's OpenSSL error queue. Thus, \fBSSL_get_error()\fR must be used in the same thread that performed the \s-1TLS/SSL I/O\s0 operation, and no other OpenSSL function calls should appear in between. The current thread's error queue must be empty before the \s-1TLS/SSL I/O\s0 operation is attempted, or \fBSSL_get_error()\fR will not work reliably. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can currently occur: .IP "\s-1SSL_ERROR_NONE\s0" 4 .IX Item "SSL_ERROR_NONE" The \s-1TLS/SSL I/O\s0 operation completed. This result code is returned if and only if \fBret > 0\fR. .IP "\s-1SSL_ERROR_ZERO_RETURN\s0" 4 .IX Item "SSL_ERROR_ZERO_RETURN" The \s-1TLS/SSL\s0 peer has closed the connection for writing by sending the close_notify alert. No more data can be read. Note that \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR does not necessarily indicate that the underlying transport has been closed. .IP "\s-1SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE\s0" 4 .IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE" The operation did not complete and can be retried later. .Sp \&\fB\s-1SSL_ERROR_WANT_READ\s0\fR is returned when the last operation was a read operation from a nonblocking \fB\s-1BIO\s0\fR. It means that not enough data was available at this time to complete the operation. If at a later time the underlying \fB\s-1BIO\s0\fR has data available for reading the same function can be called again. .Sp \&\fBSSL_read()\fR and \fBSSL_read_ex()\fR can also set \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is still unprocessed data available at either the \fB\s-1SSL\s0\fR or the \fB\s-1BIO\s0\fR layer, even for a blocking \fB\s-1BIO\s0\fR. See \fBSSL_read\fR\|(3) for more information. .Sp \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR is returned when the last operation was a write to a nonblocking \fB\s-1BIO\s0\fR and it was unable to sent all data to the \fB\s-1BIO\s0\fR. When the \fB\s-1BIO\s0\fR is writable again, the same function can be called again. .Sp Note that the retry may again lead to an \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR condition. There is no fixed upper limit for the number of iterations that may be necessary until progress becomes visible at application protocol level. .Sp It is safe to call \fBSSL_read()\fR or \fBSSL_read_ex()\fR when more data is available even when the call that set this error was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR. However, if the call was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR, it should be called again to continue sending the application data. .Sp For socket \fB\s-1BIO\s0\fRs (e.g. when \fBSSL_set_fd()\fR was used), \fBselect()\fR or \&\fBpoll()\fR on the underlying socket can be used to find out when the \&\s-1TLS/SSL I/O\s0 function should be retried. .Sp Caveat: Any \s-1TLS/SSL I/O\s0 function can lead to either of \&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. In particular, \&\fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, or \fBSSL_peek()\fR may want to write data and \fBSSL_write()\fR or \fBSSL_write_ex()\fR may want to read data. This is mainly because \&\s-1TLS/SSL\s0 handshakes may occur at any time during the protocol (initiated by either the client or the server); \fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, \&\fBSSL_peek()\fR, \fBSSL_write_ex()\fR, and \fBSSL_write()\fR will handle any pending handshakes. .IP "\s-1SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT\s0" 4 .IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT" The operation did not complete; the same \s-1TLS/SSL I/O\s0 function should be called again later. The underlying \s-1BIO\s0 was not connected yet to the peer and the call would block in \fBconnect()\fR/\fBaccept()\fR. The \s-1SSL\s0 function should be called again when the connection is established. These messages can only appear with a \fBBIO_s_connect()\fR or \fBBIO_s_accept()\fR \s-1BIO,\s0 respectively. In order to find out, when the connection has been successfully established, on many platforms \fBselect()\fR or \fBpoll()\fR for writing on the socket file descriptor can be used. .IP "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4 .IX Item "SSL_ERROR_WANT_X509_LOOKUP" The operation did not complete because an application callback set by \&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again. The \s-1TLS/SSL I/O\s0 function should be called again later. Details depend on the application. .IP "\s-1SSL_ERROR_WANT_ASYNC\s0" 4 .IX Item "SSL_ERROR_WANT_ASYNC" The operation did not complete because an asynchronous engine is still processing data. This will only occur if the mode has been set to \s-1SSL_MODE_ASYNC\s0 using \fBSSL_CTX_set_mode\fR\|(3) or \fBSSL_set_mode\fR\|(3) and an asynchronous capable engine is being used. An application can determine whether the engine has completed its processing using \fBselect()\fR or \fBpoll()\fR on the asynchronous wait file descriptor. This file descriptor is available by calling \&\fBSSL_get_all_async_fds\fR\|(3) or \fBSSL_get_changed_async_fds\fR\|(3). The \s-1TLS/SSL I/O\s0 function should be called again later. The function \fBmust\fR be called from the same thread that the original call was made from. .IP "\s-1SSL_ERROR_WANT_ASYNC_JOB\s0" 4 .IX Item "SSL_ERROR_WANT_ASYNC_JOB" The asynchronous job could not be started because there were no async jobs available in the pool (see \fBASYNC_init_thread\fR\|(3)). This will only occur if the mode has been set to \s-1SSL_MODE_ASYNC\s0 using \fBSSL_CTX_set_mode\fR\|(3) or \&\fBSSL_set_mode\fR\|(3) and a maximum limit has been set on the async job pool through a call to \fBASYNC_init_thread\fR\|(3). The application should retry the operation after a currently executing asynchronous operation for the current thread has completed. .IP "\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0" 4 .IX Item "SSL_ERROR_WANT_CLIENT_HELLO_CB" The operation did not complete because an application callback set by \&\fBSSL_CTX_set_client_hello_cb()\fR has asked to be called again. The \s-1TLS/SSL I/O\s0 function should be called again later. Details depend on the application. .IP "\s-1SSL_ERROR_SYSCALL\s0" 4 .IX Item "SSL_ERROR_SYSCALL" Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may contain more information on the error. For socket I/O on Unix systems, consult \&\fBerrno\fR for details. If this error occurs then no further I/O operations should be performed on the connection and \fBSSL_shutdown()\fR must not be called. .Sp This value can also be returned for other errors, check the error queue for details. .IP "\s-1SSL_ERROR_SSL\s0" 4 .IX Item "SSL_ERROR_SSL" A non-recoverable, fatal error in the \s-1SSL\s0 library occurred, usually a protocol error. The OpenSSL error queue contains more information on the error. If this error occurs then no further I/O operations should be performed on the connection and \fBSSL_shutdown()\fR must not be called. .SH "BUGS" .IX Header "BUGS" The \fB\s-1SSL_ERROR_SYSCALL\s0\fR with \fBerrno\fR value of 0 indicates unexpected \s-1EOF\s0 from the peer. This will be properly reported as \fB\s-1SSL_ERROR_SSL\s0\fR with reason code \fB\s-1SSL_R_UNEXPECTED_EOF_WHILE_READING\s0\fR in the OpenSSL 3.0 release because it is truly a \s-1TLS\s0 protocol error to terminate the connection without a \fBSSL_shutdown()\fR. .PP The issue is kept unfixed in OpenSSL 1.1.1 releases because many applications which choose to ignore this protocol error depend on the existing way of reporting the error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \s-1SSL_ERROR_WANT_ASYNC\s0 error code was added in OpenSSL 1.1.0. The \s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 error code was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!տSSL_CONF_CTX_set1_prefix.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CONF_CTX_SET1_PREFIX 3" .TH SSL_CONF_CTX_SET1_PREFIX 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CONF_CTX_set1_prefix \- Set configuration context command prefix .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& unsigned int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *prefix); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The function \fBSSL_CONF_CTX_set1_prefix()\fR sets the command prefix of \fBcctx\fR to \fBprefix\fR. If \fBprefix\fR is \fB\s-1NULL\s0\fR it is restored to the default value. .SH "NOTES" .IX Header "NOTES" Command prefixes alter the commands recognised by subsequent \fBSSL_CONF_cmd()\fR calls. For example for files, if the prefix \*(L"\s-1SSL\*(R"\s0 is set then command names such as \*(L"SSLProtocol\*(R", \*(L"SSLOptions\*(R" etc. are recognised instead of \*(L"Protocol\*(R" and \*(L"Options\*(R". Similarly for command lines if the prefix is \*(L"\-\-ssl\-\*(R" then \&\*(L"\-\-ssl\-no_tls1_2\*(R" is recognised instead of \*(L"\-no_tls1_2\*(R". .PP If the \fB\s-1SSL_CONF_FLAG_CMDLINE\s0\fR flag is set then prefix checks are case sensitive and \*(L"\-\*(R" is the default. In the unlikely even an application explicitly wants to set no prefix it must be explicitly set to "". .PP If the \fB\s-1SSL_CONF_FLAG_FILE\s0\fR flag is set then prefix checks are case insensitive and no prefix is the default. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CONF_CTX_set1_prefix()\fR returns 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CONF_CTX_new\fR\|(3), \&\fBSSL_CONF_CTX_set_flags\fR\|(3), \&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), \&\fBSSL_CONF_cmd\fR\|(3), \&\fBSSL_CONF_cmd_argv\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!mU0ERR_clear_error.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ERR_CLEAR_ERROR 3" .TH ERR_CLEAR_ERROR 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" ERR_clear_error \- clear the error queue .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void ERR_clear_error(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBERR_clear_error()\fR empties the current thread's error queue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBERR_clear_error()\fR has no return value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!jͩ BIO_s_null.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BIO_S_NULL 3" .TH BIO_S_NULL 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" BIO_s_null \- null data sink .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const BIO_METHOD *BIO_s_null(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to the null sink is discarded, reads return \s-1EOF.\s0 .SH "NOTES" .IX Header "NOTES" A null sink \s-1BIO\s0 behaves in a similar manner to the Unix /dev/null device. .PP A null bio can be placed on the end of a chain to discard any data passed through it. .PP A null sink is useful if, for example, an application wishes to digest some data by writing through a digest bio but not send the digested data anywhere. Since a \s-1BIO\s0 chain must normally include a source/sink \s-1BIO\s0 this can be achieved by adding a null sink \s-1BIO\s0 to the end of the chain .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ش88 EVP_sm3.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "EVP_SM3 3" .TH EVP_SM3 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" EVP_sm3 \&\- SM3 for EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& const EVP_MD *EVP_sm3(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1SM3\s0 is a cryptographic hash function with a 256\-bit output, defined in \s-1GB/T 32905\-2016.\s0 .IP "\fBEVP_sm3()\fR" 4 .IX Item "EVP_sm3()" The \s-1SM3\s0 hash function. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1GB/T 32905\-2016\s0 and \s-1GM/T 0004\-2012.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. Copyright 2017 Ribose Inc. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!ޡ2F"SSL_CTX_set_cert_verify_callback.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_CERT_VERIFY_CALLBACK 3" .TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, \& int (*callback)(X509_STORE_CTX *, void *), \& void *arg); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for \&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at the time when \fBSSL_new\fR\|(3) is called. .SH "NOTES" .IX Header "NOTES" Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification function is called. If the application does not explicitly specify a verification callback function, the built-in verification function is used. If a verification callback \fIcallback\fR is specified via \&\fBSSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called instead. By setting \fIcallback\fR to \s-1NULL,\s0 the default behaviour is restored. .PP When the verification must be performed, \fIcallback\fR will be called with the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The argument \fIarg\fR is specified by the application when setting \fIcallback\fR. .PP \&\fIcallback\fR should return 1 to indicate verification success and 0 to indicate verification failure. If \s-1SSL_VERIFY_PEER\s0 is set and \fIcallback\fR returns 0, the handshake will fail. As the verification procedure may allow the connection to continue in the case of failure (by always returning 1) the verification result must be set in any case using the \&\fBerror\fR member of \fIx509_store_ctx\fR so that the calling application will be informed about the detailed result of the verification procedure! .PP Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR function set using \fBSSL_CTX_set_verify\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_cert_verify_callback()\fR does not return a value. .SH "WARNINGS" .IX Header "WARNINGS" Do not mix the verification callback described in this function with the \&\fBverify_callback\fR function called during the verification process. The latter is set using the \fBSSL_CTX_set_verify\fR\|(3) family of functions. .PP Providing a complete verification procedure including certificate purpose settings etc is a complex task. The built-in procedure is quite powerful and in most cases it should be sufficient to modify its behaviour using the \fBverify_callback\fR function. .SH "BUGS" .IX Header "BUGS" \&\fBSSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_verify\fR\|(3), \&\fBSSL_get_verify_result\fR\|(3), \&\fBSSL_CTX_load_verify_locations\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!,MFFPKCS12_newpass.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PKCS12_NEWPASS 3" .TH PKCS12_NEWPASS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" PKCS12_newpass \- change the password of a PKCS12 structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBPKCS12_newpass()\fR changes the password of a \s-1PKCS12\s0 structure. .PP \&\fBp12\fR is a pointer to a \s-1PKCS12\s0 structure. \fBoldpass\fR is the existing password and \fBnewpass\fR is the new password. .SH "NOTES" .IX Header "NOTES" Each of \fBoldpass\fR and \fBnewpass\fR is independently interpreted as a string in the \s-1UTF\-8\s0 encoding. If it is not valid \s-1UTF\-8,\s0 it is assumed to be \s-1ISO8859\-1\s0 instead. .PP In particular, this means that passwords in the locale character set (or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before use. This may include passwords from local text files, or input from the terminal or command line. Refer to the documentation of \&\fBUI_OpenSSL\fR\|(3), for example. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPKCS12_newpass()\fR returns 1 on success or 0 on failure. Applications can retrieve the most recent error from \fBPKCS12_newpass()\fR with \fBERR_get_error()\fR. .SH "EXAMPLES" .IX Header "EXAMPLES" This example loads a PKCS#12 file, changes its password and writes out the result to a new file. .PP .Vb 5 \& #include \& #include \& #include \& #include \& #include \& \& int main(int argc, char **argv) \& { \& FILE *fp; \& PKCS12 *p12; \& \& if (argc != 5) { \& fprintf(stderr, "Usage: pkread p12file password newpass opfile\en"); \& return 1; \& } \& if ((fp = fopen(argv[1], "rb")) == NULL) { \& fprintf(stderr, "Error opening file %s\en", argv[1]); \& return 1; \& } \& p12 = d2i_PKCS12_fp(fp, NULL); \& fclose(fp); \& if (p12 == NULL) { \& fprintf(stderr, "Error reading PKCS#12 file\en"); \& ERR_print_errors_fp(stderr); \& return 1; \& } \& if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) { \& fprintf(stderr, "Error changing password\en"); \& ERR_print_errors_fp(stderr); \& PKCS12_free(p12); \& return 1; \& } \& if ((fp = fopen(argv[4], "wb")) == NULL) { \& fprintf(stderr, "Error opening file %s\en", argv[4]); \& PKCS12_free(p12); \& return 1; \& } \& i2d_PKCS12_fp(fp, p12); \& PKCS12_free(p12); \& fclose(fp); \& return 0; \& } .Ve .SH "NOTES" .IX Header "NOTES" If the PKCS#12 structure does not have a password, then you must use the empty string "" for \fBoldpass\fR. Using \s-1NULL\s0 for \fBoldpass\fR will result in a \&\fBPKCS12_newpass()\fR failure. .PP If the wrong password is used for \fBoldpass\fR then the function will fail, with a \s-1MAC\s0 verification error. In rare cases the \s-1PKCS12\s0 structure does not contain a \s-1MAC:\s0 in this case it will usually fail with a decryption padding error. .SH "BUGS" .IX Header "BUGS" The password format is a \s-1NULL\s0 terminated \s-1ASCII\s0 string which is converted to Unicode form internally. As a result some passwords cannot be supplied to this function. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPKCS12_create\fR\|(3), \fBERR_get_error\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!L  RAND_cleanup.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "RAND_CLEANUP 3" .TH RAND_CLEANUP 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" RAND_cleanup \- erase the PRNG state .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& #if OPENSSL_API_COMPAT < 0x10100000L \& void RAND_cleanup(void) \& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" Prior to OpenSSL 1.1.0, \fBRAND_cleanup()\fR released all resources used by the \s-1PRNG.\s0 As of version 1.1.0, it does nothing and should not be called, since no explicit initialisation or de-initialisation is necessary. See \&\fBOPENSSL_init_crypto\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_cleanup()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\s-1\fBRAND\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" \&\fBRAND_cleanup()\fR was deprecated in OpenSSL 1.1.0; do not use it. See \fBOPENSSL_init_crypto\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!yIICMS_uncompress.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CMS_UNCOMPRESS 3" .TH CMS_UNCOMPRESS 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CMS_uncompress \- uncompress a CMS CompressedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBCMS_uncompress()\fR extracts and uncompresses the content from a \s-1CMS\s0 CompressedData structure \fBcms\fR. \fBdata\fR is a \s-1BIO\s0 to write the content to and \&\fBflags\fR is an optional set of flags. .PP The \fBdcont\fR parameter is used in the rare case where the compressed content is detached. It will normally be set to \s-1NULL.\s0 .SH "NOTES" .IX Header "NOTES" The only currently supported compression algorithm is zlib: if the structure indicates the use of any other algorithm an error is returned. .PP If zlib support is not compiled into OpenSSL then \fBCMS_uncompress()\fR will always return an error. .PP The following flags can be passed in the \fBflags\fR parameter. .PP If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted from the content. If the content is not of type \fBtext/plain\fR then an error is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_uncompress()\fR returns either 1 for success or 0 for failure. The error can be obtained from \fBERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" The lack of single pass processing and the need to hold all data in memory as mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decompress()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_compress\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!gΨll CMS_final.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "CMS_FINAL 3" .TH CMS_FINAL 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" CMS_final \- finalise a CMS_ContentInfo structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBCMS_final()\fR finalises the structure \fBcms\fR. Its purpose is to perform any operations necessary on \fBcms\fR (digest computation for example) and set the appropriate fields. The parameter \fBdata\fR contains the content to be processed. The \fBdcont\fR parameter contains a \s-1BIO\s0 to write content to after processing: this is only used with detached data and will usually be set to \&\s-1NULL.\s0 .SH "NOTES" .IX Header "NOTES" This function will normally be called when the \fB\s-1CMS_PARTIAL\s0\fR flag is used. It should only be used when streaming is not performed because the streaming I/O functions perform finalisation operations internally. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_final()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), \&\fBCMS_encrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK!.1SSL_CONF_cmd_argv.3nu[.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "SSL_CONF_CMD_ARGV 3" .TH SSL_CONF_CMD_ARGV 3 "2023-09-11" "1.1.1w" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SSL_CONF_cmd_argv \- SSL configuration command line processing .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& \& int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The function \fBSSL_CONF_cmd_argv()\fR processes at most two command line arguments from \fBpargv\fR and \fBpargc\fR. The values of \fBpargv\fR and \fBpargc\fR are updated to reflect the number of command options processed. The \fBpargc\fR argument can be set to \fB\s-1NULL\s0\fR if it is not used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CONF_cmd_argv()\fR returns the number of command arguments processed: 0, 1, 2 or a negative error code. .PP If \-2 is returned then an argument for a command is missing. .PP If \-1 is returned the command is recognised but couldn't be processed due to an error: for example a syntax error in the argument. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CONF_CTX_new\fR\|(3), \&\fBSSL_CONF_CTX_set_flags\fR\|(3), \&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), \&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), \&\fBSSL_CONF_cmd\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at . PK! m&$$ ld_errno.3nu[.lf 1 stdin .TH LDAP_ERROR 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char *ldap_err2string( int \fIerr\fB ); .SH DESCRIPTION The .B ldap_err2string() routine provides short description of the various codes returned by routines in this library. The returned string is a pointer to a static area that should not be modified. These codes are either negative, indicating an API error code; positive, indicating an LDAP resultCode other than \'success' (0), or - zero, indicating both successful use of the API and the LDAP resultCode \'success' (0). The code associated with an LDAP session is accessible using .BR ldap_get_option (3) and .BR ldap_set_option (3) with the .B LDAP_OPT_RESULT_CODE option (previously called .BR LDAP_OPT_ERROR_NUMBER ). .SH PROTOCOL RESULT CODES This section provides a partial list of protocol codes recognized by the library. As LDAP is extensible, additional values may be returned. A complete listing of \fIregistered\fP LDAP result codes can be obtained from the \fIInternet Assigned Numbers Authority\fP . .LP .TP 20 .SM LDAP_SUCCESS The request was successful. .TP .SM LDAP_OPERATIONS_ERROR An operations error occurred. .TP .SM LDAP_PROTOCOL_ERROR A protocol violation was detected. .TP .SM LDAP_TIMELIMIT_EXCEEDED An LDAP time limit was exceeded. .TP .SM LDAP_SIZELIMIT_EXCEEDED An LDAP size limit was exceeded. .TP .SM LDAP_COMPARE_FALSE A compare operation returned false. .TP .SM LDAP_COMPARE_TRUE A compare operation returned true. .TP .SM LDAP_STRONG_AUTH_NOT_SUPPORTED The LDAP server does not support strong authentication. .TP .SM LDAP_STRONG_AUTH_REQUIRED Strong authentication is required for the operation. .TP .SM LDAP_PARTIAL_RESULTS Partial results only returned. .TP .SM LDAP_NO_SUCH_ATTRIBUTE The attribute type specified does not exist in the entry. .TP .SM LDAP_UNDEFINED_TYPE The attribute type specified is invalid. .TP .SM LDAP_INAPPROPRIATE_MATCHING Filter type not supported for the specified attribute. .TP .SM LDAP_CONSTRAINT_VIOLATION An attribute value specified violates some constraint (e.g., a postalAddress has too many lines, or a line that is too long). .TP .SM LDAP_TYPE_OR_VALUE_EXISTS An attribute type or attribute value specified already exists in the entry. .TP .SM LDAP_INVALID_SYNTAX An invalid attribute value was specified. .TP .SM LDAP_NO_SUCH_OBJECT The specified object does not exist in The Directory. .TP .SM LDAP_ALIAS_PROBLEM An alias in The Directory points to a nonexistent entry. .TP .SM LDAP_INVALID_DN_SYNTAX A syntactically invalid DN was specified. .TP .SM LDAP_IS_LEAF The object specified is a leaf. .TP .SM LDAP_ALIAS_DEREF_PROBLEM A problem was encountered when dereferencing an alias. .TP .SM LDAP_INAPPROPRIATE_AUTH Inappropriate authentication was specified (e.g., LDAP_AUTH_SIMPLE was specified and the entry does not have a userPassword attribute). .TP .SM LDAP_INVALID_CREDENTIALS Invalid credentials were presented (e.g., the wrong password). .TP .SM LDAP_INSUFFICIENT_ACCESS The user has insufficient access to perform the operation. .TP .SM LDAP_BUSY The DSA is busy. .TP .SM LDAP_UNAVAILABLE The DSA is unavailable. .TP .SM LDAP_UNWILLING_TO_PERFORM The DSA is unwilling to perform the operation. .TP .SM LDAP_LOOP_DETECT A loop was detected. .TP .SM LDAP_NAMING_VIOLATION A naming violation occurred. .TP .SM LDAP_OBJECT_CLASS_VIOLATION An object class violation occurred (e.g., a "must" attribute was missing from the entry). .TP .SM LDAP_NOT_ALLOWED_ON_NONLEAF The operation is not allowed on a nonleaf object. .TP .SM LDAP_NOT_ALLOWED_ON_RDN The operation is not allowed on an RDN. .TP .SM LDAP_ALREADY_EXISTS The entry already exists. .TP .SM LDAP_NO_OBJECT_CLASS_MODS Object class modifications are not allowed. .TP .SM LDAP_OTHER An unknown error occurred. .SH API ERROR CODES This section provides a complete list of API error codes recognized by the library. Note that LDAP_SUCCESS indicates success of an API call in addition to representing the return of the LDAP \'success' resultCode. .LP .TP 20 .SM LDAP_SERVER_DOWN The LDAP library can't contact the LDAP server. .TP .SM LDAP_LOCAL_ERROR Some local error occurred. This is usually a failed dynamic memory allocation. .TP .SM LDAP_ENCODING_ERROR An error was encountered encoding parameters to send to the LDAP server. .TP .SM LDAP_DECODING_ERROR An error was encountered decoding a result from the LDAP server. .TP .SM LDAP_TIMEOUT A timelimit was exceeded while waiting for a result. .TP .SM LDAP_AUTH_UNKNOWN The authentication method specified to ldap_bind() is not known. .TP .SM LDAP_FILTER_ERROR An invalid filter was supplied to ldap_search() (e.g., unbalanced parentheses). .TP .SM LDAP_PARAM_ERROR An ldap routine was called with a bad parameter. .TP .SM LDAP_NO_MEMORY An memory allocation (e.g., malloc(3) or other dynamic memory allocator) call failed in an ldap library routine. .TP .SM LDAP_USER_CANCELED Indicates the user cancelled the operation. .TP .SM LDAP_CONNECT_ERROR Indicates a connection problem. .TP .SM LDAP_NOT_SUPPORTED Indicates the routine was called in a manner not supported by the library. .TP .SM LDAP_CONTROL_NOT_FOUND Indicates the control provided is unknown to the client library. .TP .SM LDAP_NO_RESULTS_RETURNED Indicates no results returned. .TP .SM LDAP_MORE_RESULTS_TO_RETURN Indicates more results could be returned. .TP .SM LDAP_CLIENT_LOOP Indicates the library has detected a loop in its processing. .TP .SM LDAP_REFERRAL_LIMIT_EXCEEDED Indicates the referral limit has been exceeded. .SH DEPRECATED .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 220 stdin .SH SEE ALSO .BR ldap (3), .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 225 stdin PK!շY ber_bvfree.3nu[.lf 1 stdin .TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .nf .ft B typedef impl_tag_t ber_tag_t; typedef impl_int_t ber_int_t; typedef impl_uint_t ber_uint_t; typedef impl_len_t ber_len_t; typedef impl_slen_t ber_slen_t; typedef struct berval { ber_len_t bv_len; char *bv_val; } BerValue, *BerVarray; typedef struct berelement BerElement; .ft .fi .LP .BI "void ber_bvfree(struct berval *" bv ");" .LP .BI "void ber_bvecfree(struct berval **" bvec ");" .LP .BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");" .LP .BI "void ber_bvarray_free(struct berval *" bvarray ");" .LP .BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");" .LP .BI "struct berval *ber_bvdup(const struct berval *" bv ");" .LP .BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");" .LP .BI "struct berval *ber_bvstr(const char *" str ");" .LP .BI "struct berval *ber_bvstrdup(const char *" str ");" .LP .BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");" .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "BerElement *ber_init(struct berval *" bv ");" .LP .BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");" .LP .BI "void ber_free(BerElement *" ber ", int " freebuf ");" .SH DESCRIPTION .LP The following are the basic types and structures defined for use with the Lightweight BER library. .LP .B ber_int_t is a signed integer of at least 32 bits. It is commonly equivalent to .BR int . .B ber_uint_t is the unsigned variant of .BR ber_int_t . .LP .B ber_len_t is an unsigned integer of at least 32 bits used to represent a length. It is commonly equivalent to a .BR size_t . .B ber_slen_t is the signed variant to .BR ber_len_t . .LP .B ber_tag_t is an unsigned integer of at least 32 bits used to represent a BER tag. It is commonly equivalent to a .BR unsigned\ long . .LP The actual definitions of the integral impl_TYPE_t types are platform specific. .LP .BR BerValue , commonly used as .BR struct\ berval , is used to hold an arbitrary sequence of octets. .B bv_val points to .B bv_len octets. .B bv_val is not necessarily terminated by a NULL (zero) octet. .BR ber_bvfree () frees a BerValue, pointed to by \fIbv\fP, returned from this API. If \fIbv\fP is NULL, the routine does nothing. .LP .BR ber_bvecfree () frees an array of BerValues (and the array), pointed to by \fIbvec\fP, returned from this API. If \fIbvec\fP is NULL, the routine does nothing. .BR ber_bvecadd () appends the \fIbv\fP pointer to the \fIbvec\fP array. Space for the array is allocated as needed. The end of the array is marked by a NULL pointer. .LP .BR ber_bvarray_free () frees an array of BerValues (and the array), pointed to by \fIbvarray\fP, returned from this API. If \fIbvarray\fP is NULL, the routine does nothing. .BR ber_bvarray_add () appends the contents of the BerValue pointed to by \fIbv\fP to the \fIbvarray\fP array. Space for the new element is allocated as needed. The end of the array is marked by a BerValue with a NULL bv_val field. .LP .BR ber_bvdup () returns a copy of a BerValue. The routine returns NULL upon error (e.g. out of memory). The caller should use .BR ber_bvfree () to deallocate the resulting BerValue. .BR ber_dupbv () copies a BerValue from \fIsrc\fP to \fIdst\fP. If \fIdst\fP is NULL a new BerValue will be allocated to hold the copy. The routine returns NULL upon error, otherwise it returns a pointer to the copy. If \fIdst\fP is NULL the caller should use .BR ber_bvfree () to deallocate the resulting BerValue, otherwise .BR ber_memfree () should be used to deallocate the \fIdst->bv_val\fP. (The .BR ber_bvdup () function is internally implemented as ber_dupbv(NULL, bv). .BR ber_bvdup () is provided only for compatibility with an expired draft of the LDAP C API; .BR ber_dupbv () is the preferred interface.) .LP .BR ber_bvstr () returns a BerValue containing the string pointed to by \fIstr\fP. .BR ber_bvstrdup () returns a BerValue containing a copy of the string pointed to by \fIstr\fP. .BR ber_str2bv () returns a BerValue containing the string pointed to by \fIstr\fP, whose length may be optionally specified in \fIlen\fP. If \fIdup\fP is non-zero, the BerValue will contain a copy of \fIstr\fP. If \fIlen\fP is zero, the number of bytes to copy will be determined by .BR strlen (3), otherwise \fIlen\fP bytes will be copied. If \fIbv\fP is non-NULL, the result will be stored in the given BerValue, otherwise a new BerValue will be allocated to store the result. NOTE: Both .BR ber_bvstr () and .BR ber_bvstrdup () are implemented as macros using .BR ber_str2bv () in this version of the library. .LP .B BerElement is an opaque structure used to maintain state information used in encoding and decoding. .BR ber_alloc_t () is used to create an empty BerElement structure. If .B LBER_USE_DER is specified for the .I options parameter then data lengths for data written to the BerElement will be encoded in the minimal number of octets required, otherwise they will always be written as four byte values. .BR ber_init () creates a BerElement structure that is initialized with a copy of the data in its .I bv parameter. .BR ber_init2 () initializes an existing BerElement .I ber using the data in the .I bv parameter. The data is referenced directly, not copied. The .I options parameter is the same as for .BR ber_alloc_t (). .BR ber_free () frees a BerElement pointed to by \fIber\fP. If \fIber\fP is NULL, the routine does nothing. If \fIfreebuf\fP is zero, the internal buffer is not freed. .SH SEE ALSO .BR lber-encode (3), .BR lber-decode (3), .BR lber-memory (3) .LP .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 189 stdin PK!4ldap_modify_s.3nu[.lf 1 stdin .TH LDAP_MODIFY 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_modify_ext, ldap_modify_ext_s \- Perform an LDAP modify operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_modify_ext( .RS .ft B LDAP *\fIld\fB, char *\fIdn\fB, LDAPMod *\fImods[]\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB, int *\fImsgidp\fB ); .RE .LP .nf .ft B int ldap_modify_ext_s( .RS .ft B LDAP *\fIld\fB, char *\fIdn\fB, LDAPMod *\fImods[]\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB ); .RE .LP .nf .ft B void ldap_mods_free( .RS .ft B LDAPMod **\fImods\fB, int \fIfreemods\fB ); .RE .SH DESCRIPTION The routine .B ldap_modify_ext_s() is used to perform an LDAP modify operation. \fIdn\fP is the DN of the entry to modify, and \fImods\fP is a null-terminated array of modifications to make to the entry. Each element of the \fImods\fP array is a pointer to an LDAPMod structure, which is defined below. .LP .nf typedef struct ldapmod { int mod_op; char *mod_type; union { char **modv_strvals; struct berval **modv_bvals; } mod_vals; struct ldapmod *mod_next; } LDAPMod; #define mod_values mod_vals.modv_strvals #define mod_bvalues mod_vals.modv_bvals .ft .fi .LP The \fImod_op\fP field is used to specify the type of modification to perform and should be one of LDAP_MOD_ADD, LDAP_MOD_DELETE, or LDAP_MOD_REPLACE. The \fImod_type\fP and \fImod_values\fP fields specify the attribute type to modify and a null-terminated array of values to add, delete, or replace respectively. The \fImod_next\fP field is used only by the LDAP server and may be ignored by the client. .LP If you need to specify a non-string value (e.g., to add a photo or audio attribute value), you should set \fImod_op\fP to the logical OR of the operation as above (e.g., LDAP_MOD_REPLACE) and the constant LDAP_MOD_BVALUES. In this case, \fImod_bvalues\fP should be used instead of \fImod_values\fP, and it should point to a null-terminated array of struct bervals, as defined in . .LP For LDAP_MOD_ADD modifications, the given values are added to the entry, creating the attribute if necessary. For LDAP_MOD_DELETE modifications, the given values are deleted from the entry, removing the attribute if no values remain. If the entire attribute is to be deleted, the \fImod_values\fP field should be set to NULL. For LDAP_MOD_REPLACE modifications, the attribute will have the listed values after the modification, having been created if necessary. All modifications are performed in the order in which they are listed. .LP .B ldap_mods_free() can be used to free each element of a NULL-terminated array of mod structures. If \fIfreemods\fP is non-zero, the \fImods\fP pointer itself is freed as well. .LP .B ldap_modify_ext_s() returns a code indicating success or, in the case of failure, indicating the nature of the failure. See .BR ldap_error (3) for details .LP The .B ldap_modify_ext() operation works the same way as .BR ldap_modify_ext_s() , except that it is asynchronous. The integer that \fImsgidp\fP points to is set to the message id of the modify request. The result of the operation can be obtained by calling .BR ldap_result (3). .LP Both .B ldap_modify_ext() and .B ldap_modify_ext_s() allows server and client controls to be passed in via the sctrls and cctrls parameters, respectively. .SH DEPRECATED INTERFACES The .B ldap_modify() and .B ldap_modify_s() routines are deprecated in favor of the .B ldap_modify_ext() and .B ldap_modify_ext_s() routines, respectively. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 132 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 137 stdin PK!1ܽ ldap_control_create.3nu[.lf 1 stdin .TH LDAP_CONTROLS 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_control_create, ldap_control_find, ldap_control_dup, ldap_controls_dup, ldap_control_free, ldap_controls_free \- LDAP control manipulation routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "int ldap_control_create(const char *" oid ", int " iscritical ", struct berval *" value ", int " dupval ", LDAPControl **" ctrlp ");" .LP .BI "LDAPControl *ldap_control_find( const char *" oid ", LDAPControl **" ctrls ", LDAPControl ***" nextctrlp ");" .LP .BI "LDAPControl *ldap_control_dup(LDAPControl *" ctrl ");" .LP .BI "LDAPControl **ldap_controls_dup(LDAPControl **" ctrls ");" .LP .BI "void ldap_control_free(LDAPControl *" ctrl ");" .LP .BI "void ldap_controls_free(LDAPControl **" ctrls ");" .SH DESCRIPTION These routines are used to manipulate structures used for LDAP controls. .BR ldap_control_create () creates a control with the specified .I OID using the contents of the .I value parameter for the control value, if any. The content of .I value is duplicated if .I dupval is non-zero. The .I iscritical parameter must be non-zero for a critical control. The created control is returned in the .I ctrlp parameter. The routine returns .B LDAP_SUCCESS on success or some other error code on failure. The content of .IR value , for supported control types, can be prepared using helpers provided by this implementation of libldap, usually in the form .BR "ldap_create__control_value" (). Otherwise, it can be BER-encoded using the functionalities of liblber. .BR ldap_control_find () searches the NULL-terminated .I ctrls array for a control whose OID matches the .I oid parameter. The routine returns a pointer to the control if found, NULL otherwise. If the parameter .I nextctrlp is not NULL, on return it will point to the next control in the array, and can be passed to the .BR ldap_control_find () routine for subsequent calls, to find further occurrences of the same control type. The use of this function is discouraged; the recommended way of handling controls in responses consists in going through the array of controls, dealing with each of them in the returned order, since it could matter. .BR ldap_control_dup () duplicates an individual control structure, and .BR ldap_controls_dup () duplicates a NULL-terminated array of controls. .BR ldap_control_free () frees an individual control structure, and .BR ldap_controls_free () frees a NULL-terminated array of controls. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 85 stdin PK!00ldap_memfree.3nu[.lf 1 stdin .TH LDAP_MEMORY 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "void ldap_memfree(void *" p ");" .LP .BI "void ldap_memvfree(void **" v ");" .LP .BI "void *ldap_memalloc(ber_len_t " s ");" .LP .BI "void *ldap_memcalloc(ber_len_t " n ", ber_len_t " s ");" .LP .BI "void *ldap_memrealloc(void *" p ", ber_len_t " s ");" .LP .BI "char *ldap_strdup(LDAP_CONST char *" p ");" .SH DESCRIPTION These routines are used to allocate/deallocate memory used/returned by the LDAP library. .BR ldap_memalloc (), .BR ldap_memcalloc (), .BR ldap_memrealloc (), and .BR ldap_memfree () are used exactly like the standard .BR malloc (3), .BR calloc (3), .BR realloc (3), and .BR free (3) routines, respectively. The .BR ldap_memvfree () routine is used to free a dynamically allocated array of pointers to arbitrary dynamically allocated objects. The .BR ldap_strdup () routine is used exactly like the standard .BR strdup (3) routine. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 51 stdin PK!00ldap_memcalloc.3nu[.lf 1 stdin .TH LDAP_MEMORY 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "void ldap_memfree(void *" p ");" .LP .BI "void ldap_memvfree(void **" v ");" .LP .BI "void *ldap_memalloc(ber_len_t " s ");" .LP .BI "void *ldap_memcalloc(ber_len_t " n ", ber_len_t " s ");" .LP .BI "void *ldap_memrealloc(void *" p ", ber_len_t " s ");" .LP .BI "char *ldap_strdup(LDAP_CONST char *" p ");" .SH DESCRIPTION These routines are used to allocate/deallocate memory used/returned by the LDAP library. .BR ldap_memalloc (), .BR ldap_memcalloc (), .BR ldap_memrealloc (), and .BR ldap_memfree () are used exactly like the standard .BR malloc (3), .BR calloc (3), .BR realloc (3), and .BR free (3) routines, respectively. The .BR ldap_memvfree () routine is used to free a dynamically allocated array of pointers to arbitrary dynamically allocated objects. The .BR ldap_strdup () routine is used exactly like the standard .BR strdup (3) routine. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 51 stdin PK!qqldap_explode_dn.3nu[.lf 1 stdin .TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char *ldap_get_dn( LDAP *ld, LDAPMessage *entry ) .LP .ft B int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags ) .LP .ft B void ldap_dnfree( LDAPDN dn ) .LP .ft B int ldap_dn2str( LDAPDN dn, char **str, unsigned flags ) .LP .ft B char **ldap_explode_dn( const char *dn, int notypes ) .LP .ft B char **ldap_explode_rdn( const char *rdn, int notypes ) .LP .ft B char *ldap_dn2ufn( const char * dn ) .LP .ft B char *ldap_dn2dcedn( const char * dn ) .LP .ft B char *ldap_dcedn2dn( const char * dn ) .LP .ft B char *ldap_dn2ad_canonical( const char * dn ) .SH DESCRIPTION These routines allow LDAP entry names (Distinguished Names, or DNs) to be obtained, parsed, converted to a user-friendly form, and tested. A DN has the form described in RFC 4414 "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names". .LP The .B ldap_get_dn() routine takes an \fIentry\fP as returned by .BR ldap_first_entry (3) or .BR ldap_next_entry (3) and returns a copy of the entry's DN. Space for the DN will be obtained dynamically and should be freed by the caller using .BR ldap_memfree (3). .LP .B ldap_str2dn() parses a string representation of a distinguished name contained in .B str into its components, which are stored in .B dn as .B ldap_ava structures, arranged in .B LDAPAVA, .B LDAPRDN, and .B LDAPDN terms. Space for .B dn will be obtained dynamically and should be freed by the caller using .BR ldap_dnfree (3). The .B LDAPDN is defined as: .nf .ft B typedef struct ldap_ava { struct berval la_attr; struct berval la_value; unsigned la_flags; } LDAPAVA; typedef LDAPAVA** LDAPRDN; typedef LDAPRDN* LDAPDN; .ft .fi The attribute types and the attribute values are not normalized. The .B la_flags can be either .B LDAP_AVA_STRING or .B LDAP_AVA_BINARY, the latter meaning that the value is BER/DER encoded and thus must be represented as, quoting from RFC 4514, " ... an octothorpe character ('#' ASCII 35) followed by the hexadecimal representation of each of the bytes of the BER encoding of the X.500 AttributeValue." The .B flags parameter to .B ldap_str2dn() can be .LP .nf LDAP_DN_FORMAT_LDAPV3 LDAP_DN_FORMAT_LDAPV2 LDAP_DN_FORMAT_DCE .fi which defines what DN syntax is expected (according to RFC 4514, RFC 1779 and DCE, respectively). The format can be \fIOR\fPed to the flags .LP .nf LDAP_DN_P_NO_SPACES LDAP_DN_P_NO_SPACE_AFTER_RDN ... LDAP_DN_PEDANTIC .fi The latter is a shortcut for all the previous limitations. .LP .B LDAP_DN_P_NO_SPACES does not allow extra spaces in the dn; the default is to silently eliminate spaces around AVA separators ('='), RDN component separators ('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators (',' LDAPv3/LDAPv2 or '/' for DCE). .LP .B LDAP_DN_P_NO_SPACE_AFTER_RDN does not allow a single space after RDN separators. .LP .B ldap_dn2str() performs the inverse operation, yielding in .B str a string representation of .B dn. It allows the same values for .B flags as .B ldap_str2dn(), plus .LP .nf LDAP_DN_FORMAT_UFN LDAP_DN_FORMAT_AD_CANONICAL .fi for user-friendly naming (RFC 1781) and AD canonical. .LP The following routines are viewed as deprecated in favor of .B ldap_str2dn() and .BR ldap_dn2str(). They are provided to support legacy applications. .LP The .B ldap_explode_dn() routine takes a DN as returned by .B ldap_get_dn() and breaks it up into its component parts. Each part is known as a Relative Distinguished Name, or RDN. .B ldap_explode_dn() returns a NULL-terminated array, each component of which contains an RDN from the DN. The \fInotypes\fP parameter is used to request that only the RDN values be returned, not their types. For example, the DN "cn=Bob, c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob", "US", NULL }, depending on whether notypes was 0 or 1, respectively. Assertion values in RDN strings may included escaped characters. The result can be freed by calling .BR ldap_value_free (3). .LP Similarly, the .B ldap_explode_rdn() routine takes an RDN as returned by .B ldap_explode_dn(dn,0) and breaks it up into its "type=value" component parts (or just "value", if the \fInotypes\fP parameter is set). Note the value is not unescaped. The result can be freed by calling .BR ldap_value_free (3). .LP .B ldap_dn2ufn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a more user-friendly form, stripping off all type names. See "Using the Directory to Achieve User Friendly Naming" (RFC 1781) for more details on the UFN format. Due to the ambiguous nature of the format, it is generally only used for display purposes. The space for the UFN returned is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .LP .B ldap_dn2dcedn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a DCE-style DN, e.g. a string with most-significant to least significant rdns separated by slashes ('/'); rdn components are separated by commas (','). Only printable chars (e.g. LDAPv2 printable string) are allowed, at least in this implementation. .B ldap_dcedn2dn() performs the opposite operation. .B ldap_dn2ad_canonical() turns a DN into a AD canonical name, which is basically a DCE dn with attribute types omitted. The trailing domain, if present, is turned in a DNS-like domain. The space for the returned value is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .SH ERRORS If an error occurs in .BR ldap_get_dn() , NULL is returned and the .B ld_errno field in the \fIld\fP parameter is set to indicate the error. See .BR ldap_error (3) for a description of possible error codes. .BR ldap_explode_dn() , .BR ldap_explode_rdn() , .B ldap_dn2ufn(), .B ldap_dn2dcedn(), .B ldap_dcedn2dn(), and .B ldap_dn2ad_canonical() will return NULL with .BR errno (3) set appropriately in case of trouble. .SH NOTES These routines dynamically allocate memory that the caller must free. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_first_entry (3), .BR ldap_memfree (3), .BR ldap_value_free (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 247 stdin PK!շY ber_bvecadd.3nu[.lf 1 stdin .TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .nf .ft B typedef impl_tag_t ber_tag_t; typedef impl_int_t ber_int_t; typedef impl_uint_t ber_uint_t; typedef impl_len_t ber_len_t; typedef impl_slen_t ber_slen_t; typedef struct berval { ber_len_t bv_len; char *bv_val; } BerValue, *BerVarray; typedef struct berelement BerElement; .ft .fi .LP .BI "void ber_bvfree(struct berval *" bv ");" .LP .BI "void ber_bvecfree(struct berval **" bvec ");" .LP .BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");" .LP .BI "void ber_bvarray_free(struct berval *" bvarray ");" .LP .BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");" .LP .BI "struct berval *ber_bvdup(const struct berval *" bv ");" .LP .BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");" .LP .BI "struct berval *ber_bvstr(const char *" str ");" .LP .BI "struct berval *ber_bvstrdup(const char *" str ");" .LP .BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");" .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "BerElement *ber_init(struct berval *" bv ");" .LP .BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");" .LP .BI "void ber_free(BerElement *" ber ", int " freebuf ");" .SH DESCRIPTION .LP The following are the basic types and structures defined for use with the Lightweight BER library. .LP .B ber_int_t is a signed integer of at least 32 bits. It is commonly equivalent to .BR int . .B ber_uint_t is the unsigned variant of .BR ber_int_t . .LP .B ber_len_t is an unsigned integer of at least 32 bits used to represent a length. It is commonly equivalent to a .BR size_t . .B ber_slen_t is the signed variant to .BR ber_len_t . .LP .B ber_tag_t is an unsigned integer of at least 32 bits used to represent a BER tag. It is commonly equivalent to a .BR unsigned\ long . .LP The actual definitions of the integral impl_TYPE_t types are platform specific. .LP .BR BerValue , commonly used as .BR struct\ berval , is used to hold an arbitrary sequence of octets. .B bv_val points to .B bv_len octets. .B bv_val is not necessarily terminated by a NULL (zero) octet. .BR ber_bvfree () frees a BerValue, pointed to by \fIbv\fP, returned from this API. If \fIbv\fP is NULL, the routine does nothing. .LP .BR ber_bvecfree () frees an array of BerValues (and the array), pointed to by \fIbvec\fP, returned from this API. If \fIbvec\fP is NULL, the routine does nothing. .BR ber_bvecadd () appends the \fIbv\fP pointer to the \fIbvec\fP array. Space for the array is allocated as needed. The end of the array is marked by a NULL pointer. .LP .BR ber_bvarray_free () frees an array of BerValues (and the array), pointed to by \fIbvarray\fP, returned from this API. If \fIbvarray\fP is NULL, the routine does nothing. .BR ber_bvarray_add () appends the contents of the BerValue pointed to by \fIbv\fP to the \fIbvarray\fP array. Space for the new element is allocated as needed. The end of the array is marked by a BerValue with a NULL bv_val field. .LP .BR ber_bvdup () returns a copy of a BerValue. The routine returns NULL upon error (e.g. out of memory). The caller should use .BR ber_bvfree () to deallocate the resulting BerValue. .BR ber_dupbv () copies a BerValue from \fIsrc\fP to \fIdst\fP. If \fIdst\fP is NULL a new BerValue will be allocated to hold the copy. The routine returns NULL upon error, otherwise it returns a pointer to the copy. If \fIdst\fP is NULL the caller should use .BR ber_bvfree () to deallocate the resulting BerValue, otherwise .BR ber_memfree () should be used to deallocate the \fIdst->bv_val\fP. (The .BR ber_bvdup () function is internally implemented as ber_dupbv(NULL, bv). .BR ber_bvdup () is provided only for compatibility with an expired draft of the LDAP C API; .BR ber_dupbv () is the preferred interface.) .LP .BR ber_bvstr () returns a BerValue containing the string pointed to by \fIstr\fP. .BR ber_bvstrdup () returns a BerValue containing a copy of the string pointed to by \fIstr\fP. .BR ber_str2bv () returns a BerValue containing the string pointed to by \fIstr\fP, whose length may be optionally specified in \fIlen\fP. If \fIdup\fP is non-zero, the BerValue will contain a copy of \fIstr\fP. If \fIlen\fP is zero, the number of bytes to copy will be determined by .BR strlen (3), otherwise \fIlen\fP bytes will be copied. If \fIbv\fP is non-NULL, the result will be stored in the given BerValue, otherwise a new BerValue will be allocated to store the result. NOTE: Both .BR ber_bvstr () and .BR ber_bvstrdup () are implemented as macros using .BR ber_str2bv () in this version of the library. .LP .B BerElement is an opaque structure used to maintain state information used in encoding and decoding. .BR ber_alloc_t () is used to create an empty BerElement structure. If .B LBER_USE_DER is specified for the .I options parameter then data lengths for data written to the BerElement will be encoded in the minimal number of octets required, otherwise they will always be written as four byte values. .BR ber_init () creates a BerElement structure that is initialized with a copy of the data in its .I bv parameter. .BR ber_init2 () initializes an existing BerElement .I ber using the data in the .I bv parameter. The data is referenced directly, not copied. The .I options parameter is the same as for .BR ber_alloc_t (). .BR ber_free () frees a BerElement pointed to by \fIber\fP. If \fIber\fP is NULL, the routine does nothing. If \fIfreebuf\fP is zero, the internal buffer is not freed. .SH SEE ALSO .BR lber-encode (3), .BR lber-decode (3), .BR lber-memory (3) .LP .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 189 stdin PK!}q ldap_add.3nu[.lf 1 stdin .TH LDAP_ADD 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_add_ext, ldap_add_ext_s \- Perform an LDAP add operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .ft B #include .LP .ft B .nf int ldap_add_ext( .RS .ft B LDAP *\fIld, const char *\fIdn\fB, LDAPMod **\fIattrs\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB, int *\fImsgidp\fB ); .RE .LP .ft B .nf int ldap_add_ext_s( .RS LDAP *\fIld\fB, const char *\fIdn\fB, LDAPMod **\fIattrs\fB, LDAPControl *\fIsctrls\fB, LDAPControl *\fIcctrls\fB ); .RE .fi .SH DESCRIPTION The .B ldap_add_ext_s() routine is used to perform an LDAP add operation. It takes \fIdn\fP, the DN of the entry to add, and \fIattrs\fP, a null-terminated array of the entry's attributes. The LDAPMod structure is used to represent attributes, with the \fImod_type\fP and \fImod_values\fP fields being used as described under .BR ldap_modify_ext (3), and the \fIldap_op\fP field being used only if you need to specify the LDAP_MOD_BVALUES option. Otherwise, it should be set to zero. .LP Note that all entries except that specified by the last component in the given DN must already exist. .B ldap_add_ext_s() returns an code indicating success or, in the case of failure, indicating the nature of failure of the operation. See .BR ldap_error (3) for more details. .LP The .B ldap_add_ext() routine works just like .BR ldap_add_ext_s() , but it is asynchronous. It returns the message id of the request it initiated. The result of this operation can be obtained by calling .BR ldap_result (3). .SH DEPRECATED INTERFACES The .BR ldap_add () and .BR ldap_add_s () routines are deprecated in favor of the .BR ldap_add_ext () and .BR ldap_add_ext_s () routines, respectively. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 76 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_modify (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 82 stdin PK!qqldap_dn2dcedn.3nu[.lf 1 stdin .TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char *ldap_get_dn( LDAP *ld, LDAPMessage *entry ) .LP .ft B int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags ) .LP .ft B void ldap_dnfree( LDAPDN dn ) .LP .ft B int ldap_dn2str( LDAPDN dn, char **str, unsigned flags ) .LP .ft B char **ldap_explode_dn( const char *dn, int notypes ) .LP .ft B char **ldap_explode_rdn( const char *rdn, int notypes ) .LP .ft B char *ldap_dn2ufn( const char * dn ) .LP .ft B char *ldap_dn2dcedn( const char * dn ) .LP .ft B char *ldap_dcedn2dn( const char * dn ) .LP .ft B char *ldap_dn2ad_canonical( const char * dn ) .SH DESCRIPTION These routines allow LDAP entry names (Distinguished Names, or DNs) to be obtained, parsed, converted to a user-friendly form, and tested. A DN has the form described in RFC 4414 "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names". .LP The .B ldap_get_dn() routine takes an \fIentry\fP as returned by .BR ldap_first_entry (3) or .BR ldap_next_entry (3) and returns a copy of the entry's DN. Space for the DN will be obtained dynamically and should be freed by the caller using .BR ldap_memfree (3). .LP .B ldap_str2dn() parses a string representation of a distinguished name contained in .B str into its components, which are stored in .B dn as .B ldap_ava structures, arranged in .B LDAPAVA, .B LDAPRDN, and .B LDAPDN terms. Space for .B dn will be obtained dynamically and should be freed by the caller using .BR ldap_dnfree (3). The .B LDAPDN is defined as: .nf .ft B typedef struct ldap_ava { struct berval la_attr; struct berval la_value; unsigned la_flags; } LDAPAVA; typedef LDAPAVA** LDAPRDN; typedef LDAPRDN* LDAPDN; .ft .fi The attribute types and the attribute values are not normalized. The .B la_flags can be either .B LDAP_AVA_STRING or .B LDAP_AVA_BINARY, the latter meaning that the value is BER/DER encoded and thus must be represented as, quoting from RFC 4514, " ... an octothorpe character ('#' ASCII 35) followed by the hexadecimal representation of each of the bytes of the BER encoding of the X.500 AttributeValue." The .B flags parameter to .B ldap_str2dn() can be .LP .nf LDAP_DN_FORMAT_LDAPV3 LDAP_DN_FORMAT_LDAPV2 LDAP_DN_FORMAT_DCE .fi which defines what DN syntax is expected (according to RFC 4514, RFC 1779 and DCE, respectively). The format can be \fIOR\fPed to the flags .LP .nf LDAP_DN_P_NO_SPACES LDAP_DN_P_NO_SPACE_AFTER_RDN ... LDAP_DN_PEDANTIC .fi The latter is a shortcut for all the previous limitations. .LP .B LDAP_DN_P_NO_SPACES does not allow extra spaces in the dn; the default is to silently eliminate spaces around AVA separators ('='), RDN component separators ('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators (',' LDAPv3/LDAPv2 or '/' for DCE). .LP .B LDAP_DN_P_NO_SPACE_AFTER_RDN does not allow a single space after RDN separators. .LP .B ldap_dn2str() performs the inverse operation, yielding in .B str a string representation of .B dn. It allows the same values for .B flags as .B ldap_str2dn(), plus .LP .nf LDAP_DN_FORMAT_UFN LDAP_DN_FORMAT_AD_CANONICAL .fi for user-friendly naming (RFC 1781) and AD canonical. .LP The following routines are viewed as deprecated in favor of .B ldap_str2dn() and .BR ldap_dn2str(). They are provided to support legacy applications. .LP The .B ldap_explode_dn() routine takes a DN as returned by .B ldap_get_dn() and breaks it up into its component parts. Each part is known as a Relative Distinguished Name, or RDN. .B ldap_explode_dn() returns a NULL-terminated array, each component of which contains an RDN from the DN. The \fInotypes\fP parameter is used to request that only the RDN values be returned, not their types. For example, the DN "cn=Bob, c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob", "US", NULL }, depending on whether notypes was 0 or 1, respectively. Assertion values in RDN strings may included escaped characters. The result can be freed by calling .BR ldap_value_free (3). .LP Similarly, the .B ldap_explode_rdn() routine takes an RDN as returned by .B ldap_explode_dn(dn,0) and breaks it up into its "type=value" component parts (or just "value", if the \fInotypes\fP parameter is set). Note the value is not unescaped. The result can be freed by calling .BR ldap_value_free (3). .LP .B ldap_dn2ufn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a more user-friendly form, stripping off all type names. See "Using the Directory to Achieve User Friendly Naming" (RFC 1781) for more details on the UFN format. Due to the ambiguous nature of the format, it is generally only used for display purposes. The space for the UFN returned is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .LP .B ldap_dn2dcedn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a DCE-style DN, e.g. a string with most-significant to least significant rdns separated by slashes ('/'); rdn components are separated by commas (','). Only printable chars (e.g. LDAPv2 printable string) are allowed, at least in this implementation. .B ldap_dcedn2dn() performs the opposite operation. .B ldap_dn2ad_canonical() turns a DN into a AD canonical name, which is basically a DCE dn with attribute types omitted. The trailing domain, if present, is turned in a DNS-like domain. The space for the returned value is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .SH ERRORS If an error occurs in .BR ldap_get_dn() , NULL is returned and the .B ld_errno field in the \fIld\fP parameter is set to indicate the error. See .BR ldap_error (3) for a description of possible error codes. .BR ldap_explode_dn() , .BR ldap_explode_rdn() , .B ldap_dn2ufn(), .B ldap_dn2dcedn(), .B ldap_dcedn2dn(), and .B ldap_dn2ad_canonical() will return NULL with .BR errno (3) set appropriately in case of trouble. .SH NOTES These routines dynamically allocate memory that the caller must free. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_first_entry (3), .BR ldap_memfree (3), .BR ldap_value_free (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 247 stdin PK!00ldap_memrealloc.3nu[.lf 1 stdin .TH LDAP_MEMORY 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "void ldap_memfree(void *" p ");" .LP .BI "void ldap_memvfree(void **" v ");" .LP .BI "void *ldap_memalloc(ber_len_t " s ");" .LP .BI "void *ldap_memcalloc(ber_len_t " n ", ber_len_t " s ");" .LP .BI "void *ldap_memrealloc(void *" p ", ber_len_t " s ");" .LP .BI "char *ldap_strdup(LDAP_CONST char *" p ");" .SH DESCRIPTION These routines are used to allocate/deallocate memory used/returned by the LDAP library. .BR ldap_memalloc (), .BR ldap_memcalloc (), .BR ldap_memrealloc (), and .BR ldap_memfree () are used exactly like the standard .BR malloc (3), .BR calloc (3), .BR realloc (3), and .BR free (3) routines, respectively. The .BR ldap_memvfree () routine is used to free a dynamically allocated array of pointers to arbitrary dynamically allocated objects. The .BR ldap_strdup () routine is used exactly like the standard .BR strdup (3) routine. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 51 stdin PK!5^#v1v1ber_get_stringa.3nu[.lf 1 stdin .TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");" .LP .BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");" .LP .BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");" .LP .BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");" .LP .BI "ber_tag_t ber_get_null(BerElement *" ber ");" .LP .BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");" .LP .BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");" .LP .BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");" .LP .BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the decoding routines in the lber library. See .BR lber-encode (3) for details on the corresponding encoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_get_next () to get the next BER element and .BR ber_scanf () to do the actual decoding. In some cases, .BR ber_peek_tag () may also need to be called in normal usage. The other routines are provided for those applications that need more control than .BR ber_scanf () provides. In general, these routines return the tag of the element decoded, or LBER_ERROR if an error occurred. .LP The .BR ber_get_next () routine is used to read the next BER element from the given Sockbuf, \fIsb\fP. It strips off and returns the leading tag, strips off and returns the length of the entire element in \fIlen\fP, and sets up \fIber\fP for subsequent calls to .BR ber_scanf () et al to decode the element. See .BR lber-sockbuf (3) for details of the Sockbuf implementation of the \fIsb\fP parameter. .LP The .BR ber_scanf () routine is used to decode a BER element in much the same way that .BR scanf (3) works. It reads from \fIber\fP, a pointer to a BerElement such as returned by .BR ber_get_next (), interprets the bytes according to the format string \fIfmt\fP, and stores the results in its additional arguments. The format string contains conversion specifications which are used to direct the interpretation of the BER element. The format string can contain the following characters. .RS .LP .TP 3 .B a Octet string. A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter. The caller should free the returned string using .BR ber_memfree (). .TP .B A Octet string. A variant of "\fBa\fP". A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter, unless a zero-length string would result; in that case, the arg is set to NULL. The caller should free the returned string using .BR ber_memfree (). .TP .B s Octet string. A char * buffer should be supplied, followed by a pointer to a ber_len_t initialized to the size of the buffer. Upon return, the null-terminated octet string is put into the buffer, and the ber_len_t is set to the actual size of the octet string. .TP .B O Octet string. A struct ber_val ** should be supplied, which upon return points to a dynamically allocated struct berval containing the octet string and its length. The caller should free the returned structure using .BR ber_bvfree (). .TP .B o Octet string. A struct ber_val * should be supplied, which upon return contains the dynamically allocated octet string and its length. The caller should free the returned octet string using .BR ber_memfree (). .TP .B m Octet string. A struct ber_val * should be supplied, which upon return contains the octet string and its length. The string resides in memory assigned to the BerElement, and must not be freed by the caller. .TP .B b Boolean. A pointer to a ber_int_t should be supplied. .TP .B e Enumeration. A pointer to a ber_int_t should be supplied. .TP .B i Integer. A pointer to a ber_int_t should be supplied. .TP .B B Bitstring. A char ** should be supplied which will point to the dynamically allocated bits, followed by a ber_len_t *, which will point to the length (in bits) of the bitstring returned. .TP .B n Null. No parameter is required. The element is simply skipped if it is recognized. .TP .B v Sequence of octet strings. A char *** should be supplied, which upon return points to a dynamically allocated null-terminated array of char *'s containing the octet strings. NULL is returned if the sequence is empty. The caller should free the returned array and octet strings using .BR ber_memvfree (). .TP .B V Sequence of octet strings with lengths. A struct berval *** should be supplied, which upon return points to a dynamically allocated null-terminated array of struct berval *'s containing the octet strings and their lengths. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvecfree (). .TP .B W Sequence of octet strings with lengths. A BerVarray * should be supplied, which upon return points to a dynamically allocated array of struct berval's containing the octet strings and their lengths. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvarray_free (). .TP .B M Sequence of octet strings with lengths. This is a generalized form of the previous three formats. A void ** (ptr) should be supplied, followed by a ber_len_t * (len) and a ber_len_t (off). Upon return (ptr) will point to a dynamically allocated array whose elements are all of size (*len). A struct berval will be filled starting at offset (off) in each element. The strings in each struct berval reside in memory assigned to the BerElement and must not be freed by the caller. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The number of elements in the array is also stored in (*len) on return. The caller should free the returned array using .BR ber_memfree (). .TP .B l Length of the next element. A pointer to a ber_len_t should be supplied. .TP .B t Tag of the next element. A pointer to a ber_tag_t should be supplied. .TP .B T Skip element and return its tag. A pointer to a ber_tag_t should be supplied. .TP .B x Skip element. The next element is skipped. .TP .B { Begin sequence. No parameter is required. The initial sequence tag and length are skipped. .TP .B } End sequence. No parameter is required and no action is taken. .TP .B [ Begin set. No parameter is required. The initial set tag and length are skipped. .TP .B ] End set. No parameter is required and no action is taken. .RE .LP The .BR ber_get_int () routine tries to interpret the next element as an integer, returning the result in \fInum\fP. The tag of whatever it finds is returned on success, LBER_ERROR (\-1) on failure. .LP The .BR ber_get_stringb () routine is used to read an octet string into a preallocated buffer. The \fIlen\fP parameter should be initialized to the size of the buffer, and will contain the length of the octet string read upon return. The buffer should be big enough to take the octet string value plus a terminating NULL byte. .LP The .BR ber_get_stringa () routine is used to dynamically allocate space into which an octet string is read. The caller should free the returned string using .BR ber_memfree(). .LP The .BR ber_get_stringal () routine is used to dynamically allocate space into which an octet string and its length are read. It takes a struct berval **, and returns the result in this parameter. The caller should free the returned structure using .BR ber_bvfree(). .LP The .BR ber_get_stringbv () routine is used to read an octet string and its length into the provided struct berval *. If the \fIalloc\fP parameter is zero, the string will reside in memory assigned to the BerElement, and must not be freed by the caller. If the \fIalloc\fP parameter is non-zero, the string will be copied into dynamically allocated space which should be returned using .BR ber_memfree (). .LP The .BR ber_get_null () routine is used to read a NULL element. It returns the tag of the element it skips over. .LP The .BR ber_get_boolean () routine is used to read a boolean value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_enum () routine is used to read a enumeration value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_bitstringa () routine is used to read a bitstring value. It takes a char ** which will hold the dynamically allocated bits, followed by an ber_len_t *, which will point to the length (in bits) of the bitstring returned. The caller should free the returned string using .BR ber_memfree (). .LP The .BR ber_first_element () routine is used to return the tag and length of the first element in a set or sequence. It also returns in \fIcookie\fP a magic cookie parameter that should be passed to subsequent calls to ber_next_element(), which returns similar information. .SH EXAMPLES Assume the variable \fIber\fP contains a lightweight BER encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP The element can be decoded using .BR ber_scanf () as follows. .LP .nf ber_int_t scope, deref, size, time, attrsonly; char *dn, **attrs; ber_tag_t tag; tag = ber_scanf( ber, "{aeeiib{v}}", &dn, &scope, &deref, &size, &time, &attrsonly, &attrs ); if( tag == LBER_ERROR ) { /* error */ } else { /* success */ } ber_memfree( dn ); ber_memvfree( attrs ); .fi .SH ERRORS If an error occurs during decoding, generally these routines return LBER_ERROR ((ber_tag_t)\-1). .LP .SH NOTES .LP The return values for all of these functions are declared in the .B header file. Some routines may dynamically allocate memory which must be freed by the caller using supplied deallocation routines. .SH SEE ALSO .BR lber-encode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 358 stdin PK!nldap_init_fd.3nu[.lf 1 stdin .TH LDAP_OPEN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_init, ldap_initialize, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B LDAP *ldap_open(host, port) .ft char *host; int port; .LP .ft B LDAP *ldap_init(host, port) .ft char *host; int port; .LP .ft B int ldap_initialize(ldp, uri) .ft LDAP **ldp; char *uri; .LP .ft B int ldap_set_urllist_proc(ld, proc, params) .ft LDAP *ld; LDAP_URLLIST_PROC *proc; void *params; .LP .ft B int (LDAP_URLLIST_PROC)(ld, urllist, url, params); .ft LDAP *ld; LDAPURLDesc **urllist; LDAPURLDesc **url; void *params; .LP .ft B #include .LP .ft B int ldap_init_fd(fd, proto, uri, ldp) .ft ber_socket_t fd; int proto; char *uri; LDAP **ldp; .SH DESCRIPTION .LP .B ldap_open() opens a connection to an LDAP server and allocates an LDAP structure which is used to identify the connection and to maintain per-connection information. .B ldap_init() allocates an LDAP structure but does not open an initial connection. .B ldap_initialize() allocates an LDAP structure but does not open an initial connection. .B ldap_init_fd() allocates an LDAP structure using an existing connection on the provided socket. One of these routines must be called before any operations are attempted. .LP .B ldap_open() takes \fIhost\fP, the hostname on which the LDAP server is running, and \fIport\fP, the port number to which to connect. If the default IANA-assigned port of 389 is desired, LDAP_PORT should be specified for \fIport\fP. The \fIhost\fP parameter may contain a blank-separated list of hosts to try to connect to, and each host may optionally by of the form \fIhost:port\fP. If present, the \fI:port\fP overrides the \fIport\fP parameter to .BR ldap_open() . Upon successfully making a connection to an LDAP server, .B ldap_open() returns a pointer to an opaque LDAP structure, which should be passed to subsequent calls to .BR ldap_bind() , .BR ldap_search() , etc. Certain fields in the LDAP structure can be set to indicate size limit, time limit, and how aliases are handled during operations; read and write access to those fields must occur by calling .BR ldap_get_option (3) and .BR ldap_set_option (3) respectively, whenever possible. .LP .B ldap_init() acts just like .BR ldap_open() , but does not open a connection to the LDAP server. The actual connection open will occur when the first operation is attempted. .LP .B ldap_initialize() acts like .BR ldap_init() , but it returns an integer indicating either success or the failure reason, and it allows to specify details for the connection in the schema portion of the URI. The .I uri parameter may be a comma- or whitespace-separated list of URIs containing only the .IR schema , the .IR host , and the .I port fields. Apart from .BR ldap , other (non-standard) recognized values of the .I schema field are .B ldaps (LDAP over TLS), .B ldapi (LDAP over IPC), and .B cldap (connectionless LDAP). If other fields are present, the behavior is undefined. .LP At this time, .B ldap_open() and .B ldap_init() are deprecated in favor of .BR ldap_initialize() , essentially because the latter allows to specify a schema in the URI and it explicitly returns an error code. .LP .B ldap_init_fd() allows an LDAP structure to be initialized using an already-opened connection. The .I proto parameter should be one of LDAP_PROTO_TCP, LDAP_PROTO_UDP, or LDAP_PROTO_IPC for a connection using TCP, UDP, or IPC, respectively. The value LDAP_PROTO_EXT may also be specified if user-supplied sockbuf handlers are going to be used. Note that support for UDP is not implemented unless libldap was built with LDAP_CONNECTIONLESS defined. The .I uri parameter may optionally be provided for informational purposes. .LP .B ldap_set_urllist_proc() allows to set a function .I proc of type .I LDAP_URLLIST_PROC that is called when a successful connection can be established. This function receives the list of URIs parsed from the .I uri string originally passed to .BR ldap_initialize() , and the one that successfully connected. The function may manipulate the URI list; the typical use consists in moving the successful URI to the head of the list, so that subsequent attempts to connect to one of the URIs using the same LDAP handle will try it first. If .I ld is null, .I proc is set as a global parameter that is inherited by all handlers within the process that are created after the call to .BR ldap_set_urllist_proc() . By default, no .I LDAP_URLLIST_PROC is set. In a multithreaded environment, .B ldap_set_urllist_proc() must be called before any concurrent operation using the LDAP handle is started. Note: the first call into the LDAP library also initializes the global options for the library. As such the first call should be single-threaded or otherwise protected to insure that only one call is active. It is recommended that .BR ldap_get_option () or .BR ldap_set_option () be used in the program's main thread before any additional threads are created. See .BR ldap_get_option (3). .SH ERRORS If an error occurs, .B ldap_open() and .B ldap_init() will return NULL and .I errno should be set appropriately. .B ldap_initialize() and .B ldap_init_fd() will directly return the LDAP code associated to the error (or .I LDAP_SUCCESS in case of success); .I errno should be set as well whenever appropriate. .B ldap_set_urllist_proc() returns LDAP_OPT_ERROR on error, and LDAP_OPT_SUCCESS on success. .SH SEE ALSO .BR ldap (3), .BR ldap_bind (3), .BR ldap_get_option (3), .BR ldap_set_option (3), .BR lber-sockbuf (3), .BR errno (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 226 stdin PK!5^#v1v1ber_get_next.3nu[.lf 1 stdin .TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");" .LP .BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");" .LP .BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");" .LP .BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");" .LP .BI "ber_tag_t ber_get_null(BerElement *" ber ");" .LP .BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");" .LP .BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");" .LP .BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");" .LP .BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the decoding routines in the lber library. See .BR lber-encode (3) for details on the corresponding encoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_get_next () to get the next BER element and .BR ber_scanf () to do the actual decoding. In some cases, .BR ber_peek_tag () may also need to be called in normal usage. The other routines are provided for those applications that need more control than .BR ber_scanf () provides. In general, these routines return the tag of the element decoded, or LBER_ERROR if an error occurred. .LP The .BR ber_get_next () routine is used to read the next BER element from the given Sockbuf, \fIsb\fP. It strips off and returns the leading tag, strips off and returns the length of the entire element in \fIlen\fP, and sets up \fIber\fP for subsequent calls to .BR ber_scanf () et al to decode the element. See .BR lber-sockbuf (3) for details of the Sockbuf implementation of the \fIsb\fP parameter. .LP The .BR ber_scanf () routine is used to decode a BER element in much the same way that .BR scanf (3) works. It reads from \fIber\fP, a pointer to a BerElement such as returned by .BR ber_get_next (), interprets the bytes according to the format string \fIfmt\fP, and stores the results in its additional arguments. The format string contains conversion specifications which are used to direct the interpretation of the BER element. The format string can contain the following characters. .RS .LP .TP 3 .B a Octet string. A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter. The caller should free the returned string using .BR ber_memfree (). .TP .B A Octet string. A variant of "\fBa\fP". A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter, unless a zero-length string would result; in that case, the arg is set to NULL. The caller should free the returned string using .BR ber_memfree (). .TP .B s Octet string. A char * buffer should be supplied, followed by a pointer to a ber_len_t initialized to the size of the buffer. Upon return, the null-terminated octet string is put into the buffer, and the ber_len_t is set to the actual size of the octet string. .TP .B O Octet string. A struct ber_val ** should be supplied, which upon return points to a dynamically allocated struct berval containing the octet string and its length. The caller should free the returned structure using .BR ber_bvfree (). .TP .B o Octet string. A struct ber_val * should be supplied, which upon return contains the dynamically allocated octet string and its length. The caller should free the returned octet string using .BR ber_memfree (). .TP .B m Octet string. A struct ber_val * should be supplied, which upon return contains the octet string and its length. The string resides in memory assigned to the BerElement, and must not be freed by the caller. .TP .B b Boolean. A pointer to a ber_int_t should be supplied. .TP .B e Enumeration. A pointer to a ber_int_t should be supplied. .TP .B i Integer. A pointer to a ber_int_t should be supplied. .TP .B B Bitstring. A char ** should be supplied which will point to the dynamically allocated bits, followed by a ber_len_t *, which will point to the length (in bits) of the bitstring returned. .TP .B n Null. No parameter is required. The element is simply skipped if it is recognized. .TP .B v Sequence of octet strings. A char *** should be supplied, which upon return points to a dynamically allocated null-terminated array of char *'s containing the octet strings. NULL is returned if the sequence is empty. The caller should free the returned array and octet strings using .BR ber_memvfree (). .TP .B V Sequence of octet strings with lengths. A struct berval *** should be supplied, which upon return points to a dynamically allocated null-terminated array of struct berval *'s containing the octet strings and their lengths. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvecfree (). .TP .B W Sequence of octet strings with lengths. A BerVarray * should be supplied, which upon return points to a dynamically allocated array of struct berval's containing the octet strings and their lengths. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvarray_free (). .TP .B M Sequence of octet strings with lengths. This is a generalized form of the previous three formats. A void ** (ptr) should be supplied, followed by a ber_len_t * (len) and a ber_len_t (off). Upon return (ptr) will point to a dynamically allocated array whose elements are all of size (*len). A struct berval will be filled starting at offset (off) in each element. The strings in each struct berval reside in memory assigned to the BerElement and must not be freed by the caller. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The number of elements in the array is also stored in (*len) on return. The caller should free the returned array using .BR ber_memfree (). .TP .B l Length of the next element. A pointer to a ber_len_t should be supplied. .TP .B t Tag of the next element. A pointer to a ber_tag_t should be supplied. .TP .B T Skip element and return its tag. A pointer to a ber_tag_t should be supplied. .TP .B x Skip element. The next element is skipped. .TP .B { Begin sequence. No parameter is required. The initial sequence tag and length are skipped. .TP .B } End sequence. No parameter is required and no action is taken. .TP .B [ Begin set. No parameter is required. The initial set tag and length are skipped. .TP .B ] End set. No parameter is required and no action is taken. .RE .LP The .BR ber_get_int () routine tries to interpret the next element as an integer, returning the result in \fInum\fP. The tag of whatever it finds is returned on success, LBER_ERROR (\-1) on failure. .LP The .BR ber_get_stringb () routine is used to read an octet string into a preallocated buffer. The \fIlen\fP parameter should be initialized to the size of the buffer, and will contain the length of the octet string read upon return. The buffer should be big enough to take the octet string value plus a terminating NULL byte. .LP The .BR ber_get_stringa () routine is used to dynamically allocate space into which an octet string is read. The caller should free the returned string using .BR ber_memfree(). .LP The .BR ber_get_stringal () routine is used to dynamically allocate space into which an octet string and its length are read. It takes a struct berval **, and returns the result in this parameter. The caller should free the returned structure using .BR ber_bvfree(). .LP The .BR ber_get_stringbv () routine is used to read an octet string and its length into the provided struct berval *. If the \fIalloc\fP parameter is zero, the string will reside in memory assigned to the BerElement, and must not be freed by the caller. If the \fIalloc\fP parameter is non-zero, the string will be copied into dynamically allocated space which should be returned using .BR ber_memfree (). .LP The .BR ber_get_null () routine is used to read a NULL element. It returns the tag of the element it skips over. .LP The .BR ber_get_boolean () routine is used to read a boolean value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_enum () routine is used to read a enumeration value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_bitstringa () routine is used to read a bitstring value. It takes a char ** which will hold the dynamically allocated bits, followed by an ber_len_t *, which will point to the length (in bits) of the bitstring returned. The caller should free the returned string using .BR ber_memfree (). .LP The .BR ber_first_element () routine is used to return the tag and length of the first element in a set or sequence. It also returns in \fIcookie\fP a magic cookie parameter that should be passed to subsequent calls to ber_next_element(), which returns similar information. .SH EXAMPLES Assume the variable \fIber\fP contains a lightweight BER encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP The element can be decoded using .BR ber_scanf () as follows. .LP .nf ber_int_t scope, deref, size, time, attrsonly; char *dn, **attrs; ber_tag_t tag; tag = ber_scanf( ber, "{aeeiib{v}}", &dn, &scope, &deref, &size, &time, &attrsonly, &attrs ); if( tag == LBER_ERROR ) { /* error */ } else { /* success */ } ber_memfree( dn ); ber_memvfree( attrs ); .fi .SH ERRORS If an error occurs during decoding, generally these routines return LBER_ERROR ((ber_tag_t)\-1). .LP .SH NOTES .LP The return values for all of these functions are declared in the .B header file. Some routines may dynamically allocate memory which must be freed by the caller using supplied deallocation routines. .SH SEE ALSO .BR lber-encode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 358 stdin PK!VH- - ldap_abandon_ext.3nu[.lf 1 stdin .TH LDAP_ABANDON 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_abandon_ext \- Abandon an LDAP operation in progress .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .B #include .LP .ft B int ldap_abandon_ext( .RS .ft B LDAP *\fIld\fB, Bint \fImsgid\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB ); .RE .fi .SH DESCRIPTION The .B ldap_abandon_ext() routine is used to send a LDAP Abandon request for an operation in progress. The \fImsgid\fP passed should be the message id of an outstanding LDAP operation, such as returned by .BR ldap_search_ext (3). .LP .BR ldap_abandon_ext () checks to see if the result of the operation has already come in. If it has, it deletes it from the queue of pending messages. If not, it sends an LDAP abandon request to the LDAP server. .LP The caller can expect that the result of an abandoned operation will not be returned from a future call to .BR ldap_result (3). .LP .B ldap_abandon_ext() allows server and client controls to be passed in via the .I sctrls and .I cctrls parameters, respectively. .LP .B ldap_abandon_ext() returns a code indicating success or, in the case of failure, the nature of the failure. See .BR ldap_error (3) for details. .SH DEPRECATED INTERFACES The .B ldap_abandon() routine is deprecated in favor of the .B ldap_abandon_ext() routine. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 61 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_result (3), .BR ldap_search_ext (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 69 stdin PK!..ldap_unbind_s.3nu[.lf 1 stdin .TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .B #include .LP .BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], int *" msgidp ");" .RE .LP .BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");" .RE .LP .BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res "," .RS .BI "struct berval **" servercredp ", int " freeit ");" .RE .LP .BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ");" .RE .LP .BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ", LDAPMessage *" result "," .BI "const char **" rmechp ", int *" msgidp ");" .RE .LP .BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");" .LP .BI "int ldap_unbind(LDAP *" ld ");" .LP .BI "int ldap_unbind_s(LDAP *" ld ");" .LP .BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");" .LP .BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");" .SH DESCRIPTION .LP These routines provide various interfaces to the LDAP bind operation. After an association with an LDAP server is made using .BR ldap_init (3), an LDAP bind operation should be performed before other operations are attempted over the connection. An LDAP bind is required when using Version 2 of the LDAP protocol; it is optional for Version 3 but is usually needed due to security considerations. .LP There are three types of bind calls, ones providing simple authentication, ones providing SASL authentication, and general routines capable of doing either simple or SASL authentication. .LP .B SASL (Simple Authentication and Security Layer) can negotiate one of many different kinds of authentication. Both synchronous and asynchronous versions of each variant of the bind call are provided. All routines take \fIld\fP as their first parameter, as returned from .BR ldap_init (3). .SH SIMPLE AUTHENTICATION The simplest form of the bind call is .BR ldap_simple_bind_s() . It takes the DN to bind as in \fIwho\fP, and the userPassword associated with the entry in \fIpasswd\fP. It returns an LDAP error indication (see .BR ldap_error (3)). The .B ldap_simple_bind() call is asynchronous, taking the same parameters but only initiating the bind operation and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The .B ldap_sasl_bind_s() and asynchronous .B ldap_sasl_bind() functions can also be used to make a simple bind by using LDAP_SASL_SIMPLE as the SASL mechanism. .SH GENERAL AUTHENTICATION The .B ldap_bind() and .B ldap_bind_s() routines can be used when the authentication method to use needs to be selected at runtime. They both take an extra \fImethod\fP parameter selecting the authentication method to use. It should be set to LDAP_AUTH_SIMPLE to select simple authentication. .B ldap_bind() returns the message id of the request it initiates. .B ldap_bind_s() returns an LDAP error indication. .SH SASL AUTHENTICATION For SASL binds the server always ignores any provided DN, so the .I dn parameter should always be NULL. .BR ldap_sasl_bind_s () sends a single SASL bind request with the given SASL .I mechanism and credentials in the .I cred parameter. The format of the credentials depends on the particular SASL mechanism in use. For mechanisms that provide mutual authentication the server's credentials will be returned in the .I servercredp parameter. The routine returns an LDAP error indication (see .BR ldap_error (3)). The .BR ldap_sasl_bind () call is asynchronous, taking the same parameters but only sending the request and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The result must be additionally parsed by .BR ldap_parse_sasl_bind_result () to obtain any server credentials sent from the server. .LP Many SASL mechanisms require multiple message exchanges to perform a complete authentication. Applications should generally use .BR ldap_sasl_interactive_bind_s () rather than calling the basic .BR ldap_sasl_bind () functions directly. The .I mechs parameter should contain a space-separated list of candidate mechanisms to use. If this parameter is NULL or empty the library will query the supportedSASLMechanisms attribute from the server's rootDSE for the list of SASL mechanisms the server supports. The .I flags parameter controls the interaction used to retrieve any necessary SASL authentication parameters and should be one of: .TP LDAP_SASL_AUTOMATIC use defaults if available, prompt otherwise .TP LDAP_SASL_INTERACTIVE always prompt .TP LDAP_SASL_QUIET never prompt .LP The .I interact function uses the provided .I defaults to handle requests from the SASL library for particular authentication parameters. There is no defined format for the .I defaults information; it is up to the caller to use whatever format is appropriate for the supplied .I interact function. The .I sasl_interact parameter comes from the underlying SASL library. When used with Cyrus SASL this is an array of .B sasl_interact_t structures. The Cyrus SASL library will prompt for a variety of inputs, including: .TP SASL_CB_GETREALM the realm for the authentication attempt .TP SASL_CB_AUTHNAME the username to authenticate .TP SASL_CB_PASS the password for the provided username .TP SASL_CB_USER the username to use for proxy authorization .TP SASL_CB_NOECHOPROMPT generic prompt for input with input echoing disabled .TP SASL_CB_ECHOPROMPT generic prompt for input with input echoing enabled .TP SASL_CB_LIST_END indicates the end of the array of prompts .LP See the Cyrus SASL documentation for more details. .LP Applications which need to manage connections asynchronously may use .BR ldap_sasl_interactive_bind () instead of the synchronous version. A valid mechs parameter must be supplied, otherwise the library will be forced to query the server for a list of supported mechanisms, and this query will be performed synchronously. The other parameters are the same as for the synchronous function, with three additional parameters. The actual SASL mechanism that was used, and the message ID for use with .BR ldap_result () will be returned in rmechp and msgidp, respectively. The value in rmechp must not be modified by the caller and must be passed back on each subsequent call. The message obtained from .BR ldap_result () must be passed in the result parameter. This parameter must be NULL when initiating a new Bind. The caller must free the result message after each call using .BR ldap_msgfree (). The .BR ldap_sasl_interactive_bind () function returns an LDAP result code. If the code is LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and this function must be called again with the next result from the server. .SH REBINDING .LP The .B ldap_set_rebind_proc function() sets the process to use for binding when an operation returns a referral. This function is used when an application needs to bind to another server in order to follow a referral or search continuation reference. .LP The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP, the arbitrary data like state information which the client might need to properly rebind. The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries to use the rebind function. Use the .BR ldap_set_option function to set the value. .LP The rebind function parameters are as follows: .LP The \fIld\fP parameter must be used by the application when binding to the referred server if the application wants the libraries to follow the referral. .LP The \fIurl\fP parameter points to the URL referral string received from the LDAP server. The LDAP application can use the .BR ldap_url_parse (3) function to parse the string into its components. .LP The \fIrequest\fP parameter specifies the type of request that generated the referral. .LP The \fImsgid\fP parameter specifies the message ID of the request generating the referral. .LP The \fIparams\fP parameter is the same value as passed originally to the .BR ldap_set_rebind_proc () function. .LP The LDAP libraries set all the parameters when they call the rebind function. The application should not attempt to free either the ld or the url structures in the rebind function. .LP The application must supply to the rebind function the required authentication information such as, user name, password, and certificates. The rebind function must use a synchronous bind method. .SH UNBINDING The .B ldap_unbind() call is used to unbind from the directory, terminate the current association, and free the resources contained in the \fIld\fP structure. Once it is called, the connection to the LDAP server is closed, and the \fIld\fP structure is invalid. The .B ldap_unbind_s() call is just another name for .BR ldap_unbind() ; both of these calls are synchronous in nature. .LP The .B ldap_unbind_ext() and .B ldap_unbind_ext_s() allows the operations to specify controls. .SH ERRORS Asynchronous routines will return \-1 in case of error, setting the \fIld_errno\fP parameter of the \fIld\fP structure. Synchronous routines return whatever \fIld_errno\fP is set to. See .BR ldap_error (3) for more information. .SH NOTES If an anonymous bind is sufficient for the application, the rebind process need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option set to ON (default value) will automatically follow referrals using an anonymous bind. .LP If the application needs stronger authentication than an anonymous bind, you need to provide a rebind process for that authentication method. The bind method must be synchronous. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_open (3), .BR ldap_set_option (3), .BR ldap_url_parse (3) .B RFC 4422 (http://www.rfc-editor.org), .B Cyrus SASL (http://asg.web.cmu.edu/sasl/) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 335 stdin PK!'t!ldap_start_tls.3nu[.lf 1 stdin .TH LDAP_TLS 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_start_tls, ldap_start_tls_s, ldap_tls_inplace, ldap_install_tls \- LDAP TLS initialization routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "int ldap_start_tls(LDAP *" ld ");" .LP .BI "int ldap_start_tls_s(LDAP *" ld ", LDAPControl **" serverctrls ", LDAPControl **" clientctrls ");" .LP .BI "int ldap_tls_inplace(LDAP *" ld ");" .LP .BI "int ldap_install_tls(LDAP *" ld ");" .SH DESCRIPTION These routines are used to initiate TLS processing on an LDAP session. .BR ldap_start_tls_s () sends a StartTLS request to a server, waits for the reply, and then installs TLS handlers on the session if the request succeeded. The routine returns .B LDAP_SUCCESS if everything succeeded, otherwise it returns an LDAP error code. .BR ldap_start_tls () sends a StartTLS request to a server and does nothing else. It returns .B LDAP_SUCCESS if the request was sent successfully. .BR ldap_tls_inplace () returns 1 if TLS handlers have been installed on the specified session, 0 otherwise. .BR ldap_install_tls () installs the TLS handlers on the given session. It returns .B LDAP_LOCAL_ERROR if TLS is already installed. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 42 stdin PK!qq ldap_str2dn.3nu[.lf 1 stdin .TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char *ldap_get_dn( LDAP *ld, LDAPMessage *entry ) .LP .ft B int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags ) .LP .ft B void ldap_dnfree( LDAPDN dn ) .LP .ft B int ldap_dn2str( LDAPDN dn, char **str, unsigned flags ) .LP .ft B char **ldap_explode_dn( const char *dn, int notypes ) .LP .ft B char **ldap_explode_rdn( const char *rdn, int notypes ) .LP .ft B char *ldap_dn2ufn( const char * dn ) .LP .ft B char *ldap_dn2dcedn( const char * dn ) .LP .ft B char *ldap_dcedn2dn( const char * dn ) .LP .ft B char *ldap_dn2ad_canonical( const char * dn ) .SH DESCRIPTION These routines allow LDAP entry names (Distinguished Names, or DNs) to be obtained, parsed, converted to a user-friendly form, and tested. A DN has the form described in RFC 4414 "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names". .LP The .B ldap_get_dn() routine takes an \fIentry\fP as returned by .BR ldap_first_entry (3) or .BR ldap_next_entry (3) and returns a copy of the entry's DN. Space for the DN will be obtained dynamically and should be freed by the caller using .BR ldap_memfree (3). .LP .B ldap_str2dn() parses a string representation of a distinguished name contained in .B str into its components, which are stored in .B dn as .B ldap_ava structures, arranged in .B LDAPAVA, .B LDAPRDN, and .B LDAPDN terms. Space for .B dn will be obtained dynamically and should be freed by the caller using .BR ldap_dnfree (3). The .B LDAPDN is defined as: .nf .ft B typedef struct ldap_ava { struct berval la_attr; struct berval la_value; unsigned la_flags; } LDAPAVA; typedef LDAPAVA** LDAPRDN; typedef LDAPRDN* LDAPDN; .ft .fi The attribute types and the attribute values are not normalized. The .B la_flags can be either .B LDAP_AVA_STRING or .B LDAP_AVA_BINARY, the latter meaning that the value is BER/DER encoded and thus must be represented as, quoting from RFC 4514, " ... an octothorpe character ('#' ASCII 35) followed by the hexadecimal representation of each of the bytes of the BER encoding of the X.500 AttributeValue." The .B flags parameter to .B ldap_str2dn() can be .LP .nf LDAP_DN_FORMAT_LDAPV3 LDAP_DN_FORMAT_LDAPV2 LDAP_DN_FORMAT_DCE .fi which defines what DN syntax is expected (according to RFC 4514, RFC 1779 and DCE, respectively). The format can be \fIOR\fPed to the flags .LP .nf LDAP_DN_P_NO_SPACES LDAP_DN_P_NO_SPACE_AFTER_RDN ... LDAP_DN_PEDANTIC .fi The latter is a shortcut for all the previous limitations. .LP .B LDAP_DN_P_NO_SPACES does not allow extra spaces in the dn; the default is to silently eliminate spaces around AVA separators ('='), RDN component separators ('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators (',' LDAPv3/LDAPv2 or '/' for DCE). .LP .B LDAP_DN_P_NO_SPACE_AFTER_RDN does not allow a single space after RDN separators. .LP .B ldap_dn2str() performs the inverse operation, yielding in .B str a string representation of .B dn. It allows the same values for .B flags as .B ldap_str2dn(), plus .LP .nf LDAP_DN_FORMAT_UFN LDAP_DN_FORMAT_AD_CANONICAL .fi for user-friendly naming (RFC 1781) and AD canonical. .LP The following routines are viewed as deprecated in favor of .B ldap_str2dn() and .BR ldap_dn2str(). They are provided to support legacy applications. .LP The .B ldap_explode_dn() routine takes a DN as returned by .B ldap_get_dn() and breaks it up into its component parts. Each part is known as a Relative Distinguished Name, or RDN. .B ldap_explode_dn() returns a NULL-terminated array, each component of which contains an RDN from the DN. The \fInotypes\fP parameter is used to request that only the RDN values be returned, not their types. For example, the DN "cn=Bob, c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob", "US", NULL }, depending on whether notypes was 0 or 1, respectively. Assertion values in RDN strings may included escaped characters. The result can be freed by calling .BR ldap_value_free (3). .LP Similarly, the .B ldap_explode_rdn() routine takes an RDN as returned by .B ldap_explode_dn(dn,0) and breaks it up into its "type=value" component parts (or just "value", if the \fInotypes\fP parameter is set). Note the value is not unescaped. The result can be freed by calling .BR ldap_value_free (3). .LP .B ldap_dn2ufn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a more user-friendly form, stripping off all type names. See "Using the Directory to Achieve User Friendly Naming" (RFC 1781) for more details on the UFN format. Due to the ambiguous nature of the format, it is generally only used for display purposes. The space for the UFN returned is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .LP .B ldap_dn2dcedn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a DCE-style DN, e.g. a string with most-significant to least significant rdns separated by slashes ('/'); rdn components are separated by commas (','). Only printable chars (e.g. LDAPv2 printable string) are allowed, at least in this implementation. .B ldap_dcedn2dn() performs the opposite operation. .B ldap_dn2ad_canonical() turns a DN into a AD canonical name, which is basically a DCE dn with attribute types omitted. The trailing domain, if present, is turned in a DNS-like domain. The space for the returned value is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .SH ERRORS If an error occurs in .BR ldap_get_dn() , NULL is returned and the .B ld_errno field in the \fIld\fP parameter is set to indicate the error. See .BR ldap_error (3) for a description of possible error codes. .BR ldap_explode_dn() , .BR ldap_explode_rdn() , .B ldap_dn2ufn(), .B ldap_dn2dcedn(), .B ldap_dcedn2dn(), and .B ldap_dn2ad_canonical() will return NULL with .BR errno (3) set appropriately in case of trouble. .SH NOTES These routines dynamically allocate memory that the caller must free. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_first_entry (3), .BR ldap_memfree (3), .BR ldap_value_free (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 247 stdin PK!gd"#"#ldap_str2objectclass.3nu[.lf 1 stdin .TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B LDAPSyntax * ldap_str2syntax(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_syntax2str(syn) .ft const LDAPSyntax * syn; .LP .ft B const char * ldap_syntax2name(syn) .ft LDAPSyntax * syn; .LP .ft B ldap_syntax_free(syn) .ft LDAPSyntax * syn; .LP .ft B LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_matchingrule2str(mr); .ft const LDAPMatchingRule * mr; .LP .ft B const char * ldap_matchingrule2name(mr) .ft LDAPMatchingRule * mr; .LP .ft B ldap_matchingrule_free(mr) .ft LDAPMatchingRule * mr; .LP .ft B LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_attributetype2str(at) .ft const LDAPAttributeType * at; .LP .ft B const char * ldap_attributetype2name(at) .ft LDAPAttributeType * at; .LP .ft B ldap_attributetype_free(at) .ft LDAPAttributeType * at; .LP .ft B LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_objectclass2str(oc) .ft const LDAPObjectClass * oc; .LP .ft B const char * ldap_objectclass2name(oc) .ft LDAPObjectClass * oc; .LP .ft B ldap_objectclass_free(oc) .ft LDAPObjectClass * oc; .LP .ft B char * ldap_scherr2str(code) .ft int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is responsible for freeing the struct by calling .B ldap_xxx_free() when not needed any longer. The routine returns NULL if some problem happened. In this case, the integer pointed at by argument .IR code will receive an error code (see below the description of .B ldap_scherr2str() for an explanation of the values) and a pointer to a NUL-terminated string will be placed where requested by argument .IR errp , indicating where in argument .IR s the error happened, so it must not be freed by the caller. Argument .IR flags is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. .TP .B LDAP_SCHEMA_ALLOW_QUOTED permit quotes around some items that should not have them. .TP .B LDAP_SCHEMA_ALLOW_DESCR permit a .B descr instead of a numeric OID in places where the syntax expect the latter. .TP .B LDAP_SCHEMA_ALLOW_DESCR_PREFIX permit that the initial numeric OID contains a prefix in .B descr format. .TP .B LDAP_SCHEMA_ALLOW_ALL be very liberal, include all options. .LP The structures returned are as follows: .sp .RS .nf .ne 7 .ta 8n 16n 32n typedef struct ldap_schema_extension_item { char *lsei_name; /* Extension name */ char **lsei_values; /* Extension values */ } LDAPSchemaExtensionItem; typedef struct ldap_syntax { char *syn_oid; /* OID */ char **syn_names; /* Names */ char *syn_desc; /* Description */ LDAPSchemaExtensionItem **syn_extensions; /* Extension */ } LDAPSyntax; typedef struct ldap_matchingrule { char *mr_oid; /* OID */ char **mr_names; /* Names */ char *mr_desc; /* Description */ int mr_obsolete; /* Is obsolete? */ char *mr_syntax_oid; /* Syntax of asserted values */ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */ } LDAPMatchingRule; typedef struct ldap_attributetype { char *at_oid; /* OID */ char **at_names; /* Names */ char *at_desc; /* Description */ int at_obsolete; /* Is obsolete? */ char *at_sup_oid; /* OID of superior type */ char *at_equality_oid; /* OID of equality matching rule */ char *at_ordering_oid; /* OID of ordering matching rule */ char *at_substr_oid; /* OID of substrings matching rule */ char *at_syntax_oid; /* OID of syntax of values */ int at_syntax_len; /* Suggested minimum maximum length */ int at_single_value; /* Is single-valued? */ int at_collective; /* Is collective? */ int at_no_user_mod; /* Are changes forbidden through LDAP? */ int at_usage; /* Usage, see below */ LDAPSchemaExtensionItem **at_extensions; /* Extensions */ } LDAPAttributeType; typedef struct ldap_objectclass { char *oc_oid; /* OID */ char **oc_names; /* Names */ char *oc_desc; /* Description */ int oc_obsolete; /* Is obsolete? */ char **oc_sup_oids; /* OIDs of superior classes */ int oc_kind; /* Kind, see below */ char **oc_at_oids_must; /* OIDs of required attribute types */ char **oc_at_oids_may; /* OIDs of optional attribute types */ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */ } LDAPObjectClass; .ta .fi .RE .PP Some integer fields (those described with a question mark) have a truth value, for these fields the possible values are: .TP .B LDAP_SCHEMA_NO The answer to the question is no. .TP .B LDAP_SCHEMA_YES The answer to the question is yes. .LP For attribute types, the following usages are possible: .TP .B LDAP_SCHEMA_USER_APPLICATIONS the attribute type is non-operational. .TP .B LDAP_SCHEMA_DIRECTORY_OPERATION the attribute type is operational and is pertinent to the directory itself, i.e. it has the same value on all servers that master the entry containing this attribute type. .TP .B LDAP_SCHEMA_DISTRIBUTED_OPERATION the attribute type is operational and is pertinent to replication, shadowing or other distributed directory aspect. TBC. .TP .B LDAP_SCHEMA_DSA_OPERATION the attribute type is operational and is pertinent to the directory server itself, i.e. it may have different values for the same entry when retrieved from different servers that master the entry. .LP Object classes can be of three kinds: .TP .B LDAP_SCHEMA_ABSTRACT the object class is abstract, i.e. there cannot be entries of this class alone. .TP .B LDAP_SCHEMA_STRUCTURAL the object class is structural, i.e. it describes the main role of the entry. On some servers, once the entry is created the set of structural object classes assigned cannot be changed: none of those present can be removed and none other can be added. .TP .B LDAP_SCHEMA_AUXILIARY the object class is auxiliary, i.e. it is intended to go with other, structural, object classes. These can be added or removed at any time if attribute types are added or removed at the same time as needed by the set of object classes resulting from the operation. .LP Routines .B ldap_xxx2name() return a canonical name for the definition. .LP Routines .B ldap_xxx2str() return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. .LP .B ldap_scherr2str() returns a NUL-terminated string with a text description of the error found. This is a pointer to a static area, so it must not be freed by the caller. The argument .IR code comes from one of the parsing routines and can adopt the following values: .TP .B LDAP_SCHERR_OUTOFMEM Out of memory. .TP .B LDAP_SCHERR_UNEXPTOKEN Unexpected token. .TP .B LDAP_SCHERR_NOLEFTPAREN Missing opening parenthesis. .TP .B LDAP_SCHERR_NORIGHTPAREN Missing closing parenthesis. .TP .B LDAP_SCHERR_NODIGIT Expecting digit. .TP .B LDAP_SCHERR_BADNAME Expecting a name. .TP .B LDAP_SCHERR_BADDESC Bad description. .TP .B LDAP_SCHERR_BADSUP Bad superiors. .TP .B LDAP_SCHERR_DUPOPT Duplicate option. .TP .B LDAP_SCHERR_EMPTY Unexpected end of data. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 321 stdin PK!5^#v1v1ber_peek_tag.3nu[.lf 1 stdin .TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");" .LP .BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");" .LP .BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");" .LP .BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");" .LP .BI "ber_tag_t ber_get_null(BerElement *" ber ");" .LP .BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");" .LP .BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");" .LP .BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");" .LP .BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the decoding routines in the lber library. See .BR lber-encode (3) for details on the corresponding encoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_get_next () to get the next BER element and .BR ber_scanf () to do the actual decoding. In some cases, .BR ber_peek_tag () may also need to be called in normal usage. The other routines are provided for those applications that need more control than .BR ber_scanf () provides. In general, these routines return the tag of the element decoded, or LBER_ERROR if an error occurred. .LP The .BR ber_get_next () routine is used to read the next BER element from the given Sockbuf, \fIsb\fP. It strips off and returns the leading tag, strips off and returns the length of the entire element in \fIlen\fP, and sets up \fIber\fP for subsequent calls to .BR ber_scanf () et al to decode the element. See .BR lber-sockbuf (3) for details of the Sockbuf implementation of the \fIsb\fP parameter. .LP The .BR ber_scanf () routine is used to decode a BER element in much the same way that .BR scanf (3) works. It reads from \fIber\fP, a pointer to a BerElement such as returned by .BR ber_get_next (), interprets the bytes according to the format string \fIfmt\fP, and stores the results in its additional arguments. The format string contains conversion specifications which are used to direct the interpretation of the BER element. The format string can contain the following characters. .RS .LP .TP 3 .B a Octet string. A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter. The caller should free the returned string using .BR ber_memfree (). .TP .B A Octet string. A variant of "\fBa\fP". A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter, unless a zero-length string would result; in that case, the arg is set to NULL. The caller should free the returned string using .BR ber_memfree (). .TP .B s Octet string. A char * buffer should be supplied, followed by a pointer to a ber_len_t initialized to the size of the buffer. Upon return, the null-terminated octet string is put into the buffer, and the ber_len_t is set to the actual size of the octet string. .TP .B O Octet string. A struct ber_val ** should be supplied, which upon return points to a dynamically allocated struct berval containing the octet string and its length. The caller should free the returned structure using .BR ber_bvfree (). .TP .B o Octet string. A struct ber_val * should be supplied, which upon return contains the dynamically allocated octet string and its length. The caller should free the returned octet string using .BR ber_memfree (). .TP .B m Octet string. A struct ber_val * should be supplied, which upon return contains the octet string and its length. The string resides in memory assigned to the BerElement, and must not be freed by the caller. .TP .B b Boolean. A pointer to a ber_int_t should be supplied. .TP .B e Enumeration. A pointer to a ber_int_t should be supplied. .TP .B i Integer. A pointer to a ber_int_t should be supplied. .TP .B B Bitstring. A char ** should be supplied which will point to the dynamically allocated bits, followed by a ber_len_t *, which will point to the length (in bits) of the bitstring returned. .TP .B n Null. No parameter is required. The element is simply skipped if it is recognized. .TP .B v Sequence of octet strings. A char *** should be supplied, which upon return points to a dynamically allocated null-terminated array of char *'s containing the octet strings. NULL is returned if the sequence is empty. The caller should free the returned array and octet strings using .BR ber_memvfree (). .TP .B V Sequence of octet strings with lengths. A struct berval *** should be supplied, which upon return points to a dynamically allocated null-terminated array of struct berval *'s containing the octet strings and their lengths. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvecfree (). .TP .B W Sequence of octet strings with lengths. A BerVarray * should be supplied, which upon return points to a dynamically allocated array of struct berval's containing the octet strings and their lengths. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvarray_free (). .TP .B M Sequence of octet strings with lengths. This is a generalized form of the previous three formats. A void ** (ptr) should be supplied, followed by a ber_len_t * (len) and a ber_len_t (off). Upon return (ptr) will point to a dynamically allocated array whose elements are all of size (*len). A struct berval will be filled starting at offset (off) in each element. The strings in each struct berval reside in memory assigned to the BerElement and must not be freed by the caller. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The number of elements in the array is also stored in (*len) on return. The caller should free the returned array using .BR ber_memfree (). .TP .B l Length of the next element. A pointer to a ber_len_t should be supplied. .TP .B t Tag of the next element. A pointer to a ber_tag_t should be supplied. .TP .B T Skip element and return its tag. A pointer to a ber_tag_t should be supplied. .TP .B x Skip element. The next element is skipped. .TP .B { Begin sequence. No parameter is required. The initial sequence tag and length are skipped. .TP .B } End sequence. No parameter is required and no action is taken. .TP .B [ Begin set. No parameter is required. The initial set tag and length are skipped. .TP .B ] End set. No parameter is required and no action is taken. .RE .LP The .BR ber_get_int () routine tries to interpret the next element as an integer, returning the result in \fInum\fP. The tag of whatever it finds is returned on success, LBER_ERROR (\-1) on failure. .LP The .BR ber_get_stringb () routine is used to read an octet string into a preallocated buffer. The \fIlen\fP parameter should be initialized to the size of the buffer, and will contain the length of the octet string read upon return. The buffer should be big enough to take the octet string value plus a terminating NULL byte. .LP The .BR ber_get_stringa () routine is used to dynamically allocate space into which an octet string is read. The caller should free the returned string using .BR ber_memfree(). .LP The .BR ber_get_stringal () routine is used to dynamically allocate space into which an octet string and its length are read. It takes a struct berval **, and returns the result in this parameter. The caller should free the returned structure using .BR ber_bvfree(). .LP The .BR ber_get_stringbv () routine is used to read an octet string and its length into the provided struct berval *. If the \fIalloc\fP parameter is zero, the string will reside in memory assigned to the BerElement, and must not be freed by the caller. If the \fIalloc\fP parameter is non-zero, the string will be copied into dynamically allocated space which should be returned using .BR ber_memfree (). .LP The .BR ber_get_null () routine is used to read a NULL element. It returns the tag of the element it skips over. .LP The .BR ber_get_boolean () routine is used to read a boolean value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_enum () routine is used to read a enumeration value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_bitstringa () routine is used to read a bitstring value. It takes a char ** which will hold the dynamically allocated bits, followed by an ber_len_t *, which will point to the length (in bits) of the bitstring returned. The caller should free the returned string using .BR ber_memfree (). .LP The .BR ber_first_element () routine is used to return the tag and length of the first element in a set or sequence. It also returns in \fIcookie\fP a magic cookie parameter that should be passed to subsequent calls to ber_next_element(), which returns similar information. .SH EXAMPLES Assume the variable \fIber\fP contains a lightweight BER encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP The element can be decoded using .BR ber_scanf () as follows. .LP .nf ber_int_t scope, deref, size, time, attrsonly; char *dn, **attrs; ber_tag_t tag; tag = ber_scanf( ber, "{aeeiib{v}}", &dn, &scope, &deref, &size, &time, &attrsonly, &attrs ); if( tag == LBER_ERROR ) { /* error */ } else { /* success */ } ber_memfree( dn ); ber_memvfree( attrs ); .fi .SH ERRORS If an error occurs during decoding, generally these routines return LBER_ERROR ((ber_tag_t)\-1). .LP .SH NOTES .LP The return values for all of these functions are declared in the .B header file. Some routines may dynamically allocate memory which must be freed by the caller using supplied deallocation routines. .SH SEE ALSO .BR lber-encode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 358 stdin PK!5^#v1v1ber_get_boolean.3nu[.lf 1 stdin .TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");" .LP .BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");" .LP .BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");" .LP .BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");" .LP .BI "ber_tag_t ber_get_null(BerElement *" ber ");" .LP .BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");" .LP .BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");" .LP .BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");" .LP .BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the decoding routines in the lber library. See .BR lber-encode (3) for details on the corresponding encoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_get_next () to get the next BER element and .BR ber_scanf () to do the actual decoding. In some cases, .BR ber_peek_tag () may also need to be called in normal usage. The other routines are provided for those applications that need more control than .BR ber_scanf () provides. In general, these routines return the tag of the element decoded, or LBER_ERROR if an error occurred. .LP The .BR ber_get_next () routine is used to read the next BER element from the given Sockbuf, \fIsb\fP. It strips off and returns the leading tag, strips off and returns the length of the entire element in \fIlen\fP, and sets up \fIber\fP for subsequent calls to .BR ber_scanf () et al to decode the element. See .BR lber-sockbuf (3) for details of the Sockbuf implementation of the \fIsb\fP parameter. .LP The .BR ber_scanf () routine is used to decode a BER element in much the same way that .BR scanf (3) works. It reads from \fIber\fP, a pointer to a BerElement such as returned by .BR ber_get_next (), interprets the bytes according to the format string \fIfmt\fP, and stores the results in its additional arguments. The format string contains conversion specifications which are used to direct the interpretation of the BER element. The format string can contain the following characters. .RS .LP .TP 3 .B a Octet string. A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter. The caller should free the returned string using .BR ber_memfree (). .TP .B A Octet string. A variant of "\fBa\fP". A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter, unless a zero-length string would result; in that case, the arg is set to NULL. The caller should free the returned string using .BR ber_memfree (). .TP .B s Octet string. A char * buffer should be supplied, followed by a pointer to a ber_len_t initialized to the size of the buffer. Upon return, the null-terminated octet string is put into the buffer, and the ber_len_t is set to the actual size of the octet string. .TP .B O Octet string. A struct ber_val ** should be supplied, which upon return points to a dynamically allocated struct berval containing the octet string and its length. The caller should free the returned structure using .BR ber_bvfree (). .TP .B o Octet string. A struct ber_val * should be supplied, which upon return contains the dynamically allocated octet string and its length. The caller should free the returned octet string using .BR ber_memfree (). .TP .B m Octet string. A struct ber_val * should be supplied, which upon return contains the octet string and its length. The string resides in memory assigned to the BerElement, and must not be freed by the caller. .TP .B b Boolean. A pointer to a ber_int_t should be supplied. .TP .B e Enumeration. A pointer to a ber_int_t should be supplied. .TP .B i Integer. A pointer to a ber_int_t should be supplied. .TP .B B Bitstring. A char ** should be supplied which will point to the dynamically allocated bits, followed by a ber_len_t *, which will point to the length (in bits) of the bitstring returned. .TP .B n Null. No parameter is required. The element is simply skipped if it is recognized. .TP .B v Sequence of octet strings. A char *** should be supplied, which upon return points to a dynamically allocated null-terminated array of char *'s containing the octet strings. NULL is returned if the sequence is empty. The caller should free the returned array and octet strings using .BR ber_memvfree (). .TP .B V Sequence of octet strings with lengths. A struct berval *** should be supplied, which upon return points to a dynamically allocated null-terminated array of struct berval *'s containing the octet strings and their lengths. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvecfree (). .TP .B W Sequence of octet strings with lengths. A BerVarray * should be supplied, which upon return points to a dynamically allocated array of struct berval's containing the octet strings and their lengths. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvarray_free (). .TP .B M Sequence of octet strings with lengths. This is a generalized form of the previous three formats. A void ** (ptr) should be supplied, followed by a ber_len_t * (len) and a ber_len_t (off). Upon return (ptr) will point to a dynamically allocated array whose elements are all of size (*len). A struct berval will be filled starting at offset (off) in each element. The strings in each struct berval reside in memory assigned to the BerElement and must not be freed by the caller. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The number of elements in the array is also stored in (*len) on return. The caller should free the returned array using .BR ber_memfree (). .TP .B l Length of the next element. A pointer to a ber_len_t should be supplied. .TP .B t Tag of the next element. A pointer to a ber_tag_t should be supplied. .TP .B T Skip element and return its tag. A pointer to a ber_tag_t should be supplied. .TP .B x Skip element. The next element is skipped. .TP .B { Begin sequence. No parameter is required. The initial sequence tag and length are skipped. .TP .B } End sequence. No parameter is required and no action is taken. .TP .B [ Begin set. No parameter is required. The initial set tag and length are skipped. .TP .B ] End set. No parameter is required and no action is taken. .RE .LP The .BR ber_get_int () routine tries to interpret the next element as an integer, returning the result in \fInum\fP. The tag of whatever it finds is returned on success, LBER_ERROR (\-1) on failure. .LP The .BR ber_get_stringb () routine is used to read an octet string into a preallocated buffer. The \fIlen\fP parameter should be initialized to the size of the buffer, and will contain the length of the octet string read upon return. The buffer should be big enough to take the octet string value plus a terminating NULL byte. .LP The .BR ber_get_stringa () routine is used to dynamically allocate space into which an octet string is read. The caller should free the returned string using .BR ber_memfree(). .LP The .BR ber_get_stringal () routine is used to dynamically allocate space into which an octet string and its length are read. It takes a struct berval **, and returns the result in this parameter. The caller should free the returned structure using .BR ber_bvfree(). .LP The .BR ber_get_stringbv () routine is used to read an octet string and its length into the provided struct berval *. If the \fIalloc\fP parameter is zero, the string will reside in memory assigned to the BerElement, and must not be freed by the caller. If the \fIalloc\fP parameter is non-zero, the string will be copied into dynamically allocated space which should be returned using .BR ber_memfree (). .LP The .BR ber_get_null () routine is used to read a NULL element. It returns the tag of the element it skips over. .LP The .BR ber_get_boolean () routine is used to read a boolean value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_enum () routine is used to read a enumeration value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_bitstringa () routine is used to read a bitstring value. It takes a char ** which will hold the dynamically allocated bits, followed by an ber_len_t *, which will point to the length (in bits) of the bitstring returned. The caller should free the returned string using .BR ber_memfree (). .LP The .BR ber_first_element () routine is used to return the tag and length of the first element in a set or sequence. It also returns in \fIcookie\fP a magic cookie parameter that should be passed to subsequent calls to ber_next_element(), which returns similar information. .SH EXAMPLES Assume the variable \fIber\fP contains a lightweight BER encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP The element can be decoded using .BR ber_scanf () as follows. .LP .nf ber_int_t scope, deref, size, time, attrsonly; char *dn, **attrs; ber_tag_t tag; tag = ber_scanf( ber, "{aeeiib{v}}", &dn, &scope, &deref, &size, &time, &attrsonly, &attrs ); if( tag == LBER_ERROR ) { /* error */ } else { /* success */ } ber_memfree( dn ); ber_memvfree( attrs ); .fi .SH ERRORS If an error occurs during decoding, generally these routines return LBER_ERROR ((ber_tag_t)\-1). .LP .SH NOTES .LP The return values for all of these functions are declared in the .B header file. Some routines may dynamically allocate memory which must be freed by the caller using supplied deallocation routines. .SH SEE ALSO .BR lber-encode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 358 stdin PK! ldap_get_values.3nu[.lf 1 stdin .TH LDAP_GET_VALUES 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char **ldap_get_values(ld, entry, attr) .ft LDAP *ld; LDAPMessage *entry; char *attr; .LP .ft B struct berval **ldap_get_values_len(ld, entry, attr) .ft LDAP *ld; LDAPMessage *entry; char *attr; .LP .ft B int ldap_count_values(vals) .ft char **vals; .LP .ft B int ldap_count_values_len(vals) .ft struct berval **vals; .LP .ft B void ldap_value_free(vals) .ft char **vals; .LP .ft B void ldap_value_free_len(vals) .ft struct berval **vals; .SH DESCRIPTION These routines are used to retrieve and manipulate attribute values from an LDAP entry as returned by .BR ldap_first_entry (3) or .BR ldap_next_entry (3). .B ldap_get_values() takes the \fIentry\fP and the attribute \fIattr\fP whose values are desired and returns a NULL-terminated array of the attribute's values. \fIattr\fP may be an attribute type as returned from .BR ldap_first_attribute (3) or .BR ldap_next_attribute (3), or if the attribute type is known it can simply be given. .LP The number of values in the array can be counted by calling .BR ldap_count_values() . The array of values returned can be freed by calling .BR ldap_value_free() . .LP If the attribute values are binary in nature, and thus not suitable to be returned as an array of char *'s, the .B ldap_get_values_len() routine can be used instead. It takes the same parameters as .BR ldap_get_values() , but returns a NULL-terminated array of pointers to berval structures, each containing the length of and a pointer to a value. .LP The number of values in the array can be counted by calling .BR ldap_count_values_len() . The array of values returned can be freed by calling .BR ldap_value_free_len() . .SH ERRORS If an error occurs in .B ldap_get_values() or .BR ldap_get_values_len() , NULL is returned and the .B ld_errno field in the \fIld\fP parameter is set to indicate the error. See .BR ldap_error (3) for a description of possible error codes. .SH NOTES These routines dynamically allocate memory which the caller must free using the supplied routines. .SH SEE ALSO .BR ldap (3), .BR ldap_first_entry (3), .BR ldap_first_attribute (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 103 stdin PK!A   ldap_modrdn2_s.3nu[.lf 1 stdin .TH LDAP_MODRDN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_modrdn, ldap_modrdn_s, ldap_modrdn2, ldap_modrdn2_s \- Perform an LDAP modify RDN operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_modrdn(ld, dn, newrdn) .ft LDAP \(**ld; char \(**dn, \(**newrdn; .LP .ft B .LP .ft B int ldap_modrdn_s(ld, dn, newrdn) .ft LDAP \(**ld; char \(**dn, \(**newrdn; .LP .ft B int ldap_modrdn2(ld, dn, newrdn, deleteoldrdn) .ft LDAP \(**ld; char \(**dn, \(**newrdn; int deleteoldrdn; .LP .ft B int ldap_modrdn2_s(ld, dn, newrdn, deleteoldrdn) .ft LDAP \(**ld; char \(**dn, \(**newrdn; int deleteoldrdn; .SH DESCRIPTION The .B ldap_modrdn() and .B ldap_modrdn_s() routines perform an LDAP modify RDN operation. They both take \fIdn\fP, the DN of the entry whose RDN is to be changed, and \fInewrdn\fP, the new RDN to give the entry. The old RDN of the entry is never kept as an attribute of the entry. .B ldap_modrdn() is asynchronous, returning the message id of the operation it initiates. .B ldap_modrdn_s() is synchronous, returning the LDAP error code indicating the success or failure of the operation. Use of these routines is deprecated. Use the versions described below instead. .LP The .B ldap_modrdn2() and .B ldap_modrdn2_s() routines also perform an LDAP modify RDN operation, taking the same parameters as above. In addition, they both take the \fIdeleteoldrdn\fP parameter which is used as a boolean value to indicate whether the old RDN values should be deleted from the entry or not. .SH ERRORS The synchronous (_s) versions of these routines return an LDAP error code, either LDAP_SUCCESS or an error if there was trouble. The asynchronous versions return \-1 in case of trouble, setting the .B ld_errno field of \fIld\fP. See .BR ldap_error (3) for more details. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 82 stdin PK!]Ib ldap_delete_ext_s.3nu[.lf 1 stdin .TH LDAP_DELETE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_delete, ldap_delete_s, ldap_delete_ext, ldap_delete_ext_s \- Perform an LDAP delete operation. .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_delete_s(ld, dn) .ft LDAP *ld; char *dn; .LP .ft B int ldap_delete(ld, dn) .ft LDAP *ld; char *dn; .LP .ft B int ldap_delete_ext(ld, dn, serverctrls, clientctrls, msgidp) .ft LDAP *ld; char *dn; LDAPControl **serverctrls, **clientctrls; int *msgidp; .LP .ft B int ldap_delete_ext_s(ld, dn, serverctrls, clientctrls) .ft LDAP *ld; char *dn; LDAPControl **serverctrls, **clientctrls; .SH DESCRIPTION The .B ldap_delete_s() routine is used to perform an LDAP delete operation synchronously. It takes \fIdn\fP, the DN of the entry to be deleted. It returns an LDAP error code, indicating the success or failure of the operation. .LP The .B ldap_delete() routine is used to perform an LDAP delete operation asynchronously. It takes the same parameters as .BR ldap_delete_s(), but returns the message id of the request it initiated. The result of the delete can be obtained by a subsequent call to .BR ldap_result (3). .LP The .B ldap_delete_ext() routine allows server and client controls to be specified to extend the delete request. This routine is asynchronous like ldap_delete(), but its return value is an LDAP error code. It stores the message id of the request in the integer pointed to by msgidp. .LP The .B ldap_delete_ext_s() routine is the synchronous version of .BR ldap_delete_ext(). It also returns an LDAP error code indicating success or failure of the operation. .SH ERRORS .B ldap_delete_s() returns an LDAP error code which can be interpreted by calling one of .BR ldap_perror (3) and friends. .B ldap_delete() returns \-1 if something went wrong initiating the request. It returns the non-negative message id of the request if things went ok. .LP .B ldap_delete_ext() and .B ldap_delete_ext_s() return some Non-zero value if something went wrong initiating the request, else return 0. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 90 stdin PK!nldap_initialize.3nu[.lf 1 stdin .TH LDAP_OPEN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_init, ldap_initialize, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B LDAP *ldap_open(host, port) .ft char *host; int port; .LP .ft B LDAP *ldap_init(host, port) .ft char *host; int port; .LP .ft B int ldap_initialize(ldp, uri) .ft LDAP **ldp; char *uri; .LP .ft B int ldap_set_urllist_proc(ld, proc, params) .ft LDAP *ld; LDAP_URLLIST_PROC *proc; void *params; .LP .ft B int (LDAP_URLLIST_PROC)(ld, urllist, url, params); .ft LDAP *ld; LDAPURLDesc **urllist; LDAPURLDesc **url; void *params; .LP .ft B #include .LP .ft B int ldap_init_fd(fd, proto, uri, ldp) .ft ber_socket_t fd; int proto; char *uri; LDAP **ldp; .SH DESCRIPTION .LP .B ldap_open() opens a connection to an LDAP server and allocates an LDAP structure which is used to identify the connection and to maintain per-connection information. .B ldap_init() allocates an LDAP structure but does not open an initial connection. .B ldap_initialize() allocates an LDAP structure but does not open an initial connection. .B ldap_init_fd() allocates an LDAP structure using an existing connection on the provided socket. One of these routines must be called before any operations are attempted. .LP .B ldap_open() takes \fIhost\fP, the hostname on which the LDAP server is running, and \fIport\fP, the port number to which to connect. If the default IANA-assigned port of 389 is desired, LDAP_PORT should be specified for \fIport\fP. The \fIhost\fP parameter may contain a blank-separated list of hosts to try to connect to, and each host may optionally by of the form \fIhost:port\fP. If present, the \fI:port\fP overrides the \fIport\fP parameter to .BR ldap_open() . Upon successfully making a connection to an LDAP server, .B ldap_open() returns a pointer to an opaque LDAP structure, which should be passed to subsequent calls to .BR ldap_bind() , .BR ldap_search() , etc. Certain fields in the LDAP structure can be set to indicate size limit, time limit, and how aliases are handled during operations; read and write access to those fields must occur by calling .BR ldap_get_option (3) and .BR ldap_set_option (3) respectively, whenever possible. .LP .B ldap_init() acts just like .BR ldap_open() , but does not open a connection to the LDAP server. The actual connection open will occur when the first operation is attempted. .LP .B ldap_initialize() acts like .BR ldap_init() , but it returns an integer indicating either success or the failure reason, and it allows to specify details for the connection in the schema portion of the URI. The .I uri parameter may be a comma- or whitespace-separated list of URIs containing only the .IR schema , the .IR host , and the .I port fields. Apart from .BR ldap , other (non-standard) recognized values of the .I schema field are .B ldaps (LDAP over TLS), .B ldapi (LDAP over IPC), and .B cldap (connectionless LDAP). If other fields are present, the behavior is undefined. .LP At this time, .B ldap_open() and .B ldap_init() are deprecated in favor of .BR ldap_initialize() , essentially because the latter allows to specify a schema in the URI and it explicitly returns an error code. .LP .B ldap_init_fd() allows an LDAP structure to be initialized using an already-opened connection. The .I proto parameter should be one of LDAP_PROTO_TCP, LDAP_PROTO_UDP, or LDAP_PROTO_IPC for a connection using TCP, UDP, or IPC, respectively. The value LDAP_PROTO_EXT may also be specified if user-supplied sockbuf handlers are going to be used. Note that support for UDP is not implemented unless libldap was built with LDAP_CONNECTIONLESS defined. The .I uri parameter may optionally be provided for informational purposes. .LP .B ldap_set_urllist_proc() allows to set a function .I proc of type .I LDAP_URLLIST_PROC that is called when a successful connection can be established. This function receives the list of URIs parsed from the .I uri string originally passed to .BR ldap_initialize() , and the one that successfully connected. The function may manipulate the URI list; the typical use consists in moving the successful URI to the head of the list, so that subsequent attempts to connect to one of the URIs using the same LDAP handle will try it first. If .I ld is null, .I proc is set as a global parameter that is inherited by all handlers within the process that are created after the call to .BR ldap_set_urllist_proc() . By default, no .I LDAP_URLLIST_PROC is set. In a multithreaded environment, .B ldap_set_urllist_proc() must be called before any concurrent operation using the LDAP handle is started. Note: the first call into the LDAP library also initializes the global options for the library. As such the first call should be single-threaded or otherwise protected to insure that only one call is active. It is recommended that .BR ldap_get_option () or .BR ldap_set_option () be used in the program's main thread before any additional threads are created. See .BR ldap_get_option (3). .SH ERRORS If an error occurs, .B ldap_open() and .B ldap_init() will return NULL and .I errno should be set appropriately. .B ldap_initialize() and .B ldap_init_fd() will directly return the LDAP code associated to the error (or .I LDAP_SUCCESS in case of success); .I errno should be set as well whenever appropriate. .B ldap_set_urllist_proc() returns LDAP_OPT_ERROR on error, and LDAP_OPT_SUCCESS on success. .SH SEE ALSO .BR ldap (3), .BR ldap_bind (3), .BR ldap_get_option (3), .BR ldap_set_option (3), .BR lber-sockbuf (3), .BR errno (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 226 stdin PK!ldap_parse_sasl_bind_result.3nu[.lf 1 stdin .TH LDAP_PARSE_RESULT 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_parse_result \- Parsing results .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_parse_result( LDAP *ld, LDAPMessage *result, int *errcodep, char **matcheddnp, char **errmsgp, char ***referralsp, LDAPControl ***serverctrlsp, int freeit ) .LP .ft B int ldap_parse_sasl_bind_result( LDAP *ld, LDAPMessage *result, struct berval **servercredp, int freeit ) .LP .ft B int ldap_parse_extended_result( LDAP *ld, LDAPMessage *result, char **retoidp, struct berval **retdatap, int freeit ) .SH DESCRIPTION .LP These routines are used to extract information from a result message. They will operate on the first result message in a chain of search results (skipping past other message types). They take the \fIresult\fP as returned by a call to .BR ldap_result (3), .BR ldap_search_s (3) or .BR ldap_search_st (3). In addition to .BR ldap_parse_result() , the routines .B ldap_parse_sasl_bind_result() and .B ldap_parse_extended_result() are used to get all the result information from SASL bind and extended operations. .LP The \fIerrcodep\fP parameter will be filled in with the result code from the result message. .LP The server might supply a matched DN string in the message indicating how much of a name in a request was recognized. The \fImatcheddnp\fP parameter will be filled in with this string if supplied, else it will be NULL. If a string is returned, it should be freed using .BR ldap_memfree (3). .LP The \fIerrmsgp\fP parameter will be filled in with the error message field from the parsed message. This string should be freed using .BR ldap_memfree (3). .LP The \fIreferralsp\fP parameter will be filled in with an allocated array of referral strings from the parsed message. This array should be freed using .BR ldap_memvfree (3). If no referrals were returned, \fI*referralsp\fP is set to NULL. .LP The \fIserverctrlsp\fP parameter will be filled in with an allocated array of controls copied from the parsed message. The array should be freed using .BR ldap_controls_free (3). If no controls were returned, \fI*serverctrlsp\fP is set to NULL. .LP The \fIfreeit\fP parameter determines whether the parsed message is freed or not after the extraction. Any non-zero value will make it free the message. The .BR ldap_msgfree (3) routine can also be used to free the message later. .LP For SASL bind results, the \fIservercredp\fP parameter will be filled in with an allocated berval structure containing the credentials from the server if present. The structure should be freed using .BR ber_bvfree (3). .LP For extended results, the \fIretoidp\fP parameter will be filled in with the dotted-OID text representation of the name of the extended operation response. The string should be freed using .BR ldap_memfree (3). If no OID was returned, \fI*retoidp\fP is set to NULL. .LP For extended results, the \fIretdatap\fP parameter will be filled in with a pointer to a berval structure containing the data from the extended operation response. The structure should be freed using .BR ber_bvfree (3). If no data were returned, \fI*retdatap\fP is set to NULL. .LP For all the above result parameters, NULL values can be used in calls in order to ignore certain fields. .SH ERRORS Upon success LDAP_SUCCESS is returned. Otherwise the values of the result parameters are undefined. .SH SEE ALSO .BR ldap (3), .BR ldap_result (3), .BR ldap_search (3), .BR ldap_memfree (3), .BR ldap_memvfree (3), .BR ldap_get_values (3), .BR ldap_controls_free (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 108 stdin PK!CB ldap_compare_ext.3nu[.lf 1 stdin .TH LDAP_COMPARE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_compare, ldap_compare_s, ldap_compare_ext, ldap_compare_ext_s \- Perform an LDAP compare operation. .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_compare_ext( .RS .ft B LDAP *\fIld\fB, char *\fIdn\fB, char *\fIattr\fB, const struct berval *\fIbvalue\fB, LDAPControl **\fIserverctrls\fB, LDAPControl **\fIclientctrls\fB, int *\fImsgidp\fB ); .RE .LP .ft B int ldap_compare_ext_s( .RS .ft B LDAP *\fIld\fB, char *\fIdn\fB, char *\fIattr\fB, const struct berval *\fIbvalue\fB, LDAPControl **\fIserverctrls\fB, LDAPControl **\fIclientctrls\fB ); .RE .SH DESCRIPTION The .B ldap_compare_ext_s() routine is used to perform an LDAP compare operation synchronously. It takes \fIdn\fP, the DN of the entry upon which to perform the compare, and \fIattr\fP and \fIvalue\fP, the attribute description and value to compare to those found in the entry. It returns a code, which will be LDAP_COMPARE_TRUE if the entry contains the attribute value and LDAP_COMPARE_FALSE if it does not. Otherwise, an error code is returned that indicates the nature of the problem. See .BR ldap (3) for details. .LP The .B ldap_compare_ext() routine is used to perform an LDAP compare operation asynchronously. It takes the same parameters as .BR ldap_compare_ext_s() , but provides the message id of the request it initiated in the integer pointed to \fImsgidp\fP. The result of the compare can be obtained by a subsequent call to .BR ldap_result (3). .LP Both routines allow server and client controls to be specified to extend the compare request. .SH DEPRECATED INTERFACES The routines .BR ldap_compare () and .BR ldap_compare_s () are deprecated in favor of .BR ldap_compare_ext () and .BR ldap_compare_ext_s (), respectively. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 75 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 80 stdin PK!S/6 6 ldap_next_attribute.3nu[.lf 1 stdin .TH LDAP_FIRST_ATTRIBUTE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_first_attribute, ldap_next_attribute \- step through LDAP entry attributes .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char *ldap_first_attribute( LDAP *ld, LDAPMessage *entry, BerElement **berptr ) .LP .ft B char *ldap_next_attribute( LDAP *ld, LDAPMessage *entry, BerElement *ber ) .SH DESCRIPTION The .B ldap_first_attribute() and .B ldap_next_attribute() routines are used to step through the attributes in an LDAP entry. .B ldap_first_attribute() takes an \fIentry\fP as returned by .BR ldap_first_entry (3) or .BR ldap_next_entry (3) and returns a pointer to character string containing the first attribute description in the entry. .B ldap_next_attribute() returns the next attribute description in the entry. .LP It also returns, in \fIberptr\fP, a pointer to a BerElement it has allocated to keep track of its current position. This pointer should be passed to subsequent calls to .B ldap_next_attribute() and is used to effectively step through the entry's attributes. The caller is solely responsible for freeing the BerElement pointed to by \fIberptr\fP when it is no longer needed by calling .BR ber_free (3). When calling .BR ber_free (3) in this instance, be sure the second argument is 0. .LP The attribute names returned are suitable for inclusion in a call to .BR ldap_get_values (3) to retrieve the attribute's values. .SH ERRORS If an error occurs, NULL is returned and the ld_errno field in the \fIld\fP parameter is set to indicate the error. See .BR ldap_error (3) for a description of possible error codes. .SH NOTES The .B ldap_first_attribute() and .B ldap_next_attribute() return dynamically allocated memory that must be freed by the caller via .BR ldap_memfree (3). .SH SEE ALSO .BR ldap (3), .BR ldap_first_entry (3), .BR ldap_get_values (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 74 stdin PK! ݴ  ldap_free_urldesc.3nu[.lf 1 stdin .TH LDAP_URL 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_is_ldap_url, ldap_url_parse, ldap_free_urldesc \- LDAP Uniform Resource Locator routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_is_ldap_url( const char *url ) .LP .ft B int ldap_url_parse( const char *url, LDAPURLDesc **ludpp ) .LP typedef struct ldap_url_desc { char * lud_scheme; /* URI scheme */ char * lud_host; /* LDAP host to contact */ int lud_port; /* port on host */ char * lud_dn; /* base for search */ char ** lud_attrs; /* list of attributes */ int lud_scope; /* a LDAP_SCOPE_... value */ char * lud_filter; /* LDAP search filter */ char ** lud_exts; /* LDAP extensions */ int lud_crit_exts; /* true if any extension is critical */ /* may contain additional fields for internal use */ } LDAPURLDesc; .LP .ft B void ldap_free_urldesc( LDAPURLDesc *ludp ); .SH DESCRIPTION These routines support the use of LDAP URLs (Uniform Resource Locators) as detailed in RFC 4516. LDAP URLs look like this: .nf \fBldap://\fP\fIhostport\fP\fB/\fP\fIdn\fP[\fB?\fP\fIattrs\fP[\fB?\fP\fIscope\fP[\fB?\fP\fIfilter\fP[\fB?\fP\fIexts\fP]]]] where: \fIhostport\fP is a host name with an optional ":portnumber" \fIdn\fP is the search base \fIattrs\fP is a comma separated list of attributes to request \fIscope\fP is one of these three strings: base one sub (default=base) \fIfilter\fP is filter \fIexts\fP are recognized set of LDAP and/or API extensions. Example: ldap://ldap.example.net/dc=example,dc=net?cn,sn?sub?(cn=*) .fi .LP URLs that are wrapped in angle-brackets and/or preceded by "URL:" are also tolerated. Alternative LDAP schemes such as ldaps:// and ldapi:// may be parsed using the below routines as well. .LP .B ldap_is_ldap_url() returns a non-zero value if \fIurl\fP looks like an LDAP URL (as opposed to some other kind of URL). It can be used as a quick check for an LDAP URL; the .B ldap_url_parse() routine should be used if a more thorough check is needed. .LP .B ldap_url_parse() breaks down an LDAP URL passed in \fIurl\fP into its component pieces. If successful, zero is returned, an LDAP URL description is allocated, filled in, and \fIludpp\fP is set to point to it. If an error occurs, a non-zero URL error code is returned. .LP .B ldap_free_urldesc() should be called to free an LDAP URL description that was obtained from a call to .B ldap_url_parse(). .SH SEE ALSO .nf .BR ldap (3) .BR "RFC 4516" " " .SH ACKNOWLEDGEMENTS .fi .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 84 stdin PK!MK$K$ ber_put_int.3nu[.lf 1 stdin .TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");" .LP .BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");" .LP .BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");" .LP .BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");" .LP .BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_seq(BerElement *" ber ");" .LP .BI "int ber_put_set(BerElement *" ber ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the encoding routines in the lber library. See .BR lber-decode (3) for details on the corresponding decoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_alloc_t () to allocate a BER element for encoding, .BR ber_printf () to do the actual encoding, and .BR ber_flush2 () to actually write the element. The other routines are provided for those applications that need more control than .BR ber_printf () provides. In general, these routines return the length of the element encoded, or \-1 if an error occurred. .LP The .BR ber_alloc_t () routine is used to allocate a new BER element. It should be called with an argument of LBER_USE_DER. .LP The .BR ber_flush2 () routine is used to actually write the element to a socket (or file) descriptor, once it has been fully encoded (using .BR ber_printf () and friends). See .BR lber-sockbuf (3) for more details on the Sockbuf implementation of the \fIsb\fP parameter. If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will be freed. If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed when successfully flushed, otherwise it is left intact; if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed when an error occurs, otherwise it is left intact; if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway. This function differs from the original .BR ber_flush (3) function, whose behavior corresponds to that indicated for \fILBER_FLUSH_FREE_ON_SUCCESS\fP. Note that in the future, the behavior of .BR ber_flush (3) with \fIfreeit\fP non-zero might change into that of .BR ber_flush2 (3) with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP. .LP The .BR ber_printf () routine is used to encode a BER element in much the same way that .BR sprintf (3) works. One important difference, though, is that some state information is kept with the \fIber\fP parameter so that multiple calls can be made to .BR ber_printf () to append things to the end of the BER element. .BR Ber_printf () writes to \fIber\fP, a pointer to a BerElement such as returned by .BR ber_alloc_t (). It interprets and formats its arguments according to the format string \fIfmt\fP. The format string can contain the following characters: .RS .LP .TP 3 .B b Boolean. An ber_int_t parameter should be supplied. A boolean element is output. .TP .B e Enumeration. An ber_int_t parameter should be supplied. An enumeration element is output. .TP .B i Integer. An ber_int_t parameter should be supplied. An integer element is output. .TP .B B Bitstring. A char * pointer to the start of the bitstring is supplied, followed by the number of bits in the bitstring. A bitstring element is output. .TP .B n Null. No parameter is required. A null element is output. .TP .B o Octet string. A char * is supplied, followed by the length of the string pointed to. An octet string element is output. .TP .B O Octet string. A struct berval * is supplied. An octet string element is output. .TP .B s Octet string. A null-terminated string is supplied. An octet string element is output, not including the trailing NULL octet. .TP .B t Tag. A ber_tag_t specifying the tag to give the next element is provided. This works across calls. .TP .B v Several octet strings. A null-terminated array of char *'s is supplied. Note that a construct like '{v}' is required to get an actual SEQUENCE OF octet strings. .TP .B V Several octet strings. A null-terminated array of struct berval *'s is supplied. Note that a construct like '{V}' is required to get an actual SEQUENCE OF octet strings. .TP .B W Several octet strings. An array of struct berval's is supplied. The array is terminated by a struct berval with a NULL bv_val. Note that a construct like '{W}' is required to get an actual SEQUENCE OF octet strings. .TP .B { Begin sequence. No parameter is required. .TP .B } End sequence. No parameter is required. .TP .B [ Begin set. No parameter is required. .TP .B ] End set. No parameter is required. .RE .LP The .BR ber_put_int () routine writes the integer element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_enum () routine writes the enumeration element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_boolean () routine writes the boolean value given by \fIbool\fP to the BER element. .LP The .BR ber_put_bitstring () routine writes \fIblen\fP bits starting at \fIstr\fP as a bitstring value to the given BER element. Note that \fIblen\fP is the length \fIin bits\fP of the bitstring. .LP The .BR ber_put_ostring () routine writes \fIlen\fP bytes starting at \fIstr\fP to the BER element as an octet string. .LP The .BR ber_put_string () routine writes the null-terminated string (minus the terminating '\0') to the BER element as an octet string. .LP The .BR ber_put_null () routine writes a NULL element to the BER element. .LP The .BR ber_start_seq () routine is used to start a sequence in the BER element. The .BR ber_start_set () routine works similarly. The end of the sequence or set is marked by the nearest matching call to .BR ber_put_seq () or .BR ber_put_set (), respectively. .SH EXAMPLES Assuming the following variable declarations, and that the variables have been assigned appropriately, an lber encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP can be achieved like so: .LP .nf int rc; ber_int_t scope, ali, size, time, attrsonly; char *dn, **attrs; BerElement *ber; /* ... fill in values ... */ ber = ber_alloc_t( LBER_USE_DER ); if ( ber == NULL ) { /* error */ } rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali, size, time, attrsonly, attrs ); if( rc == \-1 ) { /* error */ } else { /* success */ } .fi .SH ERRORS If an error occurs during encoding, generally these routines return \-1. .LP .SH NOTES .LP The return values for all of these functions are declared in the header file. .SH SEE ALSO .BR lber-decode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 289 stdin PK! ȵldap_sort_entries.3nu[.lf 1 stdin .TH LDAP_SORT 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_sort_entries, ldap_sort_values, ldap_sort_strcasecmp \- LDAP sorting routines (deprecated) .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH DESCRIPTION The .BR ldap_sort_entries (), .BR ldap_sort_values (), and .BR ldap_sort_strcasecmp () are deprecated. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 18 stdin .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 22 stdin PK!aj j ldap_count_entries.3nu[.lf 1 stdin .TH LDAP_FIRST_ENTRY 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_first_entry, ldap_next_entry, ldap_count_entries \- LDAP result entry parsing and counting routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_count_entries( LDAP *ld, LDAPMessage *result ) .LP .ft B LDAPMessage *ldap_first_entry( LDAP *ld, LDAPMessage *result ) .LP .ft B LDAPMessage *ldap_next_entry( LDAP *ld, LDAPMessage *entry ) .SH DESCRIPTION .LP These routines are used to parse results received from .BR ldap_result (3) or the synchronous LDAP search operation routines .BR ldap_search_s (3) and .BR ldap_search_st (3). .LP The .B ldap_first_entry() routine is used to retrieve the first entry in a chain of search results. It takes the \fIresult\fP as returned by a call to .BR ldap_result (3) or .BR ldap_search_s (3) or .BR ldap_search_st (3) and returns a pointer to the first entry in the result. .LP This pointer should be supplied on a subsequent call to .B ldap_next_entry() to get the next entry, the result of which should be supplied to the next call to .BR ldap_next_entry() , etc. .B ldap_next_entry() will return NULL when there are no more entries. The entries returned from these calls are used in calls to the routines described in .BR ldap_get_dn (3), .BR ldap_first_attribute (3), .BR ldap_get_values (3), etc. .LP A count of the number of entries in the search result can be obtained by calling .BR ldap_count_entries() . .SH ERRORS If an error occurs in .B ldap_first_entry() or .BR ldap_next_entry() , NULL is returned and the ld_errno field in the \fIld\fP parameter is set to indicate the error. If an error occurs in .BR ldap_count_entries() , -1 is returned, and .B ld_errno is set appropriately. See .BR ldap_error (3) for a description of possible error codes. .SH SEE ALSO .BR ldap (3), .BR ldap_result (3), .BR ldap_search (3), .BR ldap_first_attribute (3), .BR ldap_get_values (3), .BR ldap_get_dn (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 81 stdin PK!%&}.. ldap_dup.3nu[.lf 1 stdin .TH LDAP_OPEN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_dup, ldap_destroy, \- Duplicate and destroy LDAP session handles .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B LDAP *ldap_dup( .RS .ft B LDAP *\fIold\fB ); .RE .LP .ft B int ldap_destroy( .RS .ft B LDAP *\fIold\fB ); .RE .SH DESCRIPTION .LP .B ldap_dup() duplicates an existing LDAP .RB ( "LDAP *" ) session handle. The new session handle may be used concurrently with the original session handle. In a threaded environment, different threads may execute concurrent requests on the same connection/session without fear of contamination. Each session handle manages its own private error results. .LP .B ldap_destroy() destroys an existing session handle. .LP The .B ldap_dup() and .B ldap_destroy() functions are used in conjunction with a "thread safe" version of .B libldap .RB ( libldap_r ) to enable operation thread safe API calls, so that a single session may be simultaneously used across multiple threads with consistent error handling. .LP When a session is created through the use of one of the session creation functions including .BR ldap_open (3), .BR ldap_init (3), .BR ldap_initialize (3) or .BR ldap_init_fd (3) an .B "LDAP *" session handle is returned to the application. The session handle may be shared amongst threads, however the error codes are unique to a session handle. Multiple threads performing different operations using the same session handle will result in inconsistent error codes and return values. .LP To prevent this confusion, .B ldap_dup() is used duplicate an existing session handle so that multiple threads can share the session, and maintain consistent error information and results. .LP The message queues for a session are shared between sibling session handles. Results of operations on a sibling session handles are accessible to all the sibling session handles. Applications desiring results associated with a specific operation should provide the appropriate msgid to .BR ldap_result() . Applications should avoid calling .B ldap_result() with .B LDAP_RES_ANY as that may "steal" and return results in the calling thread that another operation in a different thread, using a different session handle, may require to complete. .LP When .B ldap_unbind() is called on a session handle with siblings, all the siblings become invalid. .LP Siblings must be destroyed using .BR ldap_destroy() . Session handle resources associated with the original .RB ( "LDAP *" ) will be freed when the last session handle is destroyed or when .B ldap_unbind() is called, if no other session handles currently exist. .SH ERRORS If an error occurs, .B ldap_dup() will return NULL and .I errno should be set appropriately. .B ldap_destroy() will directly return the LDAP code associated to the error (or .I LDAP_SUCCESS in case of success); .I errno should be set as well whenever appropriate. .SH SEE ALSO .BR ldap_open (3), .BR ldap_init (3), .BR ldap_initialize (3), .BR ldap_init_fd (3), .BR errno (3) .SH ACKNOWLEDGEMENTS This work is based on the previously proposed .B LDAP C API Concurrency Extensions draft .BR ( draft-zeilenga-ldap-c-api-concurrency-00.txt ) effort. .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 127 stdin PK!T lber-memory.3nu[.lf 1 stdin .TH LBER_MEMORY 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_memalloc, ber_memcalloc, ber_memrealloc, ber_memfree, ber_memvfree \- OpenLDAP LBER memory allocators .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "void *ber_memalloc(ber_len_t " bytes ");" .LP .BI "void *ber_memcalloc(ber_len_t " nelems ", ber_len_t " bytes ");" .LP .BI "void *ber_memrealloc(void *" ptr ", ber_len_t " bytes ");" .LP .BI "void ber_memfree(void *" ptr ");" .LP .BI "void ber_memvfree(void **" vec ");" .SH DESCRIPTION .LP These routines are used to allocate/deallocate memory used/returned by the Lightweight BER library as required by .BR lber-encode (3) and .BR lber-decode (3). .BR ber_memalloc (), .BR ber_memcalloc (), .BR ber_memrealloc (), and .BR ber_memfree () are used exactly like the standard .BR malloc (3), .BR calloc (3), .BR realloc (3), and .BR free (3) routines, respectively. The .BR ber_memvfree () routine is used to free a dynamically allocated array of pointers to arbitrary dynamically allocated objects. .SH SEE ALSO .BR lber-decode (3), .BR lber-encode (3), .BR lber-types (3) .LP .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 50 stdin PK!1ܽ ldap_controls_dup.3nu[.lf 1 stdin .TH LDAP_CONTROLS 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_control_create, ldap_control_find, ldap_control_dup, ldap_controls_dup, ldap_control_free, ldap_controls_free \- LDAP control manipulation routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "int ldap_control_create(const char *" oid ", int " iscritical ", struct berval *" value ", int " dupval ", LDAPControl **" ctrlp ");" .LP .BI "LDAPControl *ldap_control_find( const char *" oid ", LDAPControl **" ctrls ", LDAPControl ***" nextctrlp ");" .LP .BI "LDAPControl *ldap_control_dup(LDAPControl *" ctrl ");" .LP .BI "LDAPControl **ldap_controls_dup(LDAPControl **" ctrls ");" .LP .BI "void ldap_control_free(LDAPControl *" ctrl ");" .LP .BI "void ldap_controls_free(LDAPControl **" ctrls ");" .SH DESCRIPTION These routines are used to manipulate structures used for LDAP controls. .BR ldap_control_create () creates a control with the specified .I OID using the contents of the .I value parameter for the control value, if any. The content of .I value is duplicated if .I dupval is non-zero. The .I iscritical parameter must be non-zero for a critical control. The created control is returned in the .I ctrlp parameter. The routine returns .B LDAP_SUCCESS on success or some other error code on failure. The content of .IR value , for supported control types, can be prepared using helpers provided by this implementation of libldap, usually in the form .BR "ldap_create__control_value" (). Otherwise, it can be BER-encoded using the functionalities of liblber. .BR ldap_control_find () searches the NULL-terminated .I ctrls array for a control whose OID matches the .I oid parameter. The routine returns a pointer to the control if found, NULL otherwise. If the parameter .I nextctrlp is not NULL, on return it will point to the next control in the array, and can be passed to the .BR ldap_control_find () routine for subsequent calls, to find further occurrences of the same control type. The use of this function is discouraged; the recommended way of handling controls in responses consists in going through the array of controls, dealing with each of them in the returned order, since it could matter. .BR ldap_control_dup () duplicates an individual control structure, and .BR ldap_controls_dup () duplicates a NULL-terminated array of controls. .BR ldap_control_free () frees an individual control structure, and .BR ldap_controls_free () frees a NULL-terminated array of controls. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 85 stdin PK!..ldap_unbind_ext_s.3nu[.lf 1 stdin .TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .B #include .LP .BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], int *" msgidp ");" .RE .LP .BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");" .RE .LP .BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res "," .RS .BI "struct berval **" servercredp ", int " freeit ");" .RE .LP .BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ");" .RE .LP .BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ", LDAPMessage *" result "," .BI "const char **" rmechp ", int *" msgidp ");" .RE .LP .BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");" .LP .BI "int ldap_unbind(LDAP *" ld ");" .LP .BI "int ldap_unbind_s(LDAP *" ld ");" .LP .BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");" .LP .BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");" .SH DESCRIPTION .LP These routines provide various interfaces to the LDAP bind operation. After an association with an LDAP server is made using .BR ldap_init (3), an LDAP bind operation should be performed before other operations are attempted over the connection. An LDAP bind is required when using Version 2 of the LDAP protocol; it is optional for Version 3 but is usually needed due to security considerations. .LP There are three types of bind calls, ones providing simple authentication, ones providing SASL authentication, and general routines capable of doing either simple or SASL authentication. .LP .B SASL (Simple Authentication and Security Layer) can negotiate one of many different kinds of authentication. Both synchronous and asynchronous versions of each variant of the bind call are provided. All routines take \fIld\fP as their first parameter, as returned from .BR ldap_init (3). .SH SIMPLE AUTHENTICATION The simplest form of the bind call is .BR ldap_simple_bind_s() . It takes the DN to bind as in \fIwho\fP, and the userPassword associated with the entry in \fIpasswd\fP. It returns an LDAP error indication (see .BR ldap_error (3)). The .B ldap_simple_bind() call is asynchronous, taking the same parameters but only initiating the bind operation and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The .B ldap_sasl_bind_s() and asynchronous .B ldap_sasl_bind() functions can also be used to make a simple bind by using LDAP_SASL_SIMPLE as the SASL mechanism. .SH GENERAL AUTHENTICATION The .B ldap_bind() and .B ldap_bind_s() routines can be used when the authentication method to use needs to be selected at runtime. They both take an extra \fImethod\fP parameter selecting the authentication method to use. It should be set to LDAP_AUTH_SIMPLE to select simple authentication. .B ldap_bind() returns the message id of the request it initiates. .B ldap_bind_s() returns an LDAP error indication. .SH SASL AUTHENTICATION For SASL binds the server always ignores any provided DN, so the .I dn parameter should always be NULL. .BR ldap_sasl_bind_s () sends a single SASL bind request with the given SASL .I mechanism and credentials in the .I cred parameter. The format of the credentials depends on the particular SASL mechanism in use. For mechanisms that provide mutual authentication the server's credentials will be returned in the .I servercredp parameter. The routine returns an LDAP error indication (see .BR ldap_error (3)). The .BR ldap_sasl_bind () call is asynchronous, taking the same parameters but only sending the request and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The result must be additionally parsed by .BR ldap_parse_sasl_bind_result () to obtain any server credentials sent from the server. .LP Many SASL mechanisms require multiple message exchanges to perform a complete authentication. Applications should generally use .BR ldap_sasl_interactive_bind_s () rather than calling the basic .BR ldap_sasl_bind () functions directly. The .I mechs parameter should contain a space-separated list of candidate mechanisms to use. If this parameter is NULL or empty the library will query the supportedSASLMechanisms attribute from the server's rootDSE for the list of SASL mechanisms the server supports. The .I flags parameter controls the interaction used to retrieve any necessary SASL authentication parameters and should be one of: .TP LDAP_SASL_AUTOMATIC use defaults if available, prompt otherwise .TP LDAP_SASL_INTERACTIVE always prompt .TP LDAP_SASL_QUIET never prompt .LP The .I interact function uses the provided .I defaults to handle requests from the SASL library for particular authentication parameters. There is no defined format for the .I defaults information; it is up to the caller to use whatever format is appropriate for the supplied .I interact function. The .I sasl_interact parameter comes from the underlying SASL library. When used with Cyrus SASL this is an array of .B sasl_interact_t structures. The Cyrus SASL library will prompt for a variety of inputs, including: .TP SASL_CB_GETREALM the realm for the authentication attempt .TP SASL_CB_AUTHNAME the username to authenticate .TP SASL_CB_PASS the password for the provided username .TP SASL_CB_USER the username to use for proxy authorization .TP SASL_CB_NOECHOPROMPT generic prompt for input with input echoing disabled .TP SASL_CB_ECHOPROMPT generic prompt for input with input echoing enabled .TP SASL_CB_LIST_END indicates the end of the array of prompts .LP See the Cyrus SASL documentation for more details. .LP Applications which need to manage connections asynchronously may use .BR ldap_sasl_interactive_bind () instead of the synchronous version. A valid mechs parameter must be supplied, otherwise the library will be forced to query the server for a list of supported mechanisms, and this query will be performed synchronously. The other parameters are the same as for the synchronous function, with three additional parameters. The actual SASL mechanism that was used, and the message ID for use with .BR ldap_result () will be returned in rmechp and msgidp, respectively. The value in rmechp must not be modified by the caller and must be passed back on each subsequent call. The message obtained from .BR ldap_result () must be passed in the result parameter. This parameter must be NULL when initiating a new Bind. The caller must free the result message after each call using .BR ldap_msgfree (). The .BR ldap_sasl_interactive_bind () function returns an LDAP result code. If the code is LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and this function must be called again with the next result from the server. .SH REBINDING .LP The .B ldap_set_rebind_proc function() sets the process to use for binding when an operation returns a referral. This function is used when an application needs to bind to another server in order to follow a referral or search continuation reference. .LP The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP, the arbitrary data like state information which the client might need to properly rebind. The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries to use the rebind function. Use the .BR ldap_set_option function to set the value. .LP The rebind function parameters are as follows: .LP The \fIld\fP parameter must be used by the application when binding to the referred server if the application wants the libraries to follow the referral. .LP The \fIurl\fP parameter points to the URL referral string received from the LDAP server. The LDAP application can use the .BR ldap_url_parse (3) function to parse the string into its components. .LP The \fIrequest\fP parameter specifies the type of request that generated the referral. .LP The \fImsgid\fP parameter specifies the message ID of the request generating the referral. .LP The \fIparams\fP parameter is the same value as passed originally to the .BR ldap_set_rebind_proc () function. .LP The LDAP libraries set all the parameters when they call the rebind function. The application should not attempt to free either the ld or the url structures in the rebind function. .LP The application must supply to the rebind function the required authentication information such as, user name, password, and certificates. The rebind function must use a synchronous bind method. .SH UNBINDING The .B ldap_unbind() call is used to unbind from the directory, terminate the current association, and free the resources contained in the \fIld\fP structure. Once it is called, the connection to the LDAP server is closed, and the \fIld\fP structure is invalid. The .B ldap_unbind_s() call is just another name for .BR ldap_unbind() ; both of these calls are synchronous in nature. .LP The .B ldap_unbind_ext() and .B ldap_unbind_ext_s() allows the operations to specify controls. .SH ERRORS Asynchronous routines will return \-1 in case of error, setting the \fIld_errno\fP parameter of the \fIld\fP structure. Synchronous routines return whatever \fIld_errno\fP is set to. See .BR ldap_error (3) for more information. .SH NOTES If an anonymous bind is sufficient for the application, the rebind process need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option set to ON (default value) will automatically follow referrals using an anonymous bind. .LP If the application needs stronger authentication than an anonymous bind, you need to provide a rebind process for that authentication method. The bind method must be synchronous. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_open (3), .BR ldap_set_option (3), .BR ldap_url_parse (3) .B RFC 4422 (http://www.rfc-editor.org), .B Cyrus SASL (http://asg.web.cmu.edu/sasl/) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 335 stdin PK!..ldap_simple_bind_s.3nu[.lf 1 stdin .TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .B #include .LP .BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], int *" msgidp ");" .RE .LP .BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");" .RE .LP .BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res "," .RS .BI "struct berval **" servercredp ", int " freeit ");" .RE .LP .BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ");" .RE .LP .BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ", LDAPMessage *" result "," .BI "const char **" rmechp ", int *" msgidp ");" .RE .LP .BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");" .LP .BI "int ldap_unbind(LDAP *" ld ");" .LP .BI "int ldap_unbind_s(LDAP *" ld ");" .LP .BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");" .LP .BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");" .SH DESCRIPTION .LP These routines provide various interfaces to the LDAP bind operation. After an association with an LDAP server is made using .BR ldap_init (3), an LDAP bind operation should be performed before other operations are attempted over the connection. An LDAP bind is required when using Version 2 of the LDAP protocol; it is optional for Version 3 but is usually needed due to security considerations. .LP There are three types of bind calls, ones providing simple authentication, ones providing SASL authentication, and general routines capable of doing either simple or SASL authentication. .LP .B SASL (Simple Authentication and Security Layer) can negotiate one of many different kinds of authentication. Both synchronous and asynchronous versions of each variant of the bind call are provided. All routines take \fIld\fP as their first parameter, as returned from .BR ldap_init (3). .SH SIMPLE AUTHENTICATION The simplest form of the bind call is .BR ldap_simple_bind_s() . It takes the DN to bind as in \fIwho\fP, and the userPassword associated with the entry in \fIpasswd\fP. It returns an LDAP error indication (see .BR ldap_error (3)). The .B ldap_simple_bind() call is asynchronous, taking the same parameters but only initiating the bind operation and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The .B ldap_sasl_bind_s() and asynchronous .B ldap_sasl_bind() functions can also be used to make a simple bind by using LDAP_SASL_SIMPLE as the SASL mechanism. .SH GENERAL AUTHENTICATION The .B ldap_bind() and .B ldap_bind_s() routines can be used when the authentication method to use needs to be selected at runtime. They both take an extra \fImethod\fP parameter selecting the authentication method to use. It should be set to LDAP_AUTH_SIMPLE to select simple authentication. .B ldap_bind() returns the message id of the request it initiates. .B ldap_bind_s() returns an LDAP error indication. .SH SASL AUTHENTICATION For SASL binds the server always ignores any provided DN, so the .I dn parameter should always be NULL. .BR ldap_sasl_bind_s () sends a single SASL bind request with the given SASL .I mechanism and credentials in the .I cred parameter. The format of the credentials depends on the particular SASL mechanism in use. For mechanisms that provide mutual authentication the server's credentials will be returned in the .I servercredp parameter. The routine returns an LDAP error indication (see .BR ldap_error (3)). The .BR ldap_sasl_bind () call is asynchronous, taking the same parameters but only sending the request and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The result must be additionally parsed by .BR ldap_parse_sasl_bind_result () to obtain any server credentials sent from the server. .LP Many SASL mechanisms require multiple message exchanges to perform a complete authentication. Applications should generally use .BR ldap_sasl_interactive_bind_s () rather than calling the basic .BR ldap_sasl_bind () functions directly. The .I mechs parameter should contain a space-separated list of candidate mechanisms to use. If this parameter is NULL or empty the library will query the supportedSASLMechanisms attribute from the server's rootDSE for the list of SASL mechanisms the server supports. The .I flags parameter controls the interaction used to retrieve any necessary SASL authentication parameters and should be one of: .TP LDAP_SASL_AUTOMATIC use defaults if available, prompt otherwise .TP LDAP_SASL_INTERACTIVE always prompt .TP LDAP_SASL_QUIET never prompt .LP The .I interact function uses the provided .I defaults to handle requests from the SASL library for particular authentication parameters. There is no defined format for the .I defaults information; it is up to the caller to use whatever format is appropriate for the supplied .I interact function. The .I sasl_interact parameter comes from the underlying SASL library. When used with Cyrus SASL this is an array of .B sasl_interact_t structures. The Cyrus SASL library will prompt for a variety of inputs, including: .TP SASL_CB_GETREALM the realm for the authentication attempt .TP SASL_CB_AUTHNAME the username to authenticate .TP SASL_CB_PASS the password for the provided username .TP SASL_CB_USER the username to use for proxy authorization .TP SASL_CB_NOECHOPROMPT generic prompt for input with input echoing disabled .TP SASL_CB_ECHOPROMPT generic prompt for input with input echoing enabled .TP SASL_CB_LIST_END indicates the end of the array of prompts .LP See the Cyrus SASL documentation for more details. .LP Applications which need to manage connections asynchronously may use .BR ldap_sasl_interactive_bind () instead of the synchronous version. A valid mechs parameter must be supplied, otherwise the library will be forced to query the server for a list of supported mechanisms, and this query will be performed synchronously. The other parameters are the same as for the synchronous function, with three additional parameters. The actual SASL mechanism that was used, and the message ID for use with .BR ldap_result () will be returned in rmechp and msgidp, respectively. The value in rmechp must not be modified by the caller and must be passed back on each subsequent call. The message obtained from .BR ldap_result () must be passed in the result parameter. This parameter must be NULL when initiating a new Bind. The caller must free the result message after each call using .BR ldap_msgfree (). The .BR ldap_sasl_interactive_bind () function returns an LDAP result code. If the code is LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and this function must be called again with the next result from the server. .SH REBINDING .LP The .B ldap_set_rebind_proc function() sets the process to use for binding when an operation returns a referral. This function is used when an application needs to bind to another server in order to follow a referral or search continuation reference. .LP The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP, the arbitrary data like state information which the client might need to properly rebind. The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries to use the rebind function. Use the .BR ldap_set_option function to set the value. .LP The rebind function parameters are as follows: .LP The \fIld\fP parameter must be used by the application when binding to the referred server if the application wants the libraries to follow the referral. .LP The \fIurl\fP parameter points to the URL referral string received from the LDAP server. The LDAP application can use the .BR ldap_url_parse (3) function to parse the string into its components. .LP The \fIrequest\fP parameter specifies the type of request that generated the referral. .LP The \fImsgid\fP parameter specifies the message ID of the request generating the referral. .LP The \fIparams\fP parameter is the same value as passed originally to the .BR ldap_set_rebind_proc () function. .LP The LDAP libraries set all the parameters when they call the rebind function. The application should not attempt to free either the ld or the url structures in the rebind function. .LP The application must supply to the rebind function the required authentication information such as, user name, password, and certificates. The rebind function must use a synchronous bind method. .SH UNBINDING The .B ldap_unbind() call is used to unbind from the directory, terminate the current association, and free the resources contained in the \fIld\fP structure. Once it is called, the connection to the LDAP server is closed, and the \fIld\fP structure is invalid. The .B ldap_unbind_s() call is just another name for .BR ldap_unbind() ; both of these calls are synchronous in nature. .LP The .B ldap_unbind_ext() and .B ldap_unbind_ext_s() allows the operations to specify controls. .SH ERRORS Asynchronous routines will return \-1 in case of error, setting the \fIld_errno\fP parameter of the \fIld\fP structure. Synchronous routines return whatever \fIld_errno\fP is set to. See .BR ldap_error (3) for more information. .SH NOTES If an anonymous bind is sufficient for the application, the rebind process need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option set to ON (default value) will automatically follow referrals using an anonymous bind. .LP If the application needs stronger authentication than an anonymous bind, you need to provide a rebind process for that authentication method. The bind method must be synchronous. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_open (3), .BR ldap_set_option (3), .BR ldap_url_parse (3) .B RFC 4422 (http://www.rfc-editor.org), .B Cyrus SASL (http://asg.web.cmu.edu/sasl/) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 335 stdin PK! ݴ  ldap_url_parse.3nu[.lf 1 stdin .TH LDAP_URL 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_is_ldap_url, ldap_url_parse, ldap_free_urldesc \- LDAP Uniform Resource Locator routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_is_ldap_url( const char *url ) .LP .ft B int ldap_url_parse( const char *url, LDAPURLDesc **ludpp ) .LP typedef struct ldap_url_desc { char * lud_scheme; /* URI scheme */ char * lud_host; /* LDAP host to contact */ int lud_port; /* port on host */ char * lud_dn; /* base for search */ char ** lud_attrs; /* list of attributes */ int lud_scope; /* a LDAP_SCOPE_... value */ char * lud_filter; /* LDAP search filter */ char ** lud_exts; /* LDAP extensions */ int lud_crit_exts; /* true if any extension is critical */ /* may contain additional fields for internal use */ } LDAPURLDesc; .LP .ft B void ldap_free_urldesc( LDAPURLDesc *ludp ); .SH DESCRIPTION These routines support the use of LDAP URLs (Uniform Resource Locators) as detailed in RFC 4516. LDAP URLs look like this: .nf \fBldap://\fP\fIhostport\fP\fB/\fP\fIdn\fP[\fB?\fP\fIattrs\fP[\fB?\fP\fIscope\fP[\fB?\fP\fIfilter\fP[\fB?\fP\fIexts\fP]]]] where: \fIhostport\fP is a host name with an optional ":portnumber" \fIdn\fP is the search base \fIattrs\fP is a comma separated list of attributes to request \fIscope\fP is one of these three strings: base one sub (default=base) \fIfilter\fP is filter \fIexts\fP are recognized set of LDAP and/or API extensions. Example: ldap://ldap.example.net/dc=example,dc=net?cn,sn?sub?(cn=*) .fi .LP URLs that are wrapped in angle-brackets and/or preceded by "URL:" are also tolerated. Alternative LDAP schemes such as ldaps:// and ldapi:// may be parsed using the below routines as well. .LP .B ldap_is_ldap_url() returns a non-zero value if \fIurl\fP looks like an LDAP URL (as opposed to some other kind of URL). It can be used as a quick check for an LDAP URL; the .B ldap_url_parse() routine should be used if a more thorough check is needed. .LP .B ldap_url_parse() breaks down an LDAP URL passed in \fIurl\fP into its component pieces. If successful, zero is returned, an LDAP URL description is allocated, filled in, and \fIludpp\fP is set to point to it. If an error occurs, a non-zero URL error code is returned. .LP .B ldap_free_urldesc() should be called to free an LDAP URL description that was obtained from a call to .B ldap_url_parse(). .SH SEE ALSO .nf .BR ldap (3) .BR "RFC 4516" " " .SH ACKNOWLEDGEMENTS .fi .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 84 stdin PK!^E/ / ldap_parse_reference.3nu[.lf 1 stdin .TH LDAP_PARSE_REFERENCE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_parse_reference \- Extract referrals and controls from a reference message .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_parse_reference( LDAP *ld, LDAPMessage *reference, char ***referralsp, LDAPControl ***serverctrlsp, int freeit ) .SH DESCRIPTION .LP The .B ldap_parse_reference() routine is used to extract referrals and controls from a reference message. The \fIreference\fP parameter is a reference message as returned by a call to .BR ldap_first_reference (3) , .BR ldap_next_reference (3) , .BR ldap_first_message (3) , .BR ldap_next_message (3) , or .BR ldap_result (3) . .LP The \fIreferralsp\fP parameter will be filled in with an allocated array of character strings. The strings are copies of the referrals contained in the parsed message. The array should be freed by calling .BR ldap_value_free (3) . If \fIreferralsp\fP is NULL, no referrals are returned. If no referrals were returned, \fI*referralsp\fP is set to NULL. .LP The \fIserverctrlsp\fP parameter will be filled in with an allocated array of controls copied from the parsed message. The array should be freed by calling .BR ldap_controls_free (3). If \fIserverctrlsp\fP is NULL, no controls are returned. If no controls were returned, \fI*serverctrlsp\fP is set to NULL. .LP The \fIfreeit\fP parameter determines whether the parsed message is freed or not after the extraction. Any non-zero value will make it free the message. The .BR ldap_msgfree (3) routine can also be used to free the message later. .SH ERRORS Upon success LDAP_SUCCESS is returned. Otherwise the values of the \fIreferralsp\fP and \fIserverctrlsp\fP parameters are undefined. .SH SEE ALSO .BR ldap (3), .BR ldap_first_reference (3), .BR ldap_first_message (3), .BR ldap_result (3), .BR ldap_get_values (3), .BR ldap_controls_free (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 62 stdin PK!շY ber_dupbv.3nu[.lf 1 stdin .TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .nf .ft B typedef impl_tag_t ber_tag_t; typedef impl_int_t ber_int_t; typedef impl_uint_t ber_uint_t; typedef impl_len_t ber_len_t; typedef impl_slen_t ber_slen_t; typedef struct berval { ber_len_t bv_len; char *bv_val; } BerValue, *BerVarray; typedef struct berelement BerElement; .ft .fi .LP .BI "void ber_bvfree(struct berval *" bv ");" .LP .BI "void ber_bvecfree(struct berval **" bvec ");" .LP .BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");" .LP .BI "void ber_bvarray_free(struct berval *" bvarray ");" .LP .BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");" .LP .BI "struct berval *ber_bvdup(const struct berval *" bv ");" .LP .BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");" .LP .BI "struct berval *ber_bvstr(const char *" str ");" .LP .BI "struct berval *ber_bvstrdup(const char *" str ");" .LP .BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");" .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "BerElement *ber_init(struct berval *" bv ");" .LP .BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");" .LP .BI "void ber_free(BerElement *" ber ", int " freebuf ");" .SH DESCRIPTION .LP The following are the basic types and structures defined for use with the Lightweight BER library. .LP .B ber_int_t is a signed integer of at least 32 bits. It is commonly equivalent to .BR int . .B ber_uint_t is the unsigned variant of .BR ber_int_t . .LP .B ber_len_t is an unsigned integer of at least 32 bits used to represent a length. It is commonly equivalent to a .BR size_t . .B ber_slen_t is the signed variant to .BR ber_len_t . .LP .B ber_tag_t is an unsigned integer of at least 32 bits used to represent a BER tag. It is commonly equivalent to a .BR unsigned\ long . .LP The actual definitions of the integral impl_TYPE_t types are platform specific. .LP .BR BerValue , commonly used as .BR struct\ berval , is used to hold an arbitrary sequence of octets. .B bv_val points to .B bv_len octets. .B bv_val is not necessarily terminated by a NULL (zero) octet. .BR ber_bvfree () frees a BerValue, pointed to by \fIbv\fP, returned from this API. If \fIbv\fP is NULL, the routine does nothing. .LP .BR ber_bvecfree () frees an array of BerValues (and the array), pointed to by \fIbvec\fP, returned from this API. If \fIbvec\fP is NULL, the routine does nothing. .BR ber_bvecadd () appends the \fIbv\fP pointer to the \fIbvec\fP array. Space for the array is allocated as needed. The end of the array is marked by a NULL pointer. .LP .BR ber_bvarray_free () frees an array of BerValues (and the array), pointed to by \fIbvarray\fP, returned from this API. If \fIbvarray\fP is NULL, the routine does nothing. .BR ber_bvarray_add () appends the contents of the BerValue pointed to by \fIbv\fP to the \fIbvarray\fP array. Space for the new element is allocated as needed. The end of the array is marked by a BerValue with a NULL bv_val field. .LP .BR ber_bvdup () returns a copy of a BerValue. The routine returns NULL upon error (e.g. out of memory). The caller should use .BR ber_bvfree () to deallocate the resulting BerValue. .BR ber_dupbv () copies a BerValue from \fIsrc\fP to \fIdst\fP. If \fIdst\fP is NULL a new BerValue will be allocated to hold the copy. The routine returns NULL upon error, otherwise it returns a pointer to the copy. If \fIdst\fP is NULL the caller should use .BR ber_bvfree () to deallocate the resulting BerValue, otherwise .BR ber_memfree () should be used to deallocate the \fIdst->bv_val\fP. (The .BR ber_bvdup () function is internally implemented as ber_dupbv(NULL, bv). .BR ber_bvdup () is provided only for compatibility with an expired draft of the LDAP C API; .BR ber_dupbv () is the preferred interface.) .LP .BR ber_bvstr () returns a BerValue containing the string pointed to by \fIstr\fP. .BR ber_bvstrdup () returns a BerValue containing a copy of the string pointed to by \fIstr\fP. .BR ber_str2bv () returns a BerValue containing the string pointed to by \fIstr\fP, whose length may be optionally specified in \fIlen\fP. If \fIdup\fP is non-zero, the BerValue will contain a copy of \fIstr\fP. If \fIlen\fP is zero, the number of bytes to copy will be determined by .BR strlen (3), otherwise \fIlen\fP bytes will be copied. If \fIbv\fP is non-NULL, the result will be stored in the given BerValue, otherwise a new BerValue will be allocated to store the result. NOTE: Both .BR ber_bvstr () and .BR ber_bvstrdup () are implemented as macros using .BR ber_str2bv () in this version of the library. .LP .B BerElement is an opaque structure used to maintain state information used in encoding and decoding. .BR ber_alloc_t () is used to create an empty BerElement structure. If .B LBER_USE_DER is specified for the .I options parameter then data lengths for data written to the BerElement will be encoded in the minimal number of octets required, otherwise they will always be written as four byte values. .BR ber_init () creates a BerElement structure that is initialized with a copy of the data in its .I bv parameter. .BR ber_init2 () initializes an existing BerElement .I ber using the data in the .I bv parameter. The data is referenced directly, not copied. The .I options parameter is the same as for .BR ber_alloc_t (). .BR ber_free () frees a BerElement pointed to by \fIber\fP. If \fIber\fP is NULL, the routine does nothing. If \fIfreebuf\fP is zero, the internal buffer is not freed. .SH SEE ALSO .BR lber-encode (3), .BR lber-decode (3), .BR lber-memory (3) .LP .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 189 stdin PK!MK$K$ber_put_enum.3nu[.lf 1 stdin .TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");" .LP .BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");" .LP .BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");" .LP .BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");" .LP .BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_seq(BerElement *" ber ");" .LP .BI "int ber_put_set(BerElement *" ber ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the encoding routines in the lber library. See .BR lber-decode (3) for details on the corresponding decoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_alloc_t () to allocate a BER element for encoding, .BR ber_printf () to do the actual encoding, and .BR ber_flush2 () to actually write the element. The other routines are provided for those applications that need more control than .BR ber_printf () provides. In general, these routines return the length of the element encoded, or \-1 if an error occurred. .LP The .BR ber_alloc_t () routine is used to allocate a new BER element. It should be called with an argument of LBER_USE_DER. .LP The .BR ber_flush2 () routine is used to actually write the element to a socket (or file) descriptor, once it has been fully encoded (using .BR ber_printf () and friends). See .BR lber-sockbuf (3) for more details on the Sockbuf implementation of the \fIsb\fP parameter. If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will be freed. If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed when successfully flushed, otherwise it is left intact; if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed when an error occurs, otherwise it is left intact; if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway. This function differs from the original .BR ber_flush (3) function, whose behavior corresponds to that indicated for \fILBER_FLUSH_FREE_ON_SUCCESS\fP. Note that in the future, the behavior of .BR ber_flush (3) with \fIfreeit\fP non-zero might change into that of .BR ber_flush2 (3) with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP. .LP The .BR ber_printf () routine is used to encode a BER element in much the same way that .BR sprintf (3) works. One important difference, though, is that some state information is kept with the \fIber\fP parameter so that multiple calls can be made to .BR ber_printf () to append things to the end of the BER element. .BR Ber_printf () writes to \fIber\fP, a pointer to a BerElement such as returned by .BR ber_alloc_t (). It interprets and formats its arguments according to the format string \fIfmt\fP. The format string can contain the following characters: .RS .LP .TP 3 .B b Boolean. An ber_int_t parameter should be supplied. A boolean element is output. .TP .B e Enumeration. An ber_int_t parameter should be supplied. An enumeration element is output. .TP .B i Integer. An ber_int_t parameter should be supplied. An integer element is output. .TP .B B Bitstring. A char * pointer to the start of the bitstring is supplied, followed by the number of bits in the bitstring. A bitstring element is output. .TP .B n Null. No parameter is required. A null element is output. .TP .B o Octet string. A char * is supplied, followed by the length of the string pointed to. An octet string element is output. .TP .B O Octet string. A struct berval * is supplied. An octet string element is output. .TP .B s Octet string. A null-terminated string is supplied. An octet string element is output, not including the trailing NULL octet. .TP .B t Tag. A ber_tag_t specifying the tag to give the next element is provided. This works across calls. .TP .B v Several octet strings. A null-terminated array of char *'s is supplied. Note that a construct like '{v}' is required to get an actual SEQUENCE OF octet strings. .TP .B V Several octet strings. A null-terminated array of struct berval *'s is supplied. Note that a construct like '{V}' is required to get an actual SEQUENCE OF octet strings. .TP .B W Several octet strings. An array of struct berval's is supplied. The array is terminated by a struct berval with a NULL bv_val. Note that a construct like '{W}' is required to get an actual SEQUENCE OF octet strings. .TP .B { Begin sequence. No parameter is required. .TP .B } End sequence. No parameter is required. .TP .B [ Begin set. No parameter is required. .TP .B ] End set. No parameter is required. .RE .LP The .BR ber_put_int () routine writes the integer element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_enum () routine writes the enumeration element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_boolean () routine writes the boolean value given by \fIbool\fP to the BER element. .LP The .BR ber_put_bitstring () routine writes \fIblen\fP bits starting at \fIstr\fP as a bitstring value to the given BER element. Note that \fIblen\fP is the length \fIin bits\fP of the bitstring. .LP The .BR ber_put_ostring () routine writes \fIlen\fP bytes starting at \fIstr\fP to the BER element as an octet string. .LP The .BR ber_put_string () routine writes the null-terminated string (minus the terminating '\0') to the BER element as an octet string. .LP The .BR ber_put_null () routine writes a NULL element to the BER element. .LP The .BR ber_start_seq () routine is used to start a sequence in the BER element. The .BR ber_start_set () routine works similarly. The end of the sequence or set is marked by the nearest matching call to .BR ber_put_seq () or .BR ber_put_set (), respectively. .SH EXAMPLES Assuming the following variable declarations, and that the variables have been assigned appropriately, an lber encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP can be achieved like so: .LP .nf int rc; ber_int_t scope, ali, size, time, attrsonly; char *dn, **attrs; BerElement *ber; /* ... fill in values ... */ ber = ber_alloc_t( LBER_USE_DER ); if ( ber == NULL ) { /* error */ } rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali, size, time, attrsonly, attrs ); if( rc == \-1 ) { /* error */ } else { /* success */ } .fi .SH ERRORS If an error occurs during encoding, generally these routines return \-1. .LP .SH NOTES .LP The return values for all of these functions are declared in the header file. .SH SEE ALSO .BR lber-decode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 289 stdin PK! ȵldap_sort_values.3nu[.lf 1 stdin .TH LDAP_SORT 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_sort_entries, ldap_sort_values, ldap_sort_strcasecmp \- LDAP sorting routines (deprecated) .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH DESCRIPTION The .BR ldap_sort_entries (), .BR ldap_sort_values (), and .BR ldap_sort_strcasecmp () are deprecated. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 18 stdin .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 22 stdin PK!qq ldap_dnfree.3nu[.lf 1 stdin .TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char *ldap_get_dn( LDAP *ld, LDAPMessage *entry ) .LP .ft B int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags ) .LP .ft B void ldap_dnfree( LDAPDN dn ) .LP .ft B int ldap_dn2str( LDAPDN dn, char **str, unsigned flags ) .LP .ft B char **ldap_explode_dn( const char *dn, int notypes ) .LP .ft B char **ldap_explode_rdn( const char *rdn, int notypes ) .LP .ft B char *ldap_dn2ufn( const char * dn ) .LP .ft B char *ldap_dn2dcedn( const char * dn ) .LP .ft B char *ldap_dcedn2dn( const char * dn ) .LP .ft B char *ldap_dn2ad_canonical( const char * dn ) .SH DESCRIPTION These routines allow LDAP entry names (Distinguished Names, or DNs) to be obtained, parsed, converted to a user-friendly form, and tested. A DN has the form described in RFC 4414 "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names". .LP The .B ldap_get_dn() routine takes an \fIentry\fP as returned by .BR ldap_first_entry (3) or .BR ldap_next_entry (3) and returns a copy of the entry's DN. Space for the DN will be obtained dynamically and should be freed by the caller using .BR ldap_memfree (3). .LP .B ldap_str2dn() parses a string representation of a distinguished name contained in .B str into its components, which are stored in .B dn as .B ldap_ava structures, arranged in .B LDAPAVA, .B LDAPRDN, and .B LDAPDN terms. Space for .B dn will be obtained dynamically and should be freed by the caller using .BR ldap_dnfree (3). The .B LDAPDN is defined as: .nf .ft B typedef struct ldap_ava { struct berval la_attr; struct berval la_value; unsigned la_flags; } LDAPAVA; typedef LDAPAVA** LDAPRDN; typedef LDAPRDN* LDAPDN; .ft .fi The attribute types and the attribute values are not normalized. The .B la_flags can be either .B LDAP_AVA_STRING or .B LDAP_AVA_BINARY, the latter meaning that the value is BER/DER encoded and thus must be represented as, quoting from RFC 4514, " ... an octothorpe character ('#' ASCII 35) followed by the hexadecimal representation of each of the bytes of the BER encoding of the X.500 AttributeValue." The .B flags parameter to .B ldap_str2dn() can be .LP .nf LDAP_DN_FORMAT_LDAPV3 LDAP_DN_FORMAT_LDAPV2 LDAP_DN_FORMAT_DCE .fi which defines what DN syntax is expected (according to RFC 4514, RFC 1779 and DCE, respectively). The format can be \fIOR\fPed to the flags .LP .nf LDAP_DN_P_NO_SPACES LDAP_DN_P_NO_SPACE_AFTER_RDN ... LDAP_DN_PEDANTIC .fi The latter is a shortcut for all the previous limitations. .LP .B LDAP_DN_P_NO_SPACES does not allow extra spaces in the dn; the default is to silently eliminate spaces around AVA separators ('='), RDN component separators ('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators (',' LDAPv3/LDAPv2 or '/' for DCE). .LP .B LDAP_DN_P_NO_SPACE_AFTER_RDN does not allow a single space after RDN separators. .LP .B ldap_dn2str() performs the inverse operation, yielding in .B str a string representation of .B dn. It allows the same values for .B flags as .B ldap_str2dn(), plus .LP .nf LDAP_DN_FORMAT_UFN LDAP_DN_FORMAT_AD_CANONICAL .fi for user-friendly naming (RFC 1781) and AD canonical. .LP The following routines are viewed as deprecated in favor of .B ldap_str2dn() and .BR ldap_dn2str(). They are provided to support legacy applications. .LP The .B ldap_explode_dn() routine takes a DN as returned by .B ldap_get_dn() and breaks it up into its component parts. Each part is known as a Relative Distinguished Name, or RDN. .B ldap_explode_dn() returns a NULL-terminated array, each component of which contains an RDN from the DN. The \fInotypes\fP parameter is used to request that only the RDN values be returned, not their types. For example, the DN "cn=Bob, c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob", "US", NULL }, depending on whether notypes was 0 or 1, respectively. Assertion values in RDN strings may included escaped characters. The result can be freed by calling .BR ldap_value_free (3). .LP Similarly, the .B ldap_explode_rdn() routine takes an RDN as returned by .B ldap_explode_dn(dn,0) and breaks it up into its "type=value" component parts (or just "value", if the \fInotypes\fP parameter is set). Note the value is not unescaped. The result can be freed by calling .BR ldap_value_free (3). .LP .B ldap_dn2ufn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a more user-friendly form, stripping off all type names. See "Using the Directory to Achieve User Friendly Naming" (RFC 1781) for more details on the UFN format. Due to the ambiguous nature of the format, it is generally only used for display purposes. The space for the UFN returned is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .LP .B ldap_dn2dcedn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a DCE-style DN, e.g. a string with most-significant to least significant rdns separated by slashes ('/'); rdn components are separated by commas (','). Only printable chars (e.g. LDAPv2 printable string) are allowed, at least in this implementation. .B ldap_dcedn2dn() performs the opposite operation. .B ldap_dn2ad_canonical() turns a DN into a AD canonical name, which is basically a DCE dn with attribute types omitted. The trailing domain, if present, is turned in a DNS-like domain. The space for the returned value is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .SH ERRORS If an error occurs in .BR ldap_get_dn() , NULL is returned and the .B ld_errno field in the \fIld\fP parameter is set to indicate the error. See .BR ldap_error (3) for a description of possible error codes. .BR ldap_explode_dn() , .BR ldap_explode_rdn() , .B ldap_dn2ufn(), .B ldap_dn2dcedn(), .B ldap_dcedn2dn(), and .B ldap_dn2ad_canonical() will return NULL with .BR errno (3) set appropriately in case of trouble. .SH NOTES These routines dynamically allocate memory that the caller must free. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_first_entry (3), .BR ldap_memfree (3), .BR ldap_value_free (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 247 stdin PK!aj j ldap_next_entry.3nu[.lf 1 stdin .TH LDAP_FIRST_ENTRY 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_first_entry, ldap_next_entry, ldap_count_entries \- LDAP result entry parsing and counting routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_count_entries( LDAP *ld, LDAPMessage *result ) .LP .ft B LDAPMessage *ldap_first_entry( LDAP *ld, LDAPMessage *result ) .LP .ft B LDAPMessage *ldap_next_entry( LDAP *ld, LDAPMessage *entry ) .SH DESCRIPTION .LP These routines are used to parse results received from .BR ldap_result (3) or the synchronous LDAP search operation routines .BR ldap_search_s (3) and .BR ldap_search_st (3). .LP The .B ldap_first_entry() routine is used to retrieve the first entry in a chain of search results. It takes the \fIresult\fP as returned by a call to .BR ldap_result (3) or .BR ldap_search_s (3) or .BR ldap_search_st (3) and returns a pointer to the first entry in the result. .LP This pointer should be supplied on a subsequent call to .B ldap_next_entry() to get the next entry, the result of which should be supplied to the next call to .BR ldap_next_entry() , etc. .B ldap_next_entry() will return NULL when there are no more entries. The entries returned from these calls are used in calls to the routines described in .BR ldap_get_dn (3), .BR ldap_first_attribute (3), .BR ldap_get_values (3), etc. .LP A count of the number of entries in the search result can be obtained by calling .BR ldap_count_entries() . .SH ERRORS If an error occurs in .B ldap_first_entry() or .BR ldap_next_entry() , NULL is returned and the ld_errno field in the \fIld\fP parameter is set to indicate the error. If an error occurs in .BR ldap_count_entries() , -1 is returned, and .B ld_errno is set appropriately. See .BR ldap_error (3) for a description of possible error codes. .SH SEE ALSO .BR ldap (3), .BR ldap_result (3), .BR ldap_search (3), .BR ldap_first_attribute (3), .BR ldap_get_values (3), .BR ldap_get_dn (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 81 stdin PK!gd"#"#ldap_syntax2str.3nu[.lf 1 stdin .TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B LDAPSyntax * ldap_str2syntax(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_syntax2str(syn) .ft const LDAPSyntax * syn; .LP .ft B const char * ldap_syntax2name(syn) .ft LDAPSyntax * syn; .LP .ft B ldap_syntax_free(syn) .ft LDAPSyntax * syn; .LP .ft B LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_matchingrule2str(mr); .ft const LDAPMatchingRule * mr; .LP .ft B const char * ldap_matchingrule2name(mr) .ft LDAPMatchingRule * mr; .LP .ft B ldap_matchingrule_free(mr) .ft LDAPMatchingRule * mr; .LP .ft B LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_attributetype2str(at) .ft const LDAPAttributeType * at; .LP .ft B const char * ldap_attributetype2name(at) .ft LDAPAttributeType * at; .LP .ft B ldap_attributetype_free(at) .ft LDAPAttributeType * at; .LP .ft B LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_objectclass2str(oc) .ft const LDAPObjectClass * oc; .LP .ft B const char * ldap_objectclass2name(oc) .ft LDAPObjectClass * oc; .LP .ft B ldap_objectclass_free(oc) .ft LDAPObjectClass * oc; .LP .ft B char * ldap_scherr2str(code) .ft int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is responsible for freeing the struct by calling .B ldap_xxx_free() when not needed any longer. The routine returns NULL if some problem happened. In this case, the integer pointed at by argument .IR code will receive an error code (see below the description of .B ldap_scherr2str() for an explanation of the values) and a pointer to a NUL-terminated string will be placed where requested by argument .IR errp , indicating where in argument .IR s the error happened, so it must not be freed by the caller. Argument .IR flags is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. .TP .B LDAP_SCHEMA_ALLOW_QUOTED permit quotes around some items that should not have them. .TP .B LDAP_SCHEMA_ALLOW_DESCR permit a .B descr instead of a numeric OID in places where the syntax expect the latter. .TP .B LDAP_SCHEMA_ALLOW_DESCR_PREFIX permit that the initial numeric OID contains a prefix in .B descr format. .TP .B LDAP_SCHEMA_ALLOW_ALL be very liberal, include all options. .LP The structures returned are as follows: .sp .RS .nf .ne 7 .ta 8n 16n 32n typedef struct ldap_schema_extension_item { char *lsei_name; /* Extension name */ char **lsei_values; /* Extension values */ } LDAPSchemaExtensionItem; typedef struct ldap_syntax { char *syn_oid; /* OID */ char **syn_names; /* Names */ char *syn_desc; /* Description */ LDAPSchemaExtensionItem **syn_extensions; /* Extension */ } LDAPSyntax; typedef struct ldap_matchingrule { char *mr_oid; /* OID */ char **mr_names; /* Names */ char *mr_desc; /* Description */ int mr_obsolete; /* Is obsolete? */ char *mr_syntax_oid; /* Syntax of asserted values */ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */ } LDAPMatchingRule; typedef struct ldap_attributetype { char *at_oid; /* OID */ char **at_names; /* Names */ char *at_desc; /* Description */ int at_obsolete; /* Is obsolete? */ char *at_sup_oid; /* OID of superior type */ char *at_equality_oid; /* OID of equality matching rule */ char *at_ordering_oid; /* OID of ordering matching rule */ char *at_substr_oid; /* OID of substrings matching rule */ char *at_syntax_oid; /* OID of syntax of values */ int at_syntax_len; /* Suggested minimum maximum length */ int at_single_value; /* Is single-valued? */ int at_collective; /* Is collective? */ int at_no_user_mod; /* Are changes forbidden through LDAP? */ int at_usage; /* Usage, see below */ LDAPSchemaExtensionItem **at_extensions; /* Extensions */ } LDAPAttributeType; typedef struct ldap_objectclass { char *oc_oid; /* OID */ char **oc_names; /* Names */ char *oc_desc; /* Description */ int oc_obsolete; /* Is obsolete? */ char **oc_sup_oids; /* OIDs of superior classes */ int oc_kind; /* Kind, see below */ char **oc_at_oids_must; /* OIDs of required attribute types */ char **oc_at_oids_may; /* OIDs of optional attribute types */ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */ } LDAPObjectClass; .ta .fi .RE .PP Some integer fields (those described with a question mark) have a truth value, for these fields the possible values are: .TP .B LDAP_SCHEMA_NO The answer to the question is no. .TP .B LDAP_SCHEMA_YES The answer to the question is yes. .LP For attribute types, the following usages are possible: .TP .B LDAP_SCHEMA_USER_APPLICATIONS the attribute type is non-operational. .TP .B LDAP_SCHEMA_DIRECTORY_OPERATION the attribute type is operational and is pertinent to the directory itself, i.e. it has the same value on all servers that master the entry containing this attribute type. .TP .B LDAP_SCHEMA_DISTRIBUTED_OPERATION the attribute type is operational and is pertinent to replication, shadowing or other distributed directory aspect. TBC. .TP .B LDAP_SCHEMA_DSA_OPERATION the attribute type is operational and is pertinent to the directory server itself, i.e. it may have different values for the same entry when retrieved from different servers that master the entry. .LP Object classes can be of three kinds: .TP .B LDAP_SCHEMA_ABSTRACT the object class is abstract, i.e. there cannot be entries of this class alone. .TP .B LDAP_SCHEMA_STRUCTURAL the object class is structural, i.e. it describes the main role of the entry. On some servers, once the entry is created the set of structural object classes assigned cannot be changed: none of those present can be removed and none other can be added. .TP .B LDAP_SCHEMA_AUXILIARY the object class is auxiliary, i.e. it is intended to go with other, structural, object classes. These can be added or removed at any time if attribute types are added or removed at the same time as needed by the set of object classes resulting from the operation. .LP Routines .B ldap_xxx2name() return a canonical name for the definition. .LP Routines .B ldap_xxx2str() return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. .LP .B ldap_scherr2str() returns a NUL-terminated string with a text description of the error found. This is a pointer to a static area, so it must not be freed by the caller. The argument .IR code comes from one of the parsing routines and can adopt the following values: .TP .B LDAP_SCHERR_OUTOFMEM Out of memory. .TP .B LDAP_SCHERR_UNEXPTOKEN Unexpected token. .TP .B LDAP_SCHERR_NOLEFTPAREN Missing opening parenthesis. .TP .B LDAP_SCHERR_NORIGHTPAREN Missing closing parenthesis. .TP .B LDAP_SCHERR_NODIGIT Expecting digit. .TP .B LDAP_SCHERR_BADNAME Expecting a name. .TP .B LDAP_SCHERR_BADDESC Bad description. .TP .B LDAP_SCHERR_BADSUP Bad superiors. .TP .B LDAP_SCHERR_DUPOPT Duplicate option. .TP .B LDAP_SCHERR_EMPTY Unexpected end of data. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 321 stdin PK! ldap_count_values_len.3nu[.lf 1 stdin .TH LDAP_GET_VALUES 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char **ldap_get_values(ld, entry, attr) .ft LDAP *ld; LDAPMessage *entry; char *attr; .LP .ft B struct berval **ldap_get_values_len(ld, entry, attr) .ft LDAP *ld; LDAPMessage *entry; char *attr; .LP .ft B int ldap_count_values(vals) .ft char **vals; .LP .ft B int ldap_count_values_len(vals) .ft struct berval **vals; .LP .ft B void ldap_value_free(vals) .ft char **vals; .LP .ft B void ldap_value_free_len(vals) .ft struct berval **vals; .SH DESCRIPTION These routines are used to retrieve and manipulate attribute values from an LDAP entry as returned by .BR ldap_first_entry (3) or .BR ldap_next_entry (3). .B ldap_get_values() takes the \fIentry\fP and the attribute \fIattr\fP whose values are desired and returns a NULL-terminated array of the attribute's values. \fIattr\fP may be an attribute type as returned from .BR ldap_first_attribute (3) or .BR ldap_next_attribute (3), or if the attribute type is known it can simply be given. .LP The number of values in the array can be counted by calling .BR ldap_count_values() . The array of values returned can be freed by calling .BR ldap_value_free() . .LP If the attribute values are binary in nature, and thus not suitable to be returned as an array of char *'s, the .B ldap_get_values_len() routine can be used instead. It takes the same parameters as .BR ldap_get_values() , but returns a NULL-terminated array of pointers to berval structures, each containing the length of and a pointer to a value. .LP The number of values in the array can be counted by calling .BR ldap_count_values_len() . The array of values returned can be freed by calling .BR ldap_value_free_len() . .SH ERRORS If an error occurs in .B ldap_get_values() or .BR ldap_get_values_len() , NULL is returned and the .B ld_errno field in the \fIld\fP parameter is set to indicate the error. See .BR ldap_error (3) for a description of possible error codes. .SH NOTES These routines dynamically allocate memory which the caller must free using the supplied routines. .SH SEE ALSO .BR ldap (3), .BR ldap_first_entry (3), .BR ldap_first_attribute (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 103 stdin PK!A   ldap_modrdn.3nu[.lf 1 stdin .TH LDAP_MODRDN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_modrdn, ldap_modrdn_s, ldap_modrdn2, ldap_modrdn2_s \- Perform an LDAP modify RDN operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_modrdn(ld, dn, newrdn) .ft LDAP \(**ld; char \(**dn, \(**newrdn; .LP .ft B .LP .ft B int ldap_modrdn_s(ld, dn, newrdn) .ft LDAP \(**ld; char \(**dn, \(**newrdn; .LP .ft B int ldap_modrdn2(ld, dn, newrdn, deleteoldrdn) .ft LDAP \(**ld; char \(**dn, \(**newrdn; int deleteoldrdn; .LP .ft B int ldap_modrdn2_s(ld, dn, newrdn, deleteoldrdn) .ft LDAP \(**ld; char \(**dn, \(**newrdn; int deleteoldrdn; .SH DESCRIPTION The .B ldap_modrdn() and .B ldap_modrdn_s() routines perform an LDAP modify RDN operation. They both take \fIdn\fP, the DN of the entry whose RDN is to be changed, and \fInewrdn\fP, the new RDN to give the entry. The old RDN of the entry is never kept as an attribute of the entry. .B ldap_modrdn() is asynchronous, returning the message id of the operation it initiates. .B ldap_modrdn_s() is synchronous, returning the LDAP error code indicating the success or failure of the operation. Use of these routines is deprecated. Use the versions described below instead. .LP The .B ldap_modrdn2() and .B ldap_modrdn2_s() routines also perform an LDAP modify RDN operation, taking the same parameters as above. In addition, they both take the \fIdeleteoldrdn\fP parameter which is used as a boolean value to indicate whether the old RDN values should be deleted from the entry or not. .SH ERRORS The synchronous (_s) versions of these routines return an LDAP error code, either LDAP_SUCCESS or an error if there was trouble. The asynchronous versions return \-1 in case of trouble, setting the .B ld_errno field of \fIld\fP. See .BR ldap_error (3) for more details. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 82 stdin PK!gd"#"#ldap_syntax2name.3nu[.lf 1 stdin .TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B LDAPSyntax * ldap_str2syntax(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_syntax2str(syn) .ft const LDAPSyntax * syn; .LP .ft B const char * ldap_syntax2name(syn) .ft LDAPSyntax * syn; .LP .ft B ldap_syntax_free(syn) .ft LDAPSyntax * syn; .LP .ft B LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_matchingrule2str(mr); .ft const LDAPMatchingRule * mr; .LP .ft B const char * ldap_matchingrule2name(mr) .ft LDAPMatchingRule * mr; .LP .ft B ldap_matchingrule_free(mr) .ft LDAPMatchingRule * mr; .LP .ft B LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_attributetype2str(at) .ft const LDAPAttributeType * at; .LP .ft B const char * ldap_attributetype2name(at) .ft LDAPAttributeType * at; .LP .ft B ldap_attributetype_free(at) .ft LDAPAttributeType * at; .LP .ft B LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_objectclass2str(oc) .ft const LDAPObjectClass * oc; .LP .ft B const char * ldap_objectclass2name(oc) .ft LDAPObjectClass * oc; .LP .ft B ldap_objectclass_free(oc) .ft LDAPObjectClass * oc; .LP .ft B char * ldap_scherr2str(code) .ft int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is responsible for freeing the struct by calling .B ldap_xxx_free() when not needed any longer. The routine returns NULL if some problem happened. In this case, the integer pointed at by argument .IR code will receive an error code (see below the description of .B ldap_scherr2str() for an explanation of the values) and a pointer to a NUL-terminated string will be placed where requested by argument .IR errp , indicating where in argument .IR s the error happened, so it must not be freed by the caller. Argument .IR flags is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. .TP .B LDAP_SCHEMA_ALLOW_QUOTED permit quotes around some items that should not have them. .TP .B LDAP_SCHEMA_ALLOW_DESCR permit a .B descr instead of a numeric OID in places where the syntax expect the latter. .TP .B LDAP_SCHEMA_ALLOW_DESCR_PREFIX permit that the initial numeric OID contains a prefix in .B descr format. .TP .B LDAP_SCHEMA_ALLOW_ALL be very liberal, include all options. .LP The structures returned are as follows: .sp .RS .nf .ne 7 .ta 8n 16n 32n typedef struct ldap_schema_extension_item { char *lsei_name; /* Extension name */ char **lsei_values; /* Extension values */ } LDAPSchemaExtensionItem; typedef struct ldap_syntax { char *syn_oid; /* OID */ char **syn_names; /* Names */ char *syn_desc; /* Description */ LDAPSchemaExtensionItem **syn_extensions; /* Extension */ } LDAPSyntax; typedef struct ldap_matchingrule { char *mr_oid; /* OID */ char **mr_names; /* Names */ char *mr_desc; /* Description */ int mr_obsolete; /* Is obsolete? */ char *mr_syntax_oid; /* Syntax of asserted values */ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */ } LDAPMatchingRule; typedef struct ldap_attributetype { char *at_oid; /* OID */ char **at_names; /* Names */ char *at_desc; /* Description */ int at_obsolete; /* Is obsolete? */ char *at_sup_oid; /* OID of superior type */ char *at_equality_oid; /* OID of equality matching rule */ char *at_ordering_oid; /* OID of ordering matching rule */ char *at_substr_oid; /* OID of substrings matching rule */ char *at_syntax_oid; /* OID of syntax of values */ int at_syntax_len; /* Suggested minimum maximum length */ int at_single_value; /* Is single-valued? */ int at_collective; /* Is collective? */ int at_no_user_mod; /* Are changes forbidden through LDAP? */ int at_usage; /* Usage, see below */ LDAPSchemaExtensionItem **at_extensions; /* Extensions */ } LDAPAttributeType; typedef struct ldap_objectclass { char *oc_oid; /* OID */ char **oc_names; /* Names */ char *oc_desc; /* Description */ int oc_obsolete; /* Is obsolete? */ char **oc_sup_oids; /* OIDs of superior classes */ int oc_kind; /* Kind, see below */ char **oc_at_oids_must; /* OIDs of required attribute types */ char **oc_at_oids_may; /* OIDs of optional attribute types */ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */ } LDAPObjectClass; .ta .fi .RE .PP Some integer fields (those described with a question mark) have a truth value, for these fields the possible values are: .TP .B LDAP_SCHEMA_NO The answer to the question is no. .TP .B LDAP_SCHEMA_YES The answer to the question is yes. .LP For attribute types, the following usages are possible: .TP .B LDAP_SCHEMA_USER_APPLICATIONS the attribute type is non-operational. .TP .B LDAP_SCHEMA_DIRECTORY_OPERATION the attribute type is operational and is pertinent to the directory itself, i.e. it has the same value on all servers that master the entry containing this attribute type. .TP .B LDAP_SCHEMA_DISTRIBUTED_OPERATION the attribute type is operational and is pertinent to replication, shadowing or other distributed directory aspect. TBC. .TP .B LDAP_SCHEMA_DSA_OPERATION the attribute type is operational and is pertinent to the directory server itself, i.e. it may have different values for the same entry when retrieved from different servers that master the entry. .LP Object classes can be of three kinds: .TP .B LDAP_SCHEMA_ABSTRACT the object class is abstract, i.e. there cannot be entries of this class alone. .TP .B LDAP_SCHEMA_STRUCTURAL the object class is structural, i.e. it describes the main role of the entry. On some servers, once the entry is created the set of structural object classes assigned cannot be changed: none of those present can be removed and none other can be added. .TP .B LDAP_SCHEMA_AUXILIARY the object class is auxiliary, i.e. it is intended to go with other, structural, object classes. These can be added or removed at any time if attribute types are added or removed at the same time as needed by the set of object classes resulting from the operation. .LP Routines .B ldap_xxx2name() return a canonical name for the definition. .LP Routines .B ldap_xxx2str() return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. .LP .B ldap_scherr2str() returns a NUL-terminated string with a text description of the error found. This is a pointer to a static area, so it must not be freed by the caller. The argument .IR code comes from one of the parsing routines and can adopt the following values: .TP .B LDAP_SCHERR_OUTOFMEM Out of memory. .TP .B LDAP_SCHERR_UNEXPTOKEN Unexpected token. .TP .B LDAP_SCHERR_NOLEFTPAREN Missing opening parenthesis. .TP .B LDAP_SCHERR_NORIGHTPAREN Missing closing parenthesis. .TP .B LDAP_SCHERR_NODIGIT Expecting digit. .TP .B LDAP_SCHERR_BADNAME Expecting a name. .TP .B LDAP_SCHERR_BADDESC Bad description. .TP .B LDAP_SCHERR_BADSUP Bad superiors. .TP .B LDAP_SCHERR_DUPOPT Duplicate option. .TP .B LDAP_SCHERR_EMPTY Unexpected end of data. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 321 stdin PK!MK$K$ber_put_string.3nu[.lf 1 stdin .TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");" .LP .BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");" .LP .BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");" .LP .BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");" .LP .BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_seq(BerElement *" ber ");" .LP .BI "int ber_put_set(BerElement *" ber ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the encoding routines in the lber library. See .BR lber-decode (3) for details on the corresponding decoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_alloc_t () to allocate a BER element for encoding, .BR ber_printf () to do the actual encoding, and .BR ber_flush2 () to actually write the element. The other routines are provided for those applications that need more control than .BR ber_printf () provides. In general, these routines return the length of the element encoded, or \-1 if an error occurred. .LP The .BR ber_alloc_t () routine is used to allocate a new BER element. It should be called with an argument of LBER_USE_DER. .LP The .BR ber_flush2 () routine is used to actually write the element to a socket (or file) descriptor, once it has been fully encoded (using .BR ber_printf () and friends). See .BR lber-sockbuf (3) for more details on the Sockbuf implementation of the \fIsb\fP parameter. If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will be freed. If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed when successfully flushed, otherwise it is left intact; if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed when an error occurs, otherwise it is left intact; if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway. This function differs from the original .BR ber_flush (3) function, whose behavior corresponds to that indicated for \fILBER_FLUSH_FREE_ON_SUCCESS\fP. Note that in the future, the behavior of .BR ber_flush (3) with \fIfreeit\fP non-zero might change into that of .BR ber_flush2 (3) with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP. .LP The .BR ber_printf () routine is used to encode a BER element in much the same way that .BR sprintf (3) works. One important difference, though, is that some state information is kept with the \fIber\fP parameter so that multiple calls can be made to .BR ber_printf () to append things to the end of the BER element. .BR Ber_printf () writes to \fIber\fP, a pointer to a BerElement such as returned by .BR ber_alloc_t (). It interprets and formats its arguments according to the format string \fIfmt\fP. The format string can contain the following characters: .RS .LP .TP 3 .B b Boolean. An ber_int_t parameter should be supplied. A boolean element is output. .TP .B e Enumeration. An ber_int_t parameter should be supplied. An enumeration element is output. .TP .B i Integer. An ber_int_t parameter should be supplied. An integer element is output. .TP .B B Bitstring. A char * pointer to the start of the bitstring is supplied, followed by the number of bits in the bitstring. A bitstring element is output. .TP .B n Null. No parameter is required. A null element is output. .TP .B o Octet string. A char * is supplied, followed by the length of the string pointed to. An octet string element is output. .TP .B O Octet string. A struct berval * is supplied. An octet string element is output. .TP .B s Octet string. A null-terminated string is supplied. An octet string element is output, not including the trailing NULL octet. .TP .B t Tag. A ber_tag_t specifying the tag to give the next element is provided. This works across calls. .TP .B v Several octet strings. A null-terminated array of char *'s is supplied. Note that a construct like '{v}' is required to get an actual SEQUENCE OF octet strings. .TP .B V Several octet strings. A null-terminated array of struct berval *'s is supplied. Note that a construct like '{V}' is required to get an actual SEQUENCE OF octet strings. .TP .B W Several octet strings. An array of struct berval's is supplied. The array is terminated by a struct berval with a NULL bv_val. Note that a construct like '{W}' is required to get an actual SEQUENCE OF octet strings. .TP .B { Begin sequence. No parameter is required. .TP .B } End sequence. No parameter is required. .TP .B [ Begin set. No parameter is required. .TP .B ] End set. No parameter is required. .RE .LP The .BR ber_put_int () routine writes the integer element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_enum () routine writes the enumeration element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_boolean () routine writes the boolean value given by \fIbool\fP to the BER element. .LP The .BR ber_put_bitstring () routine writes \fIblen\fP bits starting at \fIstr\fP as a bitstring value to the given BER element. Note that \fIblen\fP is the length \fIin bits\fP of the bitstring. .LP The .BR ber_put_ostring () routine writes \fIlen\fP bytes starting at \fIstr\fP to the BER element as an octet string. .LP The .BR ber_put_string () routine writes the null-terminated string (minus the terminating '\0') to the BER element as an octet string. .LP The .BR ber_put_null () routine writes a NULL element to the BER element. .LP The .BR ber_start_seq () routine is used to start a sequence in the BER element. The .BR ber_start_set () routine works similarly. The end of the sequence or set is marked by the nearest matching call to .BR ber_put_seq () or .BR ber_put_set (), respectively. .SH EXAMPLES Assuming the following variable declarations, and that the variables have been assigned appropriately, an lber encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP can be achieved like so: .LP .nf int rc; ber_int_t scope, ali, size, time, attrsonly; char *dn, **attrs; BerElement *ber; /* ... fill in values ... */ ber = ber_alloc_t( LBER_USE_DER ); if ( ber == NULL ) { /* error */ } rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali, size, time, attrsonly, attrs ); if( rc == \-1 ) { /* error */ } else { /* success */ } .fi .SH ERRORS If an error occurs during encoding, generally these routines return \-1. .LP .SH NOTES .LP The return values for all of these functions are declared in the header file. .SH SEE ALSO .BR lber-decode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 289 stdin PK!շYber_bvarray_add.3nu[.lf 1 stdin .TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .nf .ft B typedef impl_tag_t ber_tag_t; typedef impl_int_t ber_int_t; typedef impl_uint_t ber_uint_t; typedef impl_len_t ber_len_t; typedef impl_slen_t ber_slen_t; typedef struct berval { ber_len_t bv_len; char *bv_val; } BerValue, *BerVarray; typedef struct berelement BerElement; .ft .fi .LP .BI "void ber_bvfree(struct berval *" bv ");" .LP .BI "void ber_bvecfree(struct berval **" bvec ");" .LP .BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");" .LP .BI "void ber_bvarray_free(struct berval *" bvarray ");" .LP .BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");" .LP .BI "struct berval *ber_bvdup(const struct berval *" bv ");" .LP .BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");" .LP .BI "struct berval *ber_bvstr(const char *" str ");" .LP .BI "struct berval *ber_bvstrdup(const char *" str ");" .LP .BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");" .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "BerElement *ber_init(struct berval *" bv ");" .LP .BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");" .LP .BI "void ber_free(BerElement *" ber ", int " freebuf ");" .SH DESCRIPTION .LP The following are the basic types and structures defined for use with the Lightweight BER library. .LP .B ber_int_t is a signed integer of at least 32 bits. It is commonly equivalent to .BR int . .B ber_uint_t is the unsigned variant of .BR ber_int_t . .LP .B ber_len_t is an unsigned integer of at least 32 bits used to represent a length. It is commonly equivalent to a .BR size_t . .B ber_slen_t is the signed variant to .BR ber_len_t . .LP .B ber_tag_t is an unsigned integer of at least 32 bits used to represent a BER tag. It is commonly equivalent to a .BR unsigned\ long . .LP The actual definitions of the integral impl_TYPE_t types are platform specific. .LP .BR BerValue , commonly used as .BR struct\ berval , is used to hold an arbitrary sequence of octets. .B bv_val points to .B bv_len octets. .B bv_val is not necessarily terminated by a NULL (zero) octet. .BR ber_bvfree () frees a BerValue, pointed to by \fIbv\fP, returned from this API. If \fIbv\fP is NULL, the routine does nothing. .LP .BR ber_bvecfree () frees an array of BerValues (and the array), pointed to by \fIbvec\fP, returned from this API. If \fIbvec\fP is NULL, the routine does nothing. .BR ber_bvecadd () appends the \fIbv\fP pointer to the \fIbvec\fP array. Space for the array is allocated as needed. The end of the array is marked by a NULL pointer. .LP .BR ber_bvarray_free () frees an array of BerValues (and the array), pointed to by \fIbvarray\fP, returned from this API. If \fIbvarray\fP is NULL, the routine does nothing. .BR ber_bvarray_add () appends the contents of the BerValue pointed to by \fIbv\fP to the \fIbvarray\fP array. Space for the new element is allocated as needed. The end of the array is marked by a BerValue with a NULL bv_val field. .LP .BR ber_bvdup () returns a copy of a BerValue. The routine returns NULL upon error (e.g. out of memory). The caller should use .BR ber_bvfree () to deallocate the resulting BerValue. .BR ber_dupbv () copies a BerValue from \fIsrc\fP to \fIdst\fP. If \fIdst\fP is NULL a new BerValue will be allocated to hold the copy. The routine returns NULL upon error, otherwise it returns a pointer to the copy. If \fIdst\fP is NULL the caller should use .BR ber_bvfree () to deallocate the resulting BerValue, otherwise .BR ber_memfree () should be used to deallocate the \fIdst->bv_val\fP. (The .BR ber_bvdup () function is internally implemented as ber_dupbv(NULL, bv). .BR ber_bvdup () is provided only for compatibility with an expired draft of the LDAP C API; .BR ber_dupbv () is the preferred interface.) .LP .BR ber_bvstr () returns a BerValue containing the string pointed to by \fIstr\fP. .BR ber_bvstrdup () returns a BerValue containing a copy of the string pointed to by \fIstr\fP. .BR ber_str2bv () returns a BerValue containing the string pointed to by \fIstr\fP, whose length may be optionally specified in \fIlen\fP. If \fIdup\fP is non-zero, the BerValue will contain a copy of \fIstr\fP. If \fIlen\fP is zero, the number of bytes to copy will be determined by .BR strlen (3), otherwise \fIlen\fP bytes will be copied. If \fIbv\fP is non-NULL, the result will be stored in the given BerValue, otherwise a new BerValue will be allocated to store the result. NOTE: Both .BR ber_bvstr () and .BR ber_bvstrdup () are implemented as macros using .BR ber_str2bv () in this version of the library. .LP .B BerElement is an opaque structure used to maintain state information used in encoding and decoding. .BR ber_alloc_t () is used to create an empty BerElement structure. If .B LBER_USE_DER is specified for the .I options parameter then data lengths for data written to the BerElement will be encoded in the minimal number of octets required, otherwise they will always be written as four byte values. .BR ber_init () creates a BerElement structure that is initialized with a copy of the data in its .I bv parameter. .BR ber_init2 () initializes an existing BerElement .I ber using the data in the .I bv parameter. The data is referenced directly, not copied. The .I options parameter is the same as for .BR ber_alloc_t (). .BR ber_free () frees a BerElement pointed to by \fIber\fP. If \fIber\fP is NULL, the routine does nothing. If \fIfreebuf\fP is zero, the internal buffer is not freed. .SH SEE ALSO .BR lber-encode (3), .BR lber-decode (3), .BR lber-memory (3) .LP .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 189 stdin PK!'t! ldap_tls.3nu[.lf 1 stdin .TH LDAP_TLS 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_start_tls, ldap_start_tls_s, ldap_tls_inplace, ldap_install_tls \- LDAP TLS initialization routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "int ldap_start_tls(LDAP *" ld ");" .LP .BI "int ldap_start_tls_s(LDAP *" ld ", LDAPControl **" serverctrls ", LDAPControl **" clientctrls ");" .LP .BI "int ldap_tls_inplace(LDAP *" ld ");" .LP .BI "int ldap_install_tls(LDAP *" ld ");" .SH DESCRIPTION These routines are used to initiate TLS processing on an LDAP session. .BR ldap_start_tls_s () sends a StartTLS request to a server, waits for the reply, and then installs TLS handlers on the session if the request succeeded. The routine returns .B LDAP_SUCCESS if everything succeeded, otherwise it returns an LDAP error code. .BR ldap_start_tls () sends a StartTLS request to a server and does nothing else. It returns .B LDAP_SUCCESS if the request was sent successfully. .BR ldap_tls_inplace () returns 1 if TLS handlers have been installed on the specified session, 0 otherwise. .BR ldap_install_tls () installs the TLS handlers on the given session. It returns .B LDAP_LOCAL_ERROR if TLS is already installed. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 42 stdin PK!M7R#R#ldap.3nu[.lf 1 stdin .TH LDAP 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap \- OpenLDAP Lightweight Directory Access Protocol API .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .ft .fi .SH DESCRIPTION .LP The Lightweight Directory Access Protocol (LDAP) (RFC 4510) provides access to X.500 directory services. These services may be stand\-alone or part of a distributed directory service. This client API supports LDAP over TCP (RFC 4511), LDAP over TLS/SSL, and LDAP over IPC (UNIX domain sockets). This API supports SASL (RFC 4513) and Start TLS (RFC 4513) as well as a number of protocol extensions. This API is loosely based upon IETF/LDAPEXT C LDAP API draft specification, a (orphaned) work in progress. .LP The OpenLDAP Software package includes a stand\-alone server in .BR slapd (8), various LDAP clients, and an LDAP client library used to provide programmatic access to the LDAP protocol. This man page gives an overview of the LDAP library routines. .LP Both synchronous and asynchronous APIs are provided. Also included are various routines to parse the results returned from these routines. These routines are found in the \-lldap library. .LP The basic interaction is as follows. A session handle is created using .BR ldap_initialize (3) and set the protocol version to 3 by calling .BR ldap_set_option (3). The underlying session is established first operation is issued. This would generally be a Start TLS or Bind operation, or a Search operation to read attributes of the Root DSE. A Start TLS operation is performed by calling .BR ldap_start_tls_s (3). A LDAP bind operation is performed by calling .BR ldap_sasl_bind (3) or one of its friends. A Search operation is performed by calling ldap_search_ext_s(3) or one of its friends. Subsequently, additional operations are performed by calling one of the synchronous or asynchronous routines (e.g., .BR ldap_compare_ext_s (3) or .BR ldap_compare_ext (3) followed by .BR ldap_result (3)). Results returned from these routines are interpreted by calling the LDAP parsing routines such as .BR ldap_parse_result (3). The LDAP association and underlying connection is terminated by calling .BR ldap_unbind_ext (3). Errors can be interpreted by calling .BR ldap_err2string (3). .SH LDAP versions This library supports version 3 of the Lightweight Directory Access Protocol (LDAPv3) as defined in RFC 4510. It also supports a variant of version 2 of LDAP as defined by U-Mich LDAP and, to some degree, RFC 1777. Version 2 (all variants) are considered obsolete. Version 3 should be used instead. .LP For backwards compatibility reasons, the library defaults to version 2. Hence, all new applications (and all actively maintained applications) should use .BR ldap_set_option (3) to select version 3. The library manual pages assume version 3 has been selected. .SH INPUT and OUTPUT PARAMETERS All character string input/output is expected to be/is UTF-8 encoded Unicode (version 3.2). .LP Distinguished names (DN) (and relative distinguished names (RDN) to be passed to the LDAP routines should conform to RFC 4514 UTF-8 string representation. .LP Search filters to be passed to the search routines are to be constructed by hand and should conform to RFC 4515 UTF-8 string representation. .LP LDAP URLs to be passed to routines are expected to conform to RFC 4516 format. The .BR ldap_url (3) routines can be used to work with LDAP URLs. .LP LDAP controls to be passed to routines can be manipulated using the .BR ldap_controls (3) routines. .SH DISPLAYING RESULTS Results obtained from the search routines can be output by hand, by calling .BR ldap_first_entry (3) and .BR ldap_next_entry (3) to step through the entries returned, .BR ldap_first_attribute (3) and .BR ldap_next_attribute (3) to step through an entry's attributes, and .BR ldap_get_values (3) to retrieve a given attribute's values. Attribute values may or may not be displayable. .SH UTILITY ROUTINES Also provided are various utility routines. The .BR ldap_sort (3) routines are used to sort the entries and values returned via the ldap search routines. .SH DEPRECATED INTERFACES A number of interfaces are now considered deprecated. For instance, ldap_add(3) is deprecated in favor of ldap_add_ext(3). .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 123 stdin .SH BER LIBRARY Also included in the distribution is a set of lightweight Basic Encoding Rules routines. These routines are used by the LDAP library routines to encode and decode LDAP protocol elements using the (slightly simplified) Basic Encoding Rules defined by LDAP. They are not normally used directly by an LDAP application program except in the handling of controls and extended operations. The routines provide a printf and scanf\-like interface, as well as lower\-level access. These routines are discussed in .BR lber\-decode (3), .BR lber\-encode (3), .BR lber\-memory (3), and .BR lber\-types (3). .SH INDEX .TP 20 .SM ldap_initialize(3) initialize the LDAP library without opening a connection to a server .TP .SM ldap_result(3) wait for the result from an asynchronous operation .TP .SM ldap_abandon_ext(3) abandon (abort) an asynchronous operation .TP .SM ldap_add_ext(3) asynchronously add an entry .TP .SM ldap_add_ext_s(3) synchronously add an entry .TP .SM ldap_sasl_bind(3) asynchronously bind to the directory .TP .SM ldap_sasl_bind_s(3) synchronously bind to the directory .TP .SM ldap_unbind_ext(3) synchronously unbind from the LDAP server and close the connection .TP .SM ldap_unbind(3) and ldap_unbind_s(3) are equivalent to .BR ldap_unbind_ext (3) .TP .SM ldap_memfree(3) dispose of memory allocated by LDAP routines. .TP .SM ldap_compare_ext(3) asynchronously compare to a directory entry .TP .SM ldap_compare_ext_s(3) synchronously compare to a directory entry .TP .SM ldap_delete_ext(3) asynchronously delete an entry .TP .SM ldap_delete_ext_s(3) synchronously delete an entry .TP .SM ld_errno(3) LDAP error indication .TP .SM ldap_errlist(3) list of LDAP errors and their meanings .TP .SM ldap_err2string(3) convert LDAP error indication to a string .TP .SM ldap_extended_operation(3) asynchronously perform an arbitrary extended operation .TP .SM ldap_extended_operation_s(3) synchronously perform an arbitrary extended operation .TP .SM ldap_first_attribute(3) return first attribute name in an entry .TP .SM ldap_next_attribute(3) return next attribute name in an entry .TP .SM ldap_first_entry(3) return first entry in a chain of search results .TP .SM ldap_next_entry(3) return next entry in a chain of search results .TP .SM ldap_count_entries(3) return number of entries in a search result .TP .SM ldap_get_dn(3) extract the DN from an entry .TP .SM ldap_get_values_len(3) return an attribute's values with lengths .TP .SM ldap_value_free_len(3) free memory allocated by ldap_get_values_len(3) .TP .SM ldap_count_values_len(3) return number of values .TP .SM ldap_modify_ext(3) asynchronously modify an entry .TP .SM ldap_modify_ext_s(3) synchronously modify an entry .TP .SM ldap_mods_free(3) free array of pointers to mod structures used by ldap_modify_ext(3) .TP .SM ldap_rename(3) asynchronously rename an entry .TP .SM ldap_rename_s(3) synchronously rename an entry .TP .SM ldap_msgfree(3) free results allocated by ldap_result(3) .TP .SM ldap_msgtype(3) return the message type of a message from ldap_result(3) .TP .SM ldap_msgid(3) return the message id of a message from ldap_result(3) .TP .SM ldap_search_ext(3) asynchronously search the directory .TP .SM ldap_search_ext_s(3) synchronously search the directory .TP .SM ldap_is_ldap_url(3) check a URL string to see if it is an LDAP URL .TP .SM ldap_url_parse(3) break up an LDAP URL string into its components .TP .SM ldap_sort_entries(3) sort a list of search results .TP .SM ldap_sort_values(3) sort a list of attribute values .TP .SM ldap_sort_strcasecmp(3) case insensitive string comparison .SH SEE ALSO .BR ldap.conf (5), .BR slapd (8), .BR draft-ietf-ldapext-ldap-c-api-xx.txt \ .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 274 stdin .LP These API manual pages are loosely based upon descriptions provided in the IETF/LDAPEXT C LDAP API Internet Draft, a (orphaned) work in progress. PK!OPh ldap_rename_s.3nu[.lf 1 stdin .TH LDAP_RENAME 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_rename, ldap_rename_s \- Renames the specified entry. .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_rename( ld, dn, newrdn, newparent, deleteoldrdn, sctrls[], cctrls[], msgidp ); .ft LDAP *ld; const char *dn, *newrdn, *newparent; int deleteoldrdn; LDAPControl *sctrls[], *cctrls[]; int *msgidp); .LP .ft B int ldap_rename_s( ld, dn, newrdn, newparent, deleteoldrdn, sctrls[], cctrls[] ); .ft LDAP *ld; const char *dn, *newrdn, *newparent; int deleteoldrdn; LDAPControl *sctrls[], *cctrls[]; .SH DESCRIPTION These routines are used to perform a LDAP rename operation. The function changes the leaf component of an entry's distinguished name and optionally moves the entry to a new parent container. The .B ldap_rename_s performs a rename operation synchronously. The method takes \fIdn\fP, which points to the distinguished name of the entry whose attribute is being compared, \fInewparent\fP,the distinguished name of the entry's new parent. If this parameter is NULL, only the RDN is changed. The root DN is specified by passing a zero length string, "". \fIdeleteoldrdn\fP specifies whether the old RDN should be retained or deleted. Zero indicates that the old RDN should be retained. If you choose this option, the attribute will contain both names (the old and the new). Non-zero indicates that the old RDN should be deleted. \fIserverctrls\fP points to an array of LDAPControl structures that list the client controls to use with this extended operation. Use NULL to specify no client controls. \fIclientctrls\fP points to an array of LDAPControl structures that list the client controls to use with the search. .LP .B ldap_rename works just like .B ldap_rename_s, but the operation is asynchronous. It returns the message id of the request it initiated. The result of this operation can be obtained by calling .BR ldap_result(3). .SH ERRORS .B ldap_rename() returns \-1 in case of error initiating the request, and will set the \fIld_errno\fP field in the \fIld\fP parameter to indicate the error. .BR ldap_rename_s() returns the LDAP error code resulting from the rename operation. .SH SEE ALSO .BR ldap (3), .BR ldap_modify (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 67 stdin PK!gd"#"#ldap_objectclass2str.3nu[.lf 1 stdin .TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B LDAPSyntax * ldap_str2syntax(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_syntax2str(syn) .ft const LDAPSyntax * syn; .LP .ft B const char * ldap_syntax2name(syn) .ft LDAPSyntax * syn; .LP .ft B ldap_syntax_free(syn) .ft LDAPSyntax * syn; .LP .ft B LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_matchingrule2str(mr); .ft const LDAPMatchingRule * mr; .LP .ft B const char * ldap_matchingrule2name(mr) .ft LDAPMatchingRule * mr; .LP .ft B ldap_matchingrule_free(mr) .ft LDAPMatchingRule * mr; .LP .ft B LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_attributetype2str(at) .ft const LDAPAttributeType * at; .LP .ft B const char * ldap_attributetype2name(at) .ft LDAPAttributeType * at; .LP .ft B ldap_attributetype_free(at) .ft LDAPAttributeType * at; .LP .ft B LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_objectclass2str(oc) .ft const LDAPObjectClass * oc; .LP .ft B const char * ldap_objectclass2name(oc) .ft LDAPObjectClass * oc; .LP .ft B ldap_objectclass_free(oc) .ft LDAPObjectClass * oc; .LP .ft B char * ldap_scherr2str(code) .ft int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is responsible for freeing the struct by calling .B ldap_xxx_free() when not needed any longer. The routine returns NULL if some problem happened. In this case, the integer pointed at by argument .IR code will receive an error code (see below the description of .B ldap_scherr2str() for an explanation of the values) and a pointer to a NUL-terminated string will be placed where requested by argument .IR errp , indicating where in argument .IR s the error happened, so it must not be freed by the caller. Argument .IR flags is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. .TP .B LDAP_SCHEMA_ALLOW_QUOTED permit quotes around some items that should not have them. .TP .B LDAP_SCHEMA_ALLOW_DESCR permit a .B descr instead of a numeric OID in places where the syntax expect the latter. .TP .B LDAP_SCHEMA_ALLOW_DESCR_PREFIX permit that the initial numeric OID contains a prefix in .B descr format. .TP .B LDAP_SCHEMA_ALLOW_ALL be very liberal, include all options. .LP The structures returned are as follows: .sp .RS .nf .ne 7 .ta 8n 16n 32n typedef struct ldap_schema_extension_item { char *lsei_name; /* Extension name */ char **lsei_values; /* Extension values */ } LDAPSchemaExtensionItem; typedef struct ldap_syntax { char *syn_oid; /* OID */ char **syn_names; /* Names */ char *syn_desc; /* Description */ LDAPSchemaExtensionItem **syn_extensions; /* Extension */ } LDAPSyntax; typedef struct ldap_matchingrule { char *mr_oid; /* OID */ char **mr_names; /* Names */ char *mr_desc; /* Description */ int mr_obsolete; /* Is obsolete? */ char *mr_syntax_oid; /* Syntax of asserted values */ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */ } LDAPMatchingRule; typedef struct ldap_attributetype { char *at_oid; /* OID */ char **at_names; /* Names */ char *at_desc; /* Description */ int at_obsolete; /* Is obsolete? */ char *at_sup_oid; /* OID of superior type */ char *at_equality_oid; /* OID of equality matching rule */ char *at_ordering_oid; /* OID of ordering matching rule */ char *at_substr_oid; /* OID of substrings matching rule */ char *at_syntax_oid; /* OID of syntax of values */ int at_syntax_len; /* Suggested minimum maximum length */ int at_single_value; /* Is single-valued? */ int at_collective; /* Is collective? */ int at_no_user_mod; /* Are changes forbidden through LDAP? */ int at_usage; /* Usage, see below */ LDAPSchemaExtensionItem **at_extensions; /* Extensions */ } LDAPAttributeType; typedef struct ldap_objectclass { char *oc_oid; /* OID */ char **oc_names; /* Names */ char *oc_desc; /* Description */ int oc_obsolete; /* Is obsolete? */ char **oc_sup_oids; /* OIDs of superior classes */ int oc_kind; /* Kind, see below */ char **oc_at_oids_must; /* OIDs of required attribute types */ char **oc_at_oids_may; /* OIDs of optional attribute types */ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */ } LDAPObjectClass; .ta .fi .RE .PP Some integer fields (those described with a question mark) have a truth value, for these fields the possible values are: .TP .B LDAP_SCHEMA_NO The answer to the question is no. .TP .B LDAP_SCHEMA_YES The answer to the question is yes. .LP For attribute types, the following usages are possible: .TP .B LDAP_SCHEMA_USER_APPLICATIONS the attribute type is non-operational. .TP .B LDAP_SCHEMA_DIRECTORY_OPERATION the attribute type is operational and is pertinent to the directory itself, i.e. it has the same value on all servers that master the entry containing this attribute type. .TP .B LDAP_SCHEMA_DISTRIBUTED_OPERATION the attribute type is operational and is pertinent to replication, shadowing or other distributed directory aspect. TBC. .TP .B LDAP_SCHEMA_DSA_OPERATION the attribute type is operational and is pertinent to the directory server itself, i.e. it may have different values for the same entry when retrieved from different servers that master the entry. .LP Object classes can be of three kinds: .TP .B LDAP_SCHEMA_ABSTRACT the object class is abstract, i.e. there cannot be entries of this class alone. .TP .B LDAP_SCHEMA_STRUCTURAL the object class is structural, i.e. it describes the main role of the entry. On some servers, once the entry is created the set of structural object classes assigned cannot be changed: none of those present can be removed and none other can be added. .TP .B LDAP_SCHEMA_AUXILIARY the object class is auxiliary, i.e. it is intended to go with other, structural, object classes. These can be added or removed at any time if attribute types are added or removed at the same time as needed by the set of object classes resulting from the operation. .LP Routines .B ldap_xxx2name() return a canonical name for the definition. .LP Routines .B ldap_xxx2str() return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. .LP .B ldap_scherr2str() returns a NUL-terminated string with a text description of the error found. This is a pointer to a static area, so it must not be freed by the caller. The argument .IR code comes from one of the parsing routines and can adopt the following values: .TP .B LDAP_SCHERR_OUTOFMEM Out of memory. .TP .B LDAP_SCHERR_UNEXPTOKEN Unexpected token. .TP .B LDAP_SCHERR_NOLEFTPAREN Missing opening parenthesis. .TP .B LDAP_SCHERR_NORIGHTPAREN Missing closing parenthesis. .TP .B LDAP_SCHERR_NODIGIT Expecting digit. .TP .B LDAP_SCHERR_BADNAME Expecting a name. .TP .B LDAP_SCHERR_BADDESC Bad description. .TP .B LDAP_SCHERR_BADSUP Bad superiors. .TP .B LDAP_SCHERR_DUPOPT Duplicate option. .TP .B LDAP_SCHERR_EMPTY Unexpected end of data. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 321 stdin PK!gd"#"#ldap_attributetype2name.3nu[.lf 1 stdin .TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B LDAPSyntax * ldap_str2syntax(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_syntax2str(syn) .ft const LDAPSyntax * syn; .LP .ft B const char * ldap_syntax2name(syn) .ft LDAPSyntax * syn; .LP .ft B ldap_syntax_free(syn) .ft LDAPSyntax * syn; .LP .ft B LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_matchingrule2str(mr); .ft const LDAPMatchingRule * mr; .LP .ft B const char * ldap_matchingrule2name(mr) .ft LDAPMatchingRule * mr; .LP .ft B ldap_matchingrule_free(mr) .ft LDAPMatchingRule * mr; .LP .ft B LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_attributetype2str(at) .ft const LDAPAttributeType * at; .LP .ft B const char * ldap_attributetype2name(at) .ft LDAPAttributeType * at; .LP .ft B ldap_attributetype_free(at) .ft LDAPAttributeType * at; .LP .ft B LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_objectclass2str(oc) .ft const LDAPObjectClass * oc; .LP .ft B const char * ldap_objectclass2name(oc) .ft LDAPObjectClass * oc; .LP .ft B ldap_objectclass_free(oc) .ft LDAPObjectClass * oc; .LP .ft B char * ldap_scherr2str(code) .ft int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is responsible for freeing the struct by calling .B ldap_xxx_free() when not needed any longer. The routine returns NULL if some problem happened. In this case, the integer pointed at by argument .IR code will receive an error code (see below the description of .B ldap_scherr2str() for an explanation of the values) and a pointer to a NUL-terminated string will be placed where requested by argument .IR errp , indicating where in argument .IR s the error happened, so it must not be freed by the caller. Argument .IR flags is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. .TP .B LDAP_SCHEMA_ALLOW_QUOTED permit quotes around some items that should not have them. .TP .B LDAP_SCHEMA_ALLOW_DESCR permit a .B descr instead of a numeric OID in places where the syntax expect the latter. .TP .B LDAP_SCHEMA_ALLOW_DESCR_PREFIX permit that the initial numeric OID contains a prefix in .B descr format. .TP .B LDAP_SCHEMA_ALLOW_ALL be very liberal, include all options. .LP The structures returned are as follows: .sp .RS .nf .ne 7 .ta 8n 16n 32n typedef struct ldap_schema_extension_item { char *lsei_name; /* Extension name */ char **lsei_values; /* Extension values */ } LDAPSchemaExtensionItem; typedef struct ldap_syntax { char *syn_oid; /* OID */ char **syn_names; /* Names */ char *syn_desc; /* Description */ LDAPSchemaExtensionItem **syn_extensions; /* Extension */ } LDAPSyntax; typedef struct ldap_matchingrule { char *mr_oid; /* OID */ char **mr_names; /* Names */ char *mr_desc; /* Description */ int mr_obsolete; /* Is obsolete? */ char *mr_syntax_oid; /* Syntax of asserted values */ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */ } LDAPMatchingRule; typedef struct ldap_attributetype { char *at_oid; /* OID */ char **at_names; /* Names */ char *at_desc; /* Description */ int at_obsolete; /* Is obsolete? */ char *at_sup_oid; /* OID of superior type */ char *at_equality_oid; /* OID of equality matching rule */ char *at_ordering_oid; /* OID of ordering matching rule */ char *at_substr_oid; /* OID of substrings matching rule */ char *at_syntax_oid; /* OID of syntax of values */ int at_syntax_len; /* Suggested minimum maximum length */ int at_single_value; /* Is single-valued? */ int at_collective; /* Is collective? */ int at_no_user_mod; /* Are changes forbidden through LDAP? */ int at_usage; /* Usage, see below */ LDAPSchemaExtensionItem **at_extensions; /* Extensions */ } LDAPAttributeType; typedef struct ldap_objectclass { char *oc_oid; /* OID */ char **oc_names; /* Names */ char *oc_desc; /* Description */ int oc_obsolete; /* Is obsolete? */ char **oc_sup_oids; /* OIDs of superior classes */ int oc_kind; /* Kind, see below */ char **oc_at_oids_must; /* OIDs of required attribute types */ char **oc_at_oids_may; /* OIDs of optional attribute types */ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */ } LDAPObjectClass; .ta .fi .RE .PP Some integer fields (those described with a question mark) have a truth value, for these fields the possible values are: .TP .B LDAP_SCHEMA_NO The answer to the question is no. .TP .B LDAP_SCHEMA_YES The answer to the question is yes. .LP For attribute types, the following usages are possible: .TP .B LDAP_SCHEMA_USER_APPLICATIONS the attribute type is non-operational. .TP .B LDAP_SCHEMA_DIRECTORY_OPERATION the attribute type is operational and is pertinent to the directory itself, i.e. it has the same value on all servers that master the entry containing this attribute type. .TP .B LDAP_SCHEMA_DISTRIBUTED_OPERATION the attribute type is operational and is pertinent to replication, shadowing or other distributed directory aspect. TBC. .TP .B LDAP_SCHEMA_DSA_OPERATION the attribute type is operational and is pertinent to the directory server itself, i.e. it may have different values for the same entry when retrieved from different servers that master the entry. .LP Object classes can be of three kinds: .TP .B LDAP_SCHEMA_ABSTRACT the object class is abstract, i.e. there cannot be entries of this class alone. .TP .B LDAP_SCHEMA_STRUCTURAL the object class is structural, i.e. it describes the main role of the entry. On some servers, once the entry is created the set of structural object classes assigned cannot be changed: none of those present can be removed and none other can be added. .TP .B LDAP_SCHEMA_AUXILIARY the object class is auxiliary, i.e. it is intended to go with other, structural, object classes. These can be added or removed at any time if attribute types are added or removed at the same time as needed by the set of object classes resulting from the operation. .LP Routines .B ldap_xxx2name() return a canonical name for the definition. .LP Routines .B ldap_xxx2str() return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. .LP .B ldap_scherr2str() returns a NUL-terminated string with a text description of the error found. This is a pointer to a static area, so it must not be freed by the caller. The argument .IR code comes from one of the parsing routines and can adopt the following values: .TP .B LDAP_SCHERR_OUTOFMEM Out of memory. .TP .B LDAP_SCHERR_UNEXPTOKEN Unexpected token. .TP .B LDAP_SCHERR_NOLEFTPAREN Missing opening parenthesis. .TP .B LDAP_SCHERR_NORIGHTPAREN Missing closing parenthesis. .TP .B LDAP_SCHERR_NODIGIT Expecting digit. .TP .B LDAP_SCHERR_BADNAME Expecting a name. .TP .B LDAP_SCHERR_BADDESC Bad description. .TP .B LDAP_SCHERR_BADSUP Bad superiors. .TP .B LDAP_SCHERR_DUPOPT Duplicate option. .TP .B LDAP_SCHERR_EMPTY Unexpected end of data. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 321 stdin PK!..ldap_unbind_ext.3nu[.lf 1 stdin .TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .B #include .LP .BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], int *" msgidp ");" .RE .LP .BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");" .RE .LP .BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res "," .RS .BI "struct berval **" servercredp ", int " freeit ");" .RE .LP .BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ");" .RE .LP .BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ", LDAPMessage *" result "," .BI "const char **" rmechp ", int *" msgidp ");" .RE .LP .BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");" .LP .BI "int ldap_unbind(LDAP *" ld ");" .LP .BI "int ldap_unbind_s(LDAP *" ld ");" .LP .BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");" .LP .BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");" .SH DESCRIPTION .LP These routines provide various interfaces to the LDAP bind operation. After an association with an LDAP server is made using .BR ldap_init (3), an LDAP bind operation should be performed before other operations are attempted over the connection. An LDAP bind is required when using Version 2 of the LDAP protocol; it is optional for Version 3 but is usually needed due to security considerations. .LP There are three types of bind calls, ones providing simple authentication, ones providing SASL authentication, and general routines capable of doing either simple or SASL authentication. .LP .B SASL (Simple Authentication and Security Layer) can negotiate one of many different kinds of authentication. Both synchronous and asynchronous versions of each variant of the bind call are provided. All routines take \fIld\fP as their first parameter, as returned from .BR ldap_init (3). .SH SIMPLE AUTHENTICATION The simplest form of the bind call is .BR ldap_simple_bind_s() . It takes the DN to bind as in \fIwho\fP, and the userPassword associated with the entry in \fIpasswd\fP. It returns an LDAP error indication (see .BR ldap_error (3)). The .B ldap_simple_bind() call is asynchronous, taking the same parameters but only initiating the bind operation and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The .B ldap_sasl_bind_s() and asynchronous .B ldap_sasl_bind() functions can also be used to make a simple bind by using LDAP_SASL_SIMPLE as the SASL mechanism. .SH GENERAL AUTHENTICATION The .B ldap_bind() and .B ldap_bind_s() routines can be used when the authentication method to use needs to be selected at runtime. They both take an extra \fImethod\fP parameter selecting the authentication method to use. It should be set to LDAP_AUTH_SIMPLE to select simple authentication. .B ldap_bind() returns the message id of the request it initiates. .B ldap_bind_s() returns an LDAP error indication. .SH SASL AUTHENTICATION For SASL binds the server always ignores any provided DN, so the .I dn parameter should always be NULL. .BR ldap_sasl_bind_s () sends a single SASL bind request with the given SASL .I mechanism and credentials in the .I cred parameter. The format of the credentials depends on the particular SASL mechanism in use. For mechanisms that provide mutual authentication the server's credentials will be returned in the .I servercredp parameter. The routine returns an LDAP error indication (see .BR ldap_error (3)). The .BR ldap_sasl_bind () call is asynchronous, taking the same parameters but only sending the request and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The result must be additionally parsed by .BR ldap_parse_sasl_bind_result () to obtain any server credentials sent from the server. .LP Many SASL mechanisms require multiple message exchanges to perform a complete authentication. Applications should generally use .BR ldap_sasl_interactive_bind_s () rather than calling the basic .BR ldap_sasl_bind () functions directly. The .I mechs parameter should contain a space-separated list of candidate mechanisms to use. If this parameter is NULL or empty the library will query the supportedSASLMechanisms attribute from the server's rootDSE for the list of SASL mechanisms the server supports. The .I flags parameter controls the interaction used to retrieve any necessary SASL authentication parameters and should be one of: .TP LDAP_SASL_AUTOMATIC use defaults if available, prompt otherwise .TP LDAP_SASL_INTERACTIVE always prompt .TP LDAP_SASL_QUIET never prompt .LP The .I interact function uses the provided .I defaults to handle requests from the SASL library for particular authentication parameters. There is no defined format for the .I defaults information; it is up to the caller to use whatever format is appropriate for the supplied .I interact function. The .I sasl_interact parameter comes from the underlying SASL library. When used with Cyrus SASL this is an array of .B sasl_interact_t structures. The Cyrus SASL library will prompt for a variety of inputs, including: .TP SASL_CB_GETREALM the realm for the authentication attempt .TP SASL_CB_AUTHNAME the username to authenticate .TP SASL_CB_PASS the password for the provided username .TP SASL_CB_USER the username to use for proxy authorization .TP SASL_CB_NOECHOPROMPT generic prompt for input with input echoing disabled .TP SASL_CB_ECHOPROMPT generic prompt for input with input echoing enabled .TP SASL_CB_LIST_END indicates the end of the array of prompts .LP See the Cyrus SASL documentation for more details. .LP Applications which need to manage connections asynchronously may use .BR ldap_sasl_interactive_bind () instead of the synchronous version. A valid mechs parameter must be supplied, otherwise the library will be forced to query the server for a list of supported mechanisms, and this query will be performed synchronously. The other parameters are the same as for the synchronous function, with three additional parameters. The actual SASL mechanism that was used, and the message ID for use with .BR ldap_result () will be returned in rmechp and msgidp, respectively. The value in rmechp must not be modified by the caller and must be passed back on each subsequent call. The message obtained from .BR ldap_result () must be passed in the result parameter. This parameter must be NULL when initiating a new Bind. The caller must free the result message after each call using .BR ldap_msgfree (). The .BR ldap_sasl_interactive_bind () function returns an LDAP result code. If the code is LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and this function must be called again with the next result from the server. .SH REBINDING .LP The .B ldap_set_rebind_proc function() sets the process to use for binding when an operation returns a referral. This function is used when an application needs to bind to another server in order to follow a referral or search continuation reference. .LP The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP, the arbitrary data like state information which the client might need to properly rebind. The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries to use the rebind function. Use the .BR ldap_set_option function to set the value. .LP The rebind function parameters are as follows: .LP The \fIld\fP parameter must be used by the application when binding to the referred server if the application wants the libraries to follow the referral. .LP The \fIurl\fP parameter points to the URL referral string received from the LDAP server. The LDAP application can use the .BR ldap_url_parse (3) function to parse the string into its components. .LP The \fIrequest\fP parameter specifies the type of request that generated the referral. .LP The \fImsgid\fP parameter specifies the message ID of the request generating the referral. .LP The \fIparams\fP parameter is the same value as passed originally to the .BR ldap_set_rebind_proc () function. .LP The LDAP libraries set all the parameters when they call the rebind function. The application should not attempt to free either the ld or the url structures in the rebind function. .LP The application must supply to the rebind function the required authentication information such as, user name, password, and certificates. The rebind function must use a synchronous bind method. .SH UNBINDING The .B ldap_unbind() call is used to unbind from the directory, terminate the current association, and free the resources contained in the \fIld\fP structure. Once it is called, the connection to the LDAP server is closed, and the \fIld\fP structure is invalid. The .B ldap_unbind_s() call is just another name for .BR ldap_unbind() ; both of these calls are synchronous in nature. .LP The .B ldap_unbind_ext() and .B ldap_unbind_ext_s() allows the operations to specify controls. .SH ERRORS Asynchronous routines will return \-1 in case of error, setting the \fIld_errno\fP parameter of the \fIld\fP structure. Synchronous routines return whatever \fIld_errno\fP is set to. See .BR ldap_error (3) for more information. .SH NOTES If an anonymous bind is sufficient for the application, the rebind process need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option set to ON (default value) will automatically follow referrals using an anonymous bind. .LP If the application needs stronger authentication than an anonymous bind, you need to provide a rebind process for that authentication method. The bind method must be synchronous. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_open (3), .BR ldap_set_option (3), .BR ldap_url_parse (3) .B RFC 4422 (http://www.rfc-editor.org), .B Cyrus SASL (http://asg.web.cmu.edu/sasl/) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 335 stdin PK! ldap_count_values.3nu[.lf 1 stdin .TH LDAP_GET_VALUES 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char **ldap_get_values(ld, entry, attr) .ft LDAP *ld; LDAPMessage *entry; char *attr; .LP .ft B struct berval **ldap_get_values_len(ld, entry, attr) .ft LDAP *ld; LDAPMessage *entry; char *attr; .LP .ft B int ldap_count_values(vals) .ft char **vals; .LP .ft B int ldap_count_values_len(vals) .ft struct berval **vals; .LP .ft B void ldap_value_free(vals) .ft char **vals; .LP .ft B void ldap_value_free_len(vals) .ft struct berval **vals; .SH DESCRIPTION These routines are used to retrieve and manipulate attribute values from an LDAP entry as returned by .BR ldap_first_entry (3) or .BR ldap_next_entry (3). .B ldap_get_values() takes the \fIentry\fP and the attribute \fIattr\fP whose values are desired and returns a NULL-terminated array of the attribute's values. \fIattr\fP may be an attribute type as returned from .BR ldap_first_attribute (3) or .BR ldap_next_attribute (3), or if the attribute type is known it can simply be given. .LP The number of values in the array can be counted by calling .BR ldap_count_values() . The array of values returned can be freed by calling .BR ldap_value_free() . .LP If the attribute values are binary in nature, and thus not suitable to be returned as an array of char *'s, the .B ldap_get_values_len() routine can be used instead. It takes the same parameters as .BR ldap_get_values() , but returns a NULL-terminated array of pointers to berval structures, each containing the length of and a pointer to a value. .LP The number of values in the array can be counted by calling .BR ldap_count_values_len() . The array of values returned can be freed by calling .BR ldap_value_free_len() . .SH ERRORS If an error occurs in .B ldap_get_values() or .BR ldap_get_values_len() , NULL is returned and the .B ld_errno field in the \fIld\fP parameter is set to indicate the error. See .BR ldap_error (3) for a description of possible error codes. .SH NOTES These routines dynamically allocate memory which the caller must free using the supplied routines. .SH SEE ALSO .BR ldap (3), .BR ldap_first_entry (3), .BR ldap_first_attribute (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 103 stdin PK!MK$K$ ber_flush.3nu[.lf 1 stdin .TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");" .LP .BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");" .LP .BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");" .LP .BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");" .LP .BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_seq(BerElement *" ber ");" .LP .BI "int ber_put_set(BerElement *" ber ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the encoding routines in the lber library. See .BR lber-decode (3) for details on the corresponding decoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_alloc_t () to allocate a BER element for encoding, .BR ber_printf () to do the actual encoding, and .BR ber_flush2 () to actually write the element. The other routines are provided for those applications that need more control than .BR ber_printf () provides. In general, these routines return the length of the element encoded, or \-1 if an error occurred. .LP The .BR ber_alloc_t () routine is used to allocate a new BER element. It should be called with an argument of LBER_USE_DER. .LP The .BR ber_flush2 () routine is used to actually write the element to a socket (or file) descriptor, once it has been fully encoded (using .BR ber_printf () and friends). See .BR lber-sockbuf (3) for more details on the Sockbuf implementation of the \fIsb\fP parameter. If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will be freed. If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed when successfully flushed, otherwise it is left intact; if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed when an error occurs, otherwise it is left intact; if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway. This function differs from the original .BR ber_flush (3) function, whose behavior corresponds to that indicated for \fILBER_FLUSH_FREE_ON_SUCCESS\fP. Note that in the future, the behavior of .BR ber_flush (3) with \fIfreeit\fP non-zero might change into that of .BR ber_flush2 (3) with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP. .LP The .BR ber_printf () routine is used to encode a BER element in much the same way that .BR sprintf (3) works. One important difference, though, is that some state information is kept with the \fIber\fP parameter so that multiple calls can be made to .BR ber_printf () to append things to the end of the BER element. .BR Ber_printf () writes to \fIber\fP, a pointer to a BerElement such as returned by .BR ber_alloc_t (). It interprets and formats its arguments according to the format string \fIfmt\fP. The format string can contain the following characters: .RS .LP .TP 3 .B b Boolean. An ber_int_t parameter should be supplied. A boolean element is output. .TP .B e Enumeration. An ber_int_t parameter should be supplied. An enumeration element is output. .TP .B i Integer. An ber_int_t parameter should be supplied. An integer element is output. .TP .B B Bitstring. A char * pointer to the start of the bitstring is supplied, followed by the number of bits in the bitstring. A bitstring element is output. .TP .B n Null. No parameter is required. A null element is output. .TP .B o Octet string. A char * is supplied, followed by the length of the string pointed to. An octet string element is output. .TP .B O Octet string. A struct berval * is supplied. An octet string element is output. .TP .B s Octet string. A null-terminated string is supplied. An octet string element is output, not including the trailing NULL octet. .TP .B t Tag. A ber_tag_t specifying the tag to give the next element is provided. This works across calls. .TP .B v Several octet strings. A null-terminated array of char *'s is supplied. Note that a construct like '{v}' is required to get an actual SEQUENCE OF octet strings. .TP .B V Several octet strings. A null-terminated array of struct berval *'s is supplied. Note that a construct like '{V}' is required to get an actual SEQUENCE OF octet strings. .TP .B W Several octet strings. An array of struct berval's is supplied. The array is terminated by a struct berval with a NULL bv_val. Note that a construct like '{W}' is required to get an actual SEQUENCE OF octet strings. .TP .B { Begin sequence. No parameter is required. .TP .B } End sequence. No parameter is required. .TP .B [ Begin set. No parameter is required. .TP .B ] End set. No parameter is required. .RE .LP The .BR ber_put_int () routine writes the integer element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_enum () routine writes the enumeration element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_boolean () routine writes the boolean value given by \fIbool\fP to the BER element. .LP The .BR ber_put_bitstring () routine writes \fIblen\fP bits starting at \fIstr\fP as a bitstring value to the given BER element. Note that \fIblen\fP is the length \fIin bits\fP of the bitstring. .LP The .BR ber_put_ostring () routine writes \fIlen\fP bytes starting at \fIstr\fP to the BER element as an octet string. .LP The .BR ber_put_string () routine writes the null-terminated string (minus the terminating '\0') to the BER element as an octet string. .LP The .BR ber_put_null () routine writes a NULL element to the BER element. .LP The .BR ber_start_seq () routine is used to start a sequence in the BER element. The .BR ber_start_set () routine works similarly. The end of the sequence or set is marked by the nearest matching call to .BR ber_put_seq () or .BR ber_put_set (), respectively. .SH EXAMPLES Assuming the following variable declarations, and that the variables have been assigned appropriately, an lber encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP can be achieved like so: .LP .nf int rc; ber_int_t scope, ali, size, time, attrsonly; char *dn, **attrs; BerElement *ber; /* ... fill in values ... */ ber = ber_alloc_t( LBER_USE_DER ); if ( ber == NULL ) { /* error */ } rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali, size, time, attrsonly, attrs ); if( rc == \-1 ) { /* error */ } else { /* success */ } .fi .SH ERRORS If an error occurs during encoding, generally these routines return \-1. .LP .SH NOTES .LP The return values for all of these functions are declared in the header file. .SH SEE ALSO .BR lber-decode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 289 stdin PK!00 ldap_memory.3nu[.lf 1 stdin .TH LDAP_MEMORY 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "void ldap_memfree(void *" p ");" .LP .BI "void ldap_memvfree(void **" v ");" .LP .BI "void *ldap_memalloc(ber_len_t " s ");" .LP .BI "void *ldap_memcalloc(ber_len_t " n ", ber_len_t " s ");" .LP .BI "void *ldap_memrealloc(void *" p ", ber_len_t " s ");" .LP .BI "char *ldap_strdup(LDAP_CONST char *" p ");" .SH DESCRIPTION These routines are used to allocate/deallocate memory used/returned by the LDAP library. .BR ldap_memalloc (), .BR ldap_memcalloc (), .BR ldap_memrealloc (), and .BR ldap_memfree () are used exactly like the standard .BR malloc (3), .BR calloc (3), .BR realloc (3), and .BR free (3) routines, respectively. The .BR ldap_memvfree () routine is used to free a dynamically allocated array of pointers to arbitrary dynamically allocated objects. The .BR ldap_strdup () routine is used exactly like the standard .BR strdup (3) routine. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 51 stdin PK!aj j ldap_first_entry.3nu[.lf 1 stdin .TH LDAP_FIRST_ENTRY 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_first_entry, ldap_next_entry, ldap_count_entries \- LDAP result entry parsing and counting routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_count_entries( LDAP *ld, LDAPMessage *result ) .LP .ft B LDAPMessage *ldap_first_entry( LDAP *ld, LDAPMessage *result ) .LP .ft B LDAPMessage *ldap_next_entry( LDAP *ld, LDAPMessage *entry ) .SH DESCRIPTION .LP These routines are used to parse results received from .BR ldap_result (3) or the synchronous LDAP search operation routines .BR ldap_search_s (3) and .BR ldap_search_st (3). .LP The .B ldap_first_entry() routine is used to retrieve the first entry in a chain of search results. It takes the \fIresult\fP as returned by a call to .BR ldap_result (3) or .BR ldap_search_s (3) or .BR ldap_search_st (3) and returns a pointer to the first entry in the result. .LP This pointer should be supplied on a subsequent call to .B ldap_next_entry() to get the next entry, the result of which should be supplied to the next call to .BR ldap_next_entry() , etc. .B ldap_next_entry() will return NULL when there are no more entries. The entries returned from these calls are used in calls to the routines described in .BR ldap_get_dn (3), .BR ldap_first_attribute (3), .BR ldap_get_values (3), etc. .LP A count of the number of entries in the search result can be obtained by calling .BR ldap_count_entries() . .SH ERRORS If an error occurs in .B ldap_first_entry() or .BR ldap_next_entry() , NULL is returned and the ld_errno field in the \fIld\fP parameter is set to indicate the error. If an error occurs in .BR ldap_count_entries() , -1 is returned, and .B ld_errno is set appropriately. See .BR ldap_error (3) for a description of possible error codes. .SH SEE ALSO .BR ldap (3), .BR ldap_result (3), .BR ldap_search (3), .BR ldap_first_attribute (3), .BR ldap_get_values (3), .BR ldap_get_dn (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 81 stdin PK!Js* * ldap_parse_vlv_control.3nu[.lf 1 stdin .TH LDAP_PARSE_VLV_CONTROL 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_parse_vlv_control \- Decode the information returned from a search operation that used a VLV (virtual list view) control .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_parse_vlv_control( ld, ctrlp, target_posp, list_countp, contextp, errcodep ) .ft LDAP *ld; LDAPControl **ctrlp; unsigned long *target_posp, *list_countp; struct berval **contextp; int *errcodep; .SH DESCRIPTION The .B ldap_parse_vlv_control is used to decode the information returned from a search operation that used a VLV (virtual list view)control. It takes a null terminated array of LDAPControl structures, usually obtained by a call to the .BR ldap_parse_result function, a \fItarget_pos\fP which points to the list index of the target entry. If this parameter is NULL, the target position is not returned. The index returned is an approximation of the position of the target entry. It is not guaranteed to be exact. The parameter \fIlist_countp\fP points to the server's estimate of the size of the list. If this parameter is NULL, the size is not returned. \fIcontextp\fP is a pointer to the address of a berval structure that contains a server-generated context identifier if server returns one. If server does not return a context identifier, the server returns a NULL in this parameter. If this parameter is set to NULL, the context identifier is not returned. You should use this returned context in the next call to create a VLV control. When the berval structure is no longer needed, you should free the memory by calling the \fIber_bvfree function.e\fP \fIerrcodep\fP is an output parameter, which points to the result code returned by the server. If this parameter is NULL, the result code is not returned. .LP See ldap.h for a list of possible return codes. .SH SEE ALSO .BR ldap_search (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 50 stdin PK!CB ldap_compare_s.3nu[.lf 1 stdin .TH LDAP_COMPARE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_compare, ldap_compare_s, ldap_compare_ext, ldap_compare_ext_s \- Perform an LDAP compare operation. .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_compare_ext( .RS .ft B LDAP *\fIld\fB, char *\fIdn\fB, char *\fIattr\fB, const struct berval *\fIbvalue\fB, LDAPControl **\fIserverctrls\fB, LDAPControl **\fIclientctrls\fB, int *\fImsgidp\fB ); .RE .LP .ft B int ldap_compare_ext_s( .RS .ft B LDAP *\fIld\fB, char *\fIdn\fB, char *\fIattr\fB, const struct berval *\fIbvalue\fB, LDAPControl **\fIserverctrls\fB, LDAPControl **\fIclientctrls\fB ); .RE .SH DESCRIPTION The .B ldap_compare_ext_s() routine is used to perform an LDAP compare operation synchronously. It takes \fIdn\fP, the DN of the entry upon which to perform the compare, and \fIattr\fP and \fIvalue\fP, the attribute description and value to compare to those found in the entry. It returns a code, which will be LDAP_COMPARE_TRUE if the entry contains the attribute value and LDAP_COMPARE_FALSE if it does not. Otherwise, an error code is returned that indicates the nature of the problem. See .BR ldap (3) for details. .LP The .B ldap_compare_ext() routine is used to perform an LDAP compare operation asynchronously. It takes the same parameters as .BR ldap_compare_ext_s() , but provides the message id of the request it initiated in the integer pointed to \fImsgidp\fP. The result of the compare can be obtained by a subsequent call to .BR ldap_result (3). .LP Both routines allow server and client controls to be specified to extend the compare request. .SH DEPRECATED INTERFACES The routines .BR ldap_compare () and .BR ldap_compare_s () are deprecated in favor of .BR ldap_compare_ext () and .BR ldap_compare_ext_s (), respectively. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 75 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 80 stdin PK!c%uuldap_search_st.3nu[.lf 1 stdin .TH LDAP_SEARCH 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B int ldap_search_ext( .RS LDAP *\fIld\fB, char *\fIbase\fB, int \fIscope\fB, char *\fIfilter\fB, char *\fIattrs\fB[], int \fIattrsonly\fB, LDAPControl **\fIserverctrls\fB, LDAPControl **\fIclientctrls\fB, struct timeval *\fItimeout\fB, int \fIsizelimit\fB, int *\fImsgidp\fB ); .RE .LP .ft B int ldap_search_ext_s( .RS LDAP *\fIld\fB, char *\fIbase\fB, int \fIscope\fB, char *\fIfilter\fB, char *\fIattrs\fB[], int \fIattrsonly\fB, LDAPControl **\fIserverctrls\fB, LDAPControl **\fIclientctrls\fB, struct timeval *\fItimeout\fB, int \fIsizelimit\fB, LDAPMessage **\fIres\fB ); .RE .SH DESCRIPTION These routines are used to perform LDAP search operations. The .B ldap_search_ext_s() routine does the search synchronously (i.e., not returning until the operation completes), providing a pointer to the resulting LDAP messages at the location pointed to by the \fIres\fP parameter. .LP The .B ldap_search_ext() routine is the asynchronous version, initiating the search and returning the message id of the operation it initiated in the integer pointed to by the \fImsgidp\fP parameter. .LP The \fIbase\fP parameter is the DN of the entry at which to start the search. .LP The \fIscope\fP parameter is the scope of the search and should be one of LDAP_SCOPE_BASE, to search the object itself, LDAP_SCOPE_ONELEVEL, to search the object's immediate children, LDAP_SCOPE_SUBTREE, to search the object and all its descendants, or LDAP_SCOPE_CHILDREN, to search all of the descendants. Note that the latter requires the server support the LDAP Subordinates Search Scope extension. .LP The \fIfilter\fP is a string representation of the filter to apply in the search. The string should conform to the format specified in RFC 4515 as extended by RFC 4526. For instance, "(cn=Jane Doe)". Note that use of the extension requires the server to support the LDAP Absolute True/False Filter extension. NULL may be specified to indicate the library should send the filter (objectClass=*). .LP The \fIattrs\fP parameter is a null-terminated array of attribute descriptions to return from matching entries. If NULL is specified, the return of all user attributes is requested. The description "*" (LDAP_ALL_USER_ATTRIBUTES) may be used to request all user attributes to be returned. The description "+"(LDAP_ALL_OPERATIONAL_ATTRIBUTES) may be used to request all operational attributes to be returned. Note that this requires the server to support the LDAP All Operational Attribute extension. To request no attributes, the description "1.1" (LDAP_NO_ATTRS) should be listed by itself. .LP The \fIattrsonly\fP parameter should be set to a non-zero value if only attribute descriptions are wanted. It should be set to zero (0) if both attributes descriptions and attribute values are wanted. .LP The \fIserverctrls\fP and \fIclientctrls\fP parameters may be used to specify server and client controls, respectively. .LP The .B ldap_search_ext_s() routine is the synchronous version of .BR ldap_search_ext(). .LP It also returns a code indicating success or, in the case of failure, indicating the nature of the failure of the operation. See .BR ldap_error (3) for details. .SH NOTES Note that both read and list functionality are subsumed by these routines, by using a filter like "(objectclass=*)" and a scope of LDAP_SCOPE_BASE (to emulate read) or LDAP_SCOPE_ONELEVEL (to emulate list). .LP These routines may dynamically allocate memory. The caller is responsible for freeing such memory using supplied deallocation routines. Return values are contained in . .LP Note that \fIres\fR parameter of .B ldap_search_ext_s() and .B ldap_search_s() should be freed with .B ldap_msgfree() regardless of return value of these functions. .SH DEPRECATED INTERFACES The .B ldap_search() routine is deprecated in favor of the .B ldap_search_ext() routine. The .B ldap_search_s() and .B ldap_search_st() routines are deprecated in favor of the .B ldap_search_ext_s() routine. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 139 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_result (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 145 stdin PK!}q ldap_add_ext_s.3nu[.lf 1 stdin .TH LDAP_ADD 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_add_ext, ldap_add_ext_s \- Perform an LDAP add operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .ft B #include .LP .ft B .nf int ldap_add_ext( .RS .ft B LDAP *\fIld, const char *\fIdn\fB, LDAPMod **\fIattrs\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB, int *\fImsgidp\fB ); .RE .LP .ft B .nf int ldap_add_ext_s( .RS LDAP *\fIld\fB, const char *\fIdn\fB, LDAPMod **\fIattrs\fB, LDAPControl *\fIsctrls\fB, LDAPControl *\fIcctrls\fB ); .RE .fi .SH DESCRIPTION The .B ldap_add_ext_s() routine is used to perform an LDAP add operation. It takes \fIdn\fP, the DN of the entry to add, and \fIattrs\fP, a null-terminated array of the entry's attributes. The LDAPMod structure is used to represent attributes, with the \fImod_type\fP and \fImod_values\fP fields being used as described under .BR ldap_modify_ext (3), and the \fIldap_op\fP field being used only if you need to specify the LDAP_MOD_BVALUES option. Otherwise, it should be set to zero. .LP Note that all entries except that specified by the last component in the given DN must already exist. .B ldap_add_ext_s() returns an code indicating success or, in the case of failure, indicating the nature of failure of the operation. See .BR ldap_error (3) for more details. .LP The .B ldap_add_ext() routine works just like .BR ldap_add_ext_s() , but it is asynchronous. It returns the message id of the request it initiated. The result of this operation can be obtained by calling .BR ldap_result (3). .SH DEPRECATED INTERFACES The .BR ldap_add () and .BR ldap_add_s () routines are deprecated in favor of the .BR ldap_add_ext () and .BR ldap_add_ext_s () routines, respectively. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 76 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_modify (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 82 stdin PK!YX .LP .BI "int ldap_get_option(LDAP *" ld ", int " option ", void *" outvalue ");" .LP .BI "int ldap_set_option(LDAP *" ld ", int " option ", const void *" invalue ");" .SH DESCRIPTION .LP These routines provide access to options stored either in a LDAP handle or as global options, where applicable. They make use of a neutral interface, where the type of the value either retrieved by .BR ldap_get_option (3) or set by .BR ldap_set_option (3) is cast to .BR "void *" . The actual type is determined based on the value of the .B option argument. Global options are set/retrieved by passing a NULL LDAP handle. LDAP handles inherit their default settings from the global options in effect at the time the handle is created. .TP .B LDAP_OPT_API_FEATURE_INFO Fills-in a .BR "LDAPAPIFeatureInfo" ; .BR outvalue must be a .BR "LDAPAPIFeatureInfo *" , pointing to an already allocated struct. The .B ldapaif_info_version field of the struct must be initialized to .B LDAP_FEATURE_INFO_VERSION before making the call. The .B ldapaif_name field must be set to the name of a feature to query. This is a read-only option. .TP .B LDAP_OPT_API_INFO Fills-in a .BR "LDAPAPIInfo" ; .BR outvalue must be a .BR "LDAPAPIInfo *" , pointing to an already allocated struct. The .B ldapai_info_version field of the struct must be initialized to .B LDAP_API_INFO_VERSION before making the call. If the version passed in does not match the current library version, the expected version number will be stored in the struct and the call will fail. The caller is responsible for freeing the elements of the .B ldapai_extensions array and the array itself using .BR ldap_memfree (3). The caller must also free the .BR ldapi_vendor_name . This is a read-only option. .TP .B LDAP_OPT_CLIENT_CONTROLS Sets/gets the client-side controls to be used for all operations. This is now deprecated as modern LDAP C API provides replacements for all main operations which accepts client-side controls as explicit arguments; see for example .BR ldap_search_ext (3), .BR ldap_add_ext (3), .BR ldap_modify_ext (3) and so on. .BR outvalue must be .BR "LDAPControl ***" , and the caller is responsible of freeing the returned controls, if any, by calling .BR ldap_controls_free (3), while .BR invalue must be .BR "LDAPControl *const *" ; the library duplicates the controls passed via .BR invalue . .TP .B LDAP_OPT_CONNECT_ASYNC Sets/gets the status of the asynchronous connect flag. .BR invalue should either be .BR LDAP_OPT_OFF or .BR LDAP_OPT_ON ; .BR outvalue must be .BR "int *" . When set, the library will call .BR connect (2) and return, without waiting for response. This leaves the handle in a connecting state. Subsequent calls to library routines will poll for completion of the connect before performing further operations. As a consequence, library calls that need to establish a connection with a DSA do not block even for the network timeout (option .BR LDAP_OPT_NETWORK_TIMEOUT ). This option is OpenLDAP specific. .TP .B LDAP_OPT_CONNECT_CB This option allows to set a connect callback. .B invalue must be a .BR "const struct ldap_conncb *" . Callbacks are executed in last in-first served order. Handle-specific callbacks are executed first, followed by global ones. Right before freeing the callback structure, the .B lc_del callback handler is passed a .B NULL .BR Sockbuf . Calling .BR ldap_get_option (3) for this option removes the callback whose pointer matches .BR outvalue . This option is OpenLDAP specific. .TP .B LDAP_OPT_DEBUG_LEVEL Sets/gets the debug level of the client library. .BR invalue must be a .BR "const int *" ; .BR outvalue must be a .BR "int *" . Valid debug levels are .BR LDAP_DEBUG_ANY , .BR LDAP_DEBUG_ARGS , .BR LDAP_DEBUG_BER , .BR LDAP_DEBUG_CONNS , .BR LDAP_DEBUG_NONE , .BR LDAP_DEBUG_PACKETS , .BR LDAP_DEBUG_PARSE , and .BR LDAP_DEBUG_TRACE . This option is OpenLDAP specific. .TP .B LDAP_OPT_DEFBASE Sets/gets a string containing the DN to be used as default base for search operations. .BR outvalue must be a .BR "char **" , and the caller is responsible of freeing the returned string by calling .BR ldap_memfree (3), while .BR invalue must be a .BR "const char *" ; the library duplicates the corresponding string. This option is OpenLDAP specific. .TP .B LDAP_OPT_DEREF Sets/gets the value that defines when alias dereferencing must occur. .BR invalue must be .BR "const int *" ; .BR outvalue must be .BR "int *" . They cannot be NULL. The value of .BR *invalue should be one of .BR LDAP_DEREF_NEVER (the default), .BR LDAP_DEREF_SEARCHING , .BR LDAP_DEREF_FINDING , or .BR LDAP_DEREF_ALWAYS . Note that this has ever been the only means to determine alias dereferencing within search operations. .TP .B LDAP_OPT_DESC Returns the file descriptor associated to the socket buffer of the LDAP handle passed in as .BR ld ; .BR outvalue must be a .BR "int *" . This is a read-only, handle-specific option. .TP .B LDAP_OPT_DIAGNOSTIC_MESSAGE Sets/gets a string containing the error string associated to the LDAP handle. This option was formerly known as .BR LDAP_OPT_ERROR_STRING . .BR outvalue must be a .BR "char **" , and the caller is responsible of freeing the returned string by calling .BR ldap_memfree (3), while .BR invalue must be a .BR "char *" ; the library duplicates the corresponding string. .TP .B LDAP_OPT_HOST_NAME Sets/gets a space-separated list of hosts to be contacted by the library when trying to establish a connection. This is now deprecated in favor of .BR LDAP_OPT_URI . .BR outvalue must be a .BR "char **" , and the caller is responsible of freeing the resulting string by calling .BR ldap_memfree (3), while .BR invalue must be a .BR "const char *" ; the library duplicates the corresponding string. .TP .B LDAP_OPT_MATCHED_DN Sets/gets a string containing the matched DN associated to the LDAP handle. .BR outvalue must be a .BR "char **" , and the caller is responsible of freeing the returned string by calling .BR ldap_memfree (3), while .BR invalue must be a .BR "const char *" ; the library duplicates the corresponding string. .TP .B LDAP_OPT_NETWORK_TIMEOUT Sets/gets the network timeout value after which .BR poll (2)/ select (2) following a .BR connect (2) returns in case of no activity. .B outvalue must be a .BR "struct timeval **" (the caller has to free .BR *outvalue ) , and .B invalue must be a .BR "const struct timeval *" . They cannot be NULL. Using a struct with seconds set to \-1 results in an infinite timeout, which is the default. This option is OpenLDAP specific. .TP .B LDAP_OPT_PROTOCOL_VERSION Sets/gets the protocol version. .BR outvalue and .BR invalue must be .BR "int *" . .TP .B LDAP_OPT_REFERRAL_URLS Sets/gets an array containing the referral URIs associated to the LDAP handle. .BR outvalue must be a .BR "char ***" , and the caller is responsible of freeing the returned string by calling .BR ldap_memvfree (3), while .BR invalue must be a NULL-terminated .BR "char *const *" ; the library duplicates the corresponding string. This option is OpenLDAP specific. .TP .B LDAP_OPT_REFERRALS Determines whether the library should implicitly chase referrals or not. .BR invalue must be .BR "const int *" ; its value should either be .BR LDAP_OPT_OFF or .BR LDAP_OPT_ON . .BR outvalue must be .BR "int *" . .\".TP .\".B LDAP_OPT_REFHOPLIMIT .\"This option is OpenLDAP specific. .\"It is not currently implemented. .TP .B LDAP_OPT_RESTART Determines whether the library should implicitly restart connections (FIXME). .BR invalue must be .BR "const int *" ; its value should either be .BR LDAP_OPT_OFF or .BR LDAP_OPT_ON . .BR outvalue must be .BR "int *" . .TP .B LDAP_OPT_RESULT_CODE Sets/gets the LDAP result code associated to the handle. This option was formerly known as .BR LDAP_OPT_ERROR_NUMBER . .BR invalue must be a .BR "const int *" . .BR outvalue must be a .BR "int *" . .TP .B LDAP_OPT_SERVER_CONTROLS Sets/gets the server-side controls to be used for all operations. This is now deprecated as modern LDAP C API provides replacements for all main operations which accepts server-side controls as explicit arguments; see for example .BR ldap_search_ext (3), .BR ldap_add_ext (3), .BR ldap_modify_ext (3) and so on. .BR outvalue must be .BR "LDAPControl ***" , and the caller is responsible of freeing the returned controls, if any, by calling .BR ldap_controls_free (3), while .BR invalue must be .BR "LDAPControl *const *" ; the library duplicates the controls passed via .BR invalue . .TP .B LDAP_OPT_SESSION_REFCNT Returns the reference count associated with the LDAP handle passed in as .BR ld ; .BR outvalue must be a .BR "int *" . This is a read-only, handle-specific option. This option is OpenLDAP specific. .TP .B LDAP_OPT_SIZELIMIT Sets/gets the value that defines the maximum number of entries to be returned by a search operation. .BR invalue must be .BR "const int *" , while .BR outvalue must be .BR "int *" ; They cannot be NULL. .TP .B LDAP_OPT_SOCKBUF Returns a pointer to the socket buffer of the LDAP handle passed in as .BR ld ; .BR outvalue must be a .BR "Sockbuf **" . This is a read-only, handle-specific option. This option is OpenLDAP specific. .TP .B LDAP_OPT_TIMELIMIT Sets/gets the value that defines the time limit after which a search operation should be terminated by the server. .BR invalue must be .BR "const int *" , while .BR outvalue must be .BR "int *" , and they cannot be NULL. .TP .B LDAP_OPT_TIMEOUT Sets/gets a timeout value for the synchronous API calls. .B outvalue must be a .BR "struct timeval **" (the caller has to free .BR *outvalue ) , and .B invalue must be a .BR "struct timeval *" , and they cannot be NULL. Using a struct with seconds set to \-1 results in an infinite timeout, which is the default. This option is OpenLDAP specific. .TP .B LDAP_OPT_URI Sets/gets a comma- or space-separated list of URIs to be contacted by the library when trying to establish a connection. .BR outvalue must be a .BR "char **" , and the caller is responsible of freeing the resulting string by calling .BR ldap_memfree (3), while .BR invalue must be a .BR "const char *" ; the library parses the string into a list of .BR LDAPURLDesc structures, so the invocation of .BR ldap_set_option (3) may fail if URL parsing fails. URIs may only contain the .BR schema , the .BR host , and the .BR port fields. This option is OpenLDAP specific. .SH SASL OPTIONS The SASL options are OpenLDAP specific. .TP .B LDAP_OPT_X_SASL_AUTHCID Gets the SASL authentication identity; .BR outvalue must be a .BR "char **" , its content needs to be freed by the caller using .BR ldap_memfree (3). .TP .B LDAP_OPT_X_SASL_AUTHZID Gets the SASL authorization identity; .BR outvalue must be a .BR "char **" , its content needs to be freed by the caller using .BR ldap_memfree (3). .TP .B LDAP_OPT_X_SASL_MAXBUFSIZE Gets/sets SASL maximum buffer size; .BR invalue must be .BR "const ber_len_t *" , while .BR outvalue must be .BR "ber_len_t *" . See also .BR LDAP_OPT_X_SASL_SECPROPS . .TP .B LDAP_OPT_X_SASL_MECH Gets the SASL mechanism; .BR outvalue must be a .BR "char **" , its content needs to be freed by the caller using .BR ldap_memfree (3). .TP .B LDAP_OPT_X_SASL_MECHLIST Gets the list of the available mechanisms, in form of a NULL-terminated array of strings; .BR outvalue must be .BR "char ***" . The caller must not free or otherwise muck with it. .TP .B LDAP_OPT_X_SASL_NOCANON Sets/gets the NOCANON flag. When unset, the hostname is canonicalized. .BR invalue must be .BR "const int *" ; its value should either be .BR LDAP_OPT_OFF or .BR LDAP_OPT_ON . .BR outvalue must be .BR "int *" . .TP .B LDAP_OPT_X_SASL_REALM Gets the SASL realm; .BR outvalue must be a .BR "char **" , its content needs to be freed by the caller using .BR ldap_memfree (3). .TP .B LDAP_OPT_X_SASL_SECPROPS Sets the SASL secprops; .BR invalue must be a .BR "char *" , containing a comma-separated list of properties. Legal values are: .BR none , .BR nodict , .BR noplain , .BR noactive , .BR passcred , .BR forwardsec , .BR noanonymous , .BR minssf= , .BR maxssf= , .BR maxbufsize= . .TP .B LDAP_OPT_X_SASL_SSF Gets the SASL SSF; .BR outvalue must be a .BR "ber_len_t *" . .TP .B LDAP_OPT_X_SASL_SSF_EXTERNAL Sets the SASL SSF value related to an authentication performed using an EXTERNAL mechanism; .BR invalue must be a .BR "const ber_len_t *" . .TP .B LDAP_OPT_X_SASL_SSF_MAX Gets/sets SASL maximum SSF; .BR invalue must be .BR "const ber_len_t *" , while .BR outvalue must be .BR "ber_len_t *" . See also .BR LDAP_OPT_X_SASL_SECPROPS . .TP .B LDAP_OPT_X_SASL_SSF_MIN Gets/sets SASL minimum SSF; .BR invalue must be .BR "const ber_len_t *" , while .BR outvalue must be .BR "ber_len_t *" . See also .BR LDAP_OPT_X_SASL_SECPROPS . .TP .B LDAP_OPT_X_SASL_USERNAME Gets the SASL username; .BR outvalue must be a .BR "char **" . Its content needs to be freed by the caller using .BR ldap_memfree (3). .SH TCP OPTIONS The TCP options are OpenLDAP specific. Mainly intended for use with Linux, they may not be portable. .TP .B LDAP_OPT_X_KEEPALIVE_IDLE Sets/gets the number of seconds a connection needs to remain idle before TCP starts sending keepalive probes. .BR invalue must be .BR "const int *" ; .BR outvalue must be .BR "int *" . .TP .B LDAP_OPT_X_KEEPALIVE_PROBES Sets/gets the maximum number of keepalive probes TCP should send before dropping the connection. .BR invalue must be .BR "const int *" ; .BR outvalue must be .BR "int *" . .TP .B LDAP_OPT_X_KEEPALIVE_INTERVAL Sets/gets the interval in seconds between individual keepalive probes. .BR invalue must be .BR "const int *" ; .BR outvalue must be .BR "int *" . .SH TLS OPTIONS The TLS options are OpenLDAP specific. .\".TP .\".B LDAP_OPT_X_TLS .\"Sets/gets the TLS mode. .TP .B LDAP_OPT_X_TLS_CACERTDIR Sets/gets the path of the directory containing CA certificates. .BR invalue must be .BR "const char *" ; .BR outvalue must be .BR "char **" , and its contents need to be freed by the caller using .BR ldap_memfree (3). .TP .B LDAP_OPT_X_TLS_CACERTFILE Sets/gets the full-path of the CA certificate file. .BR invalue must be .BR "const char *" ; .BR outvalue must be .BR "char **" , and its contents need to be freed by the caller using .BR ldap_memfree (3). .TP .B LDAP_OPT_X_TLS_CERTFILE Sets/gets the full-path of the certificate file. .BR invalue must be .BR "const char *" ; .BR outvalue must be .BR "char **" , and its contents need to be freed by the caller using .BR ldap_memfree (3). .TP .B LDAP_OPT_X_TLS_CIPHER_SUITE Sets/gets the allowed cipher suite. .BR invalue must be .BR "const char *" ; .BR outvalue must be .BR "char **" , and its contents need to be freed by the caller using .BR ldap_memfree (3). .TP .B LDAP_OPT_X_TLS_CONNECT_ARG Sets/gets the connection callback argument. .BR invalue must be .BR "const void *" ; .BR outvalue must be .BR "void **" . .TP .B LDAP_OPT_X_TLS_CONNECT_CB Sets/gets the connection callback handle. .BR invalue must be .BR "const LDAP_TLS_CONNECT_CB *" ; .BR outvalue must be .BR "LDAP_TLS_CONNECT_CB **" . .TP .B LDAP_OPT_X_TLS_CRLCHECK Sets/gets the CRL evaluation strategy, one of .BR LDAP_OPT_X_TLS_CRL_NONE , .BR LDAP_OPT_X_TLS_CRL_PEER , or .BR LDAP_OPT_X_TLS_CRL_ALL . .BR invalue must be .BR "const int *" ; .BR outvalue must be .BR "int *" . Requires OpenSSL. .TP .B LDAP_OPT_X_TLS_CRLFILE Sets/gets the full-path of the CRL file. .BR invalue must be .BR "const char *" ; .BR outvalue must be .BR "char **" , and its contents need to be freed by the caller using .BR ldap_memfree (3). This option is only valid for GnuTLS. .TP .B LDAP_OPT_X_TLS_CTX Sets/gets the TLS library context. New TLS sessions will inherit their default settings from this library context. .BR invalue must be .BR "const void *" ; .BR outvalue must be .BR "void **" . When using the OpenSSL library this is an SSL_CTX*. When using other crypto libraries this is a pointer to an OpenLDAP private structure. Applications generally should not use this option or attempt to manipulate this structure. .TP .B LDAP_OPT_X_TLS_DHFILE Gets/sets the full-path of the file containing the parameters for Diffie-Hellman ephemeral key exchange. .BR invalue must be .BR "const char *" ; .BR outvalue must be .BR "char **" , and its contents need to be freed by the caller using .BR ldap_memfree (3). Ignored by GnuTLS and Mozilla NSS. .TP .B LDAP_OPT_X_TLS_KEYFILE Sets/gets the full-path of the certificate key file. .BR invalue must be .BR "const char *" ; .BR outvalue must be .BR "char **" , and its contents need to be freed by the caller using .BR ldap_memfree (3). .TP .B LDAP_OPT_X_TLS_NEWCTX Instructs the library to create a new TLS library context. .BR invalue must be .BR "const int *" . A non-zero value pointed to by .BR invalue tells the library to create a context for a server. .TP .B LDAP_OPT_X_TLS_PROTOCOL_MIN Sets/gets the minimum protocol version. .BR invalue must be .BR "const int *" ; .BR outvalue must be .BR "int *" . .TP .B LDAP_OPT_X_TLS_RANDOM_FILE Sets/gets the random file when .B /dev/random and .B /dev/urandom are not available. .BR invalue must be .BR "const char *" ; .BR outvalue must be .BR "char **" , and its contents need to be freed by the caller using .BR ldap_memfree (3). Ignored by GnuTLS older than version 2.2. Ignored by Mozilla NSS. .TP .B LDAP_OPT_X_TLS_REQUIRE_CERT Sets/gets the peer certificate checking strategy, one of .BR LDAP_OPT_X_TLS_NEVER , .BR LDAP_OPT_X_TLS_HARD , .BR LDAP_OPT_X_TLS_DEMAND , .BR LDAP_OPT_X_TLS_ALLOW , .BR LDAP_OPT_X_TLS_TRY . .TP .B LDAP_OPT_X_TLS_SSL_CTX Gets the TLS session context associated with this handle. .BR outvalue must be .BR "void **" . When using the OpenSSL library this is an SSL*. When using other crypto libraries this is a pointer to an OpenLDAP private structure. Applications generally should not use this option. .SH ERRORS On success, the functions return .BR LDAP_OPT_SUCCESS , while they may return .B LDAP_OPT_ERROR to indicate a generic option handling error. Occasionally, more specific errors can be returned, like .B LDAP_NO_MEMORY to indicate a failure in memory allocation. .SH NOTES The LDAP libraries with the .B LDAP_OPT_REFERRALS option set to .B LDAP_OPT_ON (default value) automatically follow referrals using an anonymous bind. Application developers are encouraged to either implement consistent referral chasing features, or explicitly disable referral chasing by setting that option to .BR LDAP_OPT_OFF . .P The protocol version used by the library defaults to LDAPv2 (now historic), which corresponds to the .B LDAP_VERSION2 macro. Application developers are encouraged to explicitly set .B LDAP_OPT_PROTOCOL_VERSION to LDAPv3, using the .B LDAP_VERSION3 macro, or to allow users to select the protocol version. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .B RFC 4422 (http://www.rfc-editor.org), .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 811 stdin PK!5^#v1v1ber_next_element.3nu[.lf 1 stdin .TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");" .LP .BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");" .LP .BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");" .LP .BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");" .LP .BI "ber_tag_t ber_get_null(BerElement *" ber ");" .LP .BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");" .LP .BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");" .LP .BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");" .LP .BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the decoding routines in the lber library. See .BR lber-encode (3) for details on the corresponding encoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_get_next () to get the next BER element and .BR ber_scanf () to do the actual decoding. In some cases, .BR ber_peek_tag () may also need to be called in normal usage. The other routines are provided for those applications that need more control than .BR ber_scanf () provides. In general, these routines return the tag of the element decoded, or LBER_ERROR if an error occurred. .LP The .BR ber_get_next () routine is used to read the next BER element from the given Sockbuf, \fIsb\fP. It strips off and returns the leading tag, strips off and returns the length of the entire element in \fIlen\fP, and sets up \fIber\fP for subsequent calls to .BR ber_scanf () et al to decode the element. See .BR lber-sockbuf (3) for details of the Sockbuf implementation of the \fIsb\fP parameter. .LP The .BR ber_scanf () routine is used to decode a BER element in much the same way that .BR scanf (3) works. It reads from \fIber\fP, a pointer to a BerElement such as returned by .BR ber_get_next (), interprets the bytes according to the format string \fIfmt\fP, and stores the results in its additional arguments. The format string contains conversion specifications which are used to direct the interpretation of the BER element. The format string can contain the following characters. .RS .LP .TP 3 .B a Octet string. A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter. The caller should free the returned string using .BR ber_memfree (). .TP .B A Octet string. A variant of "\fBa\fP". A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter, unless a zero-length string would result; in that case, the arg is set to NULL. The caller should free the returned string using .BR ber_memfree (). .TP .B s Octet string. A char * buffer should be supplied, followed by a pointer to a ber_len_t initialized to the size of the buffer. Upon return, the null-terminated octet string is put into the buffer, and the ber_len_t is set to the actual size of the octet string. .TP .B O Octet string. A struct ber_val ** should be supplied, which upon return points to a dynamically allocated struct berval containing the octet string and its length. The caller should free the returned structure using .BR ber_bvfree (). .TP .B o Octet string. A struct ber_val * should be supplied, which upon return contains the dynamically allocated octet string and its length. The caller should free the returned octet string using .BR ber_memfree (). .TP .B m Octet string. A struct ber_val * should be supplied, which upon return contains the octet string and its length. The string resides in memory assigned to the BerElement, and must not be freed by the caller. .TP .B b Boolean. A pointer to a ber_int_t should be supplied. .TP .B e Enumeration. A pointer to a ber_int_t should be supplied. .TP .B i Integer. A pointer to a ber_int_t should be supplied. .TP .B B Bitstring. A char ** should be supplied which will point to the dynamically allocated bits, followed by a ber_len_t *, which will point to the length (in bits) of the bitstring returned. .TP .B n Null. No parameter is required. The element is simply skipped if it is recognized. .TP .B v Sequence of octet strings. A char *** should be supplied, which upon return points to a dynamically allocated null-terminated array of char *'s containing the octet strings. NULL is returned if the sequence is empty. The caller should free the returned array and octet strings using .BR ber_memvfree (). .TP .B V Sequence of octet strings with lengths. A struct berval *** should be supplied, which upon return points to a dynamically allocated null-terminated array of struct berval *'s containing the octet strings and their lengths. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvecfree (). .TP .B W Sequence of octet strings with lengths. A BerVarray * should be supplied, which upon return points to a dynamically allocated array of struct berval's containing the octet strings and their lengths. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvarray_free (). .TP .B M Sequence of octet strings with lengths. This is a generalized form of the previous three formats. A void ** (ptr) should be supplied, followed by a ber_len_t * (len) and a ber_len_t (off). Upon return (ptr) will point to a dynamically allocated array whose elements are all of size (*len). A struct berval will be filled starting at offset (off) in each element. The strings in each struct berval reside in memory assigned to the BerElement and must not be freed by the caller. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The number of elements in the array is also stored in (*len) on return. The caller should free the returned array using .BR ber_memfree (). .TP .B l Length of the next element. A pointer to a ber_len_t should be supplied. .TP .B t Tag of the next element. A pointer to a ber_tag_t should be supplied. .TP .B T Skip element and return its tag. A pointer to a ber_tag_t should be supplied. .TP .B x Skip element. The next element is skipped. .TP .B { Begin sequence. No parameter is required. The initial sequence tag and length are skipped. .TP .B } End sequence. No parameter is required and no action is taken. .TP .B [ Begin set. No parameter is required. The initial set tag and length are skipped. .TP .B ] End set. No parameter is required and no action is taken. .RE .LP The .BR ber_get_int () routine tries to interpret the next element as an integer, returning the result in \fInum\fP. The tag of whatever it finds is returned on success, LBER_ERROR (\-1) on failure. .LP The .BR ber_get_stringb () routine is used to read an octet string into a preallocated buffer. The \fIlen\fP parameter should be initialized to the size of the buffer, and will contain the length of the octet string read upon return. The buffer should be big enough to take the octet string value plus a terminating NULL byte. .LP The .BR ber_get_stringa () routine is used to dynamically allocate space into which an octet string is read. The caller should free the returned string using .BR ber_memfree(). .LP The .BR ber_get_stringal () routine is used to dynamically allocate space into which an octet string and its length are read. It takes a struct berval **, and returns the result in this parameter. The caller should free the returned structure using .BR ber_bvfree(). .LP The .BR ber_get_stringbv () routine is used to read an octet string and its length into the provided struct berval *. If the \fIalloc\fP parameter is zero, the string will reside in memory assigned to the BerElement, and must not be freed by the caller. If the \fIalloc\fP parameter is non-zero, the string will be copied into dynamically allocated space which should be returned using .BR ber_memfree (). .LP The .BR ber_get_null () routine is used to read a NULL element. It returns the tag of the element it skips over. .LP The .BR ber_get_boolean () routine is used to read a boolean value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_enum () routine is used to read a enumeration value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_bitstringa () routine is used to read a bitstring value. It takes a char ** which will hold the dynamically allocated bits, followed by an ber_len_t *, which will point to the length (in bits) of the bitstring returned. The caller should free the returned string using .BR ber_memfree (). .LP The .BR ber_first_element () routine is used to return the tag and length of the first element in a set or sequence. It also returns in \fIcookie\fP a magic cookie parameter that should be passed to subsequent calls to ber_next_element(), which returns similar information. .SH EXAMPLES Assume the variable \fIber\fP contains a lightweight BER encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP The element can be decoded using .BR ber_scanf () as follows. .LP .nf ber_int_t scope, deref, size, time, attrsonly; char *dn, **attrs; ber_tag_t tag; tag = ber_scanf( ber, "{aeeiib{v}}", &dn, &scope, &deref, &size, &time, &attrsonly, &attrs ); if( tag == LBER_ERROR ) { /* error */ } else { /* success */ } ber_memfree( dn ); ber_memvfree( attrs ); .fi .SH ERRORS If an error occurs during decoding, generally these routines return LBER_ERROR ((ber_tag_t)\-1). .LP .SH NOTES .LP The return values for all of these functions are declared in the .B header file. Some routines may dynamically allocate memory which must be freed by the caller using supplied deallocation routines. .SH SEE ALSO .BR lber-encode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 358 stdin PK!gd"#"#ldap_str2matchingrule.3nu[.lf 1 stdin .TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B LDAPSyntax * ldap_str2syntax(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_syntax2str(syn) .ft const LDAPSyntax * syn; .LP .ft B const char * ldap_syntax2name(syn) .ft LDAPSyntax * syn; .LP .ft B ldap_syntax_free(syn) .ft LDAPSyntax * syn; .LP .ft B LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_matchingrule2str(mr); .ft const LDAPMatchingRule * mr; .LP .ft B const char * ldap_matchingrule2name(mr) .ft LDAPMatchingRule * mr; .LP .ft B ldap_matchingrule_free(mr) .ft LDAPMatchingRule * mr; .LP .ft B LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_attributetype2str(at) .ft const LDAPAttributeType * at; .LP .ft B const char * ldap_attributetype2name(at) .ft LDAPAttributeType * at; .LP .ft B ldap_attributetype_free(at) .ft LDAPAttributeType * at; .LP .ft B LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_objectclass2str(oc) .ft const LDAPObjectClass * oc; .LP .ft B const char * ldap_objectclass2name(oc) .ft LDAPObjectClass * oc; .LP .ft B ldap_objectclass_free(oc) .ft LDAPObjectClass * oc; .LP .ft B char * ldap_scherr2str(code) .ft int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is responsible for freeing the struct by calling .B ldap_xxx_free() when not needed any longer. The routine returns NULL if some problem happened. In this case, the integer pointed at by argument .IR code will receive an error code (see below the description of .B ldap_scherr2str() for an explanation of the values) and a pointer to a NUL-terminated string will be placed where requested by argument .IR errp , indicating where in argument .IR s the error happened, so it must not be freed by the caller. Argument .IR flags is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. .TP .B LDAP_SCHEMA_ALLOW_QUOTED permit quotes around some items that should not have them. .TP .B LDAP_SCHEMA_ALLOW_DESCR permit a .B descr instead of a numeric OID in places where the syntax expect the latter. .TP .B LDAP_SCHEMA_ALLOW_DESCR_PREFIX permit that the initial numeric OID contains a prefix in .B descr format. .TP .B LDAP_SCHEMA_ALLOW_ALL be very liberal, include all options. .LP The structures returned are as follows: .sp .RS .nf .ne 7 .ta 8n 16n 32n typedef struct ldap_schema_extension_item { char *lsei_name; /* Extension name */ char **lsei_values; /* Extension values */ } LDAPSchemaExtensionItem; typedef struct ldap_syntax { char *syn_oid; /* OID */ char **syn_names; /* Names */ char *syn_desc; /* Description */ LDAPSchemaExtensionItem **syn_extensions; /* Extension */ } LDAPSyntax; typedef struct ldap_matchingrule { char *mr_oid; /* OID */ char **mr_names; /* Names */ char *mr_desc; /* Description */ int mr_obsolete; /* Is obsolete? */ char *mr_syntax_oid; /* Syntax of asserted values */ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */ } LDAPMatchingRule; typedef struct ldap_attributetype { char *at_oid; /* OID */ char **at_names; /* Names */ char *at_desc; /* Description */ int at_obsolete; /* Is obsolete? */ char *at_sup_oid; /* OID of superior type */ char *at_equality_oid; /* OID of equality matching rule */ char *at_ordering_oid; /* OID of ordering matching rule */ char *at_substr_oid; /* OID of substrings matching rule */ char *at_syntax_oid; /* OID of syntax of values */ int at_syntax_len; /* Suggested minimum maximum length */ int at_single_value; /* Is single-valued? */ int at_collective; /* Is collective? */ int at_no_user_mod; /* Are changes forbidden through LDAP? */ int at_usage; /* Usage, see below */ LDAPSchemaExtensionItem **at_extensions; /* Extensions */ } LDAPAttributeType; typedef struct ldap_objectclass { char *oc_oid; /* OID */ char **oc_names; /* Names */ char *oc_desc; /* Description */ int oc_obsolete; /* Is obsolete? */ char **oc_sup_oids; /* OIDs of superior classes */ int oc_kind; /* Kind, see below */ char **oc_at_oids_must; /* OIDs of required attribute types */ char **oc_at_oids_may; /* OIDs of optional attribute types */ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */ } LDAPObjectClass; .ta .fi .RE .PP Some integer fields (those described with a question mark) have a truth value, for these fields the possible values are: .TP .B LDAP_SCHEMA_NO The answer to the question is no. .TP .B LDAP_SCHEMA_YES The answer to the question is yes. .LP For attribute types, the following usages are possible: .TP .B LDAP_SCHEMA_USER_APPLICATIONS the attribute type is non-operational. .TP .B LDAP_SCHEMA_DIRECTORY_OPERATION the attribute type is operational and is pertinent to the directory itself, i.e. it has the same value on all servers that master the entry containing this attribute type. .TP .B LDAP_SCHEMA_DISTRIBUTED_OPERATION the attribute type is operational and is pertinent to replication, shadowing or other distributed directory aspect. TBC. .TP .B LDAP_SCHEMA_DSA_OPERATION the attribute type is operational and is pertinent to the directory server itself, i.e. it may have different values for the same entry when retrieved from different servers that master the entry. .LP Object classes can be of three kinds: .TP .B LDAP_SCHEMA_ABSTRACT the object class is abstract, i.e. there cannot be entries of this class alone. .TP .B LDAP_SCHEMA_STRUCTURAL the object class is structural, i.e. it describes the main role of the entry. On some servers, once the entry is created the set of structural object classes assigned cannot be changed: none of those present can be removed and none other can be added. .TP .B LDAP_SCHEMA_AUXILIARY the object class is auxiliary, i.e. it is intended to go with other, structural, object classes. These can be added or removed at any time if attribute types are added or removed at the same time as needed by the set of object classes resulting from the operation. .LP Routines .B ldap_xxx2name() return a canonical name for the definition. .LP Routines .B ldap_xxx2str() return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. .LP .B ldap_scherr2str() returns a NUL-terminated string with a text description of the error found. This is a pointer to a static area, so it must not be freed by the caller. The argument .IR code comes from one of the parsing routines and can adopt the following values: .TP .B LDAP_SCHERR_OUTOFMEM Out of memory. .TP .B LDAP_SCHERR_UNEXPTOKEN Unexpected token. .TP .B LDAP_SCHERR_NOLEFTPAREN Missing opening parenthesis. .TP .B LDAP_SCHERR_NORIGHTPAREN Missing closing parenthesis. .TP .B LDAP_SCHERR_NODIGIT Expecting digit. .TP .B LDAP_SCHERR_BADNAME Expecting a name. .TP .B LDAP_SCHERR_BADDESC Bad description. .TP .B LDAP_SCHERR_BADSUP Bad superiors. .TP .B LDAP_SCHERR_DUPOPT Duplicate option. .TP .B LDAP_SCHERR_EMPTY Unexpected end of data. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 321 stdin PK!5^#v1v1ber_get_bitstring.3nu[.lf 1 stdin .TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");" .LP .BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");" .LP .BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");" .LP .BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");" .LP .BI "ber_tag_t ber_get_null(BerElement *" ber ");" .LP .BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");" .LP .BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");" .LP .BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");" .LP .BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the decoding routines in the lber library. See .BR lber-encode (3) for details on the corresponding encoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_get_next () to get the next BER element and .BR ber_scanf () to do the actual decoding. In some cases, .BR ber_peek_tag () may also need to be called in normal usage. The other routines are provided for those applications that need more control than .BR ber_scanf () provides. In general, these routines return the tag of the element decoded, or LBER_ERROR if an error occurred. .LP The .BR ber_get_next () routine is used to read the next BER element from the given Sockbuf, \fIsb\fP. It strips off and returns the leading tag, strips off and returns the length of the entire element in \fIlen\fP, and sets up \fIber\fP for subsequent calls to .BR ber_scanf () et al to decode the element. See .BR lber-sockbuf (3) for details of the Sockbuf implementation of the \fIsb\fP parameter. .LP The .BR ber_scanf () routine is used to decode a BER element in much the same way that .BR scanf (3) works. It reads from \fIber\fP, a pointer to a BerElement such as returned by .BR ber_get_next (), interprets the bytes according to the format string \fIfmt\fP, and stores the results in its additional arguments. The format string contains conversion specifications which are used to direct the interpretation of the BER element. The format string can contain the following characters. .RS .LP .TP 3 .B a Octet string. A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter. The caller should free the returned string using .BR ber_memfree (). .TP .B A Octet string. A variant of "\fBa\fP". A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter, unless a zero-length string would result; in that case, the arg is set to NULL. The caller should free the returned string using .BR ber_memfree (). .TP .B s Octet string. A char * buffer should be supplied, followed by a pointer to a ber_len_t initialized to the size of the buffer. Upon return, the null-terminated octet string is put into the buffer, and the ber_len_t is set to the actual size of the octet string. .TP .B O Octet string. A struct ber_val ** should be supplied, which upon return points to a dynamically allocated struct berval containing the octet string and its length. The caller should free the returned structure using .BR ber_bvfree (). .TP .B o Octet string. A struct ber_val * should be supplied, which upon return contains the dynamically allocated octet string and its length. The caller should free the returned octet string using .BR ber_memfree (). .TP .B m Octet string. A struct ber_val * should be supplied, which upon return contains the octet string and its length. The string resides in memory assigned to the BerElement, and must not be freed by the caller. .TP .B b Boolean. A pointer to a ber_int_t should be supplied. .TP .B e Enumeration. A pointer to a ber_int_t should be supplied. .TP .B i Integer. A pointer to a ber_int_t should be supplied. .TP .B B Bitstring. A char ** should be supplied which will point to the dynamically allocated bits, followed by a ber_len_t *, which will point to the length (in bits) of the bitstring returned. .TP .B n Null. No parameter is required. The element is simply skipped if it is recognized. .TP .B v Sequence of octet strings. A char *** should be supplied, which upon return points to a dynamically allocated null-terminated array of char *'s containing the octet strings. NULL is returned if the sequence is empty. The caller should free the returned array and octet strings using .BR ber_memvfree (). .TP .B V Sequence of octet strings with lengths. A struct berval *** should be supplied, which upon return points to a dynamically allocated null-terminated array of struct berval *'s containing the octet strings and their lengths. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvecfree (). .TP .B W Sequence of octet strings with lengths. A BerVarray * should be supplied, which upon return points to a dynamically allocated array of struct berval's containing the octet strings and their lengths. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvarray_free (). .TP .B M Sequence of octet strings with lengths. This is a generalized form of the previous three formats. A void ** (ptr) should be supplied, followed by a ber_len_t * (len) and a ber_len_t (off). Upon return (ptr) will point to a dynamically allocated array whose elements are all of size (*len). A struct berval will be filled starting at offset (off) in each element. The strings in each struct berval reside in memory assigned to the BerElement and must not be freed by the caller. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The number of elements in the array is also stored in (*len) on return. The caller should free the returned array using .BR ber_memfree (). .TP .B l Length of the next element. A pointer to a ber_len_t should be supplied. .TP .B t Tag of the next element. A pointer to a ber_tag_t should be supplied. .TP .B T Skip element and return its tag. A pointer to a ber_tag_t should be supplied. .TP .B x Skip element. The next element is skipped. .TP .B { Begin sequence. No parameter is required. The initial sequence tag and length are skipped. .TP .B } End sequence. No parameter is required and no action is taken. .TP .B [ Begin set. No parameter is required. The initial set tag and length are skipped. .TP .B ] End set. No parameter is required and no action is taken. .RE .LP The .BR ber_get_int () routine tries to interpret the next element as an integer, returning the result in \fInum\fP. The tag of whatever it finds is returned on success, LBER_ERROR (\-1) on failure. .LP The .BR ber_get_stringb () routine is used to read an octet string into a preallocated buffer. The \fIlen\fP parameter should be initialized to the size of the buffer, and will contain the length of the octet string read upon return. The buffer should be big enough to take the octet string value plus a terminating NULL byte. .LP The .BR ber_get_stringa () routine is used to dynamically allocate space into which an octet string is read. The caller should free the returned string using .BR ber_memfree(). .LP The .BR ber_get_stringal () routine is used to dynamically allocate space into which an octet string and its length are read. It takes a struct berval **, and returns the result in this parameter. The caller should free the returned structure using .BR ber_bvfree(). .LP The .BR ber_get_stringbv () routine is used to read an octet string and its length into the provided struct berval *. If the \fIalloc\fP parameter is zero, the string will reside in memory assigned to the BerElement, and must not be freed by the caller. If the \fIalloc\fP parameter is non-zero, the string will be copied into dynamically allocated space which should be returned using .BR ber_memfree (). .LP The .BR ber_get_null () routine is used to read a NULL element. It returns the tag of the element it skips over. .LP The .BR ber_get_boolean () routine is used to read a boolean value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_enum () routine is used to read a enumeration value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_bitstringa () routine is used to read a bitstring value. It takes a char ** which will hold the dynamically allocated bits, followed by an ber_len_t *, which will point to the length (in bits) of the bitstring returned. The caller should free the returned string using .BR ber_memfree (). .LP The .BR ber_first_element () routine is used to return the tag and length of the first element in a set or sequence. It also returns in \fIcookie\fP a magic cookie parameter that should be passed to subsequent calls to ber_next_element(), which returns similar information. .SH EXAMPLES Assume the variable \fIber\fP contains a lightweight BER encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP The element can be decoded using .BR ber_scanf () as follows. .LP .nf ber_int_t scope, deref, size, time, attrsonly; char *dn, **attrs; ber_tag_t tag; tag = ber_scanf( ber, "{aeeiib{v}}", &dn, &scope, &deref, &size, &time, &attrsonly, &attrs ); if( tag == LBER_ERROR ) { /* error */ } else { /* success */ } ber_memfree( dn ); ber_memvfree( attrs ); .fi .SH ERRORS If an error occurs during decoding, generally these routines return LBER_ERROR ((ber_tag_t)\-1). .LP .SH NOTES .LP The return values for all of these functions are declared in the .B header file. Some routines may dynamically allocate memory which must be freed by the caller using supplied deallocation routines. .SH SEE ALSO .BR lber-encode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 358 stdin PK!qq ldap_dn2ufn.3nu[.lf 1 stdin .TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char *ldap_get_dn( LDAP *ld, LDAPMessage *entry ) .LP .ft B int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags ) .LP .ft B void ldap_dnfree( LDAPDN dn ) .LP .ft B int ldap_dn2str( LDAPDN dn, char **str, unsigned flags ) .LP .ft B char **ldap_explode_dn( const char *dn, int notypes ) .LP .ft B char **ldap_explode_rdn( const char *rdn, int notypes ) .LP .ft B char *ldap_dn2ufn( const char * dn ) .LP .ft B char *ldap_dn2dcedn( const char * dn ) .LP .ft B char *ldap_dcedn2dn( const char * dn ) .LP .ft B char *ldap_dn2ad_canonical( const char * dn ) .SH DESCRIPTION These routines allow LDAP entry names (Distinguished Names, or DNs) to be obtained, parsed, converted to a user-friendly form, and tested. A DN has the form described in RFC 4414 "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names". .LP The .B ldap_get_dn() routine takes an \fIentry\fP as returned by .BR ldap_first_entry (3) or .BR ldap_next_entry (3) and returns a copy of the entry's DN. Space for the DN will be obtained dynamically and should be freed by the caller using .BR ldap_memfree (3). .LP .B ldap_str2dn() parses a string representation of a distinguished name contained in .B str into its components, which are stored in .B dn as .B ldap_ava structures, arranged in .B LDAPAVA, .B LDAPRDN, and .B LDAPDN terms. Space for .B dn will be obtained dynamically and should be freed by the caller using .BR ldap_dnfree (3). The .B LDAPDN is defined as: .nf .ft B typedef struct ldap_ava { struct berval la_attr; struct berval la_value; unsigned la_flags; } LDAPAVA; typedef LDAPAVA** LDAPRDN; typedef LDAPRDN* LDAPDN; .ft .fi The attribute types and the attribute values are not normalized. The .B la_flags can be either .B LDAP_AVA_STRING or .B LDAP_AVA_BINARY, the latter meaning that the value is BER/DER encoded and thus must be represented as, quoting from RFC 4514, " ... an octothorpe character ('#' ASCII 35) followed by the hexadecimal representation of each of the bytes of the BER encoding of the X.500 AttributeValue." The .B flags parameter to .B ldap_str2dn() can be .LP .nf LDAP_DN_FORMAT_LDAPV3 LDAP_DN_FORMAT_LDAPV2 LDAP_DN_FORMAT_DCE .fi which defines what DN syntax is expected (according to RFC 4514, RFC 1779 and DCE, respectively). The format can be \fIOR\fPed to the flags .LP .nf LDAP_DN_P_NO_SPACES LDAP_DN_P_NO_SPACE_AFTER_RDN ... LDAP_DN_PEDANTIC .fi The latter is a shortcut for all the previous limitations. .LP .B LDAP_DN_P_NO_SPACES does not allow extra spaces in the dn; the default is to silently eliminate spaces around AVA separators ('='), RDN component separators ('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators (',' LDAPv3/LDAPv2 or '/' for DCE). .LP .B LDAP_DN_P_NO_SPACE_AFTER_RDN does not allow a single space after RDN separators. .LP .B ldap_dn2str() performs the inverse operation, yielding in .B str a string representation of .B dn. It allows the same values for .B flags as .B ldap_str2dn(), plus .LP .nf LDAP_DN_FORMAT_UFN LDAP_DN_FORMAT_AD_CANONICAL .fi for user-friendly naming (RFC 1781) and AD canonical. .LP The following routines are viewed as deprecated in favor of .B ldap_str2dn() and .BR ldap_dn2str(). They are provided to support legacy applications. .LP The .B ldap_explode_dn() routine takes a DN as returned by .B ldap_get_dn() and breaks it up into its component parts. Each part is known as a Relative Distinguished Name, or RDN. .B ldap_explode_dn() returns a NULL-terminated array, each component of which contains an RDN from the DN. The \fInotypes\fP parameter is used to request that only the RDN values be returned, not their types. For example, the DN "cn=Bob, c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob", "US", NULL }, depending on whether notypes was 0 or 1, respectively. Assertion values in RDN strings may included escaped characters. The result can be freed by calling .BR ldap_value_free (3). .LP Similarly, the .B ldap_explode_rdn() routine takes an RDN as returned by .B ldap_explode_dn(dn,0) and breaks it up into its "type=value" component parts (or just "value", if the \fInotypes\fP parameter is set). Note the value is not unescaped. The result can be freed by calling .BR ldap_value_free (3). .LP .B ldap_dn2ufn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a more user-friendly form, stripping off all type names. See "Using the Directory to Achieve User Friendly Naming" (RFC 1781) for more details on the UFN format. Due to the ambiguous nature of the format, it is generally only used for display purposes. The space for the UFN returned is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .LP .B ldap_dn2dcedn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a DCE-style DN, e.g. a string with most-significant to least significant rdns separated by slashes ('/'); rdn components are separated by commas (','). Only printable chars (e.g. LDAPv2 printable string) are allowed, at least in this implementation. .B ldap_dcedn2dn() performs the opposite operation. .B ldap_dn2ad_canonical() turns a DN into a AD canonical name, which is basically a DCE dn with attribute types omitted. The trailing domain, if present, is turned in a DNS-like domain. The space for the returned value is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .SH ERRORS If an error occurs in .BR ldap_get_dn() , NULL is returned and the .B ld_errno field in the \fIld\fP parameter is set to indicate the error. See .BR ldap_error (3) for a description of possible error codes. .BR ldap_explode_dn() , .BR ldap_explode_rdn() , .B ldap_dn2ufn(), .B ldap_dn2dcedn(), .B ldap_dcedn2dn(), and .B ldap_dn2ad_canonical() will return NULL with .BR errno (3) set appropriately in case of trouble. .SH NOTES These routines dynamically allocate memory that the caller must free. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_first_entry (3), .BR ldap_memfree (3), .BR ldap_value_free (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 247 stdin PK!MK$K$ber_put_null.3nu[.lf 1 stdin .TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");" .LP .BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");" .LP .BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");" .LP .BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");" .LP .BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_seq(BerElement *" ber ");" .LP .BI "int ber_put_set(BerElement *" ber ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the encoding routines in the lber library. See .BR lber-decode (3) for details on the corresponding decoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_alloc_t () to allocate a BER element for encoding, .BR ber_printf () to do the actual encoding, and .BR ber_flush2 () to actually write the element. The other routines are provided for those applications that need more control than .BR ber_printf () provides. In general, these routines return the length of the element encoded, or \-1 if an error occurred. .LP The .BR ber_alloc_t () routine is used to allocate a new BER element. It should be called with an argument of LBER_USE_DER. .LP The .BR ber_flush2 () routine is used to actually write the element to a socket (or file) descriptor, once it has been fully encoded (using .BR ber_printf () and friends). See .BR lber-sockbuf (3) for more details on the Sockbuf implementation of the \fIsb\fP parameter. If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will be freed. If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed when successfully flushed, otherwise it is left intact; if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed when an error occurs, otherwise it is left intact; if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway. This function differs from the original .BR ber_flush (3) function, whose behavior corresponds to that indicated for \fILBER_FLUSH_FREE_ON_SUCCESS\fP. Note that in the future, the behavior of .BR ber_flush (3) with \fIfreeit\fP non-zero might change into that of .BR ber_flush2 (3) with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP. .LP The .BR ber_printf () routine is used to encode a BER element in much the same way that .BR sprintf (3) works. One important difference, though, is that some state information is kept with the \fIber\fP parameter so that multiple calls can be made to .BR ber_printf () to append things to the end of the BER element. .BR Ber_printf () writes to \fIber\fP, a pointer to a BerElement such as returned by .BR ber_alloc_t (). It interprets and formats its arguments according to the format string \fIfmt\fP. The format string can contain the following characters: .RS .LP .TP 3 .B b Boolean. An ber_int_t parameter should be supplied. A boolean element is output. .TP .B e Enumeration. An ber_int_t parameter should be supplied. An enumeration element is output. .TP .B i Integer. An ber_int_t parameter should be supplied. An integer element is output. .TP .B B Bitstring. A char * pointer to the start of the bitstring is supplied, followed by the number of bits in the bitstring. A bitstring element is output. .TP .B n Null. No parameter is required. A null element is output. .TP .B o Octet string. A char * is supplied, followed by the length of the string pointed to. An octet string element is output. .TP .B O Octet string. A struct berval * is supplied. An octet string element is output. .TP .B s Octet string. A null-terminated string is supplied. An octet string element is output, not including the trailing NULL octet. .TP .B t Tag. A ber_tag_t specifying the tag to give the next element is provided. This works across calls. .TP .B v Several octet strings. A null-terminated array of char *'s is supplied. Note that a construct like '{v}' is required to get an actual SEQUENCE OF octet strings. .TP .B V Several octet strings. A null-terminated array of struct berval *'s is supplied. Note that a construct like '{V}' is required to get an actual SEQUENCE OF octet strings. .TP .B W Several octet strings. An array of struct berval's is supplied. The array is terminated by a struct berval with a NULL bv_val. Note that a construct like '{W}' is required to get an actual SEQUENCE OF octet strings. .TP .B { Begin sequence. No parameter is required. .TP .B } End sequence. No parameter is required. .TP .B [ Begin set. No parameter is required. .TP .B ] End set. No parameter is required. .RE .LP The .BR ber_put_int () routine writes the integer element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_enum () routine writes the enumeration element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_boolean () routine writes the boolean value given by \fIbool\fP to the BER element. .LP The .BR ber_put_bitstring () routine writes \fIblen\fP bits starting at \fIstr\fP as a bitstring value to the given BER element. Note that \fIblen\fP is the length \fIin bits\fP of the bitstring. .LP The .BR ber_put_ostring () routine writes \fIlen\fP bytes starting at \fIstr\fP to the BER element as an octet string. .LP The .BR ber_put_string () routine writes the null-terminated string (minus the terminating '\0') to the BER element as an octet string. .LP The .BR ber_put_null () routine writes a NULL element to the BER element. .LP The .BR ber_start_seq () routine is used to start a sequence in the BER element. The .BR ber_start_set () routine works similarly. The end of the sequence or set is marked by the nearest matching call to .BR ber_put_seq () or .BR ber_put_set (), respectively. .SH EXAMPLES Assuming the following variable declarations, and that the variables have been assigned appropriately, an lber encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP can be achieved like so: .LP .nf int rc; ber_int_t scope, ali, size, time, attrsonly; char *dn, **attrs; BerElement *ber; /* ... fill in values ... */ ber = ber_alloc_t( LBER_USE_DER ); if ( ber == NULL ) { /* error */ } rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali, size, time, attrsonly, attrs ); if( rc == \-1 ) { /* error */ } else { /* success */ } .fi .SH ERRORS If an error occurs during encoding, generally these routines return \-1. .LP .SH NOTES .LP The return values for all of these functions are declared in the header file. .SH SEE ALSO .BR lber-decode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 289 stdin PK!}q ldap_add_s.3nu[.lf 1 stdin .TH LDAP_ADD 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_add_ext, ldap_add_ext_s \- Perform an LDAP add operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .ft B #include .LP .ft B .nf int ldap_add_ext( .RS .ft B LDAP *\fIld, const char *\fIdn\fB, LDAPMod **\fIattrs\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB, int *\fImsgidp\fB ); .RE .LP .ft B .nf int ldap_add_ext_s( .RS LDAP *\fIld\fB, const char *\fIdn\fB, LDAPMod **\fIattrs\fB, LDAPControl *\fIsctrls\fB, LDAPControl *\fIcctrls\fB ); .RE .fi .SH DESCRIPTION The .B ldap_add_ext_s() routine is used to perform an LDAP add operation. It takes \fIdn\fP, the DN of the entry to add, and \fIattrs\fP, a null-terminated array of the entry's attributes. The LDAPMod structure is used to represent attributes, with the \fImod_type\fP and \fImod_values\fP fields being used as described under .BR ldap_modify_ext (3), and the \fIldap_op\fP field being used only if you need to specify the LDAP_MOD_BVALUES option. Otherwise, it should be set to zero. .LP Note that all entries except that specified by the last component in the given DN must already exist. .B ldap_add_ext_s() returns an code indicating success or, in the case of failure, indicating the nature of failure of the operation. See .BR ldap_error (3) for more details. .LP The .B ldap_add_ext() routine works just like .BR ldap_add_ext_s() , but it is asynchronous. It returns the message id of the request it initiated. The result of this operation can be obtained by calling .BR ldap_result (3). .SH DEPRECATED INTERFACES The .BR ldap_add () and .BR ldap_add_s () routines are deprecated in favor of the .BR ldap_add_ext () and .BR ldap_add_ext_s () routines, respectively. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 76 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_modify (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 82 stdin PK! ldap_extended_operation_s.3nu[.lf 1 stdin .TH LDAP_EXTENDED_OPERATION 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_extended_operation, ldap_extended_operation_s \- Extends the LDAP operations to the LDAP server. .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_extended_operation( .RS .ft B LDAP *\fIld\fB, const char *\fIrequestoid\fB, const struct berval *\fIrequestdata\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB, int *\fImsgidp\fB ); .RE .LP .ft B int ldap_extended_operation_s( .RS .ft B LDAP *\fIld\fB, const char *\fIrequestoid\fB, const struct berval *\fIrequestdata\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB, char **\fIretoidp\fB, struct berval **\fIretdatap\fB ); .RE .SH DESCRIPTION The .B ldap_extended_operation_s() routine is used to synchronously perform an LDAP extended operation. It takes \fIrequestoid\fP, which points to a dotted-decimal OID string identifying the extended operation to perform. \fIrequestdata\fP is the data required for the request, \fIsctrls\fP is an array of LDAPControl structures to use with this extended operation, \fIcctrls\fP is an array of LDAPControl structures that list the client controls to use with this extended operation. .LP The output parameter \fIretoidp\fP points to a dotted-decimal OID string returned by the LDAP server. The memory used by the string should be freed with the .BR ldap_memfree (3) function. The output parameter \fIretdatap\fP points to a pointer to a berval structure that contains the returned data. If no data is returned by the server, the pointer is set this to NULL. The memory used by this structure should be freed with the .BR ber_bvfree (3) function. .LP The .B ldap_extended_operation() works just like .BR ldap_extended_operation_s() , but the operation is asynchronous. It provides the message id of the request it initiated in the integer pointed to be \fImsgidp\fP. The result of this operation can be obtained by calling .BR ldap_result(3). .SH SEE ALSO .BR ber_bvfree (3), .BR ldap_memfree (3), .BR ldap_parse_extended_result (3), .BR ldap_result (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 76 stdin PK!1ܽ ldap_control_dup.3nu[.lf 1 stdin .TH LDAP_CONTROLS 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_control_create, ldap_control_find, ldap_control_dup, ldap_controls_dup, ldap_control_free, ldap_controls_free \- LDAP control manipulation routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "int ldap_control_create(const char *" oid ", int " iscritical ", struct berval *" value ", int " dupval ", LDAPControl **" ctrlp ");" .LP .BI "LDAPControl *ldap_control_find( const char *" oid ", LDAPControl **" ctrls ", LDAPControl ***" nextctrlp ");" .LP .BI "LDAPControl *ldap_control_dup(LDAPControl *" ctrl ");" .LP .BI "LDAPControl **ldap_controls_dup(LDAPControl **" ctrls ");" .LP .BI "void ldap_control_free(LDAPControl *" ctrl ");" .LP .BI "void ldap_controls_free(LDAPControl **" ctrls ");" .SH DESCRIPTION These routines are used to manipulate structures used for LDAP controls. .BR ldap_control_create () creates a control with the specified .I OID using the contents of the .I value parameter for the control value, if any. The content of .I value is duplicated if .I dupval is non-zero. The .I iscritical parameter must be non-zero for a critical control. The created control is returned in the .I ctrlp parameter. The routine returns .B LDAP_SUCCESS on success or some other error code on failure. The content of .IR value , for supported control types, can be prepared using helpers provided by this implementation of libldap, usually in the form .BR "ldap_create__control_value" (). Otherwise, it can be BER-encoded using the functionalities of liblber. .BR ldap_control_find () searches the NULL-terminated .I ctrls array for a control whose OID matches the .I oid parameter. The routine returns a pointer to the control if found, NULL otherwise. If the parameter .I nextctrlp is not NULL, on return it will point to the next control in the array, and can be passed to the .BR ldap_control_find () routine for subsequent calls, to find further occurrences of the same control type. The use of this function is discouraged; the recommended way of handling controls in responses consists in going through the array of controls, dealing with each of them in the returned order, since it could matter. .BR ldap_control_dup () duplicates an individual control structure, and .BR ldap_controls_dup () duplicates a NULL-terminated array of controls. .BR ldap_control_free () frees an individual control structure, and .BR ldap_controls_free () frees a NULL-terminated array of controls. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 85 stdin PK!1ܽ ldap_controls.3nu[.lf 1 stdin .TH LDAP_CONTROLS 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_control_create, ldap_control_find, ldap_control_dup, ldap_controls_dup, ldap_control_free, ldap_controls_free \- LDAP control manipulation routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "int ldap_control_create(const char *" oid ", int " iscritical ", struct berval *" value ", int " dupval ", LDAPControl **" ctrlp ");" .LP .BI "LDAPControl *ldap_control_find( const char *" oid ", LDAPControl **" ctrls ", LDAPControl ***" nextctrlp ");" .LP .BI "LDAPControl *ldap_control_dup(LDAPControl *" ctrl ");" .LP .BI "LDAPControl **ldap_controls_dup(LDAPControl **" ctrls ");" .LP .BI "void ldap_control_free(LDAPControl *" ctrl ");" .LP .BI "void ldap_controls_free(LDAPControl **" ctrls ");" .SH DESCRIPTION These routines are used to manipulate structures used for LDAP controls. .BR ldap_control_create () creates a control with the specified .I OID using the contents of the .I value parameter for the control value, if any. The content of .I value is duplicated if .I dupval is non-zero. The .I iscritical parameter must be non-zero for a critical control. The created control is returned in the .I ctrlp parameter. The routine returns .B LDAP_SUCCESS on success or some other error code on failure. The content of .IR value , for supported control types, can be prepared using helpers provided by this implementation of libldap, usually in the form .BR "ldap_create__control_value" (). Otherwise, it can be BER-encoded using the functionalities of liblber. .BR ldap_control_find () searches the NULL-terminated .I ctrls array for a control whose OID matches the .I oid parameter. The routine returns a pointer to the control if found, NULL otherwise. If the parameter .I nextctrlp is not NULL, on return it will point to the next control in the array, and can be passed to the .BR ldap_control_find () routine for subsequent calls, to find further occurrences of the same control type. The use of this function is discouraged; the recommended way of handling controls in responses consists in going through the array of controls, dealing with each of them in the returned order, since it could matter. .BR ldap_control_dup () duplicates an individual control structure, and .BR ldap_controls_dup () duplicates a NULL-terminated array of controls. .BR ldap_control_free () frees an individual control structure, and .BR ldap_controls_free () frees a NULL-terminated array of controls. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 85 stdin PK!gd"#"# ldap_schema.3nu[.lf 1 stdin .TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B LDAPSyntax * ldap_str2syntax(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_syntax2str(syn) .ft const LDAPSyntax * syn; .LP .ft B const char * ldap_syntax2name(syn) .ft LDAPSyntax * syn; .LP .ft B ldap_syntax_free(syn) .ft LDAPSyntax * syn; .LP .ft B LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_matchingrule2str(mr); .ft const LDAPMatchingRule * mr; .LP .ft B const char * ldap_matchingrule2name(mr) .ft LDAPMatchingRule * mr; .LP .ft B ldap_matchingrule_free(mr) .ft LDAPMatchingRule * mr; .LP .ft B LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_attributetype2str(at) .ft const LDAPAttributeType * at; .LP .ft B const char * ldap_attributetype2name(at) .ft LDAPAttributeType * at; .LP .ft B ldap_attributetype_free(at) .ft LDAPAttributeType * at; .LP .ft B LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_objectclass2str(oc) .ft const LDAPObjectClass * oc; .LP .ft B const char * ldap_objectclass2name(oc) .ft LDAPObjectClass * oc; .LP .ft B ldap_objectclass_free(oc) .ft LDAPObjectClass * oc; .LP .ft B char * ldap_scherr2str(code) .ft int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is responsible for freeing the struct by calling .B ldap_xxx_free() when not needed any longer. The routine returns NULL if some problem happened. In this case, the integer pointed at by argument .IR code will receive an error code (see below the description of .B ldap_scherr2str() for an explanation of the values) and a pointer to a NUL-terminated string will be placed where requested by argument .IR errp , indicating where in argument .IR s the error happened, so it must not be freed by the caller. Argument .IR flags is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. .TP .B LDAP_SCHEMA_ALLOW_QUOTED permit quotes around some items that should not have them. .TP .B LDAP_SCHEMA_ALLOW_DESCR permit a .B descr instead of a numeric OID in places where the syntax expect the latter. .TP .B LDAP_SCHEMA_ALLOW_DESCR_PREFIX permit that the initial numeric OID contains a prefix in .B descr format. .TP .B LDAP_SCHEMA_ALLOW_ALL be very liberal, include all options. .LP The structures returned are as follows: .sp .RS .nf .ne 7 .ta 8n 16n 32n typedef struct ldap_schema_extension_item { char *lsei_name; /* Extension name */ char **lsei_values; /* Extension values */ } LDAPSchemaExtensionItem; typedef struct ldap_syntax { char *syn_oid; /* OID */ char **syn_names; /* Names */ char *syn_desc; /* Description */ LDAPSchemaExtensionItem **syn_extensions; /* Extension */ } LDAPSyntax; typedef struct ldap_matchingrule { char *mr_oid; /* OID */ char **mr_names; /* Names */ char *mr_desc; /* Description */ int mr_obsolete; /* Is obsolete? */ char *mr_syntax_oid; /* Syntax of asserted values */ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */ } LDAPMatchingRule; typedef struct ldap_attributetype { char *at_oid; /* OID */ char **at_names; /* Names */ char *at_desc; /* Description */ int at_obsolete; /* Is obsolete? */ char *at_sup_oid; /* OID of superior type */ char *at_equality_oid; /* OID of equality matching rule */ char *at_ordering_oid; /* OID of ordering matching rule */ char *at_substr_oid; /* OID of substrings matching rule */ char *at_syntax_oid; /* OID of syntax of values */ int at_syntax_len; /* Suggested minimum maximum length */ int at_single_value; /* Is single-valued? */ int at_collective; /* Is collective? */ int at_no_user_mod; /* Are changes forbidden through LDAP? */ int at_usage; /* Usage, see below */ LDAPSchemaExtensionItem **at_extensions; /* Extensions */ } LDAPAttributeType; typedef struct ldap_objectclass { char *oc_oid; /* OID */ char **oc_names; /* Names */ char *oc_desc; /* Description */ int oc_obsolete; /* Is obsolete? */ char **oc_sup_oids; /* OIDs of superior classes */ int oc_kind; /* Kind, see below */ char **oc_at_oids_must; /* OIDs of required attribute types */ char **oc_at_oids_may; /* OIDs of optional attribute types */ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */ } LDAPObjectClass; .ta .fi .RE .PP Some integer fields (those described with a question mark) have a truth value, for these fields the possible values are: .TP .B LDAP_SCHEMA_NO The answer to the question is no. .TP .B LDAP_SCHEMA_YES The answer to the question is yes. .LP For attribute types, the following usages are possible: .TP .B LDAP_SCHEMA_USER_APPLICATIONS the attribute type is non-operational. .TP .B LDAP_SCHEMA_DIRECTORY_OPERATION the attribute type is operational and is pertinent to the directory itself, i.e. it has the same value on all servers that master the entry containing this attribute type. .TP .B LDAP_SCHEMA_DISTRIBUTED_OPERATION the attribute type is operational and is pertinent to replication, shadowing or other distributed directory aspect. TBC. .TP .B LDAP_SCHEMA_DSA_OPERATION the attribute type is operational and is pertinent to the directory server itself, i.e. it may have different values for the same entry when retrieved from different servers that master the entry. .LP Object classes can be of three kinds: .TP .B LDAP_SCHEMA_ABSTRACT the object class is abstract, i.e. there cannot be entries of this class alone. .TP .B LDAP_SCHEMA_STRUCTURAL the object class is structural, i.e. it describes the main role of the entry. On some servers, once the entry is created the set of structural object classes assigned cannot be changed: none of those present can be removed and none other can be added. .TP .B LDAP_SCHEMA_AUXILIARY the object class is auxiliary, i.e. it is intended to go with other, structural, object classes. These can be added or removed at any time if attribute types are added or removed at the same time as needed by the set of object classes resulting from the operation. .LP Routines .B ldap_xxx2name() return a canonical name for the definition. .LP Routines .B ldap_xxx2str() return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. .LP .B ldap_scherr2str() returns a NUL-terminated string with a text description of the error found. This is a pointer to a static area, so it must not be freed by the caller. The argument .IR code comes from one of the parsing routines and can adopt the following values: .TP .B LDAP_SCHERR_OUTOFMEM Out of memory. .TP .B LDAP_SCHERR_UNEXPTOKEN Unexpected token. .TP .B LDAP_SCHERR_NOLEFTPAREN Missing opening parenthesis. .TP .B LDAP_SCHERR_NORIGHTPAREN Missing closing parenthesis. .TP .B LDAP_SCHERR_NODIGIT Expecting digit. .TP .B LDAP_SCHERR_BADNAME Expecting a name. .TP .B LDAP_SCHERR_BADDESC Bad description. .TP .B LDAP_SCHERR_BADSUP Bad superiors. .TP .B LDAP_SCHERR_DUPOPT Duplicate option. .TP .B LDAP_SCHERR_EMPTY Unexpected end of data. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 321 stdin PK!00 ldap_strdup.3nu[.lf 1 stdin .TH LDAP_MEMORY 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "void ldap_memfree(void *" p ");" .LP .BI "void ldap_memvfree(void **" v ");" .LP .BI "void *ldap_memalloc(ber_len_t " s ");" .LP .BI "void *ldap_memcalloc(ber_len_t " n ", ber_len_t " s ");" .LP .BI "void *ldap_memrealloc(void *" p ", ber_len_t " s ");" .LP .BI "char *ldap_strdup(LDAP_CONST char *" p ");" .SH DESCRIPTION These routines are used to allocate/deallocate memory used/returned by the LDAP library. .BR ldap_memalloc (), .BR ldap_memcalloc (), .BR ldap_memrealloc (), and .BR ldap_memfree () are used exactly like the standard .BR malloc (3), .BR calloc (3), .BR realloc (3), and .BR free (3) routines, respectively. The .BR ldap_memvfree () routine is used to free a dynamically allocated array of pointers to arbitrary dynamically allocated objects. The .BR ldap_strdup () routine is used exactly like the standard .BR strdup (3) routine. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 51 stdin PK!շY ber_bvdup.3nu[.lf 1 stdin .TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .nf .ft B typedef impl_tag_t ber_tag_t; typedef impl_int_t ber_int_t; typedef impl_uint_t ber_uint_t; typedef impl_len_t ber_len_t; typedef impl_slen_t ber_slen_t; typedef struct berval { ber_len_t bv_len; char *bv_val; } BerValue, *BerVarray; typedef struct berelement BerElement; .ft .fi .LP .BI "void ber_bvfree(struct berval *" bv ");" .LP .BI "void ber_bvecfree(struct berval **" bvec ");" .LP .BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");" .LP .BI "void ber_bvarray_free(struct berval *" bvarray ");" .LP .BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");" .LP .BI "struct berval *ber_bvdup(const struct berval *" bv ");" .LP .BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");" .LP .BI "struct berval *ber_bvstr(const char *" str ");" .LP .BI "struct berval *ber_bvstrdup(const char *" str ");" .LP .BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");" .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "BerElement *ber_init(struct berval *" bv ");" .LP .BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");" .LP .BI "void ber_free(BerElement *" ber ", int " freebuf ");" .SH DESCRIPTION .LP The following are the basic types and structures defined for use with the Lightweight BER library. .LP .B ber_int_t is a signed integer of at least 32 bits. It is commonly equivalent to .BR int . .B ber_uint_t is the unsigned variant of .BR ber_int_t . .LP .B ber_len_t is an unsigned integer of at least 32 bits used to represent a length. It is commonly equivalent to a .BR size_t . .B ber_slen_t is the signed variant to .BR ber_len_t . .LP .B ber_tag_t is an unsigned integer of at least 32 bits used to represent a BER tag. It is commonly equivalent to a .BR unsigned\ long . .LP The actual definitions of the integral impl_TYPE_t types are platform specific. .LP .BR BerValue , commonly used as .BR struct\ berval , is used to hold an arbitrary sequence of octets. .B bv_val points to .B bv_len octets. .B bv_val is not necessarily terminated by a NULL (zero) octet. .BR ber_bvfree () frees a BerValue, pointed to by \fIbv\fP, returned from this API. If \fIbv\fP is NULL, the routine does nothing. .LP .BR ber_bvecfree () frees an array of BerValues (and the array), pointed to by \fIbvec\fP, returned from this API. If \fIbvec\fP is NULL, the routine does nothing. .BR ber_bvecadd () appends the \fIbv\fP pointer to the \fIbvec\fP array. Space for the array is allocated as needed. The end of the array is marked by a NULL pointer. .LP .BR ber_bvarray_free () frees an array of BerValues (and the array), pointed to by \fIbvarray\fP, returned from this API. If \fIbvarray\fP is NULL, the routine does nothing. .BR ber_bvarray_add () appends the contents of the BerValue pointed to by \fIbv\fP to the \fIbvarray\fP array. Space for the new element is allocated as needed. The end of the array is marked by a BerValue with a NULL bv_val field. .LP .BR ber_bvdup () returns a copy of a BerValue. The routine returns NULL upon error (e.g. out of memory). The caller should use .BR ber_bvfree () to deallocate the resulting BerValue. .BR ber_dupbv () copies a BerValue from \fIsrc\fP to \fIdst\fP. If \fIdst\fP is NULL a new BerValue will be allocated to hold the copy. The routine returns NULL upon error, otherwise it returns a pointer to the copy. If \fIdst\fP is NULL the caller should use .BR ber_bvfree () to deallocate the resulting BerValue, otherwise .BR ber_memfree () should be used to deallocate the \fIdst->bv_val\fP. (The .BR ber_bvdup () function is internally implemented as ber_dupbv(NULL, bv). .BR ber_bvdup () is provided only for compatibility with an expired draft of the LDAP C API; .BR ber_dupbv () is the preferred interface.) .LP .BR ber_bvstr () returns a BerValue containing the string pointed to by \fIstr\fP. .BR ber_bvstrdup () returns a BerValue containing a copy of the string pointed to by \fIstr\fP. .BR ber_str2bv () returns a BerValue containing the string pointed to by \fIstr\fP, whose length may be optionally specified in \fIlen\fP. If \fIdup\fP is non-zero, the BerValue will contain a copy of \fIstr\fP. If \fIlen\fP is zero, the number of bytes to copy will be determined by .BR strlen (3), otherwise \fIlen\fP bytes will be copied. If \fIbv\fP is non-NULL, the result will be stored in the given BerValue, otherwise a new BerValue will be allocated to store the result. NOTE: Both .BR ber_bvstr () and .BR ber_bvstrdup () are implemented as macros using .BR ber_str2bv () in this version of the library. .LP .B BerElement is an opaque structure used to maintain state information used in encoding and decoding. .BR ber_alloc_t () is used to create an empty BerElement structure. If .B LBER_USE_DER is specified for the .I options parameter then data lengths for data written to the BerElement will be encoded in the minimal number of octets required, otherwise they will always be written as four byte values. .BR ber_init () creates a BerElement structure that is initialized with a copy of the data in its .I bv parameter. .BR ber_init2 () initializes an existing BerElement .I ber using the data in the .I bv parameter. The data is referenced directly, not copied. The .I options parameter is the same as for .BR ber_alloc_t (). .BR ber_free () frees a BerElement pointed to by \fIber\fP. If \fIber\fP is NULL, the routine does nothing. If \fIfreebuf\fP is zero, the internal buffer is not freed. .SH SEE ALSO .BR lber-encode (3), .BR lber-decode (3), .BR lber-memory (3) .LP .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 189 stdin PK!Q} & & ldap_sync.3nu[.lf 1 stdin .TH LDAP_SYNC 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2006-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_sync_init, ldap_sync_init_refresh_only, ldap_sync_init_refresh_and_persist, ldap_sync_poll \- LDAP sync routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .B #include .LP .BI "int ldap_sync_init(ldap_sync_t *" ls ", int " mode ");" .LP .BI "int ldap_sync_init_refresh_only(ldap_sync_t *" ls ");" .LP .BI "int ldap_sync_init_refresh_and_persist(ldap_sync_t *" ls ");" .LP .BI "int ldap_sync_poll(ldap_sync_t *" ls ");" .LP .BI "ldap_sync_t * ldap_sync_initialize(ldap_sync_t *" ls ");" .LP .BI "void ldap_sync_destroy(ldap_sync_t *" ls ", int " freeit ");" .LP .BI "typedef int (*" ldap_sync_search_entry_f ")(ldap_sync_t *" ls "," .RS .BI "LDAPMessage *" msg ", struct berval *" entryUUID "," .BI "ldap_sync_refresh_t " phase ");" .RE .LP .BI "typedef int (*" ldap_sync_search_reference_f ")(ldap_sync_t *" ls "," .RS .BI "LDAPMessage *" msg ");" .RE .LP .BI "typedef int (*" ldap_sync_intermediate_f ")(ldap_sync_t *" ls "," .RS .BI "LDAPMessage *" msg ", BerVarray " syncUUIDs "," .BI "ldap_sync_refresh_t " phase ");" .RE .LP .BI "typedef int (*" ldap_sync_search_result_f ")(ldap_sync_t *" ls "," .RS .BI "LDAPMessage *" msg ", int " refreshDeletes ");" .RE .SH DESCRIPTION .LP These routines provide an interface to the LDAP Content Synchronization operation (RFC 4533). They require an .BR ldap_sync_t structure to be set up with parameters required for various phases of the operation; this includes setting some handlers for special events. All handlers take a pointer to the \fBldap_sync_t\fP structure as the first argument, and a pointer to the \fBLDAPMessage\fP structure as received from the server by the client library, plus, occasionally, other specific arguments. The members of the \fBldap_sync_t\fP structure are: .TP .BI "char *" ls_base The search base; by default, the .B BASE option in .BR ldap.conf (5). .TP .BI "int " ls_scope The search scope (one of .BR LDAP_SCOPE_BASE , .BR LDAP_SCOPE_ONELEVEL , .BR LDAP_SCOPE_SUBORDINATE or .BR LDAP_SCOPE_SUBTREE ; see .B ldap.h for details). .TP .BI "char *" ls_filter The filter (RFC 4515); by default, .BR (objectClass=*) . .TP .BI "char **" ls_attrs The requested attributes; by default .BR NULL , indicating all user attributes. .TP .BI "int " ls_timelimit The requested time limit (in seconds); by default .BR 0 , to indicate no limit. .TP .BI "int " ls_sizelimit The requested size limit (in entries); by default .BR 0 , to indicate no limit. .TP .BI "int " ls_timeout The desired timeout during polling with .BR ldap_sync_poll (3). A value of .BR \-1 means that polling is blocking, so .BR ldap_sync_poll (3) will not return until a message is received; a value of .BR 0 means that polling returns immediately, no matter if any response is available or not; a positive value represents the timeout the .BR ldap_sync_poll (3) function will wait for response before returning, unless a message is received; in that case, .BR ldap_sync_poll (3) returns as soon as the message is available. .TP .BI "ldap_sync_search_entry_f " ls_search_entry A function that is called whenever an entry is returned. The .BR msg argument is the .BR LDAPMessage that contains the searchResultEntry; it can be parsed using the regular client API routines, like .BR ldap_get_dn (3), .BR ldap_first_attribute (3), and so on. The .BR entryUUID argument contains the entryUUID of the entry. The .BR phase argument indicates the type of operation: one of .BR LDAP_SYNC_CAPI_PRESENT , .BR LDAP_SYNC_CAPI_ADD , .BR LDAP_SYNC_CAPI_MODIFY , .BR LDAP_SYNC_CAPI_DELETE ; in case of .BR LDAP_SYNC_CAPI_PRESENT or .BR LDAP_SYNC_CAPI_DELETE , only the DN is contained in the .IR LDAPMessage ; in case of .BR LDAP_SYNC_CAPI_MODIFY , the whole entry is contained in the .IR LDAPMessage , and the application is responsible of determining the differences between the new view of the entry provided by the caller and the data already known. .TP .BI "ldap_sync_search_reference_f " ls_search_reference A function that is called whenever a search reference is returned. The .BR msg argument is the .BR LDAPMessage that contains the searchResultReference; it can be parsed using the regular client API routines, like .BR ldap_parse_reference (3). .TP .BI "ldap_sync_intermediate_f " ls_intermediate A function that is called whenever something relevant occurs during the refresh phase of the search, which is marked by an \fIintermediateResponse\fP message type. The .BR msg argument is the .BR LDAPMessage that contains the intermediate response; it can be parsed using the regular client API routines, like .BR ldap_parse_intermediate (3). The .BR syncUUIDs argument contains an array of UUIDs of the entries that depends on the value of the .BR phase argument. In case of .BR LDAP_SYNC_CAPI_PRESENTS , the "present" phase is being entered; this means that the following sequence of results will consist in entries in "present" sync state. In case of .BR LDAP_SYNC_CAPI_DELETES , the "deletes" phase is being entered; this means that the following sequence of results will consist in entries in "delete" sync state. In case of .BR LDAP_SYNC_CAPI_PRESENTS_IDSET , the message contains a set of UUIDs of entries that are present; it replaces a "presents" phase. In case of .BR LDAP_SYNC_CAPI_DELETES_IDSET , the message contains a set of UUIDs of entries that have been deleted; it replaces a "deletes" phase. In case of .BR LDAP_SYNC_CAPI_DONE, a "presents" phase with "refreshDone" set to "TRUE" has been returned to indicate that the refresh phase of refreshAndPersist is over, and the client should start polling. Except for the .BR LDAP_SYNC_CAPI_PRESENTS_IDSET and .BR LDAP_SYNC_CAPI_DELETES_IDSET cases, .BR syncUUIDs is NULL. .BR .TP .BI "ldap_sync_search_result_f " ls_search_result A function that is called whenever a searchResultDone is returned. In refreshAndPersist this can only occur when the server decides that the search must be interrupted. The .BR msg argument is the .BR LDAPMessage that contains the response; it can be parsed using the regular client API routines, like .BR ldap_parse_result (3). The .BR refreshDeletes argument is not relevant in this case; it should always be \-1. .TP .BI "void *" ls_private A pointer to private data. The client may register here a pointer to data the handlers above may need. .TP .BI "LDAP *" ls_ld A pointer to a LDAP structure that is used to connect to the server. It is the responsibility of the client to initialize the structure and to provide appropriate authentication and security in place. .SH "GENERAL USE" A .B ldap_sync_t structure is initialized by calling .BR ldap_sync_initialize(3). This simply clears out the contents of an already existing .B ldap_sync_t structure, and sets appropriate values for some members. After that, the caller is responsible for setting up the connection (member .BR ls_ld ), eventually setting up transport security (TLS), for binding and any other initialization. The caller must also fill all the documented search-related fields of the .B ldap_sync_t structure. At the end of a session, the structure can be cleaned up by calling .BR ldap_sync_destroy (3), which takes care of freeing all data assuming it was allocated by .BR ldap_mem* (3) routines. Otherwise, the caller should take care of destroying and zeroing out the documented search-related fields, and call .BR ldap_sync_destroy (3) to free undocumented members set by the API. .SH "REFRESH ONLY" The .BR refreshOnly functionality is obtained by periodically calling .BR ldap_sync_init (3) with mode set to .BR LDAP_SYNC_REFRESH_ONLY , or, which is equivalent, by directly calling .BR ldap_sync_init_refresh_only (3). The state of the search, and the consistency of the search parameters, is preserved across calls by passing the .B ldap_sync_t structure as left by the previous call. .SH "REFRESH AND PERSIST" The .BR refreshAndPersist functionality is obtained by calling .BR ldap_sync_init (3) with mode set to .BR LDAP_SYNC_REFRESH_AND_PERSIST , or, which is equivalent, by directly calling .BR ldap_sync_init_refresh_and_persist (3) and, after a successful return, by repeatedly polling with .BR ldap_sync_poll (3) according to the desired pattern. A client may insert a call to .BR ldap_sync_poll (3) into an external loop to check if any modification was returned; in this case, it might be appropriate to set .BR ls_timeout to 0, or to set it to a finite, small value. Otherwise, if the client's main purpose consists in waiting for responses, a timeout of \-1 is most suitable, so that the function only returns after some data has been received and handled. .SH ERRORS All routines return any LDAP error resulting from a lower-level error in the API calls they are based on, or LDAP_SUCCESS in case of success. .BR ldap_sync_poll (3) may return .BR LDAP_SYNC_REFRESH_REQUIRED if a full refresh is requested by the server. In this case, it is appropriate to call .BR ldap_sync_init (3) again, passing the same .B ldap_sync_t structure as resulted from any previous call. .SH NOTES .SH SEE ALSO .BR ldap (3), .BR ldap_search_ext (3), .BR ldap_result (3) ; .B RFC 4533 (http://www.rfc-editor.org), .SH AUTHOR Designed and implemented by Pierangelo Masarati, based on RFC 4533 and loosely inspired by syncrepl code in .BR slapd (8). .SH ACKNOWLEDGEMENTS Initially developed by .BR "SysNet s.n.c." .B OpenLDAP is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). .B OpenLDAP is derived from University of Michigan LDAP 3.3 Release. PK!'t!ldap_install_tls.3nu[.lf 1 stdin .TH LDAP_TLS 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_start_tls, ldap_start_tls_s, ldap_tls_inplace, ldap_install_tls \- LDAP TLS initialization routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "int ldap_start_tls(LDAP *" ld ");" .LP .BI "int ldap_start_tls_s(LDAP *" ld ", LDAPControl **" serverctrls ", LDAPControl **" clientctrls ");" .LP .BI "int ldap_tls_inplace(LDAP *" ld ");" .LP .BI "int ldap_install_tls(LDAP *" ld ");" .SH DESCRIPTION These routines are used to initiate TLS processing on an LDAP session. .BR ldap_start_tls_s () sends a StartTLS request to a server, waits for the reply, and then installs TLS handlers on the session if the request succeeded. The routine returns .B LDAP_SUCCESS if everything succeeded, otherwise it returns an LDAP error code. .BR ldap_start_tls () sends a StartTLS request to a server and does nothing else. It returns .B LDAP_SUCCESS if the request was sent successfully. .BR ldap_tls_inplace () returns 1 if TLS handlers have been installed on the specified session, 0 otherwise. .BR ldap_install_tls () installs the TLS handlers on the given session. It returns .B LDAP_LOCAL_ERROR if TLS is already installed. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 42 stdin PK!c%uuldap_search_ext_s.3nu[.lf 1 stdin .TH LDAP_SEARCH 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B int ldap_search_ext( .RS LDAP *\fIld\fB, char *\fIbase\fB, int \fIscope\fB, char *\fIfilter\fB, char *\fIattrs\fB[], int \fIattrsonly\fB, LDAPControl **\fIserverctrls\fB, LDAPControl **\fIclientctrls\fB, struct timeval *\fItimeout\fB, int \fIsizelimit\fB, int *\fImsgidp\fB ); .RE .LP .ft B int ldap_search_ext_s( .RS LDAP *\fIld\fB, char *\fIbase\fB, int \fIscope\fB, char *\fIfilter\fB, char *\fIattrs\fB[], int \fIattrsonly\fB, LDAPControl **\fIserverctrls\fB, LDAPControl **\fIclientctrls\fB, struct timeval *\fItimeout\fB, int \fIsizelimit\fB, LDAPMessage **\fIres\fB ); .RE .SH DESCRIPTION These routines are used to perform LDAP search operations. The .B ldap_search_ext_s() routine does the search synchronously (i.e., not returning until the operation completes), providing a pointer to the resulting LDAP messages at the location pointed to by the \fIres\fP parameter. .LP The .B ldap_search_ext() routine is the asynchronous version, initiating the search and returning the message id of the operation it initiated in the integer pointed to by the \fImsgidp\fP parameter. .LP The \fIbase\fP parameter is the DN of the entry at which to start the search. .LP The \fIscope\fP parameter is the scope of the search and should be one of LDAP_SCOPE_BASE, to search the object itself, LDAP_SCOPE_ONELEVEL, to search the object's immediate children, LDAP_SCOPE_SUBTREE, to search the object and all its descendants, or LDAP_SCOPE_CHILDREN, to search all of the descendants. Note that the latter requires the server support the LDAP Subordinates Search Scope extension. .LP The \fIfilter\fP is a string representation of the filter to apply in the search. The string should conform to the format specified in RFC 4515 as extended by RFC 4526. For instance, "(cn=Jane Doe)". Note that use of the extension requires the server to support the LDAP Absolute True/False Filter extension. NULL may be specified to indicate the library should send the filter (objectClass=*). .LP The \fIattrs\fP parameter is a null-terminated array of attribute descriptions to return from matching entries. If NULL is specified, the return of all user attributes is requested. The description "*" (LDAP_ALL_USER_ATTRIBUTES) may be used to request all user attributes to be returned. The description "+"(LDAP_ALL_OPERATIONAL_ATTRIBUTES) may be used to request all operational attributes to be returned. Note that this requires the server to support the LDAP All Operational Attribute extension. To request no attributes, the description "1.1" (LDAP_NO_ATTRS) should be listed by itself. .LP The \fIattrsonly\fP parameter should be set to a non-zero value if only attribute descriptions are wanted. It should be set to zero (0) if both attributes descriptions and attribute values are wanted. .LP The \fIserverctrls\fP and \fIclientctrls\fP parameters may be used to specify server and client controls, respectively. .LP The .B ldap_search_ext_s() routine is the synchronous version of .BR ldap_search_ext(). .LP It also returns a code indicating success or, in the case of failure, indicating the nature of the failure of the operation. See .BR ldap_error (3) for details. .SH NOTES Note that both read and list functionality are subsumed by these routines, by using a filter like "(objectclass=*)" and a scope of LDAP_SCOPE_BASE (to emulate read) or LDAP_SCOPE_ONELEVEL (to emulate list). .LP These routines may dynamically allocate memory. The caller is responsible for freeing such memory using supplied deallocation routines. Return values are contained in . .LP Note that \fIres\fR parameter of .B ldap_search_ext_s() and .B ldap_search_s() should be freed with .B ldap_msgfree() regardless of return value of these functions. .SH DEPRECATED INTERFACES The .B ldap_search() routine is deprecated in favor of the .B ldap_search_ext() routine. The .B ldap_search_s() and .B ldap_search_st() routines are deprecated in favor of the .B ldap_search_ext_s() routine. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 139 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_result (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 145 stdin PK! ݴ  ldap_url.3nu[.lf 1 stdin .TH LDAP_URL 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_is_ldap_url, ldap_url_parse, ldap_free_urldesc \- LDAP Uniform Resource Locator routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_is_ldap_url( const char *url ) .LP .ft B int ldap_url_parse( const char *url, LDAPURLDesc **ludpp ) .LP typedef struct ldap_url_desc { char * lud_scheme; /* URI scheme */ char * lud_host; /* LDAP host to contact */ int lud_port; /* port on host */ char * lud_dn; /* base for search */ char ** lud_attrs; /* list of attributes */ int lud_scope; /* a LDAP_SCOPE_... value */ char * lud_filter; /* LDAP search filter */ char ** lud_exts; /* LDAP extensions */ int lud_crit_exts; /* true if any extension is critical */ /* may contain additional fields for internal use */ } LDAPURLDesc; .LP .ft B void ldap_free_urldesc( LDAPURLDesc *ludp ); .SH DESCRIPTION These routines support the use of LDAP URLs (Uniform Resource Locators) as detailed in RFC 4516. LDAP URLs look like this: .nf \fBldap://\fP\fIhostport\fP\fB/\fP\fIdn\fP[\fB?\fP\fIattrs\fP[\fB?\fP\fIscope\fP[\fB?\fP\fIfilter\fP[\fB?\fP\fIexts\fP]]]] where: \fIhostport\fP is a host name with an optional ":portnumber" \fIdn\fP is the search base \fIattrs\fP is a comma separated list of attributes to request \fIscope\fP is one of these three strings: base one sub (default=base) \fIfilter\fP is filter \fIexts\fP are recognized set of LDAP and/or API extensions. Example: ldap://ldap.example.net/dc=example,dc=net?cn,sn?sub?(cn=*) .fi .LP URLs that are wrapped in angle-brackets and/or preceded by "URL:" are also tolerated. Alternative LDAP schemes such as ldaps:// and ldapi:// may be parsed using the below routines as well. .LP .B ldap_is_ldap_url() returns a non-zero value if \fIurl\fP looks like an LDAP URL (as opposed to some other kind of URL). It can be used as a quick check for an LDAP URL; the .B ldap_url_parse() routine should be used if a more thorough check is needed. .LP .B ldap_url_parse() breaks down an LDAP URL passed in \fIurl\fP into its component pieces. If successful, zero is returned, an LDAP URL description is allocated, filled in, and \fIludpp\fP is set to point to it. If an error occurs, a non-zero URL error code is returned. .LP .B ldap_free_urldesc() should be called to free an LDAP URL description that was obtained from a call to .B ldap_url_parse(). .SH SEE ALSO .nf .BR ldap (3) .BR "RFC 4516" " " .SH ACKNOWLEDGEMENTS .fi .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 84 stdin PK!..ldap_sasl_bind.3nu[.lf 1 stdin .TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .B #include .LP .BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], int *" msgidp ");" .RE .LP .BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");" .RE .LP .BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res "," .RS .BI "struct berval **" servercredp ", int " freeit ");" .RE .LP .BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ");" .RE .LP .BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ", LDAPMessage *" result "," .BI "const char **" rmechp ", int *" msgidp ");" .RE .LP .BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");" .LP .BI "int ldap_unbind(LDAP *" ld ");" .LP .BI "int ldap_unbind_s(LDAP *" ld ");" .LP .BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");" .LP .BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");" .SH DESCRIPTION .LP These routines provide various interfaces to the LDAP bind operation. After an association with an LDAP server is made using .BR ldap_init (3), an LDAP bind operation should be performed before other operations are attempted over the connection. An LDAP bind is required when using Version 2 of the LDAP protocol; it is optional for Version 3 but is usually needed due to security considerations. .LP There are three types of bind calls, ones providing simple authentication, ones providing SASL authentication, and general routines capable of doing either simple or SASL authentication. .LP .B SASL (Simple Authentication and Security Layer) can negotiate one of many different kinds of authentication. Both synchronous and asynchronous versions of each variant of the bind call are provided. All routines take \fIld\fP as their first parameter, as returned from .BR ldap_init (3). .SH SIMPLE AUTHENTICATION The simplest form of the bind call is .BR ldap_simple_bind_s() . It takes the DN to bind as in \fIwho\fP, and the userPassword associated with the entry in \fIpasswd\fP. It returns an LDAP error indication (see .BR ldap_error (3)). The .B ldap_simple_bind() call is asynchronous, taking the same parameters but only initiating the bind operation and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The .B ldap_sasl_bind_s() and asynchronous .B ldap_sasl_bind() functions can also be used to make a simple bind by using LDAP_SASL_SIMPLE as the SASL mechanism. .SH GENERAL AUTHENTICATION The .B ldap_bind() and .B ldap_bind_s() routines can be used when the authentication method to use needs to be selected at runtime. They both take an extra \fImethod\fP parameter selecting the authentication method to use. It should be set to LDAP_AUTH_SIMPLE to select simple authentication. .B ldap_bind() returns the message id of the request it initiates. .B ldap_bind_s() returns an LDAP error indication. .SH SASL AUTHENTICATION For SASL binds the server always ignores any provided DN, so the .I dn parameter should always be NULL. .BR ldap_sasl_bind_s () sends a single SASL bind request with the given SASL .I mechanism and credentials in the .I cred parameter. The format of the credentials depends on the particular SASL mechanism in use. For mechanisms that provide mutual authentication the server's credentials will be returned in the .I servercredp parameter. The routine returns an LDAP error indication (see .BR ldap_error (3)). The .BR ldap_sasl_bind () call is asynchronous, taking the same parameters but only sending the request and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The result must be additionally parsed by .BR ldap_parse_sasl_bind_result () to obtain any server credentials sent from the server. .LP Many SASL mechanisms require multiple message exchanges to perform a complete authentication. Applications should generally use .BR ldap_sasl_interactive_bind_s () rather than calling the basic .BR ldap_sasl_bind () functions directly. The .I mechs parameter should contain a space-separated list of candidate mechanisms to use. If this parameter is NULL or empty the library will query the supportedSASLMechanisms attribute from the server's rootDSE for the list of SASL mechanisms the server supports. The .I flags parameter controls the interaction used to retrieve any necessary SASL authentication parameters and should be one of: .TP LDAP_SASL_AUTOMATIC use defaults if available, prompt otherwise .TP LDAP_SASL_INTERACTIVE always prompt .TP LDAP_SASL_QUIET never prompt .LP The .I interact function uses the provided .I defaults to handle requests from the SASL library for particular authentication parameters. There is no defined format for the .I defaults information; it is up to the caller to use whatever format is appropriate for the supplied .I interact function. The .I sasl_interact parameter comes from the underlying SASL library. When used with Cyrus SASL this is an array of .B sasl_interact_t structures. The Cyrus SASL library will prompt for a variety of inputs, including: .TP SASL_CB_GETREALM the realm for the authentication attempt .TP SASL_CB_AUTHNAME the username to authenticate .TP SASL_CB_PASS the password for the provided username .TP SASL_CB_USER the username to use for proxy authorization .TP SASL_CB_NOECHOPROMPT generic prompt for input with input echoing disabled .TP SASL_CB_ECHOPROMPT generic prompt for input with input echoing enabled .TP SASL_CB_LIST_END indicates the end of the array of prompts .LP See the Cyrus SASL documentation for more details. .LP Applications which need to manage connections asynchronously may use .BR ldap_sasl_interactive_bind () instead of the synchronous version. A valid mechs parameter must be supplied, otherwise the library will be forced to query the server for a list of supported mechanisms, and this query will be performed synchronously. The other parameters are the same as for the synchronous function, with three additional parameters. The actual SASL mechanism that was used, and the message ID for use with .BR ldap_result () will be returned in rmechp and msgidp, respectively. The value in rmechp must not be modified by the caller and must be passed back on each subsequent call. The message obtained from .BR ldap_result () must be passed in the result parameter. This parameter must be NULL when initiating a new Bind. The caller must free the result message after each call using .BR ldap_msgfree (). The .BR ldap_sasl_interactive_bind () function returns an LDAP result code. If the code is LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and this function must be called again with the next result from the server. .SH REBINDING .LP The .B ldap_set_rebind_proc function() sets the process to use for binding when an operation returns a referral. This function is used when an application needs to bind to another server in order to follow a referral or search continuation reference. .LP The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP, the arbitrary data like state information which the client might need to properly rebind. The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries to use the rebind function. Use the .BR ldap_set_option function to set the value. .LP The rebind function parameters are as follows: .LP The \fIld\fP parameter must be used by the application when binding to the referred server if the application wants the libraries to follow the referral. .LP The \fIurl\fP parameter points to the URL referral string received from the LDAP server. The LDAP application can use the .BR ldap_url_parse (3) function to parse the string into its components. .LP The \fIrequest\fP parameter specifies the type of request that generated the referral. .LP The \fImsgid\fP parameter specifies the message ID of the request generating the referral. .LP The \fIparams\fP parameter is the same value as passed originally to the .BR ldap_set_rebind_proc () function. .LP The LDAP libraries set all the parameters when they call the rebind function. The application should not attempt to free either the ld or the url structures in the rebind function. .LP The application must supply to the rebind function the required authentication information such as, user name, password, and certificates. The rebind function must use a synchronous bind method. .SH UNBINDING The .B ldap_unbind() call is used to unbind from the directory, terminate the current association, and free the resources contained in the \fIld\fP structure. Once it is called, the connection to the LDAP server is closed, and the \fIld\fP structure is invalid. The .B ldap_unbind_s() call is just another name for .BR ldap_unbind() ; both of these calls are synchronous in nature. .LP The .B ldap_unbind_ext() and .B ldap_unbind_ext_s() allows the operations to specify controls. .SH ERRORS Asynchronous routines will return \-1 in case of error, setting the \fIld_errno\fP parameter of the \fIld\fP structure. Synchronous routines return whatever \fIld_errno\fP is set to. See .BR ldap_error (3) for more information. .SH NOTES If an anonymous bind is sufficient for the application, the rebind process need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option set to ON (default value) will automatically follow referrals using an anonymous bind. .LP If the application needs stronger authentication than an anonymous bind, you need to provide a rebind process for that authentication method. The bind method must be synchronous. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_open (3), .BR ldap_set_option (3), .BR ldap_url_parse (3) .B RFC 4422 (http://www.rfc-editor.org), .B Cyrus SASL (http://asg.web.cmu.edu/sasl/) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 335 stdin PK!w;+- - ldap_count_references.3nu[.lf 1 stdin .TH LDAP_FIRST_REFERENCE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_first_reference, ldap_next_reference, ldap_count_references \- Stepping through continuation references in a result chain .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_count_references( LDAP *ld, LDAPMessage *result ) .LP .ft B LDAPMessage *ldap_first_reference( LDAP *ld, LDAPMessage *result ) .LP .ft B LDAPMessage *ldap_next_reference( LDAP *ld, LDAPMessage *reference ) .SH DESCRIPTION .LP These routines are used to step through the continuation references in a result chain received from .BR ldap_result (3) or the synchronous LDAP search operation routines. .LP The .B ldap_first_reference() routine is used to retrieve the first reference message in a result chain. It takes the \fIresult\fP as returned by a call to .BR ldap_result (3) , .BR ldap_search_s (3) or .BR ldap_search_st (3) and returns a pointer to the first reference message in the result chain. .LP This pointer should be supplied on a subsequent call to .B ldap_next_reference() to get the next reference message, the result of which should be supplied to the next call to .BR ldap_next_reference() , etc. .B ldap_next_reference() will return NULL when there are no more reference messages. The reference messages returned from these calls are used by .BR ldap_parse_reference (3) to extract referrals and controls. .LP A count of the number of reference messages in the search result can be obtained by calling .BR ldap_count_references() . It can also be used to count the number of reference messages remaining in a result chain. .SH ERRORS If an error occurs in .B ldap_first_reference() or .BR ldap_next_reference() , NULL is returned. If an error occurs in .BR ldap_count_references() , -1 is returned. .SH SEE ALSO .BR ldap (3), .BR ldap_result (3), .BR ldap_search (3), .BR ldap_parse_reference (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 72 stdin PK! ldap_extended_operation.3nu[.lf 1 stdin .TH LDAP_EXTENDED_OPERATION 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_extended_operation, ldap_extended_operation_s \- Extends the LDAP operations to the LDAP server. .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_extended_operation( .RS .ft B LDAP *\fIld\fB, const char *\fIrequestoid\fB, const struct berval *\fIrequestdata\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB, int *\fImsgidp\fB ); .RE .LP .ft B int ldap_extended_operation_s( .RS .ft B LDAP *\fIld\fB, const char *\fIrequestoid\fB, const struct berval *\fIrequestdata\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB, char **\fIretoidp\fB, struct berval **\fIretdatap\fB ); .RE .SH DESCRIPTION The .B ldap_extended_operation_s() routine is used to synchronously perform an LDAP extended operation. It takes \fIrequestoid\fP, which points to a dotted-decimal OID string identifying the extended operation to perform. \fIrequestdata\fP is the data required for the request, \fIsctrls\fP is an array of LDAPControl structures to use with this extended operation, \fIcctrls\fP is an array of LDAPControl structures that list the client controls to use with this extended operation. .LP The output parameter \fIretoidp\fP points to a dotted-decimal OID string returned by the LDAP server. The memory used by the string should be freed with the .BR ldap_memfree (3) function. The output parameter \fIretdatap\fP points to a pointer to a berval structure that contains the returned data. If no data is returned by the server, the pointer is set this to NULL. The memory used by this structure should be freed with the .BR ber_bvfree (3) function. .LP The .B ldap_extended_operation() works just like .BR ldap_extended_operation_s() , but the operation is asynchronous. It provides the message id of the request it initiated in the integer pointed to be \fImsgidp\fP. The result of this operation can be obtained by calling .BR ldap_result(3). .SH SEE ALSO .BR ber_bvfree (3), .BR ldap_memfree (3), .BR ldap_parse_extended_result (3), .BR ldap_result (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 76 stdin PK!4ldap_modify_ext_s.3nu[.lf 1 stdin .TH LDAP_MODIFY 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_modify_ext, ldap_modify_ext_s \- Perform an LDAP modify operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_modify_ext( .RS .ft B LDAP *\fIld\fB, char *\fIdn\fB, LDAPMod *\fImods[]\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB, int *\fImsgidp\fB ); .RE .LP .nf .ft B int ldap_modify_ext_s( .RS .ft B LDAP *\fIld\fB, char *\fIdn\fB, LDAPMod *\fImods[]\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB ); .RE .LP .nf .ft B void ldap_mods_free( .RS .ft B LDAPMod **\fImods\fB, int \fIfreemods\fB ); .RE .SH DESCRIPTION The routine .B ldap_modify_ext_s() is used to perform an LDAP modify operation. \fIdn\fP is the DN of the entry to modify, and \fImods\fP is a null-terminated array of modifications to make to the entry. Each element of the \fImods\fP array is a pointer to an LDAPMod structure, which is defined below. .LP .nf typedef struct ldapmod { int mod_op; char *mod_type; union { char **modv_strvals; struct berval **modv_bvals; } mod_vals; struct ldapmod *mod_next; } LDAPMod; #define mod_values mod_vals.modv_strvals #define mod_bvalues mod_vals.modv_bvals .ft .fi .LP The \fImod_op\fP field is used to specify the type of modification to perform and should be one of LDAP_MOD_ADD, LDAP_MOD_DELETE, or LDAP_MOD_REPLACE. The \fImod_type\fP and \fImod_values\fP fields specify the attribute type to modify and a null-terminated array of values to add, delete, or replace respectively. The \fImod_next\fP field is used only by the LDAP server and may be ignored by the client. .LP If you need to specify a non-string value (e.g., to add a photo or audio attribute value), you should set \fImod_op\fP to the logical OR of the operation as above (e.g., LDAP_MOD_REPLACE) and the constant LDAP_MOD_BVALUES. In this case, \fImod_bvalues\fP should be used instead of \fImod_values\fP, and it should point to a null-terminated array of struct bervals, as defined in . .LP For LDAP_MOD_ADD modifications, the given values are added to the entry, creating the attribute if necessary. For LDAP_MOD_DELETE modifications, the given values are deleted from the entry, removing the attribute if no values remain. If the entire attribute is to be deleted, the \fImod_values\fP field should be set to NULL. For LDAP_MOD_REPLACE modifications, the attribute will have the listed values after the modification, having been created if necessary. All modifications are performed in the order in which they are listed. .LP .B ldap_mods_free() can be used to free each element of a NULL-terminated array of mod structures. If \fIfreemods\fP is non-zero, the \fImods\fP pointer itself is freed as well. .LP .B ldap_modify_ext_s() returns a code indicating success or, in the case of failure, indicating the nature of the failure. See .BR ldap_error (3) for details .LP The .B ldap_modify_ext() operation works the same way as .BR ldap_modify_ext_s() , except that it is asynchronous. The integer that \fImsgidp\fP points to is set to the message id of the modify request. The result of the operation can be obtained by calling .BR ldap_result (3). .LP Both .B ldap_modify_ext() and .B ldap_modify_ext_s() allows server and client controls to be passed in via the sctrls and cctrls parameters, respectively. .SH DEPRECATED INTERFACES The .B ldap_modify() and .B ldap_modify_s() routines are deprecated in favor of the .B ldap_modify_ext() and .B ldap_modify_ext_s() routines, respectively. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 132 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 137 stdin PK!qqldap_dn2ad_canonical.3nu[.lf 1 stdin .TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char *ldap_get_dn( LDAP *ld, LDAPMessage *entry ) .LP .ft B int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags ) .LP .ft B void ldap_dnfree( LDAPDN dn ) .LP .ft B int ldap_dn2str( LDAPDN dn, char **str, unsigned flags ) .LP .ft B char **ldap_explode_dn( const char *dn, int notypes ) .LP .ft B char **ldap_explode_rdn( const char *rdn, int notypes ) .LP .ft B char *ldap_dn2ufn( const char * dn ) .LP .ft B char *ldap_dn2dcedn( const char * dn ) .LP .ft B char *ldap_dcedn2dn( const char * dn ) .LP .ft B char *ldap_dn2ad_canonical( const char * dn ) .SH DESCRIPTION These routines allow LDAP entry names (Distinguished Names, or DNs) to be obtained, parsed, converted to a user-friendly form, and tested. A DN has the form described in RFC 4414 "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names". .LP The .B ldap_get_dn() routine takes an \fIentry\fP as returned by .BR ldap_first_entry (3) or .BR ldap_next_entry (3) and returns a copy of the entry's DN. Space for the DN will be obtained dynamically and should be freed by the caller using .BR ldap_memfree (3). .LP .B ldap_str2dn() parses a string representation of a distinguished name contained in .B str into its components, which are stored in .B dn as .B ldap_ava structures, arranged in .B LDAPAVA, .B LDAPRDN, and .B LDAPDN terms. Space for .B dn will be obtained dynamically and should be freed by the caller using .BR ldap_dnfree (3). The .B LDAPDN is defined as: .nf .ft B typedef struct ldap_ava { struct berval la_attr; struct berval la_value; unsigned la_flags; } LDAPAVA; typedef LDAPAVA** LDAPRDN; typedef LDAPRDN* LDAPDN; .ft .fi The attribute types and the attribute values are not normalized. The .B la_flags can be either .B LDAP_AVA_STRING or .B LDAP_AVA_BINARY, the latter meaning that the value is BER/DER encoded and thus must be represented as, quoting from RFC 4514, " ... an octothorpe character ('#' ASCII 35) followed by the hexadecimal representation of each of the bytes of the BER encoding of the X.500 AttributeValue." The .B flags parameter to .B ldap_str2dn() can be .LP .nf LDAP_DN_FORMAT_LDAPV3 LDAP_DN_FORMAT_LDAPV2 LDAP_DN_FORMAT_DCE .fi which defines what DN syntax is expected (according to RFC 4514, RFC 1779 and DCE, respectively). The format can be \fIOR\fPed to the flags .LP .nf LDAP_DN_P_NO_SPACES LDAP_DN_P_NO_SPACE_AFTER_RDN ... LDAP_DN_PEDANTIC .fi The latter is a shortcut for all the previous limitations. .LP .B LDAP_DN_P_NO_SPACES does not allow extra spaces in the dn; the default is to silently eliminate spaces around AVA separators ('='), RDN component separators ('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators (',' LDAPv3/LDAPv2 or '/' for DCE). .LP .B LDAP_DN_P_NO_SPACE_AFTER_RDN does not allow a single space after RDN separators. .LP .B ldap_dn2str() performs the inverse operation, yielding in .B str a string representation of .B dn. It allows the same values for .B flags as .B ldap_str2dn(), plus .LP .nf LDAP_DN_FORMAT_UFN LDAP_DN_FORMAT_AD_CANONICAL .fi for user-friendly naming (RFC 1781) and AD canonical. .LP The following routines are viewed as deprecated in favor of .B ldap_str2dn() and .BR ldap_dn2str(). They are provided to support legacy applications. .LP The .B ldap_explode_dn() routine takes a DN as returned by .B ldap_get_dn() and breaks it up into its component parts. Each part is known as a Relative Distinguished Name, or RDN. .B ldap_explode_dn() returns a NULL-terminated array, each component of which contains an RDN from the DN. The \fInotypes\fP parameter is used to request that only the RDN values be returned, not their types. For example, the DN "cn=Bob, c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob", "US", NULL }, depending on whether notypes was 0 or 1, respectively. Assertion values in RDN strings may included escaped characters. The result can be freed by calling .BR ldap_value_free (3). .LP Similarly, the .B ldap_explode_rdn() routine takes an RDN as returned by .B ldap_explode_dn(dn,0) and breaks it up into its "type=value" component parts (or just "value", if the \fInotypes\fP parameter is set). Note the value is not unescaped. The result can be freed by calling .BR ldap_value_free (3). .LP .B ldap_dn2ufn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a more user-friendly form, stripping off all type names. See "Using the Directory to Achieve User Friendly Naming" (RFC 1781) for more details on the UFN format. Due to the ambiguous nature of the format, it is generally only used for display purposes. The space for the UFN returned is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .LP .B ldap_dn2dcedn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a DCE-style DN, e.g. a string with most-significant to least significant rdns separated by slashes ('/'); rdn components are separated by commas (','). Only printable chars (e.g. LDAPv2 printable string) are allowed, at least in this implementation. .B ldap_dcedn2dn() performs the opposite operation. .B ldap_dn2ad_canonical() turns a DN into a AD canonical name, which is basically a DCE dn with attribute types omitted. The trailing domain, if present, is turned in a DNS-like domain. The space for the returned value is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .SH ERRORS If an error occurs in .BR ldap_get_dn() , NULL is returned and the .B ld_errno field in the \fIld\fP parameter is set to indicate the error. See .BR ldap_error (3) for a description of possible error codes. .BR ldap_explode_dn() , .BR ldap_explode_rdn() , .B ldap_dn2ufn(), .B ldap_dn2dcedn(), .B ldap_dcedn2dn(), and .B ldap_dn2ad_canonical() will return NULL with .BR errno (3) set appropriately in case of trouble. .SH NOTES These routines dynamically allocate memory that the caller must free. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_first_entry (3), .BR ldap_memfree (3), .BR ldap_value_free (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 247 stdin PK!gd"#"#ldap_scherr2str.3nu[.lf 1 stdin .TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B LDAPSyntax * ldap_str2syntax(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_syntax2str(syn) .ft const LDAPSyntax * syn; .LP .ft B const char * ldap_syntax2name(syn) .ft LDAPSyntax * syn; .LP .ft B ldap_syntax_free(syn) .ft LDAPSyntax * syn; .LP .ft B LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_matchingrule2str(mr); .ft const LDAPMatchingRule * mr; .LP .ft B const char * ldap_matchingrule2name(mr) .ft LDAPMatchingRule * mr; .LP .ft B ldap_matchingrule_free(mr) .ft LDAPMatchingRule * mr; .LP .ft B LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_attributetype2str(at) .ft const LDAPAttributeType * at; .LP .ft B const char * ldap_attributetype2name(at) .ft LDAPAttributeType * at; .LP .ft B ldap_attributetype_free(at) .ft LDAPAttributeType * at; .LP .ft B LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_objectclass2str(oc) .ft const LDAPObjectClass * oc; .LP .ft B const char * ldap_objectclass2name(oc) .ft LDAPObjectClass * oc; .LP .ft B ldap_objectclass_free(oc) .ft LDAPObjectClass * oc; .LP .ft B char * ldap_scherr2str(code) .ft int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is responsible for freeing the struct by calling .B ldap_xxx_free() when not needed any longer. The routine returns NULL if some problem happened. In this case, the integer pointed at by argument .IR code will receive an error code (see below the description of .B ldap_scherr2str() for an explanation of the values) and a pointer to a NUL-terminated string will be placed where requested by argument .IR errp , indicating where in argument .IR s the error happened, so it must not be freed by the caller. Argument .IR flags is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. .TP .B LDAP_SCHEMA_ALLOW_QUOTED permit quotes around some items that should not have them. .TP .B LDAP_SCHEMA_ALLOW_DESCR permit a .B descr instead of a numeric OID in places where the syntax expect the latter. .TP .B LDAP_SCHEMA_ALLOW_DESCR_PREFIX permit that the initial numeric OID contains a prefix in .B descr format. .TP .B LDAP_SCHEMA_ALLOW_ALL be very liberal, include all options. .LP The structures returned are as follows: .sp .RS .nf .ne 7 .ta 8n 16n 32n typedef struct ldap_schema_extension_item { char *lsei_name; /* Extension name */ char **lsei_values; /* Extension values */ } LDAPSchemaExtensionItem; typedef struct ldap_syntax { char *syn_oid; /* OID */ char **syn_names; /* Names */ char *syn_desc; /* Description */ LDAPSchemaExtensionItem **syn_extensions; /* Extension */ } LDAPSyntax; typedef struct ldap_matchingrule { char *mr_oid; /* OID */ char **mr_names; /* Names */ char *mr_desc; /* Description */ int mr_obsolete; /* Is obsolete? */ char *mr_syntax_oid; /* Syntax of asserted values */ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */ } LDAPMatchingRule; typedef struct ldap_attributetype { char *at_oid; /* OID */ char **at_names; /* Names */ char *at_desc; /* Description */ int at_obsolete; /* Is obsolete? */ char *at_sup_oid; /* OID of superior type */ char *at_equality_oid; /* OID of equality matching rule */ char *at_ordering_oid; /* OID of ordering matching rule */ char *at_substr_oid; /* OID of substrings matching rule */ char *at_syntax_oid; /* OID of syntax of values */ int at_syntax_len; /* Suggested minimum maximum length */ int at_single_value; /* Is single-valued? */ int at_collective; /* Is collective? */ int at_no_user_mod; /* Are changes forbidden through LDAP? */ int at_usage; /* Usage, see below */ LDAPSchemaExtensionItem **at_extensions; /* Extensions */ } LDAPAttributeType; typedef struct ldap_objectclass { char *oc_oid; /* OID */ char **oc_names; /* Names */ char *oc_desc; /* Description */ int oc_obsolete; /* Is obsolete? */ char **oc_sup_oids; /* OIDs of superior classes */ int oc_kind; /* Kind, see below */ char **oc_at_oids_must; /* OIDs of required attribute types */ char **oc_at_oids_may; /* OIDs of optional attribute types */ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */ } LDAPObjectClass; .ta .fi .RE .PP Some integer fields (those described with a question mark) have a truth value, for these fields the possible values are: .TP .B LDAP_SCHEMA_NO The answer to the question is no. .TP .B LDAP_SCHEMA_YES The answer to the question is yes. .LP For attribute types, the following usages are possible: .TP .B LDAP_SCHEMA_USER_APPLICATIONS the attribute type is non-operational. .TP .B LDAP_SCHEMA_DIRECTORY_OPERATION the attribute type is operational and is pertinent to the directory itself, i.e. it has the same value on all servers that master the entry containing this attribute type. .TP .B LDAP_SCHEMA_DISTRIBUTED_OPERATION the attribute type is operational and is pertinent to replication, shadowing or other distributed directory aspect. TBC. .TP .B LDAP_SCHEMA_DSA_OPERATION the attribute type is operational and is pertinent to the directory server itself, i.e. it may have different values for the same entry when retrieved from different servers that master the entry. .LP Object classes can be of three kinds: .TP .B LDAP_SCHEMA_ABSTRACT the object class is abstract, i.e. there cannot be entries of this class alone. .TP .B LDAP_SCHEMA_STRUCTURAL the object class is structural, i.e. it describes the main role of the entry. On some servers, once the entry is created the set of structural object classes assigned cannot be changed: none of those present can be removed and none other can be added. .TP .B LDAP_SCHEMA_AUXILIARY the object class is auxiliary, i.e. it is intended to go with other, structural, object classes. These can be added or removed at any time if attribute types are added or removed at the same time as needed by the set of object classes resulting from the operation. .LP Routines .B ldap_xxx2name() return a canonical name for the definition. .LP Routines .B ldap_xxx2str() return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. .LP .B ldap_scherr2str() returns a NUL-terminated string with a text description of the error found. This is a pointer to a static area, so it must not be freed by the caller. The argument .IR code comes from one of the parsing routines and can adopt the following values: .TP .B LDAP_SCHERR_OUTOFMEM Out of memory. .TP .B LDAP_SCHERR_UNEXPTOKEN Unexpected token. .TP .B LDAP_SCHERR_NOLEFTPAREN Missing opening parenthesis. .TP .B LDAP_SCHERR_NORIGHTPAREN Missing closing parenthesis. .TP .B LDAP_SCHERR_NODIGIT Expecting digit. .TP .B LDAP_SCHERR_BADNAME Expecting a name. .TP .B LDAP_SCHERR_BADDESC Bad description. .TP .B LDAP_SCHERR_BADSUP Bad superiors. .TP .B LDAP_SCHERR_DUPOPT Duplicate option. .TP .B LDAP_SCHERR_EMPTY Unexpected end of data. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 321 stdin PK!4 ldap_modify.3nu[.lf 1 stdin .TH LDAP_MODIFY 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_modify_ext, ldap_modify_ext_s \- Perform an LDAP modify operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_modify_ext( .RS .ft B LDAP *\fIld\fB, char *\fIdn\fB, LDAPMod *\fImods[]\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB, int *\fImsgidp\fB ); .RE .LP .nf .ft B int ldap_modify_ext_s( .RS .ft B LDAP *\fIld\fB, char *\fIdn\fB, LDAPMod *\fImods[]\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB ); .RE .LP .nf .ft B void ldap_mods_free( .RS .ft B LDAPMod **\fImods\fB, int \fIfreemods\fB ); .RE .SH DESCRIPTION The routine .B ldap_modify_ext_s() is used to perform an LDAP modify operation. \fIdn\fP is the DN of the entry to modify, and \fImods\fP is a null-terminated array of modifications to make to the entry. Each element of the \fImods\fP array is a pointer to an LDAPMod structure, which is defined below. .LP .nf typedef struct ldapmod { int mod_op; char *mod_type; union { char **modv_strvals; struct berval **modv_bvals; } mod_vals; struct ldapmod *mod_next; } LDAPMod; #define mod_values mod_vals.modv_strvals #define mod_bvalues mod_vals.modv_bvals .ft .fi .LP The \fImod_op\fP field is used to specify the type of modification to perform and should be one of LDAP_MOD_ADD, LDAP_MOD_DELETE, or LDAP_MOD_REPLACE. The \fImod_type\fP and \fImod_values\fP fields specify the attribute type to modify and a null-terminated array of values to add, delete, or replace respectively. The \fImod_next\fP field is used only by the LDAP server and may be ignored by the client. .LP If you need to specify a non-string value (e.g., to add a photo or audio attribute value), you should set \fImod_op\fP to the logical OR of the operation as above (e.g., LDAP_MOD_REPLACE) and the constant LDAP_MOD_BVALUES. In this case, \fImod_bvalues\fP should be used instead of \fImod_values\fP, and it should point to a null-terminated array of struct bervals, as defined in . .LP For LDAP_MOD_ADD modifications, the given values are added to the entry, creating the attribute if necessary. For LDAP_MOD_DELETE modifications, the given values are deleted from the entry, removing the attribute if no values remain. If the entire attribute is to be deleted, the \fImod_values\fP field should be set to NULL. For LDAP_MOD_REPLACE modifications, the attribute will have the listed values after the modification, having been created if necessary. All modifications are performed in the order in which they are listed. .LP .B ldap_mods_free() can be used to free each element of a NULL-terminated array of mod structures. If \fIfreemods\fP is non-zero, the \fImods\fP pointer itself is freed as well. .LP .B ldap_modify_ext_s() returns a code indicating success or, in the case of failure, indicating the nature of the failure. See .BR ldap_error (3) for details .LP The .B ldap_modify_ext() operation works the same way as .BR ldap_modify_ext_s() , except that it is asynchronous. The integer that \fImsgidp\fP points to is set to the message id of the modify request. The result of the operation can be obtained by calling .BR ldap_result (3). .LP Both .B ldap_modify_ext() and .B ldap_modify_ext_s() allows server and client controls to be passed in via the sctrls and cctrls parameters, respectively. .SH DEPRECATED INTERFACES The .B ldap_modify() and .B ldap_modify_s() routines are deprecated in favor of the .B ldap_modify_ext() and .B ldap_modify_ext_s() routines, respectively. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 132 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 137 stdin PK!VH- - ldap_abandon.3nu[.lf 1 stdin .TH LDAP_ABANDON 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_abandon_ext \- Abandon an LDAP operation in progress .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .B #include .LP .ft B int ldap_abandon_ext( .RS .ft B LDAP *\fIld\fB, Bint \fImsgid\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB ); .RE .fi .SH DESCRIPTION The .B ldap_abandon_ext() routine is used to send a LDAP Abandon request for an operation in progress. The \fImsgid\fP passed should be the message id of an outstanding LDAP operation, such as returned by .BR ldap_search_ext (3). .LP .BR ldap_abandon_ext () checks to see if the result of the operation has already come in. If it has, it deletes it from the queue of pending messages. If not, it sends an LDAP abandon request to the LDAP server. .LP The caller can expect that the result of an abandoned operation will not be returned from a future call to .BR ldap_result (3). .LP .B ldap_abandon_ext() allows server and client controls to be passed in via the .I sctrls and .I cctrls parameters, respectively. .LP .B ldap_abandon_ext() returns a code indicating success or, in the case of failure, the nature of the failure. See .BR ldap_error (3) for details. .SH DEPRECATED INTERFACES The .B ldap_abandon() routine is deprecated in favor of the .B ldap_abandon_ext() routine. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 61 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_result (3), .BR ldap_search_ext (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 69 stdin PK!YX .LP .BI "int ldap_get_option(LDAP *" ld ", int " option ", void *" outvalue ");" .LP .BI "int ldap_set_option(LDAP *" ld ", int " option ", const void *" invalue ");" .SH DESCRIPTION .LP These routines provide access to options stored either in a LDAP handle or as global options, where applicable. They make use of a neutral interface, where the type of the value either retrieved by .BR ldap_get_option (3) or set by .BR ldap_set_option (3) is cast to .BR "void *" . The actual type is determined based on the value of the .B option argument. Global options are set/retrieved by passing a NULL LDAP handle. LDAP handles inherit their default settings from the global options in effect at the time the handle is created. .TP .B LDAP_OPT_API_FEATURE_INFO Fills-in a .BR "LDAPAPIFeatureInfo" ; .BR outvalue must be a .BR "LDAPAPIFeatureInfo *" , pointing to an already allocated struct. The .B ldapaif_info_version field of the struct must be initialized to .B LDAP_FEATURE_INFO_VERSION before making the call. The .B ldapaif_name field must be set to the name of a feature to query. This is a read-only option. .TP .B LDAP_OPT_API_INFO Fills-in a .BR "LDAPAPIInfo" ; .BR outvalue must be a .BR "LDAPAPIInfo *" , pointing to an already allocated struct. The .B ldapai_info_version field of the struct must be initialized to .B LDAP_API_INFO_VERSION before making the call. If the version passed in does not match the current library version, the expected version number will be stored in the struct and the call will fail. The caller is responsible for freeing the elements of the .B ldapai_extensions array and the array itself using .BR ldap_memfree (3). The caller must also free the .BR ldapi_vendor_name . This is a read-only option. .TP .B LDAP_OPT_CLIENT_CONTROLS Sets/gets the client-side controls to be used for all operations. This is now deprecated as modern LDAP C API provides replacements for all main operations which accepts client-side controls as explicit arguments; see for example .BR ldap_search_ext (3), .BR ldap_add_ext (3), .BR ldap_modify_ext (3) and so on. .BR outvalue must be .BR "LDAPControl ***" , and the caller is responsible of freeing the returned controls, if any, by calling .BR ldap_controls_free (3), while .BR invalue must be .BR "LDAPControl *const *" ; the library duplicates the controls passed via .BR invalue . .TP .B LDAP_OPT_CONNECT_ASYNC Sets/gets the status of the asynchronous connect flag. .BR invalue should either be .BR LDAP_OPT_OFF or .BR LDAP_OPT_ON ; .BR outvalue must be .BR "int *" . When set, the library will call .BR connect (2) and return, without waiting for response. This leaves the handle in a connecting state. Subsequent calls to library routines will poll for completion of the connect before performing further operations. As a consequence, library calls that need to establish a connection with a DSA do not block even for the network timeout (option .BR LDAP_OPT_NETWORK_TIMEOUT ). This option is OpenLDAP specific. .TP .B LDAP_OPT_CONNECT_CB This option allows to set a connect callback. .B invalue must be a .BR "const struct ldap_conncb *" . Callbacks are executed in last in-first served order. Handle-specific callbacks are executed first, followed by global ones. Right before freeing the callback structure, the .B lc_del callback handler is passed a .B NULL .BR Sockbuf . Calling .BR ldap_get_option (3) for this option removes the callback whose pointer matches .BR outvalue . This option is OpenLDAP specific. .TP .B LDAP_OPT_DEBUG_LEVEL Sets/gets the debug level of the client library. .BR invalue must be a .BR "const int *" ; .BR outvalue must be a .BR "int *" . Valid debug levels are .BR LDAP_DEBUG_ANY , .BR LDAP_DEBUG_ARGS , .BR LDAP_DEBUG_BER , .BR LDAP_DEBUG_CONNS , .BR LDAP_DEBUG_NONE , .BR LDAP_DEBUG_PACKETS , .BR LDAP_DEBUG_PARSE , and .BR LDAP_DEBUG_TRACE . This option is OpenLDAP specific. .TP .B LDAP_OPT_DEFBASE Sets/gets a string containing the DN to be used as default base for search operations. .BR outvalue must be a .BR "char **" , and the caller is responsible of freeing the returned string by calling .BR ldap_memfree (3), while .BR invalue must be a .BR "const char *" ; the library duplicates the corresponding string. This option is OpenLDAP specific. .TP .B LDAP_OPT_DEREF Sets/gets the value that defines when alias dereferencing must occur. .BR invalue must be .BR "const int *" ; .BR outvalue must be .BR "int *" . They cannot be NULL. The value of .BR *invalue should be one of .BR LDAP_DEREF_NEVER (the default), .BR LDAP_DEREF_SEARCHING , .BR LDAP_DEREF_FINDING , or .BR LDAP_DEREF_ALWAYS . Note that this has ever been the only means to determine alias dereferencing within search operations. .TP .B LDAP_OPT_DESC Returns the file descriptor associated to the socket buffer of the LDAP handle passed in as .BR ld ; .BR outvalue must be a .BR "int *" . This is a read-only, handle-specific option. .TP .B LDAP_OPT_DIAGNOSTIC_MESSAGE Sets/gets a string containing the error string associated to the LDAP handle. This option was formerly known as .BR LDAP_OPT_ERROR_STRING . .BR outvalue must be a .BR "char **" , and the caller is responsible of freeing the returned string by calling .BR ldap_memfree (3), while .BR invalue must be a .BR "char *" ; the library duplicates the corresponding string. .TP .B LDAP_OPT_HOST_NAME Sets/gets a space-separated list of hosts to be contacted by the library when trying to establish a connection. This is now deprecated in favor of .BR LDAP_OPT_URI . .BR outvalue must be a .BR "char **" , and the caller is responsible of freeing the resulting string by calling .BR ldap_memfree (3), while .BR invalue must be a .BR "const char *" ; the library duplicates the corresponding string. .TP .B LDAP_OPT_MATCHED_DN Sets/gets a string containing the matched DN associated to the LDAP handle. .BR outvalue must be a .BR "char **" , and the caller is responsible of freeing the returned string by calling .BR ldap_memfree (3), while .BR invalue must be a .BR "const char *" ; the library duplicates the corresponding string. .TP .B LDAP_OPT_NETWORK_TIMEOUT Sets/gets the network timeout value after which .BR poll (2)/ select (2) following a .BR connect (2) returns in case of no activity. .B outvalue must be a .BR "struct timeval **" (the caller has to free .BR *outvalue ) , and .B invalue must be a .BR "const struct timeval *" . They cannot be NULL. Using a struct with seconds set to \-1 results in an infinite timeout, which is the default. This option is OpenLDAP specific. .TP .B LDAP_OPT_PROTOCOL_VERSION Sets/gets the protocol version. .BR outvalue and .BR invalue must be .BR "int *" . .TP .B LDAP_OPT_REFERRAL_URLS Sets/gets an array containing the referral URIs associated to the LDAP handle. .BR outvalue must be a .BR "char ***" , and the caller is responsible of freeing the returned string by calling .BR ldap_memvfree (3), while .BR invalue must be a NULL-terminated .BR "char *const *" ; the library duplicates the corresponding string. This option is OpenLDAP specific. .TP .B LDAP_OPT_REFERRALS Determines whether the library should implicitly chase referrals or not. .BR invalue must be .BR "const int *" ; its value should either be .BR LDAP_OPT_OFF or .BR LDAP_OPT_ON . .BR outvalue must be .BR "int *" . .\".TP .\".B LDAP_OPT_REFHOPLIMIT .\"This option is OpenLDAP specific. .\"It is not currently implemented. .TP .B LDAP_OPT_RESTART Determines whether the library should implicitly restart connections (FIXME). .BR invalue must be .BR "const int *" ; its value should either be .BR LDAP_OPT_OFF or .BR LDAP_OPT_ON . .BR outvalue must be .BR "int *" . .TP .B LDAP_OPT_RESULT_CODE Sets/gets the LDAP result code associated to the handle. This option was formerly known as .BR LDAP_OPT_ERROR_NUMBER . .BR invalue must be a .BR "const int *" . .BR outvalue must be a .BR "int *" . .TP .B LDAP_OPT_SERVER_CONTROLS Sets/gets the server-side controls to be used for all operations. This is now deprecated as modern LDAP C API provides replacements for all main operations which accepts server-side controls as explicit arguments; see for example .BR ldap_search_ext (3), .BR ldap_add_ext (3), .BR ldap_modify_ext (3) and so on. .BR outvalue must be .BR "LDAPControl ***" , and the caller is responsible of freeing the returned controls, if any, by calling .BR ldap_controls_free (3), while .BR invalue must be .BR "LDAPControl *const *" ; the library duplicates the controls passed via .BR invalue . .TP .B LDAP_OPT_SESSION_REFCNT Returns the reference count associated with the LDAP handle passed in as .BR ld ; .BR outvalue must be a .BR "int *" . This is a read-only, handle-specific option. This option is OpenLDAP specific. .TP .B LDAP_OPT_SIZELIMIT Sets/gets the value that defines the maximum number of entries to be returned by a search operation. .BR invalue must be .BR "const int *" , while .BR outvalue must be .BR "int *" ; They cannot be NULL. .TP .B LDAP_OPT_SOCKBUF Returns a pointer to the socket buffer of the LDAP handle passed in as .BR ld ; .BR outvalue must be a .BR "Sockbuf **" . This is a read-only, handle-specific option. This option is OpenLDAP specific. .TP .B LDAP_OPT_TIMELIMIT Sets/gets the value that defines the time limit after which a search operation should be terminated by the server. .BR invalue must be .BR "const int *" , while .BR outvalue must be .BR "int *" , and they cannot be NULL. .TP .B LDAP_OPT_TIMEOUT Sets/gets a timeout value for the synchronous API calls. .B outvalue must be a .BR "struct timeval **" (the caller has to free .BR *outvalue ) , and .B invalue must be a .BR "struct timeval *" , and they cannot be NULL. Using a struct with seconds set to \-1 results in an infinite timeout, which is the default. This option is OpenLDAP specific. .TP .B LDAP_OPT_URI Sets/gets a comma- or space-separated list of URIs to be contacted by the library when trying to establish a connection. .BR outvalue must be a .BR "char **" , and the caller is responsible of freeing the resulting string by calling .BR ldap_memfree (3), while .BR invalue must be a .BR "const char *" ; the library parses the string into a list of .BR LDAPURLDesc structures, so the invocation of .BR ldap_set_option (3) may fail if URL parsing fails. URIs may only contain the .BR schema , the .BR host , and the .BR port fields. This option is OpenLDAP specific. .SH SASL OPTIONS The SASL options are OpenLDAP specific. .TP .B LDAP_OPT_X_SASL_AUTHCID Gets the SASL authentication identity; .BR outvalue must be a .BR "char **" , its content needs to be freed by the caller using .BR ldap_memfree (3). .TP .B LDAP_OPT_X_SASL_AUTHZID Gets the SASL authorization identity; .BR outvalue must be a .BR "char **" , its content needs to be freed by the caller using .BR ldap_memfree (3). .TP .B LDAP_OPT_X_SASL_MAXBUFSIZE Gets/sets SASL maximum buffer size; .BR invalue must be .BR "const ber_len_t *" , while .BR outvalue must be .BR "ber_len_t *" . See also .BR LDAP_OPT_X_SASL_SECPROPS . .TP .B LDAP_OPT_X_SASL_MECH Gets the SASL mechanism; .BR outvalue must be a .BR "char **" , its content needs to be freed by the caller using .BR ldap_memfree (3). .TP .B LDAP_OPT_X_SASL_MECHLIST Gets the list of the available mechanisms, in form of a NULL-terminated array of strings; .BR outvalue must be .BR "char ***" . The caller must not free or otherwise muck with it. .TP .B LDAP_OPT_X_SASL_NOCANON Sets/gets the NOCANON flag. When unset, the hostname is canonicalized. .BR invalue must be .BR "const int *" ; its value should either be .BR LDAP_OPT_OFF or .BR LDAP_OPT_ON . .BR outvalue must be .BR "int *" . .TP .B LDAP_OPT_X_SASL_REALM Gets the SASL realm; .BR outvalue must be a .BR "char **" , its content needs to be freed by the caller using .BR ldap_memfree (3). .TP .B LDAP_OPT_X_SASL_SECPROPS Sets the SASL secprops; .BR invalue must be a .BR "char *" , containing a comma-separated list of properties. Legal values are: .BR none , .BR nodict , .BR noplain , .BR noactive , .BR passcred , .BR forwardsec , .BR noanonymous , .BR minssf= , .BR maxssf= , .BR maxbufsize= . .TP .B LDAP_OPT_X_SASL_SSF Gets the SASL SSF; .BR outvalue must be a .BR "ber_len_t *" . .TP .B LDAP_OPT_X_SASL_SSF_EXTERNAL Sets the SASL SSF value related to an authentication performed using an EXTERNAL mechanism; .BR invalue must be a .BR "const ber_len_t *" . .TP .B LDAP_OPT_X_SASL_SSF_MAX Gets/sets SASL maximum SSF; .BR invalue must be .BR "const ber_len_t *" , while .BR outvalue must be .BR "ber_len_t *" . See also .BR LDAP_OPT_X_SASL_SECPROPS . .TP .B LDAP_OPT_X_SASL_SSF_MIN Gets/sets SASL minimum SSF; .BR invalue must be .BR "const ber_len_t *" , while .BR outvalue must be .BR "ber_len_t *" . See also .BR LDAP_OPT_X_SASL_SECPROPS . .TP .B LDAP_OPT_X_SASL_USERNAME Gets the SASL username; .BR outvalue must be a .BR "char **" . Its content needs to be freed by the caller using .BR ldap_memfree (3). .SH TCP OPTIONS The TCP options are OpenLDAP specific. Mainly intended for use with Linux, they may not be portable. .TP .B LDAP_OPT_X_KEEPALIVE_IDLE Sets/gets the number of seconds a connection needs to remain idle before TCP starts sending keepalive probes. .BR invalue must be .BR "const int *" ; .BR outvalue must be .BR "int *" . .TP .B LDAP_OPT_X_KEEPALIVE_PROBES Sets/gets the maximum number of keepalive probes TCP should send before dropping the connection. .BR invalue must be .BR "const int *" ; .BR outvalue must be .BR "int *" . .TP .B LDAP_OPT_X_KEEPALIVE_INTERVAL Sets/gets the interval in seconds between individual keepalive probes. .BR invalue must be .BR "const int *" ; .BR outvalue must be .BR "int *" . .SH TLS OPTIONS The TLS options are OpenLDAP specific. .\".TP .\".B LDAP_OPT_X_TLS .\"Sets/gets the TLS mode. .TP .B LDAP_OPT_X_TLS_CACERTDIR Sets/gets the path of the directory containing CA certificates. .BR invalue must be .BR "const char *" ; .BR outvalue must be .BR "char **" , and its contents need to be freed by the caller using .BR ldap_memfree (3). .TP .B LDAP_OPT_X_TLS_CACERTFILE Sets/gets the full-path of the CA certificate file. .BR invalue must be .BR "const char *" ; .BR outvalue must be .BR "char **" , and its contents need to be freed by the caller using .BR ldap_memfree (3). .TP .B LDAP_OPT_X_TLS_CERTFILE Sets/gets the full-path of the certificate file. .BR invalue must be .BR "const char *" ; .BR outvalue must be .BR "char **" , and its contents need to be freed by the caller using .BR ldap_memfree (3). .TP .B LDAP_OPT_X_TLS_CIPHER_SUITE Sets/gets the allowed cipher suite. .BR invalue must be .BR "const char *" ; .BR outvalue must be .BR "char **" , and its contents need to be freed by the caller using .BR ldap_memfree (3). .TP .B LDAP_OPT_X_TLS_CONNECT_ARG Sets/gets the connection callback argument. .BR invalue must be .BR "const void *" ; .BR outvalue must be .BR "void **" . .TP .B LDAP_OPT_X_TLS_CONNECT_CB Sets/gets the connection callback handle. .BR invalue must be .BR "const LDAP_TLS_CONNECT_CB *" ; .BR outvalue must be .BR "LDAP_TLS_CONNECT_CB **" . .TP .B LDAP_OPT_X_TLS_CRLCHECK Sets/gets the CRL evaluation strategy, one of .BR LDAP_OPT_X_TLS_CRL_NONE , .BR LDAP_OPT_X_TLS_CRL_PEER , or .BR LDAP_OPT_X_TLS_CRL_ALL . .BR invalue must be .BR "const int *" ; .BR outvalue must be .BR "int *" . Requires OpenSSL. .TP .B LDAP_OPT_X_TLS_CRLFILE Sets/gets the full-path of the CRL file. .BR invalue must be .BR "const char *" ; .BR outvalue must be .BR "char **" , and its contents need to be freed by the caller using .BR ldap_memfree (3). This option is only valid for GnuTLS. .TP .B LDAP_OPT_X_TLS_CTX Sets/gets the TLS library context. New TLS sessions will inherit their default settings from this library context. .BR invalue must be .BR "const void *" ; .BR outvalue must be .BR "void **" . When using the OpenSSL library this is an SSL_CTX*. When using other crypto libraries this is a pointer to an OpenLDAP private structure. Applications generally should not use this option or attempt to manipulate this structure. .TP .B LDAP_OPT_X_TLS_DHFILE Gets/sets the full-path of the file containing the parameters for Diffie-Hellman ephemeral key exchange. .BR invalue must be .BR "const char *" ; .BR outvalue must be .BR "char **" , and its contents need to be freed by the caller using .BR ldap_memfree (3). Ignored by GnuTLS and Mozilla NSS. .TP .B LDAP_OPT_X_TLS_KEYFILE Sets/gets the full-path of the certificate key file. .BR invalue must be .BR "const char *" ; .BR outvalue must be .BR "char **" , and its contents need to be freed by the caller using .BR ldap_memfree (3). .TP .B LDAP_OPT_X_TLS_NEWCTX Instructs the library to create a new TLS library context. .BR invalue must be .BR "const int *" . A non-zero value pointed to by .BR invalue tells the library to create a context for a server. .TP .B LDAP_OPT_X_TLS_PROTOCOL_MIN Sets/gets the minimum protocol version. .BR invalue must be .BR "const int *" ; .BR outvalue must be .BR "int *" . .TP .B LDAP_OPT_X_TLS_RANDOM_FILE Sets/gets the random file when .B /dev/random and .B /dev/urandom are not available. .BR invalue must be .BR "const char *" ; .BR outvalue must be .BR "char **" , and its contents need to be freed by the caller using .BR ldap_memfree (3). Ignored by GnuTLS older than version 2.2. Ignored by Mozilla NSS. .TP .B LDAP_OPT_X_TLS_REQUIRE_CERT Sets/gets the peer certificate checking strategy, one of .BR LDAP_OPT_X_TLS_NEVER , .BR LDAP_OPT_X_TLS_HARD , .BR LDAP_OPT_X_TLS_DEMAND , .BR LDAP_OPT_X_TLS_ALLOW , .BR LDAP_OPT_X_TLS_TRY . .TP .B LDAP_OPT_X_TLS_SSL_CTX Gets the TLS session context associated with this handle. .BR outvalue must be .BR "void **" . When using the OpenSSL library this is an SSL*. When using other crypto libraries this is a pointer to an OpenLDAP private structure. Applications generally should not use this option. .SH ERRORS On success, the functions return .BR LDAP_OPT_SUCCESS , while they may return .B LDAP_OPT_ERROR to indicate a generic option handling error. Occasionally, more specific errors can be returned, like .B LDAP_NO_MEMORY to indicate a failure in memory allocation. .SH NOTES The LDAP libraries with the .B LDAP_OPT_REFERRALS option set to .B LDAP_OPT_ON (default value) automatically follow referrals using an anonymous bind. Application developers are encouraged to either implement consistent referral chasing features, or explicitly disable referral chasing by setting that option to .BR LDAP_OPT_OFF . .P The protocol version used by the library defaults to LDAPv2 (now historic), which corresponds to the .B LDAP_VERSION2 macro. Application developers are encouraged to explicitly set .B LDAP_OPT_PROTOCOL_VERSION to LDAPv3, using the .B LDAP_VERSION3 macro, or to allow users to select the protocol version. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .B RFC 4422 (http://www.rfc-editor.org), .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 811 stdin PK! ȵldap_sort_strcasecmp.3nu[.lf 1 stdin .TH LDAP_SORT 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_sort_entries, ldap_sort_values, ldap_sort_strcasecmp \- LDAP sorting routines (deprecated) .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH DESCRIPTION The .BR ldap_sort_entries (), .BR ldap_sort_values (), and .BR ldap_sort_strcasecmp () are deprecated. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 18 stdin .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 22 stdin PK!5^#v1v1ber_get_null.3nu[.lf 1 stdin .TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");" .LP .BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");" .LP .BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");" .LP .BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");" .LP .BI "ber_tag_t ber_get_null(BerElement *" ber ");" .LP .BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");" .LP .BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");" .LP .BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");" .LP .BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the decoding routines in the lber library. See .BR lber-encode (3) for details on the corresponding encoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_get_next () to get the next BER element and .BR ber_scanf () to do the actual decoding. In some cases, .BR ber_peek_tag () may also need to be called in normal usage. The other routines are provided for those applications that need more control than .BR ber_scanf () provides. In general, these routines return the tag of the element decoded, or LBER_ERROR if an error occurred. .LP The .BR ber_get_next () routine is used to read the next BER element from the given Sockbuf, \fIsb\fP. It strips off and returns the leading tag, strips off and returns the length of the entire element in \fIlen\fP, and sets up \fIber\fP for subsequent calls to .BR ber_scanf () et al to decode the element. See .BR lber-sockbuf (3) for details of the Sockbuf implementation of the \fIsb\fP parameter. .LP The .BR ber_scanf () routine is used to decode a BER element in much the same way that .BR scanf (3) works. It reads from \fIber\fP, a pointer to a BerElement such as returned by .BR ber_get_next (), interprets the bytes according to the format string \fIfmt\fP, and stores the results in its additional arguments. The format string contains conversion specifications which are used to direct the interpretation of the BER element. The format string can contain the following characters. .RS .LP .TP 3 .B a Octet string. A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter. The caller should free the returned string using .BR ber_memfree (). .TP .B A Octet string. A variant of "\fBa\fP". A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter, unless a zero-length string would result; in that case, the arg is set to NULL. The caller should free the returned string using .BR ber_memfree (). .TP .B s Octet string. A char * buffer should be supplied, followed by a pointer to a ber_len_t initialized to the size of the buffer. Upon return, the null-terminated octet string is put into the buffer, and the ber_len_t is set to the actual size of the octet string. .TP .B O Octet string. A struct ber_val ** should be supplied, which upon return points to a dynamically allocated struct berval containing the octet string and its length. The caller should free the returned structure using .BR ber_bvfree (). .TP .B o Octet string. A struct ber_val * should be supplied, which upon return contains the dynamically allocated octet string and its length. The caller should free the returned octet string using .BR ber_memfree (). .TP .B m Octet string. A struct ber_val * should be supplied, which upon return contains the octet string and its length. The string resides in memory assigned to the BerElement, and must not be freed by the caller. .TP .B b Boolean. A pointer to a ber_int_t should be supplied. .TP .B e Enumeration. A pointer to a ber_int_t should be supplied. .TP .B i Integer. A pointer to a ber_int_t should be supplied. .TP .B B Bitstring. A char ** should be supplied which will point to the dynamically allocated bits, followed by a ber_len_t *, which will point to the length (in bits) of the bitstring returned. .TP .B n Null. No parameter is required. The element is simply skipped if it is recognized. .TP .B v Sequence of octet strings. A char *** should be supplied, which upon return points to a dynamically allocated null-terminated array of char *'s containing the octet strings. NULL is returned if the sequence is empty. The caller should free the returned array and octet strings using .BR ber_memvfree (). .TP .B V Sequence of octet strings with lengths. A struct berval *** should be supplied, which upon return points to a dynamically allocated null-terminated array of struct berval *'s containing the octet strings and their lengths. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvecfree (). .TP .B W Sequence of octet strings with lengths. A BerVarray * should be supplied, which upon return points to a dynamically allocated array of struct berval's containing the octet strings and their lengths. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvarray_free (). .TP .B M Sequence of octet strings with lengths. This is a generalized form of the previous three formats. A void ** (ptr) should be supplied, followed by a ber_len_t * (len) and a ber_len_t (off). Upon return (ptr) will point to a dynamically allocated array whose elements are all of size (*len). A struct berval will be filled starting at offset (off) in each element. The strings in each struct berval reside in memory assigned to the BerElement and must not be freed by the caller. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The number of elements in the array is also stored in (*len) on return. The caller should free the returned array using .BR ber_memfree (). .TP .B l Length of the next element. A pointer to a ber_len_t should be supplied. .TP .B t Tag of the next element. A pointer to a ber_tag_t should be supplied. .TP .B T Skip element and return its tag. A pointer to a ber_tag_t should be supplied. .TP .B x Skip element. The next element is skipped. .TP .B { Begin sequence. No parameter is required. The initial sequence tag and length are skipped. .TP .B } End sequence. No parameter is required and no action is taken. .TP .B [ Begin set. No parameter is required. The initial set tag and length are skipped. .TP .B ] End set. No parameter is required and no action is taken. .RE .LP The .BR ber_get_int () routine tries to interpret the next element as an integer, returning the result in \fInum\fP. The tag of whatever it finds is returned on success, LBER_ERROR (\-1) on failure. .LP The .BR ber_get_stringb () routine is used to read an octet string into a preallocated buffer. The \fIlen\fP parameter should be initialized to the size of the buffer, and will contain the length of the octet string read upon return. The buffer should be big enough to take the octet string value plus a terminating NULL byte. .LP The .BR ber_get_stringa () routine is used to dynamically allocate space into which an octet string is read. The caller should free the returned string using .BR ber_memfree(). .LP The .BR ber_get_stringal () routine is used to dynamically allocate space into which an octet string and its length are read. It takes a struct berval **, and returns the result in this parameter. The caller should free the returned structure using .BR ber_bvfree(). .LP The .BR ber_get_stringbv () routine is used to read an octet string and its length into the provided struct berval *. If the \fIalloc\fP parameter is zero, the string will reside in memory assigned to the BerElement, and must not be freed by the caller. If the \fIalloc\fP parameter is non-zero, the string will be copied into dynamically allocated space which should be returned using .BR ber_memfree (). .LP The .BR ber_get_null () routine is used to read a NULL element. It returns the tag of the element it skips over. .LP The .BR ber_get_boolean () routine is used to read a boolean value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_enum () routine is used to read a enumeration value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_bitstringa () routine is used to read a bitstring value. It takes a char ** which will hold the dynamically allocated bits, followed by an ber_len_t *, which will point to the length (in bits) of the bitstring returned. The caller should free the returned string using .BR ber_memfree (). .LP The .BR ber_first_element () routine is used to return the tag and length of the first element in a set or sequence. It also returns in \fIcookie\fP a magic cookie parameter that should be passed to subsequent calls to ber_next_element(), which returns similar information. .SH EXAMPLES Assume the variable \fIber\fP contains a lightweight BER encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP The element can be decoded using .BR ber_scanf () as follows. .LP .nf ber_int_t scope, deref, size, time, attrsonly; char *dn, **attrs; ber_tag_t tag; tag = ber_scanf( ber, "{aeeiib{v}}", &dn, &scope, &deref, &size, &time, &attrsonly, &attrs ); if( tag == LBER_ERROR ) { /* error */ } else { /* success */ } ber_memfree( dn ); ber_memvfree( attrs ); .fi .SH ERRORS If an error occurs during decoding, generally these routines return LBER_ERROR ((ber_tag_t)\-1). .LP .SH NOTES .LP The return values for all of these functions are declared in the .B header file. Some routines may dynamically allocate memory which must be freed by the caller using supplied deallocation routines. .SH SEE ALSO .BR lber-encode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 358 stdin PK!]Ib ldap_delete_s.3nu[.lf 1 stdin .TH LDAP_DELETE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_delete, ldap_delete_s, ldap_delete_ext, ldap_delete_ext_s \- Perform an LDAP delete operation. .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_delete_s(ld, dn) .ft LDAP *ld; char *dn; .LP .ft B int ldap_delete(ld, dn) .ft LDAP *ld; char *dn; .LP .ft B int ldap_delete_ext(ld, dn, serverctrls, clientctrls, msgidp) .ft LDAP *ld; char *dn; LDAPControl **serverctrls, **clientctrls; int *msgidp; .LP .ft B int ldap_delete_ext_s(ld, dn, serverctrls, clientctrls) .ft LDAP *ld; char *dn; LDAPControl **serverctrls, **clientctrls; .SH DESCRIPTION The .B ldap_delete_s() routine is used to perform an LDAP delete operation synchronously. It takes \fIdn\fP, the DN of the entry to be deleted. It returns an LDAP error code, indicating the success or failure of the operation. .LP The .B ldap_delete() routine is used to perform an LDAP delete operation asynchronously. It takes the same parameters as .BR ldap_delete_s(), but returns the message id of the request it initiated. The result of the delete can be obtained by a subsequent call to .BR ldap_result (3). .LP The .B ldap_delete_ext() routine allows server and client controls to be specified to extend the delete request. This routine is asynchronous like ldap_delete(), but its return value is an LDAP error code. It stores the message id of the request in the integer pointed to by msgidp. .LP The .B ldap_delete_ext_s() routine is the synchronous version of .BR ldap_delete_ext(). It also returns an LDAP error code indicating success or failure of the operation. .SH ERRORS .B ldap_delete_s() returns an LDAP error code which can be interpreted by calling one of .BR ldap_perror (3) and friends. .B ldap_delete() returns \-1 if something went wrong initiating the request. It returns the non-negative message id of the request if things went ok. .LP .B ldap_delete_ext() and .B ldap_delete_ext_s() return some Non-zero value if something went wrong initiating the request, else return 0. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 90 stdin PK!MK$K$ ber_put_seq.3nu[.lf 1 stdin .TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");" .LP .BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");" .LP .BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");" .LP .BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");" .LP .BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_seq(BerElement *" ber ");" .LP .BI "int ber_put_set(BerElement *" ber ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the encoding routines in the lber library. See .BR lber-decode (3) for details on the corresponding decoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_alloc_t () to allocate a BER element for encoding, .BR ber_printf () to do the actual encoding, and .BR ber_flush2 () to actually write the element. The other routines are provided for those applications that need more control than .BR ber_printf () provides. In general, these routines return the length of the element encoded, or \-1 if an error occurred. .LP The .BR ber_alloc_t () routine is used to allocate a new BER element. It should be called with an argument of LBER_USE_DER. .LP The .BR ber_flush2 () routine is used to actually write the element to a socket (or file) descriptor, once it has been fully encoded (using .BR ber_printf () and friends). See .BR lber-sockbuf (3) for more details on the Sockbuf implementation of the \fIsb\fP parameter. If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will be freed. If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed when successfully flushed, otherwise it is left intact; if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed when an error occurs, otherwise it is left intact; if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway. This function differs from the original .BR ber_flush (3) function, whose behavior corresponds to that indicated for \fILBER_FLUSH_FREE_ON_SUCCESS\fP. Note that in the future, the behavior of .BR ber_flush (3) with \fIfreeit\fP non-zero might change into that of .BR ber_flush2 (3) with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP. .LP The .BR ber_printf () routine is used to encode a BER element in much the same way that .BR sprintf (3) works. One important difference, though, is that some state information is kept with the \fIber\fP parameter so that multiple calls can be made to .BR ber_printf () to append things to the end of the BER element. .BR Ber_printf () writes to \fIber\fP, a pointer to a BerElement such as returned by .BR ber_alloc_t (). It interprets and formats its arguments according to the format string \fIfmt\fP. The format string can contain the following characters: .RS .LP .TP 3 .B b Boolean. An ber_int_t parameter should be supplied. A boolean element is output. .TP .B e Enumeration. An ber_int_t parameter should be supplied. An enumeration element is output. .TP .B i Integer. An ber_int_t parameter should be supplied. An integer element is output. .TP .B B Bitstring. A char * pointer to the start of the bitstring is supplied, followed by the number of bits in the bitstring. A bitstring element is output. .TP .B n Null. No parameter is required. A null element is output. .TP .B o Octet string. A char * is supplied, followed by the length of the string pointed to. An octet string element is output. .TP .B O Octet string. A struct berval * is supplied. An octet string element is output. .TP .B s Octet string. A null-terminated string is supplied. An octet string element is output, not including the trailing NULL octet. .TP .B t Tag. A ber_tag_t specifying the tag to give the next element is provided. This works across calls. .TP .B v Several octet strings. A null-terminated array of char *'s is supplied. Note that a construct like '{v}' is required to get an actual SEQUENCE OF octet strings. .TP .B V Several octet strings. A null-terminated array of struct berval *'s is supplied. Note that a construct like '{V}' is required to get an actual SEQUENCE OF octet strings. .TP .B W Several octet strings. An array of struct berval's is supplied. The array is terminated by a struct berval with a NULL bv_val. Note that a construct like '{W}' is required to get an actual SEQUENCE OF octet strings. .TP .B { Begin sequence. No parameter is required. .TP .B } End sequence. No parameter is required. .TP .B [ Begin set. No parameter is required. .TP .B ] End set. No parameter is required. .RE .LP The .BR ber_put_int () routine writes the integer element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_enum () routine writes the enumeration element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_boolean () routine writes the boolean value given by \fIbool\fP to the BER element. .LP The .BR ber_put_bitstring () routine writes \fIblen\fP bits starting at \fIstr\fP as a bitstring value to the given BER element. Note that \fIblen\fP is the length \fIin bits\fP of the bitstring. .LP The .BR ber_put_ostring () routine writes \fIlen\fP bytes starting at \fIstr\fP to the BER element as an octet string. .LP The .BR ber_put_string () routine writes the null-terminated string (minus the terminating '\0') to the BER element as an octet string. .LP The .BR ber_put_null () routine writes a NULL element to the BER element. .LP The .BR ber_start_seq () routine is used to start a sequence in the BER element. The .BR ber_start_set () routine works similarly. The end of the sequence or set is marked by the nearest matching call to .BR ber_put_seq () or .BR ber_put_set (), respectively. .SH EXAMPLES Assuming the following variable declarations, and that the variables have been assigned appropriately, an lber encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP can be achieved like so: .LP .nf int rc; ber_int_t scope, ali, size, time, attrsonly; char *dn, **attrs; BerElement *ber; /* ... fill in values ... */ ber = ber_alloc_t( LBER_USE_DER ); if ( ber == NULL ) { /* error */ } rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali, size, time, attrsonly, attrs ); if( rc == \-1 ) { /* error */ } else { /* success */ } .fi .SH ERRORS If an error occurs during encoding, generally these routines return \-1. .LP .SH NOTES .LP The return values for all of these functions are declared in the header file. .SH SEE ALSO .BR lber-decode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 289 stdin PK!t5dlber-sockbuf.3nu[.lf 1 stdin .TH LBER_SOCKBUF 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_sockbuf_alloc, ber_sockbuf_free, ber_sockbuf_ctrl, ber_sockbuf_add_io, ber_sockbuf_remove_io, Sockbuf_IO \- OpenLDAP LBER I/O infrastructure .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .B Sockbuf *ber_sockbuf_alloc( void ); .LP .BI "void ber_sockbuf_free(Sockbuf *" sb ");" .LP .BI "int ber_sockbuf_ctrl(Sockbuf *" sb ", int " opt ", void *" arg ");" .LP .BI "int ber_sockbuf_add_io(Sockbuf *" sb ", Sockbuf_IO *" sbio ", int " layer ", void *" arg ");" .LP .BI "int ber_sockbuf_remove_io(Sockbuf *" sb ", Sockbuf_IO *" sbio ", int " layer ");" .LP .nf .B typedef struct sockbuf_io_desc { .BI "int " sbiod_level ";" .BI "Sockbuf *" sbiod_sb ";" .BI "Sockbuf_IO *" sbiod_io ";" .BI "void *" sbiod_pvt ";" .BI "struct sockbuf_io_desc *" sbiod_next ";" .B } Sockbuf_IO_Desc; .LP .B typedef struct sockbuf_io { .BI "int (*" sbi_setup ")(Sockbuf_IO_Desc *" sbiod ", void *" arg ");" .BI "int (*" sbi_remove ")(Sockbuf_IO_Desc *" sbiod ");" .BI "int (*" sbi_ctrl ")(Sockbuf_IO_Desc *" sbiod ", int " opt ", void *" arg ");" .BI "ber_slen_t (*" sbi_read ")(Sockbuf_IO_Desc *" sbiod ", void *" buf ", ber_len_t " len ");" .BI "ber_slen_t (*" sbi_write ")(Sockbuf_IO_Desc *" sbiod ", void *" buf ", ber_len_t " len ");" .BI "int (*" sbi_close ")(Sockbuf_IO_Desc *" sbiod ");" .B } Sockbuf_IO; .SH DESCRIPTION .LP These routines are used to manage the low level I/O operations performed by the Lightweight BER library. They are called implicitly by the other libraries and usually do not need to be called directly from applications. The I/O framework is modularized and new transport layers can be supported by appropriately defining a .B Sockbuf_IO structure and installing it onto an existing .BR Sockbuf . .B Sockbuf structures are allocated and freed by .BR ber_sockbuf_alloc () and .BR ber_sockbuf_free (), respectively. The .BR ber_sockbuf_ctrl () function is used to get and set options related to a .B Sockbuf or to a specific I/O layer of the .BR Sockbuf . The .BR ber_sockbuf_add_io () and .BR ber_sockbuf_remove_io () functions are used to add and remove specific I/O layers on a .BR Sockbuf . Options for .BR ber_sockbuf_ctrl () include: .TP .B LBER_SB_OPT_HAS_IO Takes a .B Sockbuf_IO * argument and returns 1 if the given handler is installed on the .BR Sockbuf , otherwise returns 0. .TP .B LBER_SB_OPT_GET_FD Retrieves the file descriptor associated to the .BR Sockbuf ; .B arg must be a .BR "ber_socket_t *" . The return value will be 1 if a valid descriptor was present, \-1 otherwise. .TP .B LBER_SB_OPT_SET_FD Sets the file descriptor of the .B Sockbuf to the descriptor pointed to by .BR arg ; .B arg must be a .BR "ber_socket_t *" . The return value will always be 1. .TP .B LBER_SB_OPT_SET_NONBLOCK Toggles the non-blocking state of the file descriptor associated to the .BR Sockbuf . .B arg should be NULL to disable and non-NULL to enable the non-blocking state. The return value will be 1 for success, \-1 otherwise. .TP .B LBER_SB_OPT_DRAIN Flush (read and discard) all available input on the .BR Sockbuf . The return value will be 1. .TP .B LBER_SB_OPT_NEEDS_READ Returns non-zero if input is waiting to be read. .TP .B LBER_SB_OPT_NEEDS_WRITE Returns non-zero if the .B Sockbuf is ready to be written. .TP .B LBER_SB_OPT_GET_MAX_INCOMING Returns the maximum allowed size of an incoming message; .B arg must be a .BR "ber_len_t *" . The return value will be 1. .TP .B LBER_SB_OPT_SET_MAX_INCOMING Sets the maximum allowed size of an incoming message; .B arg must be a .BR "ber_len_t *" . The return value will be 1. .LP Options not in this list will be passed down to each .B Sockbuf_IO handler in turn until one of them processes it. If the option is not handled .BR ber_sockbuf_ctrl () will return 0. .LP Multiple .B Sockbuf_IO handlers can be stacked in multiple layers to provide various functionality. Currently defined layers include .TP .B LBER_SBIOD_LEVEL_PROVIDER the lowest layer, talking directly to a network .TP .B LBER_SBIOD_LEVEL_TRANSPORT an intermediate layer .TP .B LBER_SBIOD_LEVEL_APPLICATION a higher layer .LP Currently defined .B Sockbuf_IO handlers in liblber include .TP .B ber_sockbuf_io_tcp The default stream-oriented provider .TP .B ber_sockbuf_io_fd A stream-oriented provider for local IPC sockets .TP .B ber_sockbuf_io_dgram A datagram-oriented provider. This handler is only present if the liblber library was built with LDAP_CONNECTIONLESS defined. .TP .B ber_sockbuf_io_readahead A buffering layer, usually used with a datagram provider to hide the datagram semantics from upper layers. .TP .B ber_sockbuf_io_debug A generic handler that outputs hex dumps of all traffic. This handler may be inserted multiple times at arbitrary layers to show the flow of data between other handlers. .LP Additional handlers may be present in libldap if support for them was enabled: .TP .B ldap_pvt_sockbuf_io_sasl An application layer handler for SASL encoding/decoding. .TP .B sb_tls_sbio A transport layer handler for SSL/TLS encoding/decoding. Note that this handler is private to the library and is not exposed in the API. .LP The provided handlers are all instantiated implicitly by libldap, and applications generally will not need to directly manipulate them. .SH SEE ALSO .BR lber-decode (3), .BR lber-encode (3), .BR lber-types (3), .BR ldap_get_option (3) .LP .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 200 stdin PK!E͡ ldap_result.3nu[.lf 1 stdin .TH LDAP_RESULT 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_result \- Wait for the result of an LDAP operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_result( LDAP *ld, int msgid, int all, struct timeval *timeout, LDAPMessage **result ); int ldap_msgfree( LDAPMessage *msg ); int ldap_msgtype( LDAPMessage *msg ); int ldap_msgid( LDAPMessage *msg ); .ft .SH DESCRIPTION The .B ldap_result() routine is used to wait for and return the result of an operation previously initiated by one of the LDAP asynchronous operation routines (e.g., .BR ldap_search_ext (3), .BR ldap_modify_ext (3), etc.). Those routines all return \-1 in case of error, and an invocation identifier upon successful initiation of the operation. The invocation identifier is picked by the library and is guaranteed to be unique across the LDAP session. It can be used to request the result of a specific operation from .B ldap_result() through the \fImsgid\fP parameter. .LP The .B ldap_result() routine will block or not, depending upon the setting of the \fItimeout\fP parameter. If timeout is not a NULL pointer, it specifies a maximum interval to wait for the selection to complete. If timeout is a NULL pointer, the LDAP_OPT_TIMEOUT value set by .BR ldap_set_option (3) is used. With the default setting, the select blocks indefinitely. To effect a poll, the timeout argument should be a non-NULL pointer, pointing to a zero-valued timeval structure. To obtain the behavior of the default setting, bypassing any value set by .BR ldap_set_option (3), set to -1 the \fItv_sec\fP field of the \fItimeout\fP parameter. See .BR select (2) for further details. .LP If the result of a specific operation is required, \fImsgid\fP should be set to the invocation identifier returned when the operation was initiated, otherwise LDAP_RES_ANY or LDAP_RES_UNSOLICITED should be supplied to wait for any or unsolicited response. .LP The \fIall\fP parameter, if non-zero, causes .B ldap_result() to return all responses with msgid, otherwise only the next response is returned. This is commonly used to obtain all the responses of a search operation. .LP A search response is made up of zero or more search entries, zero or more search references, and zero or more extended partial responses followed by a search result. If \fIall\fP is set to 0, search entries will be returned one at a time as they come in, via separate calls to .BR ldap_result() . If it's set to 1, the search response will only be returned in its entirety, i.e., after all entries, all references, all extended partial responses, and the final search result have been received. .SH RETURN VALUE Upon success, the type of the result received is returned and the \fIresult\fP parameter will contain the result of the operation; otherwise, the \fIresult\fP parameter is undefined. This result should be passed to the LDAP parsing routines, .BR ldap_first_message (3) and friends, for interpretation. .LP The possible result types returned are: .LP .nf LDAP_RES_BIND (0x61) LDAP_RES_SEARCH_ENTRY (0x64) LDAP_RES_SEARCH_REFERENCE (0x73) LDAP_RES_SEARCH_RESULT (0x65) LDAP_RES_MODIFY (0x67) LDAP_RES_ADD (0x69) LDAP_RES_DELETE (0x6b) LDAP_RES_MODDN (0x6d) LDAP_RES_COMPARE (0x6f) LDAP_RES_EXTENDED (0x78) LDAP_RES_INTERMEDIATE (0x79) .fi .LP The .B ldap_msgfree() routine is used to free the memory allocated for result(s) by .B ldap_result() or .BR ldap_search_ext_s (3) and friends. It takes a pointer to the result or result chain to be freed and returns the type of the last message in the chain. If the parameter is NULL, the function does nothing and returns zero. .LP The .B ldap_msgtype() routine returns the type of a message. .LP The .B ldap_msgid() routine returns the message id of a message. .SH ERRORS .B ldap_result() returns \-1 if something bad happens, and zero if the timeout specified was exceeded. .B ldap_msgtype() and .B ldap_msgid() return \-1 on error. .SH SEE ALSO .BR ldap (3), .BR ldap_first_message (3), .BR select (2) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 137 stdin PK! NO O ldap_first_message.3nu[.lf 1 stdin .TH LDAP_FIRST_MESSAGE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_first_message, ldap_next_message, ldap_count_messages \- Stepping through messages in a result chain .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_count_messages( LDAP *ld, LDAPMessage *result ) .LP .ft B LDAPMessage *ldap_first_message( LDAP *ld, LDAPMessage *result ) .LP .ft B LDAPMessage *ldap_next_message( LDAP *ld, LDAPMessage *message ) .SH DESCRIPTION .LP These routines are used to step through the messages in a result chain received from .BR ldap_result (3) . For search operations, the result chain can contain referral, entry and result messages. The .BR ldap_msgtype (3) function can be used to distinguish between the different message types. .LP The .B ldap_first_message() routine is used to retrieve the first message in a result chain. It takes the \fIresult\fP as returned by a call to .BR ldap_result (3) , .BR ldap_search_s (3) or .BR ldap_search_st (3) and returns a pointer to the first message in the result chain. .LP This pointer should be supplied on a subsequent call to .B ldap_next_message() to get the next message, the result of which should be supplied to the next call to .BR ldap_next_message() , etc. .B ldap_next_message() will return NULL when there are no more messages. .LP These functions are useful when using routines like .BR ldap_parse_result (3) that only operate on the first result in the chain. .LP A count of the number of messages in the result chain can be obtained by calling .BR ldap_count_messages() . It can also be used to count the number of remaining messages in a chain if called with a message, entry or reference returned by .B ldap_first_message() , .B ldap_next_message() , .BR ldap_first_entry (3) , .BR ldap_next_entry (3) , .BR ldap_first_reference (3) , .BR ldap_next_reference (3) . .SH ERRORS If an error occurs in .B ldap_first_message() or .BR ldap_next_message() , NULL is returned. If an error occurs in .BR ldap_count_messages() , -1 is returned. .SH SEE ALSO .BR ldap (3), .BR ldap_search (3), .BR ldap_result (3), .BR ldap_parse_result (3), .BR ldap_first_entry (3), .BR ldap_first_reference (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 83 stdin PK!00ldap_memalloc.3nu[.lf 1 stdin .TH LDAP_MEMORY 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "void ldap_memfree(void *" p ");" .LP .BI "void ldap_memvfree(void **" v ");" .LP .BI "void *ldap_memalloc(ber_len_t " s ");" .LP .BI "void *ldap_memcalloc(ber_len_t " n ", ber_len_t " s ");" .LP .BI "void *ldap_memrealloc(void *" p ", ber_len_t " s ");" .LP .BI "char *ldap_strdup(LDAP_CONST char *" p ");" .SH DESCRIPTION These routines are used to allocate/deallocate memory used/returned by the LDAP library. .BR ldap_memalloc (), .BR ldap_memcalloc (), .BR ldap_memrealloc (), and .BR ldap_memfree () are used exactly like the standard .BR malloc (3), .BR calloc (3), .BR realloc (3), and .BR free (3) routines, respectively. The .BR ldap_memvfree () routine is used to free a dynamically allocated array of pointers to arbitrary dynamically allocated objects. The .BR ldap_strdup () routine is used exactly like the standard .BR strdup (3) routine. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 51 stdin PK!..ldap_simple_bind.3nu[.lf 1 stdin .TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .B #include .LP .BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], int *" msgidp ");" .RE .LP .BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");" .RE .LP .BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res "," .RS .BI "struct berval **" servercredp ", int " freeit ");" .RE .LP .BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ");" .RE .LP .BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ", LDAPMessage *" result "," .BI "const char **" rmechp ", int *" msgidp ");" .RE .LP .BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");" .LP .BI "int ldap_unbind(LDAP *" ld ");" .LP .BI "int ldap_unbind_s(LDAP *" ld ");" .LP .BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");" .LP .BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");" .SH DESCRIPTION .LP These routines provide various interfaces to the LDAP bind operation. After an association with an LDAP server is made using .BR ldap_init (3), an LDAP bind operation should be performed before other operations are attempted over the connection. An LDAP bind is required when using Version 2 of the LDAP protocol; it is optional for Version 3 but is usually needed due to security considerations. .LP There are three types of bind calls, ones providing simple authentication, ones providing SASL authentication, and general routines capable of doing either simple or SASL authentication. .LP .B SASL (Simple Authentication and Security Layer) can negotiate one of many different kinds of authentication. Both synchronous and asynchronous versions of each variant of the bind call are provided. All routines take \fIld\fP as their first parameter, as returned from .BR ldap_init (3). .SH SIMPLE AUTHENTICATION The simplest form of the bind call is .BR ldap_simple_bind_s() . It takes the DN to bind as in \fIwho\fP, and the userPassword associated with the entry in \fIpasswd\fP. It returns an LDAP error indication (see .BR ldap_error (3)). The .B ldap_simple_bind() call is asynchronous, taking the same parameters but only initiating the bind operation and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The .B ldap_sasl_bind_s() and asynchronous .B ldap_sasl_bind() functions can also be used to make a simple bind by using LDAP_SASL_SIMPLE as the SASL mechanism. .SH GENERAL AUTHENTICATION The .B ldap_bind() and .B ldap_bind_s() routines can be used when the authentication method to use needs to be selected at runtime. They both take an extra \fImethod\fP parameter selecting the authentication method to use. It should be set to LDAP_AUTH_SIMPLE to select simple authentication. .B ldap_bind() returns the message id of the request it initiates. .B ldap_bind_s() returns an LDAP error indication. .SH SASL AUTHENTICATION For SASL binds the server always ignores any provided DN, so the .I dn parameter should always be NULL. .BR ldap_sasl_bind_s () sends a single SASL bind request with the given SASL .I mechanism and credentials in the .I cred parameter. The format of the credentials depends on the particular SASL mechanism in use. For mechanisms that provide mutual authentication the server's credentials will be returned in the .I servercredp parameter. The routine returns an LDAP error indication (see .BR ldap_error (3)). The .BR ldap_sasl_bind () call is asynchronous, taking the same parameters but only sending the request and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The result must be additionally parsed by .BR ldap_parse_sasl_bind_result () to obtain any server credentials sent from the server. .LP Many SASL mechanisms require multiple message exchanges to perform a complete authentication. Applications should generally use .BR ldap_sasl_interactive_bind_s () rather than calling the basic .BR ldap_sasl_bind () functions directly. The .I mechs parameter should contain a space-separated list of candidate mechanisms to use. If this parameter is NULL or empty the library will query the supportedSASLMechanisms attribute from the server's rootDSE for the list of SASL mechanisms the server supports. The .I flags parameter controls the interaction used to retrieve any necessary SASL authentication parameters and should be one of: .TP LDAP_SASL_AUTOMATIC use defaults if available, prompt otherwise .TP LDAP_SASL_INTERACTIVE always prompt .TP LDAP_SASL_QUIET never prompt .LP The .I interact function uses the provided .I defaults to handle requests from the SASL library for particular authentication parameters. There is no defined format for the .I defaults information; it is up to the caller to use whatever format is appropriate for the supplied .I interact function. The .I sasl_interact parameter comes from the underlying SASL library. When used with Cyrus SASL this is an array of .B sasl_interact_t structures. The Cyrus SASL library will prompt for a variety of inputs, including: .TP SASL_CB_GETREALM the realm for the authentication attempt .TP SASL_CB_AUTHNAME the username to authenticate .TP SASL_CB_PASS the password for the provided username .TP SASL_CB_USER the username to use for proxy authorization .TP SASL_CB_NOECHOPROMPT generic prompt for input with input echoing disabled .TP SASL_CB_ECHOPROMPT generic prompt for input with input echoing enabled .TP SASL_CB_LIST_END indicates the end of the array of prompts .LP See the Cyrus SASL documentation for more details. .LP Applications which need to manage connections asynchronously may use .BR ldap_sasl_interactive_bind () instead of the synchronous version. A valid mechs parameter must be supplied, otherwise the library will be forced to query the server for a list of supported mechanisms, and this query will be performed synchronously. The other parameters are the same as for the synchronous function, with three additional parameters. The actual SASL mechanism that was used, and the message ID for use with .BR ldap_result () will be returned in rmechp and msgidp, respectively. The value in rmechp must not be modified by the caller and must be passed back on each subsequent call. The message obtained from .BR ldap_result () must be passed in the result parameter. This parameter must be NULL when initiating a new Bind. The caller must free the result message after each call using .BR ldap_msgfree (). The .BR ldap_sasl_interactive_bind () function returns an LDAP result code. If the code is LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and this function must be called again with the next result from the server. .SH REBINDING .LP The .B ldap_set_rebind_proc function() sets the process to use for binding when an operation returns a referral. This function is used when an application needs to bind to another server in order to follow a referral or search continuation reference. .LP The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP, the arbitrary data like state information which the client might need to properly rebind. The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries to use the rebind function. Use the .BR ldap_set_option function to set the value. .LP The rebind function parameters are as follows: .LP The \fIld\fP parameter must be used by the application when binding to the referred server if the application wants the libraries to follow the referral. .LP The \fIurl\fP parameter points to the URL referral string received from the LDAP server. The LDAP application can use the .BR ldap_url_parse (3) function to parse the string into its components. .LP The \fIrequest\fP parameter specifies the type of request that generated the referral. .LP The \fImsgid\fP parameter specifies the message ID of the request generating the referral. .LP The \fIparams\fP parameter is the same value as passed originally to the .BR ldap_set_rebind_proc () function. .LP The LDAP libraries set all the parameters when they call the rebind function. The application should not attempt to free either the ld or the url structures in the rebind function. .LP The application must supply to the rebind function the required authentication information such as, user name, password, and certificates. The rebind function must use a synchronous bind method. .SH UNBINDING The .B ldap_unbind() call is used to unbind from the directory, terminate the current association, and free the resources contained in the \fIld\fP structure. Once it is called, the connection to the LDAP server is closed, and the \fIld\fP structure is invalid. The .B ldap_unbind_s() call is just another name for .BR ldap_unbind() ; both of these calls are synchronous in nature. .LP The .B ldap_unbind_ext() and .B ldap_unbind_ext_s() allows the operations to specify controls. .SH ERRORS Asynchronous routines will return \-1 in case of error, setting the \fIld_errno\fP parameter of the \fIld\fP structure. Synchronous routines return whatever \fIld_errno\fP is set to. See .BR ldap_error (3) for more information. .SH NOTES If an anonymous bind is sufficient for the application, the rebind process need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option set to ON (default value) will automatically follow referrals using an anonymous bind. .LP If the application needs stronger authentication than an anonymous bind, you need to provide a rebind process for that authentication method. The bind method must be synchronous. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_open (3), .BR ldap_set_option (3), .BR ldap_url_parse (3) .B RFC 4422 (http://www.rfc-editor.org), .B Cyrus SASL (http://asg.web.cmu.edu/sasl/) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 335 stdin PK!A   ldap_modrdn_s.3nu[.lf 1 stdin .TH LDAP_MODRDN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_modrdn, ldap_modrdn_s, ldap_modrdn2, ldap_modrdn2_s \- Perform an LDAP modify RDN operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_modrdn(ld, dn, newrdn) .ft LDAP \(**ld; char \(**dn, \(**newrdn; .LP .ft B .LP .ft B int ldap_modrdn_s(ld, dn, newrdn) .ft LDAP \(**ld; char \(**dn, \(**newrdn; .LP .ft B int ldap_modrdn2(ld, dn, newrdn, deleteoldrdn) .ft LDAP \(**ld; char \(**dn, \(**newrdn; int deleteoldrdn; .LP .ft B int ldap_modrdn2_s(ld, dn, newrdn, deleteoldrdn) .ft LDAP \(**ld; char \(**dn, \(**newrdn; int deleteoldrdn; .SH DESCRIPTION The .B ldap_modrdn() and .B ldap_modrdn_s() routines perform an LDAP modify RDN operation. They both take \fIdn\fP, the DN of the entry whose RDN is to be changed, and \fInewrdn\fP, the new RDN to give the entry. The old RDN of the entry is never kept as an attribute of the entry. .B ldap_modrdn() is asynchronous, returning the message id of the operation it initiates. .B ldap_modrdn_s() is synchronous, returning the LDAP error code indicating the success or failure of the operation. Use of these routines is deprecated. Use the versions described below instead. .LP The .B ldap_modrdn2() and .B ldap_modrdn2_s() routines also perform an LDAP modify RDN operation, taking the same parameters as above. In addition, they both take the \fIdeleteoldrdn\fP parameter which is used as a boolean value to indicate whether the old RDN values should be deleted from the entry or not. .SH ERRORS The synchronous (_s) versions of these routines return an LDAP error code, either LDAP_SUCCESS or an error if there was trouble. The asynchronous versions return \-1 in case of trouble, setting the .B ld_errno field of \fIld\fP. See .BR ldap_error (3) for more details. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 82 stdin PK!շY ber_free.3nu[.lf 1 stdin .TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .nf .ft B typedef impl_tag_t ber_tag_t; typedef impl_int_t ber_int_t; typedef impl_uint_t ber_uint_t; typedef impl_len_t ber_len_t; typedef impl_slen_t ber_slen_t; typedef struct berval { ber_len_t bv_len; char *bv_val; } BerValue, *BerVarray; typedef struct berelement BerElement; .ft .fi .LP .BI "void ber_bvfree(struct berval *" bv ");" .LP .BI "void ber_bvecfree(struct berval **" bvec ");" .LP .BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");" .LP .BI "void ber_bvarray_free(struct berval *" bvarray ");" .LP .BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");" .LP .BI "struct berval *ber_bvdup(const struct berval *" bv ");" .LP .BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");" .LP .BI "struct berval *ber_bvstr(const char *" str ");" .LP .BI "struct berval *ber_bvstrdup(const char *" str ");" .LP .BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");" .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "BerElement *ber_init(struct berval *" bv ");" .LP .BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");" .LP .BI "void ber_free(BerElement *" ber ", int " freebuf ");" .SH DESCRIPTION .LP The following are the basic types and structures defined for use with the Lightweight BER library. .LP .B ber_int_t is a signed integer of at least 32 bits. It is commonly equivalent to .BR int . .B ber_uint_t is the unsigned variant of .BR ber_int_t . .LP .B ber_len_t is an unsigned integer of at least 32 bits used to represent a length. It is commonly equivalent to a .BR size_t . .B ber_slen_t is the signed variant to .BR ber_len_t . .LP .B ber_tag_t is an unsigned integer of at least 32 bits used to represent a BER tag. It is commonly equivalent to a .BR unsigned\ long . .LP The actual definitions of the integral impl_TYPE_t types are platform specific. .LP .BR BerValue , commonly used as .BR struct\ berval , is used to hold an arbitrary sequence of octets. .B bv_val points to .B bv_len octets. .B bv_val is not necessarily terminated by a NULL (zero) octet. .BR ber_bvfree () frees a BerValue, pointed to by \fIbv\fP, returned from this API. If \fIbv\fP is NULL, the routine does nothing. .LP .BR ber_bvecfree () frees an array of BerValues (and the array), pointed to by \fIbvec\fP, returned from this API. If \fIbvec\fP is NULL, the routine does nothing. .BR ber_bvecadd () appends the \fIbv\fP pointer to the \fIbvec\fP array. Space for the array is allocated as needed. The end of the array is marked by a NULL pointer. .LP .BR ber_bvarray_free () frees an array of BerValues (and the array), pointed to by \fIbvarray\fP, returned from this API. If \fIbvarray\fP is NULL, the routine does nothing. .BR ber_bvarray_add () appends the contents of the BerValue pointed to by \fIbv\fP to the \fIbvarray\fP array. Space for the new element is allocated as needed. The end of the array is marked by a BerValue with a NULL bv_val field. .LP .BR ber_bvdup () returns a copy of a BerValue. The routine returns NULL upon error (e.g. out of memory). The caller should use .BR ber_bvfree () to deallocate the resulting BerValue. .BR ber_dupbv () copies a BerValue from \fIsrc\fP to \fIdst\fP. If \fIdst\fP is NULL a new BerValue will be allocated to hold the copy. The routine returns NULL upon error, otherwise it returns a pointer to the copy. If \fIdst\fP is NULL the caller should use .BR ber_bvfree () to deallocate the resulting BerValue, otherwise .BR ber_memfree () should be used to deallocate the \fIdst->bv_val\fP. (The .BR ber_bvdup () function is internally implemented as ber_dupbv(NULL, bv). .BR ber_bvdup () is provided only for compatibility with an expired draft of the LDAP C API; .BR ber_dupbv () is the preferred interface.) .LP .BR ber_bvstr () returns a BerValue containing the string pointed to by \fIstr\fP. .BR ber_bvstrdup () returns a BerValue containing a copy of the string pointed to by \fIstr\fP. .BR ber_str2bv () returns a BerValue containing the string pointed to by \fIstr\fP, whose length may be optionally specified in \fIlen\fP. If \fIdup\fP is non-zero, the BerValue will contain a copy of \fIstr\fP. If \fIlen\fP is zero, the number of bytes to copy will be determined by .BR strlen (3), otherwise \fIlen\fP bytes will be copied. If \fIbv\fP is non-NULL, the result will be stored in the given BerValue, otherwise a new BerValue will be allocated to store the result. NOTE: Both .BR ber_bvstr () and .BR ber_bvstrdup () are implemented as macros using .BR ber_str2bv () in this version of the library. .LP .B BerElement is an opaque structure used to maintain state information used in encoding and decoding. .BR ber_alloc_t () is used to create an empty BerElement structure. If .B LBER_USE_DER is specified for the .I options parameter then data lengths for data written to the BerElement will be encoded in the minimal number of octets required, otherwise they will always be written as four byte values. .BR ber_init () creates a BerElement structure that is initialized with a copy of the data in its .I bv parameter. .BR ber_init2 () initializes an existing BerElement .I ber using the data in the .I bv parameter. The data is referenced directly, not copied. The .I options parameter is the same as for .BR ber_alloc_t (). .BR ber_free () frees a BerElement pointed to by \fIber\fP. If \fIber\fP is NULL, the routine does nothing. If \fIfreebuf\fP is zero, the internal buffer is not freed. .SH SEE ALSO .BR lber-encode (3), .BR lber-decode (3), .BR lber-memory (3) .LP .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 189 stdin PK!w;+- - ldap_next_reference.3nu[.lf 1 stdin .TH LDAP_FIRST_REFERENCE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_first_reference, ldap_next_reference, ldap_count_references \- Stepping through continuation references in a result chain .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_count_references( LDAP *ld, LDAPMessage *result ) .LP .ft B LDAPMessage *ldap_first_reference( LDAP *ld, LDAPMessage *result ) .LP .ft B LDAPMessage *ldap_next_reference( LDAP *ld, LDAPMessage *reference ) .SH DESCRIPTION .LP These routines are used to step through the continuation references in a result chain received from .BR ldap_result (3) or the synchronous LDAP search operation routines. .LP The .B ldap_first_reference() routine is used to retrieve the first reference message in a result chain. It takes the \fIresult\fP as returned by a call to .BR ldap_result (3) , .BR ldap_search_s (3) or .BR ldap_search_st (3) and returns a pointer to the first reference message in the result chain. .LP This pointer should be supplied on a subsequent call to .B ldap_next_reference() to get the next reference message, the result of which should be supplied to the next call to .BR ldap_next_reference() , etc. .B ldap_next_reference() will return NULL when there are no more reference messages. The reference messages returned from these calls are used by .BR ldap_parse_reference (3) to extract referrals and controls. .LP A count of the number of reference messages in the search result can be obtained by calling .BR ldap_count_references() . It can also be used to count the number of reference messages remaining in a result chain. .SH ERRORS If an error occurs in .B ldap_first_reference() or .BR ldap_next_reference() , NULL is returned. If an error occurs in .BR ldap_count_references() , -1 is returned. .SH SEE ALSO .BR ldap (3), .BR ldap_result (3), .BR ldap_search (3), .BR ldap_parse_reference (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 72 stdin PK!c%uuldap_search_s.3nu[.lf 1 stdin .TH LDAP_SEARCH 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B int ldap_search_ext( .RS LDAP *\fIld\fB, char *\fIbase\fB, int \fIscope\fB, char *\fIfilter\fB, char *\fIattrs\fB[], int \fIattrsonly\fB, LDAPControl **\fIserverctrls\fB, LDAPControl **\fIclientctrls\fB, struct timeval *\fItimeout\fB, int \fIsizelimit\fB, int *\fImsgidp\fB ); .RE .LP .ft B int ldap_search_ext_s( .RS LDAP *\fIld\fB, char *\fIbase\fB, int \fIscope\fB, char *\fIfilter\fB, char *\fIattrs\fB[], int \fIattrsonly\fB, LDAPControl **\fIserverctrls\fB, LDAPControl **\fIclientctrls\fB, struct timeval *\fItimeout\fB, int \fIsizelimit\fB, LDAPMessage **\fIres\fB ); .RE .SH DESCRIPTION These routines are used to perform LDAP search operations. The .B ldap_search_ext_s() routine does the search synchronously (i.e., not returning until the operation completes), providing a pointer to the resulting LDAP messages at the location pointed to by the \fIres\fP parameter. .LP The .B ldap_search_ext() routine is the asynchronous version, initiating the search and returning the message id of the operation it initiated in the integer pointed to by the \fImsgidp\fP parameter. .LP The \fIbase\fP parameter is the DN of the entry at which to start the search. .LP The \fIscope\fP parameter is the scope of the search and should be one of LDAP_SCOPE_BASE, to search the object itself, LDAP_SCOPE_ONELEVEL, to search the object's immediate children, LDAP_SCOPE_SUBTREE, to search the object and all its descendants, or LDAP_SCOPE_CHILDREN, to search all of the descendants. Note that the latter requires the server support the LDAP Subordinates Search Scope extension. .LP The \fIfilter\fP is a string representation of the filter to apply in the search. The string should conform to the format specified in RFC 4515 as extended by RFC 4526. For instance, "(cn=Jane Doe)". Note that use of the extension requires the server to support the LDAP Absolute True/False Filter extension. NULL may be specified to indicate the library should send the filter (objectClass=*). .LP The \fIattrs\fP parameter is a null-terminated array of attribute descriptions to return from matching entries. If NULL is specified, the return of all user attributes is requested. The description "*" (LDAP_ALL_USER_ATTRIBUTES) may be used to request all user attributes to be returned. The description "+"(LDAP_ALL_OPERATIONAL_ATTRIBUTES) may be used to request all operational attributes to be returned. Note that this requires the server to support the LDAP All Operational Attribute extension. To request no attributes, the description "1.1" (LDAP_NO_ATTRS) should be listed by itself. .LP The \fIattrsonly\fP parameter should be set to a non-zero value if only attribute descriptions are wanted. It should be set to zero (0) if both attributes descriptions and attribute values are wanted. .LP The \fIserverctrls\fP and \fIclientctrls\fP parameters may be used to specify server and client controls, respectively. .LP The .B ldap_search_ext_s() routine is the synchronous version of .BR ldap_search_ext(). .LP It also returns a code indicating success or, in the case of failure, indicating the nature of the failure of the operation. See .BR ldap_error (3) for details. .SH NOTES Note that both read and list functionality are subsumed by these routines, by using a filter like "(objectclass=*)" and a scope of LDAP_SCOPE_BASE (to emulate read) or LDAP_SCOPE_ONELEVEL (to emulate list). .LP These routines may dynamically allocate memory. The caller is responsible for freeing such memory using supplied deallocation routines. Return values are contained in . .LP Note that \fIres\fR parameter of .B ldap_search_ext_s() and .B ldap_search_s() should be freed with .B ldap_msgfree() regardless of return value of these functions. .SH DEPRECATED INTERFACES The .B ldap_search() routine is deprecated in favor of the .B ldap_search_ext() routine. The .B ldap_search_s() and .B ldap_search_st() routines are deprecated in favor of the .B ldap_search_ext_s() routine. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 139 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_result (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 145 stdin PK!c%uuldap_search_ext.3nu[.lf 1 stdin .TH LDAP_SEARCH 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B int ldap_search_ext( .RS LDAP *\fIld\fB, char *\fIbase\fB, int \fIscope\fB, char *\fIfilter\fB, char *\fIattrs\fB[], int \fIattrsonly\fB, LDAPControl **\fIserverctrls\fB, LDAPControl **\fIclientctrls\fB, struct timeval *\fItimeout\fB, int \fIsizelimit\fB, int *\fImsgidp\fB ); .RE .LP .ft B int ldap_search_ext_s( .RS LDAP *\fIld\fB, char *\fIbase\fB, int \fIscope\fB, char *\fIfilter\fB, char *\fIattrs\fB[], int \fIattrsonly\fB, LDAPControl **\fIserverctrls\fB, LDAPControl **\fIclientctrls\fB, struct timeval *\fItimeout\fB, int \fIsizelimit\fB, LDAPMessage **\fIres\fB ); .RE .SH DESCRIPTION These routines are used to perform LDAP search operations. The .B ldap_search_ext_s() routine does the search synchronously (i.e., not returning until the operation completes), providing a pointer to the resulting LDAP messages at the location pointed to by the \fIres\fP parameter. .LP The .B ldap_search_ext() routine is the asynchronous version, initiating the search and returning the message id of the operation it initiated in the integer pointed to by the \fImsgidp\fP parameter. .LP The \fIbase\fP parameter is the DN of the entry at which to start the search. .LP The \fIscope\fP parameter is the scope of the search and should be one of LDAP_SCOPE_BASE, to search the object itself, LDAP_SCOPE_ONELEVEL, to search the object's immediate children, LDAP_SCOPE_SUBTREE, to search the object and all its descendants, or LDAP_SCOPE_CHILDREN, to search all of the descendants. Note that the latter requires the server support the LDAP Subordinates Search Scope extension. .LP The \fIfilter\fP is a string representation of the filter to apply in the search. The string should conform to the format specified in RFC 4515 as extended by RFC 4526. For instance, "(cn=Jane Doe)". Note that use of the extension requires the server to support the LDAP Absolute True/False Filter extension. NULL may be specified to indicate the library should send the filter (objectClass=*). .LP The \fIattrs\fP parameter is a null-terminated array of attribute descriptions to return from matching entries. If NULL is specified, the return of all user attributes is requested. The description "*" (LDAP_ALL_USER_ATTRIBUTES) may be used to request all user attributes to be returned. The description "+"(LDAP_ALL_OPERATIONAL_ATTRIBUTES) may be used to request all operational attributes to be returned. Note that this requires the server to support the LDAP All Operational Attribute extension. To request no attributes, the description "1.1" (LDAP_NO_ATTRS) should be listed by itself. .LP The \fIattrsonly\fP parameter should be set to a non-zero value if only attribute descriptions are wanted. It should be set to zero (0) if both attributes descriptions and attribute values are wanted. .LP The \fIserverctrls\fP and \fIclientctrls\fP parameters may be used to specify server and client controls, respectively. .LP The .B ldap_search_ext_s() routine is the synchronous version of .BR ldap_search_ext(). .LP It also returns a code indicating success or, in the case of failure, indicating the nature of the failure of the operation. See .BR ldap_error (3) for details. .SH NOTES Note that both read and list functionality are subsumed by these routines, by using a filter like "(objectclass=*)" and a scope of LDAP_SCOPE_BASE (to emulate read) or LDAP_SCOPE_ONELEVEL (to emulate list). .LP These routines may dynamically allocate memory. The caller is responsible for freeing such memory using supplied deallocation routines. Return values are contained in . .LP Note that \fIres\fR parameter of .B ldap_search_ext_s() and .B ldap_search_s() should be freed with .B ldap_msgfree() regardless of return value of these functions. .SH DEPRECATED INTERFACES The .B ldap_search() routine is deprecated in favor of the .B ldap_search_ext() routine. The .B ldap_search_s() and .B ldap_search_st() routines are deprecated in favor of the .B ldap_search_ext_s() routine. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 139 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_result (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 145 stdin PK!CB ldap_compare.3nu[.lf 1 stdin .TH LDAP_COMPARE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_compare, ldap_compare_s, ldap_compare_ext, ldap_compare_ext_s \- Perform an LDAP compare operation. .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_compare_ext( .RS .ft B LDAP *\fIld\fB, char *\fIdn\fB, char *\fIattr\fB, const struct berval *\fIbvalue\fB, LDAPControl **\fIserverctrls\fB, LDAPControl **\fIclientctrls\fB, int *\fImsgidp\fB ); .RE .LP .ft B int ldap_compare_ext_s( .RS .ft B LDAP *\fIld\fB, char *\fIdn\fB, char *\fIattr\fB, const struct berval *\fIbvalue\fB, LDAPControl **\fIserverctrls\fB, LDAPControl **\fIclientctrls\fB ); .RE .SH DESCRIPTION The .B ldap_compare_ext_s() routine is used to perform an LDAP compare operation synchronously. It takes \fIdn\fP, the DN of the entry upon which to perform the compare, and \fIattr\fP and \fIvalue\fP, the attribute description and value to compare to those found in the entry. It returns a code, which will be LDAP_COMPARE_TRUE if the entry contains the attribute value and LDAP_COMPARE_FALSE if it does not. Otherwise, an error code is returned that indicates the nature of the problem. See .BR ldap (3) for details. .LP The .B ldap_compare_ext() routine is used to perform an LDAP compare operation asynchronously. It takes the same parameters as .BR ldap_compare_ext_s() , but provides the message id of the request it initiated in the integer pointed to \fImsgidp\fP. The result of the compare can be obtained by a subsequent call to .BR ldap_result (3). .LP Both routines allow server and client controls to be specified to extend the compare request. .SH DEPRECATED INTERFACES The routines .BR ldap_compare () and .BR ldap_compare_s () are deprecated in favor of .BR ldap_compare_ext () and .BR ldap_compare_ext_s (), respectively. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 75 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 80 stdin PK!շYber_bvarray_free.3nu[.lf 1 stdin .TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .nf .ft B typedef impl_tag_t ber_tag_t; typedef impl_int_t ber_int_t; typedef impl_uint_t ber_uint_t; typedef impl_len_t ber_len_t; typedef impl_slen_t ber_slen_t; typedef struct berval { ber_len_t bv_len; char *bv_val; } BerValue, *BerVarray; typedef struct berelement BerElement; .ft .fi .LP .BI "void ber_bvfree(struct berval *" bv ");" .LP .BI "void ber_bvecfree(struct berval **" bvec ");" .LP .BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");" .LP .BI "void ber_bvarray_free(struct berval *" bvarray ");" .LP .BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");" .LP .BI "struct berval *ber_bvdup(const struct berval *" bv ");" .LP .BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");" .LP .BI "struct berval *ber_bvstr(const char *" str ");" .LP .BI "struct berval *ber_bvstrdup(const char *" str ");" .LP .BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");" .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "BerElement *ber_init(struct berval *" bv ");" .LP .BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");" .LP .BI "void ber_free(BerElement *" ber ", int " freebuf ");" .SH DESCRIPTION .LP The following are the basic types and structures defined for use with the Lightweight BER library. .LP .B ber_int_t is a signed integer of at least 32 bits. It is commonly equivalent to .BR int . .B ber_uint_t is the unsigned variant of .BR ber_int_t . .LP .B ber_len_t is an unsigned integer of at least 32 bits used to represent a length. It is commonly equivalent to a .BR size_t . .B ber_slen_t is the signed variant to .BR ber_len_t . .LP .B ber_tag_t is an unsigned integer of at least 32 bits used to represent a BER tag. It is commonly equivalent to a .BR unsigned\ long . .LP The actual definitions of the integral impl_TYPE_t types are platform specific. .LP .BR BerValue , commonly used as .BR struct\ berval , is used to hold an arbitrary sequence of octets. .B bv_val points to .B bv_len octets. .B bv_val is not necessarily terminated by a NULL (zero) octet. .BR ber_bvfree () frees a BerValue, pointed to by \fIbv\fP, returned from this API. If \fIbv\fP is NULL, the routine does nothing. .LP .BR ber_bvecfree () frees an array of BerValues (and the array), pointed to by \fIbvec\fP, returned from this API. If \fIbvec\fP is NULL, the routine does nothing. .BR ber_bvecadd () appends the \fIbv\fP pointer to the \fIbvec\fP array. Space for the array is allocated as needed. The end of the array is marked by a NULL pointer. .LP .BR ber_bvarray_free () frees an array of BerValues (and the array), pointed to by \fIbvarray\fP, returned from this API. If \fIbvarray\fP is NULL, the routine does nothing. .BR ber_bvarray_add () appends the contents of the BerValue pointed to by \fIbv\fP to the \fIbvarray\fP array. Space for the new element is allocated as needed. The end of the array is marked by a BerValue with a NULL bv_val field. .LP .BR ber_bvdup () returns a copy of a BerValue. The routine returns NULL upon error (e.g. out of memory). The caller should use .BR ber_bvfree () to deallocate the resulting BerValue. .BR ber_dupbv () copies a BerValue from \fIsrc\fP to \fIdst\fP. If \fIdst\fP is NULL a new BerValue will be allocated to hold the copy. The routine returns NULL upon error, otherwise it returns a pointer to the copy. If \fIdst\fP is NULL the caller should use .BR ber_bvfree () to deallocate the resulting BerValue, otherwise .BR ber_memfree () should be used to deallocate the \fIdst->bv_val\fP. (The .BR ber_bvdup () function is internally implemented as ber_dupbv(NULL, bv). .BR ber_bvdup () is provided only for compatibility with an expired draft of the LDAP C API; .BR ber_dupbv () is the preferred interface.) .LP .BR ber_bvstr () returns a BerValue containing the string pointed to by \fIstr\fP. .BR ber_bvstrdup () returns a BerValue containing a copy of the string pointed to by \fIstr\fP. .BR ber_str2bv () returns a BerValue containing the string pointed to by \fIstr\fP, whose length may be optionally specified in \fIlen\fP. If \fIdup\fP is non-zero, the BerValue will contain a copy of \fIstr\fP. If \fIlen\fP is zero, the number of bytes to copy will be determined by .BR strlen (3), otherwise \fIlen\fP bytes will be copied. If \fIbv\fP is non-NULL, the result will be stored in the given BerValue, otherwise a new BerValue will be allocated to store the result. NOTE: Both .BR ber_bvstr () and .BR ber_bvstrdup () are implemented as macros using .BR ber_str2bv () in this version of the library. .LP .B BerElement is an opaque structure used to maintain state information used in encoding and decoding. .BR ber_alloc_t () is used to create an empty BerElement structure. If .B LBER_USE_DER is specified for the .I options parameter then data lengths for data written to the BerElement will be encoded in the minimal number of octets required, otherwise they will always be written as four byte values. .BR ber_init () creates a BerElement structure that is initialized with a copy of the data in its .I bv parameter. .BR ber_init2 () initializes an existing BerElement .I ber using the data in the .I bv parameter. The data is referenced directly, not copied. The .I options parameter is the same as for .BR ber_alloc_t (). .BR ber_free () frees a BerElement pointed to by \fIber\fP. If \fIber\fP is NULL, the routine does nothing. If \fIfreebuf\fP is zero, the internal buffer is not freed. .SH SEE ALSO .BR lber-encode (3), .BR lber-decode (3), .BR lber-memory (3) .LP .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 189 stdin PK!gd"#"#ldap_objectclass2name.3nu[.lf 1 stdin .TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B LDAPSyntax * ldap_str2syntax(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_syntax2str(syn) .ft const LDAPSyntax * syn; .LP .ft B const char * ldap_syntax2name(syn) .ft LDAPSyntax * syn; .LP .ft B ldap_syntax_free(syn) .ft LDAPSyntax * syn; .LP .ft B LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_matchingrule2str(mr); .ft const LDAPMatchingRule * mr; .LP .ft B const char * ldap_matchingrule2name(mr) .ft LDAPMatchingRule * mr; .LP .ft B ldap_matchingrule_free(mr) .ft LDAPMatchingRule * mr; .LP .ft B LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_attributetype2str(at) .ft const LDAPAttributeType * at; .LP .ft B const char * ldap_attributetype2name(at) .ft LDAPAttributeType * at; .LP .ft B ldap_attributetype_free(at) .ft LDAPAttributeType * at; .LP .ft B LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_objectclass2str(oc) .ft const LDAPObjectClass * oc; .LP .ft B const char * ldap_objectclass2name(oc) .ft LDAPObjectClass * oc; .LP .ft B ldap_objectclass_free(oc) .ft LDAPObjectClass * oc; .LP .ft B char * ldap_scherr2str(code) .ft int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is responsible for freeing the struct by calling .B ldap_xxx_free() when not needed any longer. The routine returns NULL if some problem happened. In this case, the integer pointed at by argument .IR code will receive an error code (see below the description of .B ldap_scherr2str() for an explanation of the values) and a pointer to a NUL-terminated string will be placed where requested by argument .IR errp , indicating where in argument .IR s the error happened, so it must not be freed by the caller. Argument .IR flags is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. .TP .B LDAP_SCHEMA_ALLOW_QUOTED permit quotes around some items that should not have them. .TP .B LDAP_SCHEMA_ALLOW_DESCR permit a .B descr instead of a numeric OID in places where the syntax expect the latter. .TP .B LDAP_SCHEMA_ALLOW_DESCR_PREFIX permit that the initial numeric OID contains a prefix in .B descr format. .TP .B LDAP_SCHEMA_ALLOW_ALL be very liberal, include all options. .LP The structures returned are as follows: .sp .RS .nf .ne 7 .ta 8n 16n 32n typedef struct ldap_schema_extension_item { char *lsei_name; /* Extension name */ char **lsei_values; /* Extension values */ } LDAPSchemaExtensionItem; typedef struct ldap_syntax { char *syn_oid; /* OID */ char **syn_names; /* Names */ char *syn_desc; /* Description */ LDAPSchemaExtensionItem **syn_extensions; /* Extension */ } LDAPSyntax; typedef struct ldap_matchingrule { char *mr_oid; /* OID */ char **mr_names; /* Names */ char *mr_desc; /* Description */ int mr_obsolete; /* Is obsolete? */ char *mr_syntax_oid; /* Syntax of asserted values */ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */ } LDAPMatchingRule; typedef struct ldap_attributetype { char *at_oid; /* OID */ char **at_names; /* Names */ char *at_desc; /* Description */ int at_obsolete; /* Is obsolete? */ char *at_sup_oid; /* OID of superior type */ char *at_equality_oid; /* OID of equality matching rule */ char *at_ordering_oid; /* OID of ordering matching rule */ char *at_substr_oid; /* OID of substrings matching rule */ char *at_syntax_oid; /* OID of syntax of values */ int at_syntax_len; /* Suggested minimum maximum length */ int at_single_value; /* Is single-valued? */ int at_collective; /* Is collective? */ int at_no_user_mod; /* Are changes forbidden through LDAP? */ int at_usage; /* Usage, see below */ LDAPSchemaExtensionItem **at_extensions; /* Extensions */ } LDAPAttributeType; typedef struct ldap_objectclass { char *oc_oid; /* OID */ char **oc_names; /* Names */ char *oc_desc; /* Description */ int oc_obsolete; /* Is obsolete? */ char **oc_sup_oids; /* OIDs of superior classes */ int oc_kind; /* Kind, see below */ char **oc_at_oids_must; /* OIDs of required attribute types */ char **oc_at_oids_may; /* OIDs of optional attribute types */ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */ } LDAPObjectClass; .ta .fi .RE .PP Some integer fields (those described with a question mark) have a truth value, for these fields the possible values are: .TP .B LDAP_SCHEMA_NO The answer to the question is no. .TP .B LDAP_SCHEMA_YES The answer to the question is yes. .LP For attribute types, the following usages are possible: .TP .B LDAP_SCHEMA_USER_APPLICATIONS the attribute type is non-operational. .TP .B LDAP_SCHEMA_DIRECTORY_OPERATION the attribute type is operational and is pertinent to the directory itself, i.e. it has the same value on all servers that master the entry containing this attribute type. .TP .B LDAP_SCHEMA_DISTRIBUTED_OPERATION the attribute type is operational and is pertinent to replication, shadowing or other distributed directory aspect. TBC. .TP .B LDAP_SCHEMA_DSA_OPERATION the attribute type is operational and is pertinent to the directory server itself, i.e. it may have different values for the same entry when retrieved from different servers that master the entry. .LP Object classes can be of three kinds: .TP .B LDAP_SCHEMA_ABSTRACT the object class is abstract, i.e. there cannot be entries of this class alone. .TP .B LDAP_SCHEMA_STRUCTURAL the object class is structural, i.e. it describes the main role of the entry. On some servers, once the entry is created the set of structural object classes assigned cannot be changed: none of those present can be removed and none other can be added. .TP .B LDAP_SCHEMA_AUXILIARY the object class is auxiliary, i.e. it is intended to go with other, structural, object classes. These can be added or removed at any time if attribute types are added or removed at the same time as needed by the set of object classes resulting from the operation. .LP Routines .B ldap_xxx2name() return a canonical name for the definition. .LP Routines .B ldap_xxx2str() return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. .LP .B ldap_scherr2str() returns a NUL-terminated string with a text description of the error found. This is a pointer to a static area, so it must not be freed by the caller. The argument .IR code comes from one of the parsing routines and can adopt the following values: .TP .B LDAP_SCHERR_OUTOFMEM Out of memory. .TP .B LDAP_SCHERR_UNEXPTOKEN Unexpected token. .TP .B LDAP_SCHERR_NOLEFTPAREN Missing opening parenthesis. .TP .B LDAP_SCHERR_NORIGHTPAREN Missing closing parenthesis. .TP .B LDAP_SCHERR_NODIGIT Expecting digit. .TP .B LDAP_SCHERR_BADNAME Expecting a name. .TP .B LDAP_SCHERR_BADDESC Bad description. .TP .B LDAP_SCHERR_BADSUP Bad superiors. .TP .B LDAP_SCHERR_DUPOPT Duplicate option. .TP .B LDAP_SCHERR_EMPTY Unexpected end of data. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 321 stdin PK!շY ber_str2bv.3nu[.lf 1 stdin .TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .nf .ft B typedef impl_tag_t ber_tag_t; typedef impl_int_t ber_int_t; typedef impl_uint_t ber_uint_t; typedef impl_len_t ber_len_t; typedef impl_slen_t ber_slen_t; typedef struct berval { ber_len_t bv_len; char *bv_val; } BerValue, *BerVarray; typedef struct berelement BerElement; .ft .fi .LP .BI "void ber_bvfree(struct berval *" bv ");" .LP .BI "void ber_bvecfree(struct berval **" bvec ");" .LP .BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");" .LP .BI "void ber_bvarray_free(struct berval *" bvarray ");" .LP .BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");" .LP .BI "struct berval *ber_bvdup(const struct berval *" bv ");" .LP .BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");" .LP .BI "struct berval *ber_bvstr(const char *" str ");" .LP .BI "struct berval *ber_bvstrdup(const char *" str ");" .LP .BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");" .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "BerElement *ber_init(struct berval *" bv ");" .LP .BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");" .LP .BI "void ber_free(BerElement *" ber ", int " freebuf ");" .SH DESCRIPTION .LP The following are the basic types and structures defined for use with the Lightweight BER library. .LP .B ber_int_t is a signed integer of at least 32 bits. It is commonly equivalent to .BR int . .B ber_uint_t is the unsigned variant of .BR ber_int_t . .LP .B ber_len_t is an unsigned integer of at least 32 bits used to represent a length. It is commonly equivalent to a .BR size_t . .B ber_slen_t is the signed variant to .BR ber_len_t . .LP .B ber_tag_t is an unsigned integer of at least 32 bits used to represent a BER tag. It is commonly equivalent to a .BR unsigned\ long . .LP The actual definitions of the integral impl_TYPE_t types are platform specific. .LP .BR BerValue , commonly used as .BR struct\ berval , is used to hold an arbitrary sequence of octets. .B bv_val points to .B bv_len octets. .B bv_val is not necessarily terminated by a NULL (zero) octet. .BR ber_bvfree () frees a BerValue, pointed to by \fIbv\fP, returned from this API. If \fIbv\fP is NULL, the routine does nothing. .LP .BR ber_bvecfree () frees an array of BerValues (and the array), pointed to by \fIbvec\fP, returned from this API. If \fIbvec\fP is NULL, the routine does nothing. .BR ber_bvecadd () appends the \fIbv\fP pointer to the \fIbvec\fP array. Space for the array is allocated as needed. The end of the array is marked by a NULL pointer. .LP .BR ber_bvarray_free () frees an array of BerValues (and the array), pointed to by \fIbvarray\fP, returned from this API. If \fIbvarray\fP is NULL, the routine does nothing. .BR ber_bvarray_add () appends the contents of the BerValue pointed to by \fIbv\fP to the \fIbvarray\fP array. Space for the new element is allocated as needed. The end of the array is marked by a BerValue with a NULL bv_val field. .LP .BR ber_bvdup () returns a copy of a BerValue. The routine returns NULL upon error (e.g. out of memory). The caller should use .BR ber_bvfree () to deallocate the resulting BerValue. .BR ber_dupbv () copies a BerValue from \fIsrc\fP to \fIdst\fP. If \fIdst\fP is NULL a new BerValue will be allocated to hold the copy. The routine returns NULL upon error, otherwise it returns a pointer to the copy. If \fIdst\fP is NULL the caller should use .BR ber_bvfree () to deallocate the resulting BerValue, otherwise .BR ber_memfree () should be used to deallocate the \fIdst->bv_val\fP. (The .BR ber_bvdup () function is internally implemented as ber_dupbv(NULL, bv). .BR ber_bvdup () is provided only for compatibility with an expired draft of the LDAP C API; .BR ber_dupbv () is the preferred interface.) .LP .BR ber_bvstr () returns a BerValue containing the string pointed to by \fIstr\fP. .BR ber_bvstrdup () returns a BerValue containing a copy of the string pointed to by \fIstr\fP. .BR ber_str2bv () returns a BerValue containing the string pointed to by \fIstr\fP, whose length may be optionally specified in \fIlen\fP. If \fIdup\fP is non-zero, the BerValue will contain a copy of \fIstr\fP. If \fIlen\fP is zero, the number of bytes to copy will be determined by .BR strlen (3), otherwise \fIlen\fP bytes will be copied. If \fIbv\fP is non-NULL, the result will be stored in the given BerValue, otherwise a new BerValue will be allocated to store the result. NOTE: Both .BR ber_bvstr () and .BR ber_bvstrdup () are implemented as macros using .BR ber_str2bv () in this version of the library. .LP .B BerElement is an opaque structure used to maintain state information used in encoding and decoding. .BR ber_alloc_t () is used to create an empty BerElement structure. If .B LBER_USE_DER is specified for the .I options parameter then data lengths for data written to the BerElement will be encoded in the minimal number of octets required, otherwise they will always be written as four byte values. .BR ber_init () creates a BerElement structure that is initialized with a copy of the data in its .I bv parameter. .BR ber_init2 () initializes an existing BerElement .I ber using the data in the .I bv parameter. The data is referenced directly, not copied. The .I options parameter is the same as for .BR ber_alloc_t (). .BR ber_free () frees a BerElement pointed to by \fIber\fP. If \fIber\fP is NULL, the routine does nothing. If \fIfreebuf\fP is zero, the internal buffer is not freed. .SH SEE ALSO .BR lber-encode (3), .BR lber-decode (3), .BR lber-memory (3) .LP .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 189 stdin PK! ȵ ldap_sort.3nu[.lf 1 stdin .TH LDAP_SORT 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_sort_entries, ldap_sort_values, ldap_sort_strcasecmp \- LDAP sorting routines (deprecated) .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH DESCRIPTION The .BR ldap_sort_entries (), .BR ldap_sort_values (), and .BR ldap_sort_strcasecmp () are deprecated. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 18 stdin .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 22 stdin PK!4ldap_modify_ext.3nu[.lf 1 stdin .TH LDAP_MODIFY 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_modify_ext, ldap_modify_ext_s \- Perform an LDAP modify operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_modify_ext( .RS .ft B LDAP *\fIld\fB, char *\fIdn\fB, LDAPMod *\fImods[]\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB, int *\fImsgidp\fB ); .RE .LP .nf .ft B int ldap_modify_ext_s( .RS .ft B LDAP *\fIld\fB, char *\fIdn\fB, LDAPMod *\fImods[]\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB ); .RE .LP .nf .ft B void ldap_mods_free( .RS .ft B LDAPMod **\fImods\fB, int \fIfreemods\fB ); .RE .SH DESCRIPTION The routine .B ldap_modify_ext_s() is used to perform an LDAP modify operation. \fIdn\fP is the DN of the entry to modify, and \fImods\fP is a null-terminated array of modifications to make to the entry. Each element of the \fImods\fP array is a pointer to an LDAPMod structure, which is defined below. .LP .nf typedef struct ldapmod { int mod_op; char *mod_type; union { char **modv_strvals; struct berval **modv_bvals; } mod_vals; struct ldapmod *mod_next; } LDAPMod; #define mod_values mod_vals.modv_strvals #define mod_bvalues mod_vals.modv_bvals .ft .fi .LP The \fImod_op\fP field is used to specify the type of modification to perform and should be one of LDAP_MOD_ADD, LDAP_MOD_DELETE, or LDAP_MOD_REPLACE. The \fImod_type\fP and \fImod_values\fP fields specify the attribute type to modify and a null-terminated array of values to add, delete, or replace respectively. The \fImod_next\fP field is used only by the LDAP server and may be ignored by the client. .LP If you need to specify a non-string value (e.g., to add a photo or audio attribute value), you should set \fImod_op\fP to the logical OR of the operation as above (e.g., LDAP_MOD_REPLACE) and the constant LDAP_MOD_BVALUES. In this case, \fImod_bvalues\fP should be used instead of \fImod_values\fP, and it should point to a null-terminated array of struct bervals, as defined in . .LP For LDAP_MOD_ADD modifications, the given values are added to the entry, creating the attribute if necessary. For LDAP_MOD_DELETE modifications, the given values are deleted from the entry, removing the attribute if no values remain. If the entire attribute is to be deleted, the \fImod_values\fP field should be set to NULL. For LDAP_MOD_REPLACE modifications, the attribute will have the listed values after the modification, having been created if necessary. All modifications are performed in the order in which they are listed. .LP .B ldap_mods_free() can be used to free each element of a NULL-terminated array of mod structures. If \fIfreemods\fP is non-zero, the \fImods\fP pointer itself is freed as well. .LP .B ldap_modify_ext_s() returns a code indicating success or, in the case of failure, indicating the nature of the failure. See .BR ldap_error (3) for details .LP The .B ldap_modify_ext() operation works the same way as .BR ldap_modify_ext_s() , except that it is asynchronous. The integer that \fImsgidp\fP points to is set to the message id of the modify request. The result of the operation can be obtained by calling .BR ldap_result (3). .LP Both .B ldap_modify_ext() and .B ldap_modify_ext_s() allows server and client controls to be passed in via the sctrls and cctrls parameters, respectively. .SH DEPRECATED INTERFACES The .B ldap_modify() and .B ldap_modify_s() routines are deprecated in favor of the .B ldap_modify_ext() and .B ldap_modify_ext_s() routines, respectively. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 132 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 137 stdin PK! ldap_get_values_len.3nu[.lf 1 stdin .TH LDAP_GET_VALUES 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char **ldap_get_values(ld, entry, attr) .ft LDAP *ld; LDAPMessage *entry; char *attr; .LP .ft B struct berval **ldap_get_values_len(ld, entry, attr) .ft LDAP *ld; LDAPMessage *entry; char *attr; .LP .ft B int ldap_count_values(vals) .ft char **vals; .LP .ft B int ldap_count_values_len(vals) .ft struct berval **vals; .LP .ft B void ldap_value_free(vals) .ft char **vals; .LP .ft B void ldap_value_free_len(vals) .ft struct berval **vals; .SH DESCRIPTION These routines are used to retrieve and manipulate attribute values from an LDAP entry as returned by .BR ldap_first_entry (3) or .BR ldap_next_entry (3). .B ldap_get_values() takes the \fIentry\fP and the attribute \fIattr\fP whose values are desired and returns a NULL-terminated array of the attribute's values. \fIattr\fP may be an attribute type as returned from .BR ldap_first_attribute (3) or .BR ldap_next_attribute (3), or if the attribute type is known it can simply be given. .LP The number of values in the array can be counted by calling .BR ldap_count_values() . The array of values returned can be freed by calling .BR ldap_value_free() . .LP If the attribute values are binary in nature, and thus not suitable to be returned as an array of char *'s, the .B ldap_get_values_len() routine can be used instead. It takes the same parameters as .BR ldap_get_values() , but returns a NULL-terminated array of pointers to berval structures, each containing the length of and a pointer to a value. .LP The number of values in the array can be counted by calling .BR ldap_count_values_len() . The array of values returned can be freed by calling .BR ldap_value_free_len() . .SH ERRORS If an error occurs in .B ldap_get_values() or .BR ldap_get_values_len() , NULL is returned and the .B ld_errno field in the \fIld\fP parameter is set to indicate the error. See .BR ldap_error (3) for a description of possible error codes. .SH NOTES These routines dynamically allocate memory which the caller must free using the supplied routines. .SH SEE ALSO .BR ldap (3), .BR ldap_first_entry (3), .BR ldap_first_attribute (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 103 stdin PK!E͡ldap_msgfree.3nu[.lf 1 stdin .TH LDAP_RESULT 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_result \- Wait for the result of an LDAP operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_result( LDAP *ld, int msgid, int all, struct timeval *timeout, LDAPMessage **result ); int ldap_msgfree( LDAPMessage *msg ); int ldap_msgtype( LDAPMessage *msg ); int ldap_msgid( LDAPMessage *msg ); .ft .SH DESCRIPTION The .B ldap_result() routine is used to wait for and return the result of an operation previously initiated by one of the LDAP asynchronous operation routines (e.g., .BR ldap_search_ext (3), .BR ldap_modify_ext (3), etc.). Those routines all return \-1 in case of error, and an invocation identifier upon successful initiation of the operation. The invocation identifier is picked by the library and is guaranteed to be unique across the LDAP session. It can be used to request the result of a specific operation from .B ldap_result() through the \fImsgid\fP parameter. .LP The .B ldap_result() routine will block or not, depending upon the setting of the \fItimeout\fP parameter. If timeout is not a NULL pointer, it specifies a maximum interval to wait for the selection to complete. If timeout is a NULL pointer, the LDAP_OPT_TIMEOUT value set by .BR ldap_set_option (3) is used. With the default setting, the select blocks indefinitely. To effect a poll, the timeout argument should be a non-NULL pointer, pointing to a zero-valued timeval structure. To obtain the behavior of the default setting, bypassing any value set by .BR ldap_set_option (3), set to -1 the \fItv_sec\fP field of the \fItimeout\fP parameter. See .BR select (2) for further details. .LP If the result of a specific operation is required, \fImsgid\fP should be set to the invocation identifier returned when the operation was initiated, otherwise LDAP_RES_ANY or LDAP_RES_UNSOLICITED should be supplied to wait for any or unsolicited response. .LP The \fIall\fP parameter, if non-zero, causes .B ldap_result() to return all responses with msgid, otherwise only the next response is returned. This is commonly used to obtain all the responses of a search operation. .LP A search response is made up of zero or more search entries, zero or more search references, and zero or more extended partial responses followed by a search result. If \fIall\fP is set to 0, search entries will be returned one at a time as they come in, via separate calls to .BR ldap_result() . If it's set to 1, the search response will only be returned in its entirety, i.e., after all entries, all references, all extended partial responses, and the final search result have been received. .SH RETURN VALUE Upon success, the type of the result received is returned and the \fIresult\fP parameter will contain the result of the operation; otherwise, the \fIresult\fP parameter is undefined. This result should be passed to the LDAP parsing routines, .BR ldap_first_message (3) and friends, for interpretation. .LP The possible result types returned are: .LP .nf LDAP_RES_BIND (0x61) LDAP_RES_SEARCH_ENTRY (0x64) LDAP_RES_SEARCH_REFERENCE (0x73) LDAP_RES_SEARCH_RESULT (0x65) LDAP_RES_MODIFY (0x67) LDAP_RES_ADD (0x69) LDAP_RES_DELETE (0x6b) LDAP_RES_MODDN (0x6d) LDAP_RES_COMPARE (0x6f) LDAP_RES_EXTENDED (0x78) LDAP_RES_INTERMEDIATE (0x79) .fi .LP The .B ldap_msgfree() routine is used to free the memory allocated for result(s) by .B ldap_result() or .BR ldap_search_ext_s (3) and friends. It takes a pointer to the result or result chain to be freed and returns the type of the last message in the chain. If the parameter is NULL, the function does nothing and returns zero. .LP The .B ldap_msgtype() routine returns the type of a message. .LP The .B ldap_msgid() routine returns the message id of a message. .SH ERRORS .B ldap_result() returns \-1 if something bad happens, and zero if the timeout specified was exceeded. .B ldap_msgtype() and .B ldap_msgid() return \-1 on error. .SH SEE ALSO .BR ldap (3), .BR ldap_first_message (3), .BR select (2) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 137 stdin PK!gd"#"#ldap_str2attributetype.3nu[.lf 1 stdin .TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B LDAPSyntax * ldap_str2syntax(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_syntax2str(syn) .ft const LDAPSyntax * syn; .LP .ft B const char * ldap_syntax2name(syn) .ft LDAPSyntax * syn; .LP .ft B ldap_syntax_free(syn) .ft LDAPSyntax * syn; .LP .ft B LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_matchingrule2str(mr); .ft const LDAPMatchingRule * mr; .LP .ft B const char * ldap_matchingrule2name(mr) .ft LDAPMatchingRule * mr; .LP .ft B ldap_matchingrule_free(mr) .ft LDAPMatchingRule * mr; .LP .ft B LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_attributetype2str(at) .ft const LDAPAttributeType * at; .LP .ft B const char * ldap_attributetype2name(at) .ft LDAPAttributeType * at; .LP .ft B ldap_attributetype_free(at) .ft LDAPAttributeType * at; .LP .ft B LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_objectclass2str(oc) .ft const LDAPObjectClass * oc; .LP .ft B const char * ldap_objectclass2name(oc) .ft LDAPObjectClass * oc; .LP .ft B ldap_objectclass_free(oc) .ft LDAPObjectClass * oc; .LP .ft B char * ldap_scherr2str(code) .ft int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is responsible for freeing the struct by calling .B ldap_xxx_free() when not needed any longer. The routine returns NULL if some problem happened. In this case, the integer pointed at by argument .IR code will receive an error code (see below the description of .B ldap_scherr2str() for an explanation of the values) and a pointer to a NUL-terminated string will be placed where requested by argument .IR errp , indicating where in argument .IR s the error happened, so it must not be freed by the caller. Argument .IR flags is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. .TP .B LDAP_SCHEMA_ALLOW_QUOTED permit quotes around some items that should not have them. .TP .B LDAP_SCHEMA_ALLOW_DESCR permit a .B descr instead of a numeric OID in places where the syntax expect the latter. .TP .B LDAP_SCHEMA_ALLOW_DESCR_PREFIX permit that the initial numeric OID contains a prefix in .B descr format. .TP .B LDAP_SCHEMA_ALLOW_ALL be very liberal, include all options. .LP The structures returned are as follows: .sp .RS .nf .ne 7 .ta 8n 16n 32n typedef struct ldap_schema_extension_item { char *lsei_name; /* Extension name */ char **lsei_values; /* Extension values */ } LDAPSchemaExtensionItem; typedef struct ldap_syntax { char *syn_oid; /* OID */ char **syn_names; /* Names */ char *syn_desc; /* Description */ LDAPSchemaExtensionItem **syn_extensions; /* Extension */ } LDAPSyntax; typedef struct ldap_matchingrule { char *mr_oid; /* OID */ char **mr_names; /* Names */ char *mr_desc; /* Description */ int mr_obsolete; /* Is obsolete? */ char *mr_syntax_oid; /* Syntax of asserted values */ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */ } LDAPMatchingRule; typedef struct ldap_attributetype { char *at_oid; /* OID */ char **at_names; /* Names */ char *at_desc; /* Description */ int at_obsolete; /* Is obsolete? */ char *at_sup_oid; /* OID of superior type */ char *at_equality_oid; /* OID of equality matching rule */ char *at_ordering_oid; /* OID of ordering matching rule */ char *at_substr_oid; /* OID of substrings matching rule */ char *at_syntax_oid; /* OID of syntax of values */ int at_syntax_len; /* Suggested minimum maximum length */ int at_single_value; /* Is single-valued? */ int at_collective; /* Is collective? */ int at_no_user_mod; /* Are changes forbidden through LDAP? */ int at_usage; /* Usage, see below */ LDAPSchemaExtensionItem **at_extensions; /* Extensions */ } LDAPAttributeType; typedef struct ldap_objectclass { char *oc_oid; /* OID */ char **oc_names; /* Names */ char *oc_desc; /* Description */ int oc_obsolete; /* Is obsolete? */ char **oc_sup_oids; /* OIDs of superior classes */ int oc_kind; /* Kind, see below */ char **oc_at_oids_must; /* OIDs of required attribute types */ char **oc_at_oids_may; /* OIDs of optional attribute types */ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */ } LDAPObjectClass; .ta .fi .RE .PP Some integer fields (those described with a question mark) have a truth value, for these fields the possible values are: .TP .B LDAP_SCHEMA_NO The answer to the question is no. .TP .B LDAP_SCHEMA_YES The answer to the question is yes. .LP For attribute types, the following usages are possible: .TP .B LDAP_SCHEMA_USER_APPLICATIONS the attribute type is non-operational. .TP .B LDAP_SCHEMA_DIRECTORY_OPERATION the attribute type is operational and is pertinent to the directory itself, i.e. it has the same value on all servers that master the entry containing this attribute type. .TP .B LDAP_SCHEMA_DISTRIBUTED_OPERATION the attribute type is operational and is pertinent to replication, shadowing or other distributed directory aspect. TBC. .TP .B LDAP_SCHEMA_DSA_OPERATION the attribute type is operational and is pertinent to the directory server itself, i.e. it may have different values for the same entry when retrieved from different servers that master the entry. .LP Object classes can be of three kinds: .TP .B LDAP_SCHEMA_ABSTRACT the object class is abstract, i.e. there cannot be entries of this class alone. .TP .B LDAP_SCHEMA_STRUCTURAL the object class is structural, i.e. it describes the main role of the entry. On some servers, once the entry is created the set of structural object classes assigned cannot be changed: none of those present can be removed and none other can be added. .TP .B LDAP_SCHEMA_AUXILIARY the object class is auxiliary, i.e. it is intended to go with other, structural, object classes. These can be added or removed at any time if attribute types are added or removed at the same time as needed by the set of object classes resulting from the operation. .LP Routines .B ldap_xxx2name() return a canonical name for the definition. .LP Routines .B ldap_xxx2str() return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. .LP .B ldap_scherr2str() returns a NUL-terminated string with a text description of the error found. This is a pointer to a static area, so it must not be freed by the caller. The argument .IR code comes from one of the parsing routines and can adopt the following values: .TP .B LDAP_SCHERR_OUTOFMEM Out of memory. .TP .B LDAP_SCHERR_UNEXPTOKEN Unexpected token. .TP .B LDAP_SCHERR_NOLEFTPAREN Missing opening parenthesis. .TP .B LDAP_SCHERR_NORIGHTPAREN Missing closing parenthesis. .TP .B LDAP_SCHERR_NODIGIT Expecting digit. .TP .B LDAP_SCHERR_BADNAME Expecting a name. .TP .B LDAP_SCHERR_BADDESC Bad description. .TP .B LDAP_SCHERR_BADSUP Bad superiors. .TP .B LDAP_SCHERR_DUPOPT Duplicate option. .TP .B LDAP_SCHERR_EMPTY Unexpected end of data. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 321 stdin PK! NO O ldap_count_messages.3nu[.lf 1 stdin .TH LDAP_FIRST_MESSAGE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_first_message, ldap_next_message, ldap_count_messages \- Stepping through messages in a result chain .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_count_messages( LDAP *ld, LDAPMessage *result ) .LP .ft B LDAPMessage *ldap_first_message( LDAP *ld, LDAPMessage *result ) .LP .ft B LDAPMessage *ldap_next_message( LDAP *ld, LDAPMessage *message ) .SH DESCRIPTION .LP These routines are used to step through the messages in a result chain received from .BR ldap_result (3) . For search operations, the result chain can contain referral, entry and result messages. The .BR ldap_msgtype (3) function can be used to distinguish between the different message types. .LP The .B ldap_first_message() routine is used to retrieve the first message in a result chain. It takes the \fIresult\fP as returned by a call to .BR ldap_result (3) , .BR ldap_search_s (3) or .BR ldap_search_st (3) and returns a pointer to the first message in the result chain. .LP This pointer should be supplied on a subsequent call to .B ldap_next_message() to get the next message, the result of which should be supplied to the next call to .BR ldap_next_message() , etc. .B ldap_next_message() will return NULL when there are no more messages. .LP These functions are useful when using routines like .BR ldap_parse_result (3) that only operate on the first result in the chain. .LP A count of the number of messages in the result chain can be obtained by calling .BR ldap_count_messages() . It can also be used to count the number of remaining messages in a chain if called with a message, entry or reference returned by .B ldap_first_message() , .B ldap_next_message() , .BR ldap_first_entry (3) , .BR ldap_next_entry (3) , .BR ldap_first_reference (3) , .BR ldap_next_reference (3) . .SH ERRORS If an error occurs in .B ldap_first_message() or .BR ldap_next_message() , NULL is returned. If an error occurs in .BR ldap_count_messages() , -1 is returned. .SH SEE ALSO .BR ldap (3), .BR ldap_search (3), .BR ldap_result (3), .BR ldap_parse_result (3), .BR ldap_first_entry (3), .BR ldap_first_reference (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 83 stdin PK!1ܽ ldap_controls_free.3nu[.lf 1 stdin .TH LDAP_CONTROLS 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_control_create, ldap_control_find, ldap_control_dup, ldap_controls_dup, ldap_control_free, ldap_controls_free \- LDAP control manipulation routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "int ldap_control_create(const char *" oid ", int " iscritical ", struct berval *" value ", int " dupval ", LDAPControl **" ctrlp ");" .LP .BI "LDAPControl *ldap_control_find( const char *" oid ", LDAPControl **" ctrls ", LDAPControl ***" nextctrlp ");" .LP .BI "LDAPControl *ldap_control_dup(LDAPControl *" ctrl ");" .LP .BI "LDAPControl **ldap_controls_dup(LDAPControl **" ctrls ");" .LP .BI "void ldap_control_free(LDAPControl *" ctrl ");" .LP .BI "void ldap_controls_free(LDAPControl **" ctrls ");" .SH DESCRIPTION These routines are used to manipulate structures used for LDAP controls. .BR ldap_control_create () creates a control with the specified .I OID using the contents of the .I value parameter for the control value, if any. The content of .I value is duplicated if .I dupval is non-zero. The .I iscritical parameter must be non-zero for a critical control. The created control is returned in the .I ctrlp parameter. The routine returns .B LDAP_SUCCESS on success or some other error code on failure. The content of .IR value , for supported control types, can be prepared using helpers provided by this implementation of libldap, usually in the form .BR "ldap_create__control_value" (). Otherwise, it can be BER-encoded using the functionalities of liblber. .BR ldap_control_find () searches the NULL-terminated .I ctrls array for a control whose OID matches the .I oid parameter. The routine returns a pointer to the control if found, NULL otherwise. If the parameter .I nextctrlp is not NULL, on return it will point to the next control in the array, and can be passed to the .BR ldap_control_find () routine for subsequent calls, to find further occurrences of the same control type. The use of this function is discouraged; the recommended way of handling controls in responses consists in going through the array of controls, dealing with each of them in the returned order, since it could matter. .BR ldap_control_dup () duplicates an individual control structure, and .BR ldap_controls_dup () duplicates a NULL-terminated array of controls. .BR ldap_control_free () frees an individual control structure, and .BR ldap_controls_free () frees a NULL-terminated array of controls. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 85 stdin PK!5^#v1v1 ber_scanf.3nu[.lf 1 stdin .TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");" .LP .BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");" .LP .BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");" .LP .BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");" .LP .BI "ber_tag_t ber_get_null(BerElement *" ber ");" .LP .BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");" .LP .BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");" .LP .BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");" .LP .BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the decoding routines in the lber library. See .BR lber-encode (3) for details on the corresponding encoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_get_next () to get the next BER element and .BR ber_scanf () to do the actual decoding. In some cases, .BR ber_peek_tag () may also need to be called in normal usage. The other routines are provided for those applications that need more control than .BR ber_scanf () provides. In general, these routines return the tag of the element decoded, or LBER_ERROR if an error occurred. .LP The .BR ber_get_next () routine is used to read the next BER element from the given Sockbuf, \fIsb\fP. It strips off and returns the leading tag, strips off and returns the length of the entire element in \fIlen\fP, and sets up \fIber\fP for subsequent calls to .BR ber_scanf () et al to decode the element. See .BR lber-sockbuf (3) for details of the Sockbuf implementation of the \fIsb\fP parameter. .LP The .BR ber_scanf () routine is used to decode a BER element in much the same way that .BR scanf (3) works. It reads from \fIber\fP, a pointer to a BerElement such as returned by .BR ber_get_next (), interprets the bytes according to the format string \fIfmt\fP, and stores the results in its additional arguments. The format string contains conversion specifications which are used to direct the interpretation of the BER element. The format string can contain the following characters. .RS .LP .TP 3 .B a Octet string. A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter. The caller should free the returned string using .BR ber_memfree (). .TP .B A Octet string. A variant of "\fBa\fP". A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter, unless a zero-length string would result; in that case, the arg is set to NULL. The caller should free the returned string using .BR ber_memfree (). .TP .B s Octet string. A char * buffer should be supplied, followed by a pointer to a ber_len_t initialized to the size of the buffer. Upon return, the null-terminated octet string is put into the buffer, and the ber_len_t is set to the actual size of the octet string. .TP .B O Octet string. A struct ber_val ** should be supplied, which upon return points to a dynamically allocated struct berval containing the octet string and its length. The caller should free the returned structure using .BR ber_bvfree (). .TP .B o Octet string. A struct ber_val * should be supplied, which upon return contains the dynamically allocated octet string and its length. The caller should free the returned octet string using .BR ber_memfree (). .TP .B m Octet string. A struct ber_val * should be supplied, which upon return contains the octet string and its length. The string resides in memory assigned to the BerElement, and must not be freed by the caller. .TP .B b Boolean. A pointer to a ber_int_t should be supplied. .TP .B e Enumeration. A pointer to a ber_int_t should be supplied. .TP .B i Integer. A pointer to a ber_int_t should be supplied. .TP .B B Bitstring. A char ** should be supplied which will point to the dynamically allocated bits, followed by a ber_len_t *, which will point to the length (in bits) of the bitstring returned. .TP .B n Null. No parameter is required. The element is simply skipped if it is recognized. .TP .B v Sequence of octet strings. A char *** should be supplied, which upon return points to a dynamically allocated null-terminated array of char *'s containing the octet strings. NULL is returned if the sequence is empty. The caller should free the returned array and octet strings using .BR ber_memvfree (). .TP .B V Sequence of octet strings with lengths. A struct berval *** should be supplied, which upon return points to a dynamically allocated null-terminated array of struct berval *'s containing the octet strings and their lengths. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvecfree (). .TP .B W Sequence of octet strings with lengths. A BerVarray * should be supplied, which upon return points to a dynamically allocated array of struct berval's containing the octet strings and their lengths. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvarray_free (). .TP .B M Sequence of octet strings with lengths. This is a generalized form of the previous three formats. A void ** (ptr) should be supplied, followed by a ber_len_t * (len) and a ber_len_t (off). Upon return (ptr) will point to a dynamically allocated array whose elements are all of size (*len). A struct berval will be filled starting at offset (off) in each element. The strings in each struct berval reside in memory assigned to the BerElement and must not be freed by the caller. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The number of elements in the array is also stored in (*len) on return. The caller should free the returned array using .BR ber_memfree (). .TP .B l Length of the next element. A pointer to a ber_len_t should be supplied. .TP .B t Tag of the next element. A pointer to a ber_tag_t should be supplied. .TP .B T Skip element and return its tag. A pointer to a ber_tag_t should be supplied. .TP .B x Skip element. The next element is skipped. .TP .B { Begin sequence. No parameter is required. The initial sequence tag and length are skipped. .TP .B } End sequence. No parameter is required and no action is taken. .TP .B [ Begin set. No parameter is required. The initial set tag and length are skipped. .TP .B ] End set. No parameter is required and no action is taken. .RE .LP The .BR ber_get_int () routine tries to interpret the next element as an integer, returning the result in \fInum\fP. The tag of whatever it finds is returned on success, LBER_ERROR (\-1) on failure. .LP The .BR ber_get_stringb () routine is used to read an octet string into a preallocated buffer. The \fIlen\fP parameter should be initialized to the size of the buffer, and will contain the length of the octet string read upon return. The buffer should be big enough to take the octet string value plus a terminating NULL byte. .LP The .BR ber_get_stringa () routine is used to dynamically allocate space into which an octet string is read. The caller should free the returned string using .BR ber_memfree(). .LP The .BR ber_get_stringal () routine is used to dynamically allocate space into which an octet string and its length are read. It takes a struct berval **, and returns the result in this parameter. The caller should free the returned structure using .BR ber_bvfree(). .LP The .BR ber_get_stringbv () routine is used to read an octet string and its length into the provided struct berval *. If the \fIalloc\fP parameter is zero, the string will reside in memory assigned to the BerElement, and must not be freed by the caller. If the \fIalloc\fP parameter is non-zero, the string will be copied into dynamically allocated space which should be returned using .BR ber_memfree (). .LP The .BR ber_get_null () routine is used to read a NULL element. It returns the tag of the element it skips over. .LP The .BR ber_get_boolean () routine is used to read a boolean value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_enum () routine is used to read a enumeration value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_bitstringa () routine is used to read a bitstring value. It takes a char ** which will hold the dynamically allocated bits, followed by an ber_len_t *, which will point to the length (in bits) of the bitstring returned. The caller should free the returned string using .BR ber_memfree (). .LP The .BR ber_first_element () routine is used to return the tag and length of the first element in a set or sequence. It also returns in \fIcookie\fP a magic cookie parameter that should be passed to subsequent calls to ber_next_element(), which returns similar information. .SH EXAMPLES Assume the variable \fIber\fP contains a lightweight BER encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP The element can be decoded using .BR ber_scanf () as follows. .LP .nf ber_int_t scope, deref, size, time, attrsonly; char *dn, **attrs; ber_tag_t tag; tag = ber_scanf( ber, "{aeeiib{v}}", &dn, &scope, &deref, &size, &time, &attrsonly, &attrs ); if( tag == LBER_ERROR ) { /* error */ } else { /* success */ } ber_memfree( dn ); ber_memvfree( attrs ); .fi .SH ERRORS If an error occurs during decoding, generally these routines return LBER_ERROR ((ber_tag_t)\-1). .LP .SH NOTES .LP The return values for all of these functions are declared in the .B header file. Some routines may dynamically allocate memory which must be freed by the caller using supplied deallocation routines. .SH SEE ALSO .BR lber-encode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 358 stdin PK!gd"#"#ldap_matchingrule2str.3nu[.lf 1 stdin .TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B LDAPSyntax * ldap_str2syntax(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_syntax2str(syn) .ft const LDAPSyntax * syn; .LP .ft B const char * ldap_syntax2name(syn) .ft LDAPSyntax * syn; .LP .ft B ldap_syntax_free(syn) .ft LDAPSyntax * syn; .LP .ft B LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_matchingrule2str(mr); .ft const LDAPMatchingRule * mr; .LP .ft B const char * ldap_matchingrule2name(mr) .ft LDAPMatchingRule * mr; .LP .ft B ldap_matchingrule_free(mr) .ft LDAPMatchingRule * mr; .LP .ft B LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_attributetype2str(at) .ft const LDAPAttributeType * at; .LP .ft B const char * ldap_attributetype2name(at) .ft LDAPAttributeType * at; .LP .ft B ldap_attributetype_free(at) .ft LDAPAttributeType * at; .LP .ft B LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_objectclass2str(oc) .ft const LDAPObjectClass * oc; .LP .ft B const char * ldap_objectclass2name(oc) .ft LDAPObjectClass * oc; .LP .ft B ldap_objectclass_free(oc) .ft LDAPObjectClass * oc; .LP .ft B char * ldap_scherr2str(code) .ft int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is responsible for freeing the struct by calling .B ldap_xxx_free() when not needed any longer. The routine returns NULL if some problem happened. In this case, the integer pointed at by argument .IR code will receive an error code (see below the description of .B ldap_scherr2str() for an explanation of the values) and a pointer to a NUL-terminated string will be placed where requested by argument .IR errp , indicating where in argument .IR s the error happened, so it must not be freed by the caller. Argument .IR flags is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. .TP .B LDAP_SCHEMA_ALLOW_QUOTED permit quotes around some items that should not have them. .TP .B LDAP_SCHEMA_ALLOW_DESCR permit a .B descr instead of a numeric OID in places where the syntax expect the latter. .TP .B LDAP_SCHEMA_ALLOW_DESCR_PREFIX permit that the initial numeric OID contains a prefix in .B descr format. .TP .B LDAP_SCHEMA_ALLOW_ALL be very liberal, include all options. .LP The structures returned are as follows: .sp .RS .nf .ne 7 .ta 8n 16n 32n typedef struct ldap_schema_extension_item { char *lsei_name; /* Extension name */ char **lsei_values; /* Extension values */ } LDAPSchemaExtensionItem; typedef struct ldap_syntax { char *syn_oid; /* OID */ char **syn_names; /* Names */ char *syn_desc; /* Description */ LDAPSchemaExtensionItem **syn_extensions; /* Extension */ } LDAPSyntax; typedef struct ldap_matchingrule { char *mr_oid; /* OID */ char **mr_names; /* Names */ char *mr_desc; /* Description */ int mr_obsolete; /* Is obsolete? */ char *mr_syntax_oid; /* Syntax of asserted values */ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */ } LDAPMatchingRule; typedef struct ldap_attributetype { char *at_oid; /* OID */ char **at_names; /* Names */ char *at_desc; /* Description */ int at_obsolete; /* Is obsolete? */ char *at_sup_oid; /* OID of superior type */ char *at_equality_oid; /* OID of equality matching rule */ char *at_ordering_oid; /* OID of ordering matching rule */ char *at_substr_oid; /* OID of substrings matching rule */ char *at_syntax_oid; /* OID of syntax of values */ int at_syntax_len; /* Suggested minimum maximum length */ int at_single_value; /* Is single-valued? */ int at_collective; /* Is collective? */ int at_no_user_mod; /* Are changes forbidden through LDAP? */ int at_usage; /* Usage, see below */ LDAPSchemaExtensionItem **at_extensions; /* Extensions */ } LDAPAttributeType; typedef struct ldap_objectclass { char *oc_oid; /* OID */ char **oc_names; /* Names */ char *oc_desc; /* Description */ int oc_obsolete; /* Is obsolete? */ char **oc_sup_oids; /* OIDs of superior classes */ int oc_kind; /* Kind, see below */ char **oc_at_oids_must; /* OIDs of required attribute types */ char **oc_at_oids_may; /* OIDs of optional attribute types */ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */ } LDAPObjectClass; .ta .fi .RE .PP Some integer fields (those described with a question mark) have a truth value, for these fields the possible values are: .TP .B LDAP_SCHEMA_NO The answer to the question is no. .TP .B LDAP_SCHEMA_YES The answer to the question is yes. .LP For attribute types, the following usages are possible: .TP .B LDAP_SCHEMA_USER_APPLICATIONS the attribute type is non-operational. .TP .B LDAP_SCHEMA_DIRECTORY_OPERATION the attribute type is operational and is pertinent to the directory itself, i.e. it has the same value on all servers that master the entry containing this attribute type. .TP .B LDAP_SCHEMA_DISTRIBUTED_OPERATION the attribute type is operational and is pertinent to replication, shadowing or other distributed directory aspect. TBC. .TP .B LDAP_SCHEMA_DSA_OPERATION the attribute type is operational and is pertinent to the directory server itself, i.e. it may have different values for the same entry when retrieved from different servers that master the entry. .LP Object classes can be of three kinds: .TP .B LDAP_SCHEMA_ABSTRACT the object class is abstract, i.e. there cannot be entries of this class alone. .TP .B LDAP_SCHEMA_STRUCTURAL the object class is structural, i.e. it describes the main role of the entry. On some servers, once the entry is created the set of structural object classes assigned cannot be changed: none of those present can be removed and none other can be added. .TP .B LDAP_SCHEMA_AUXILIARY the object class is auxiliary, i.e. it is intended to go with other, structural, object classes. These can be added or removed at any time if attribute types are added or removed at the same time as needed by the set of object classes resulting from the operation. .LP Routines .B ldap_xxx2name() return a canonical name for the definition. .LP Routines .B ldap_xxx2str() return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. .LP .B ldap_scherr2str() returns a NUL-terminated string with a text description of the error found. This is a pointer to a static area, so it must not be freed by the caller. The argument .IR code comes from one of the parsing routines and can adopt the following values: .TP .B LDAP_SCHERR_OUTOFMEM Out of memory. .TP .B LDAP_SCHERR_UNEXPTOKEN Unexpected token. .TP .B LDAP_SCHERR_NOLEFTPAREN Missing opening parenthesis. .TP .B LDAP_SCHERR_NORIGHTPAREN Missing closing parenthesis. .TP .B LDAP_SCHERR_NODIGIT Expecting digit. .TP .B LDAP_SCHERR_BADNAME Expecting a name. .TP .B LDAP_SCHERR_BADDESC Bad description. .TP .B LDAP_SCHERR_BADSUP Bad superiors. .TP .B LDAP_SCHERR_DUPOPT Duplicate option. .TP .B LDAP_SCHERR_EMPTY Unexpected end of data. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 321 stdin PK!gd"#"#ldap_objectclass_free.3nu[.lf 1 stdin .TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B LDAPSyntax * ldap_str2syntax(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_syntax2str(syn) .ft const LDAPSyntax * syn; .LP .ft B const char * ldap_syntax2name(syn) .ft LDAPSyntax * syn; .LP .ft B ldap_syntax_free(syn) .ft LDAPSyntax * syn; .LP .ft B LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_matchingrule2str(mr); .ft const LDAPMatchingRule * mr; .LP .ft B const char * ldap_matchingrule2name(mr) .ft LDAPMatchingRule * mr; .LP .ft B ldap_matchingrule_free(mr) .ft LDAPMatchingRule * mr; .LP .ft B LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_attributetype2str(at) .ft const LDAPAttributeType * at; .LP .ft B const char * ldap_attributetype2name(at) .ft LDAPAttributeType * at; .LP .ft B ldap_attributetype_free(at) .ft LDAPAttributeType * at; .LP .ft B LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_objectclass2str(oc) .ft const LDAPObjectClass * oc; .LP .ft B const char * ldap_objectclass2name(oc) .ft LDAPObjectClass * oc; .LP .ft B ldap_objectclass_free(oc) .ft LDAPObjectClass * oc; .LP .ft B char * ldap_scherr2str(code) .ft int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is responsible for freeing the struct by calling .B ldap_xxx_free() when not needed any longer. The routine returns NULL if some problem happened. In this case, the integer pointed at by argument .IR code will receive an error code (see below the description of .B ldap_scherr2str() for an explanation of the values) and a pointer to a NUL-terminated string will be placed where requested by argument .IR errp , indicating where in argument .IR s the error happened, so it must not be freed by the caller. Argument .IR flags is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. .TP .B LDAP_SCHEMA_ALLOW_QUOTED permit quotes around some items that should not have them. .TP .B LDAP_SCHEMA_ALLOW_DESCR permit a .B descr instead of a numeric OID in places where the syntax expect the latter. .TP .B LDAP_SCHEMA_ALLOW_DESCR_PREFIX permit that the initial numeric OID contains a prefix in .B descr format. .TP .B LDAP_SCHEMA_ALLOW_ALL be very liberal, include all options. .LP The structures returned are as follows: .sp .RS .nf .ne 7 .ta 8n 16n 32n typedef struct ldap_schema_extension_item { char *lsei_name; /* Extension name */ char **lsei_values; /* Extension values */ } LDAPSchemaExtensionItem; typedef struct ldap_syntax { char *syn_oid; /* OID */ char **syn_names; /* Names */ char *syn_desc; /* Description */ LDAPSchemaExtensionItem **syn_extensions; /* Extension */ } LDAPSyntax; typedef struct ldap_matchingrule { char *mr_oid; /* OID */ char **mr_names; /* Names */ char *mr_desc; /* Description */ int mr_obsolete; /* Is obsolete? */ char *mr_syntax_oid; /* Syntax of asserted values */ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */ } LDAPMatchingRule; typedef struct ldap_attributetype { char *at_oid; /* OID */ char **at_names; /* Names */ char *at_desc; /* Description */ int at_obsolete; /* Is obsolete? */ char *at_sup_oid; /* OID of superior type */ char *at_equality_oid; /* OID of equality matching rule */ char *at_ordering_oid; /* OID of ordering matching rule */ char *at_substr_oid; /* OID of substrings matching rule */ char *at_syntax_oid; /* OID of syntax of values */ int at_syntax_len; /* Suggested minimum maximum length */ int at_single_value; /* Is single-valued? */ int at_collective; /* Is collective? */ int at_no_user_mod; /* Are changes forbidden through LDAP? */ int at_usage; /* Usage, see below */ LDAPSchemaExtensionItem **at_extensions; /* Extensions */ } LDAPAttributeType; typedef struct ldap_objectclass { char *oc_oid; /* OID */ char **oc_names; /* Names */ char *oc_desc; /* Description */ int oc_obsolete; /* Is obsolete? */ char **oc_sup_oids; /* OIDs of superior classes */ int oc_kind; /* Kind, see below */ char **oc_at_oids_must; /* OIDs of required attribute types */ char **oc_at_oids_may; /* OIDs of optional attribute types */ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */ } LDAPObjectClass; .ta .fi .RE .PP Some integer fields (those described with a question mark) have a truth value, for these fields the possible values are: .TP .B LDAP_SCHEMA_NO The answer to the question is no. .TP .B LDAP_SCHEMA_YES The answer to the question is yes. .LP For attribute types, the following usages are possible: .TP .B LDAP_SCHEMA_USER_APPLICATIONS the attribute type is non-operational. .TP .B LDAP_SCHEMA_DIRECTORY_OPERATION the attribute type is operational and is pertinent to the directory itself, i.e. it has the same value on all servers that master the entry containing this attribute type. .TP .B LDAP_SCHEMA_DISTRIBUTED_OPERATION the attribute type is operational and is pertinent to replication, shadowing or other distributed directory aspect. TBC. .TP .B LDAP_SCHEMA_DSA_OPERATION the attribute type is operational and is pertinent to the directory server itself, i.e. it may have different values for the same entry when retrieved from different servers that master the entry. .LP Object classes can be of three kinds: .TP .B LDAP_SCHEMA_ABSTRACT the object class is abstract, i.e. there cannot be entries of this class alone. .TP .B LDAP_SCHEMA_STRUCTURAL the object class is structural, i.e. it describes the main role of the entry. On some servers, once the entry is created the set of structural object classes assigned cannot be changed: none of those present can be removed and none other can be added. .TP .B LDAP_SCHEMA_AUXILIARY the object class is auxiliary, i.e. it is intended to go with other, structural, object classes. These can be added or removed at any time if attribute types are added or removed at the same time as needed by the set of object classes resulting from the operation. .LP Routines .B ldap_xxx2name() return a canonical name for the definition. .LP Routines .B ldap_xxx2str() return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. .LP .B ldap_scherr2str() returns a NUL-terminated string with a text description of the error found. This is a pointer to a static area, so it must not be freed by the caller. The argument .IR code comes from one of the parsing routines and can adopt the following values: .TP .B LDAP_SCHERR_OUTOFMEM Out of memory. .TP .B LDAP_SCHERR_UNEXPTOKEN Unexpected token. .TP .B LDAP_SCHERR_NOLEFTPAREN Missing opening parenthesis. .TP .B LDAP_SCHERR_NORIGHTPAREN Missing closing parenthesis. .TP .B LDAP_SCHERR_NODIGIT Expecting digit. .TP .B LDAP_SCHERR_BADNAME Expecting a name. .TP .B LDAP_SCHERR_BADDESC Bad description. .TP .B LDAP_SCHERR_BADSUP Bad superiors. .TP .B LDAP_SCHERR_DUPOPT Duplicate option. .TP .B LDAP_SCHERR_EMPTY Unexpected end of data. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 321 stdin PK!MK$K$ber_put_ostring.3nu[.lf 1 stdin .TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");" .LP .BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");" .LP .BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");" .LP .BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");" .LP .BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_seq(BerElement *" ber ");" .LP .BI "int ber_put_set(BerElement *" ber ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the encoding routines in the lber library. See .BR lber-decode (3) for details on the corresponding decoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_alloc_t () to allocate a BER element for encoding, .BR ber_printf () to do the actual encoding, and .BR ber_flush2 () to actually write the element. The other routines are provided for those applications that need more control than .BR ber_printf () provides. In general, these routines return the length of the element encoded, or \-1 if an error occurred. .LP The .BR ber_alloc_t () routine is used to allocate a new BER element. It should be called with an argument of LBER_USE_DER. .LP The .BR ber_flush2 () routine is used to actually write the element to a socket (or file) descriptor, once it has been fully encoded (using .BR ber_printf () and friends). See .BR lber-sockbuf (3) for more details on the Sockbuf implementation of the \fIsb\fP parameter. If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will be freed. If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed when successfully flushed, otherwise it is left intact; if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed when an error occurs, otherwise it is left intact; if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway. This function differs from the original .BR ber_flush (3) function, whose behavior corresponds to that indicated for \fILBER_FLUSH_FREE_ON_SUCCESS\fP. Note that in the future, the behavior of .BR ber_flush (3) with \fIfreeit\fP non-zero might change into that of .BR ber_flush2 (3) with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP. .LP The .BR ber_printf () routine is used to encode a BER element in much the same way that .BR sprintf (3) works. One important difference, though, is that some state information is kept with the \fIber\fP parameter so that multiple calls can be made to .BR ber_printf () to append things to the end of the BER element. .BR Ber_printf () writes to \fIber\fP, a pointer to a BerElement such as returned by .BR ber_alloc_t (). It interprets and formats its arguments according to the format string \fIfmt\fP. The format string can contain the following characters: .RS .LP .TP 3 .B b Boolean. An ber_int_t parameter should be supplied. A boolean element is output. .TP .B e Enumeration. An ber_int_t parameter should be supplied. An enumeration element is output. .TP .B i Integer. An ber_int_t parameter should be supplied. An integer element is output. .TP .B B Bitstring. A char * pointer to the start of the bitstring is supplied, followed by the number of bits in the bitstring. A bitstring element is output. .TP .B n Null. No parameter is required. A null element is output. .TP .B o Octet string. A char * is supplied, followed by the length of the string pointed to. An octet string element is output. .TP .B O Octet string. A struct berval * is supplied. An octet string element is output. .TP .B s Octet string. A null-terminated string is supplied. An octet string element is output, not including the trailing NULL octet. .TP .B t Tag. A ber_tag_t specifying the tag to give the next element is provided. This works across calls. .TP .B v Several octet strings. A null-terminated array of char *'s is supplied. Note that a construct like '{v}' is required to get an actual SEQUENCE OF octet strings. .TP .B V Several octet strings. A null-terminated array of struct berval *'s is supplied. Note that a construct like '{V}' is required to get an actual SEQUENCE OF octet strings. .TP .B W Several octet strings. An array of struct berval's is supplied. The array is terminated by a struct berval with a NULL bv_val. Note that a construct like '{W}' is required to get an actual SEQUENCE OF octet strings. .TP .B { Begin sequence. No parameter is required. .TP .B } End sequence. No parameter is required. .TP .B [ Begin set. No parameter is required. .TP .B ] End set. No parameter is required. .RE .LP The .BR ber_put_int () routine writes the integer element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_enum () routine writes the enumeration element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_boolean () routine writes the boolean value given by \fIbool\fP to the BER element. .LP The .BR ber_put_bitstring () routine writes \fIblen\fP bits starting at \fIstr\fP as a bitstring value to the given BER element. Note that \fIblen\fP is the length \fIin bits\fP of the bitstring. .LP The .BR ber_put_ostring () routine writes \fIlen\fP bytes starting at \fIstr\fP to the BER element as an octet string. .LP The .BR ber_put_string () routine writes the null-terminated string (minus the terminating '\0') to the BER element as an octet string. .LP The .BR ber_put_null () routine writes a NULL element to the BER element. .LP The .BR ber_start_seq () routine is used to start a sequence in the BER element. The .BR ber_start_set () routine works similarly. The end of the sequence or set is marked by the nearest matching call to .BR ber_put_seq () or .BR ber_put_set (), respectively. .SH EXAMPLES Assuming the following variable declarations, and that the variables have been assigned appropriately, an lber encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP can be achieved like so: .LP .nf int rc; ber_int_t scope, ali, size, time, attrsonly; char *dn, **attrs; BerElement *ber; /* ... fill in values ... */ ber = ber_alloc_t( LBER_USE_DER ); if ( ber == NULL ) { /* error */ } rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali, size, time, attrsonly, attrs ); if( rc == \-1 ) { /* error */ } else { /* success */ } .fi .SH ERRORS If an error occurs during encoding, generally these routines return \-1. .LP .SH NOTES .LP The return values for all of these functions are declared in the header file. .SH SEE ALSO .BR lber-decode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 289 stdin PK!OPh ldap_rename.3nu[.lf 1 stdin .TH LDAP_RENAME 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_rename, ldap_rename_s \- Renames the specified entry. .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_rename( ld, dn, newrdn, newparent, deleteoldrdn, sctrls[], cctrls[], msgidp ); .ft LDAP *ld; const char *dn, *newrdn, *newparent; int deleteoldrdn; LDAPControl *sctrls[], *cctrls[]; int *msgidp); .LP .ft B int ldap_rename_s( ld, dn, newrdn, newparent, deleteoldrdn, sctrls[], cctrls[] ); .ft LDAP *ld; const char *dn, *newrdn, *newparent; int deleteoldrdn; LDAPControl *sctrls[], *cctrls[]; .SH DESCRIPTION These routines are used to perform a LDAP rename operation. The function changes the leaf component of an entry's distinguished name and optionally moves the entry to a new parent container. The .B ldap_rename_s performs a rename operation synchronously. The method takes \fIdn\fP, which points to the distinguished name of the entry whose attribute is being compared, \fInewparent\fP,the distinguished name of the entry's new parent. If this parameter is NULL, only the RDN is changed. The root DN is specified by passing a zero length string, "". \fIdeleteoldrdn\fP specifies whether the old RDN should be retained or deleted. Zero indicates that the old RDN should be retained. If you choose this option, the attribute will contain both names (the old and the new). Non-zero indicates that the old RDN should be deleted. \fIserverctrls\fP points to an array of LDAPControl structures that list the client controls to use with this extended operation. Use NULL to specify no client controls. \fIclientctrls\fP points to an array of LDAPControl structures that list the client controls to use with the search. .LP .B ldap_rename works just like .B ldap_rename_s, but the operation is asynchronous. It returns the message id of the request it initiated. The result of this operation can be obtained by calling .BR ldap_result(3). .SH ERRORS .B ldap_rename() returns \-1 in case of error initiating the request, and will set the \fIld_errno\fP field in the \fIld\fP parameter to indicate the error. .BR ldap_rename_s() returns the LDAP error code resulting from the rename operation. .SH SEE ALSO .BR ldap (3), .BR ldap_modify (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 67 stdin PK!gd"#"#ldap_attributetype_free.3nu[.lf 1 stdin .TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B LDAPSyntax * ldap_str2syntax(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_syntax2str(syn) .ft const LDAPSyntax * syn; .LP .ft B const char * ldap_syntax2name(syn) .ft LDAPSyntax * syn; .LP .ft B ldap_syntax_free(syn) .ft LDAPSyntax * syn; .LP .ft B LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_matchingrule2str(mr); .ft const LDAPMatchingRule * mr; .LP .ft B const char * ldap_matchingrule2name(mr) .ft LDAPMatchingRule * mr; .LP .ft B ldap_matchingrule_free(mr) .ft LDAPMatchingRule * mr; .LP .ft B LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_attributetype2str(at) .ft const LDAPAttributeType * at; .LP .ft B const char * ldap_attributetype2name(at) .ft LDAPAttributeType * at; .LP .ft B ldap_attributetype_free(at) .ft LDAPAttributeType * at; .LP .ft B LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_objectclass2str(oc) .ft const LDAPObjectClass * oc; .LP .ft B const char * ldap_objectclass2name(oc) .ft LDAPObjectClass * oc; .LP .ft B ldap_objectclass_free(oc) .ft LDAPObjectClass * oc; .LP .ft B char * ldap_scherr2str(code) .ft int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is responsible for freeing the struct by calling .B ldap_xxx_free() when not needed any longer. The routine returns NULL if some problem happened. In this case, the integer pointed at by argument .IR code will receive an error code (see below the description of .B ldap_scherr2str() for an explanation of the values) and a pointer to a NUL-terminated string will be placed where requested by argument .IR errp , indicating where in argument .IR s the error happened, so it must not be freed by the caller. Argument .IR flags is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. .TP .B LDAP_SCHEMA_ALLOW_QUOTED permit quotes around some items that should not have them. .TP .B LDAP_SCHEMA_ALLOW_DESCR permit a .B descr instead of a numeric OID in places where the syntax expect the latter. .TP .B LDAP_SCHEMA_ALLOW_DESCR_PREFIX permit that the initial numeric OID contains a prefix in .B descr format. .TP .B LDAP_SCHEMA_ALLOW_ALL be very liberal, include all options. .LP The structures returned are as follows: .sp .RS .nf .ne 7 .ta 8n 16n 32n typedef struct ldap_schema_extension_item { char *lsei_name; /* Extension name */ char **lsei_values; /* Extension values */ } LDAPSchemaExtensionItem; typedef struct ldap_syntax { char *syn_oid; /* OID */ char **syn_names; /* Names */ char *syn_desc; /* Description */ LDAPSchemaExtensionItem **syn_extensions; /* Extension */ } LDAPSyntax; typedef struct ldap_matchingrule { char *mr_oid; /* OID */ char **mr_names; /* Names */ char *mr_desc; /* Description */ int mr_obsolete; /* Is obsolete? */ char *mr_syntax_oid; /* Syntax of asserted values */ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */ } LDAPMatchingRule; typedef struct ldap_attributetype { char *at_oid; /* OID */ char **at_names; /* Names */ char *at_desc; /* Description */ int at_obsolete; /* Is obsolete? */ char *at_sup_oid; /* OID of superior type */ char *at_equality_oid; /* OID of equality matching rule */ char *at_ordering_oid; /* OID of ordering matching rule */ char *at_substr_oid; /* OID of substrings matching rule */ char *at_syntax_oid; /* OID of syntax of values */ int at_syntax_len; /* Suggested minimum maximum length */ int at_single_value; /* Is single-valued? */ int at_collective; /* Is collective? */ int at_no_user_mod; /* Are changes forbidden through LDAP? */ int at_usage; /* Usage, see below */ LDAPSchemaExtensionItem **at_extensions; /* Extensions */ } LDAPAttributeType; typedef struct ldap_objectclass { char *oc_oid; /* OID */ char **oc_names; /* Names */ char *oc_desc; /* Description */ int oc_obsolete; /* Is obsolete? */ char **oc_sup_oids; /* OIDs of superior classes */ int oc_kind; /* Kind, see below */ char **oc_at_oids_must; /* OIDs of required attribute types */ char **oc_at_oids_may; /* OIDs of optional attribute types */ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */ } LDAPObjectClass; .ta .fi .RE .PP Some integer fields (those described with a question mark) have a truth value, for these fields the possible values are: .TP .B LDAP_SCHEMA_NO The answer to the question is no. .TP .B LDAP_SCHEMA_YES The answer to the question is yes. .LP For attribute types, the following usages are possible: .TP .B LDAP_SCHEMA_USER_APPLICATIONS the attribute type is non-operational. .TP .B LDAP_SCHEMA_DIRECTORY_OPERATION the attribute type is operational and is pertinent to the directory itself, i.e. it has the same value on all servers that master the entry containing this attribute type. .TP .B LDAP_SCHEMA_DISTRIBUTED_OPERATION the attribute type is operational and is pertinent to replication, shadowing or other distributed directory aspect. TBC. .TP .B LDAP_SCHEMA_DSA_OPERATION the attribute type is operational and is pertinent to the directory server itself, i.e. it may have different values for the same entry when retrieved from different servers that master the entry. .LP Object classes can be of three kinds: .TP .B LDAP_SCHEMA_ABSTRACT the object class is abstract, i.e. there cannot be entries of this class alone. .TP .B LDAP_SCHEMA_STRUCTURAL the object class is structural, i.e. it describes the main role of the entry. On some servers, once the entry is created the set of structural object classes assigned cannot be changed: none of those present can be removed and none other can be added. .TP .B LDAP_SCHEMA_AUXILIARY the object class is auxiliary, i.e. it is intended to go with other, structural, object classes. These can be added or removed at any time if attribute types are added or removed at the same time as needed by the set of object classes resulting from the operation. .LP Routines .B ldap_xxx2name() return a canonical name for the definition. .LP Routines .B ldap_xxx2str() return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. .LP .B ldap_scherr2str() returns a NUL-terminated string with a text description of the error found. This is a pointer to a static area, so it must not be freed by the caller. The argument .IR code comes from one of the parsing routines and can adopt the following values: .TP .B LDAP_SCHERR_OUTOFMEM Out of memory. .TP .B LDAP_SCHERR_UNEXPTOKEN Unexpected token. .TP .B LDAP_SCHERR_NOLEFTPAREN Missing opening parenthesis. .TP .B LDAP_SCHERR_NORIGHTPAREN Missing closing parenthesis. .TP .B LDAP_SCHERR_NODIGIT Expecting digit. .TP .B LDAP_SCHERR_BADNAME Expecting a name. .TP .B LDAP_SCHERR_BADDESC Bad description. .TP .B LDAP_SCHERR_BADSUP Bad superiors. .TP .B LDAP_SCHERR_DUPOPT Duplicate option. .TP .B LDAP_SCHERR_EMPTY Unexpected end of data. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 321 stdin PK!..ldap_set_rebind_proc.3nu[.lf 1 stdin .TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .B #include .LP .BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], int *" msgidp ");" .RE .LP .BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");" .RE .LP .BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res "," .RS .BI "struct berval **" servercredp ", int " freeit ");" .RE .LP .BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ");" .RE .LP .BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ", LDAPMessage *" result "," .BI "const char **" rmechp ", int *" msgidp ");" .RE .LP .BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");" .LP .BI "int ldap_unbind(LDAP *" ld ");" .LP .BI "int ldap_unbind_s(LDAP *" ld ");" .LP .BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");" .LP .BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");" .SH DESCRIPTION .LP These routines provide various interfaces to the LDAP bind operation. After an association with an LDAP server is made using .BR ldap_init (3), an LDAP bind operation should be performed before other operations are attempted over the connection. An LDAP bind is required when using Version 2 of the LDAP protocol; it is optional for Version 3 but is usually needed due to security considerations. .LP There are three types of bind calls, ones providing simple authentication, ones providing SASL authentication, and general routines capable of doing either simple or SASL authentication. .LP .B SASL (Simple Authentication and Security Layer) can negotiate one of many different kinds of authentication. Both synchronous and asynchronous versions of each variant of the bind call are provided. All routines take \fIld\fP as their first parameter, as returned from .BR ldap_init (3). .SH SIMPLE AUTHENTICATION The simplest form of the bind call is .BR ldap_simple_bind_s() . It takes the DN to bind as in \fIwho\fP, and the userPassword associated with the entry in \fIpasswd\fP. It returns an LDAP error indication (see .BR ldap_error (3)). The .B ldap_simple_bind() call is asynchronous, taking the same parameters but only initiating the bind operation and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The .B ldap_sasl_bind_s() and asynchronous .B ldap_sasl_bind() functions can also be used to make a simple bind by using LDAP_SASL_SIMPLE as the SASL mechanism. .SH GENERAL AUTHENTICATION The .B ldap_bind() and .B ldap_bind_s() routines can be used when the authentication method to use needs to be selected at runtime. They both take an extra \fImethod\fP parameter selecting the authentication method to use. It should be set to LDAP_AUTH_SIMPLE to select simple authentication. .B ldap_bind() returns the message id of the request it initiates. .B ldap_bind_s() returns an LDAP error indication. .SH SASL AUTHENTICATION For SASL binds the server always ignores any provided DN, so the .I dn parameter should always be NULL. .BR ldap_sasl_bind_s () sends a single SASL bind request with the given SASL .I mechanism and credentials in the .I cred parameter. The format of the credentials depends on the particular SASL mechanism in use. For mechanisms that provide mutual authentication the server's credentials will be returned in the .I servercredp parameter. The routine returns an LDAP error indication (see .BR ldap_error (3)). The .BR ldap_sasl_bind () call is asynchronous, taking the same parameters but only sending the request and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The result must be additionally parsed by .BR ldap_parse_sasl_bind_result () to obtain any server credentials sent from the server. .LP Many SASL mechanisms require multiple message exchanges to perform a complete authentication. Applications should generally use .BR ldap_sasl_interactive_bind_s () rather than calling the basic .BR ldap_sasl_bind () functions directly. The .I mechs parameter should contain a space-separated list of candidate mechanisms to use. If this parameter is NULL or empty the library will query the supportedSASLMechanisms attribute from the server's rootDSE for the list of SASL mechanisms the server supports. The .I flags parameter controls the interaction used to retrieve any necessary SASL authentication parameters and should be one of: .TP LDAP_SASL_AUTOMATIC use defaults if available, prompt otherwise .TP LDAP_SASL_INTERACTIVE always prompt .TP LDAP_SASL_QUIET never prompt .LP The .I interact function uses the provided .I defaults to handle requests from the SASL library for particular authentication parameters. There is no defined format for the .I defaults information; it is up to the caller to use whatever format is appropriate for the supplied .I interact function. The .I sasl_interact parameter comes from the underlying SASL library. When used with Cyrus SASL this is an array of .B sasl_interact_t structures. The Cyrus SASL library will prompt for a variety of inputs, including: .TP SASL_CB_GETREALM the realm for the authentication attempt .TP SASL_CB_AUTHNAME the username to authenticate .TP SASL_CB_PASS the password for the provided username .TP SASL_CB_USER the username to use for proxy authorization .TP SASL_CB_NOECHOPROMPT generic prompt for input with input echoing disabled .TP SASL_CB_ECHOPROMPT generic prompt for input with input echoing enabled .TP SASL_CB_LIST_END indicates the end of the array of prompts .LP See the Cyrus SASL documentation for more details. .LP Applications which need to manage connections asynchronously may use .BR ldap_sasl_interactive_bind () instead of the synchronous version. A valid mechs parameter must be supplied, otherwise the library will be forced to query the server for a list of supported mechanisms, and this query will be performed synchronously. The other parameters are the same as for the synchronous function, with three additional parameters. The actual SASL mechanism that was used, and the message ID for use with .BR ldap_result () will be returned in rmechp and msgidp, respectively. The value in rmechp must not be modified by the caller and must be passed back on each subsequent call. The message obtained from .BR ldap_result () must be passed in the result parameter. This parameter must be NULL when initiating a new Bind. The caller must free the result message after each call using .BR ldap_msgfree (). The .BR ldap_sasl_interactive_bind () function returns an LDAP result code. If the code is LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and this function must be called again with the next result from the server. .SH REBINDING .LP The .B ldap_set_rebind_proc function() sets the process to use for binding when an operation returns a referral. This function is used when an application needs to bind to another server in order to follow a referral or search continuation reference. .LP The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP, the arbitrary data like state information which the client might need to properly rebind. The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries to use the rebind function. Use the .BR ldap_set_option function to set the value. .LP The rebind function parameters are as follows: .LP The \fIld\fP parameter must be used by the application when binding to the referred server if the application wants the libraries to follow the referral. .LP The \fIurl\fP parameter points to the URL referral string received from the LDAP server. The LDAP application can use the .BR ldap_url_parse (3) function to parse the string into its components. .LP The \fIrequest\fP parameter specifies the type of request that generated the referral. .LP The \fImsgid\fP parameter specifies the message ID of the request generating the referral. .LP The \fIparams\fP parameter is the same value as passed originally to the .BR ldap_set_rebind_proc () function. .LP The LDAP libraries set all the parameters when they call the rebind function. The application should not attempt to free either the ld or the url structures in the rebind function. .LP The application must supply to the rebind function the required authentication information such as, user name, password, and certificates. The rebind function must use a synchronous bind method. .SH UNBINDING The .B ldap_unbind() call is used to unbind from the directory, terminate the current association, and free the resources contained in the \fIld\fP structure. Once it is called, the connection to the LDAP server is closed, and the \fIld\fP structure is invalid. The .B ldap_unbind_s() call is just another name for .BR ldap_unbind() ; both of these calls are synchronous in nature. .LP The .B ldap_unbind_ext() and .B ldap_unbind_ext_s() allows the operations to specify controls. .SH ERRORS Asynchronous routines will return \-1 in case of error, setting the \fIld_errno\fP parameter of the \fIld\fP structure. Synchronous routines return whatever \fIld_errno\fP is set to. See .BR ldap_error (3) for more information. .SH NOTES If an anonymous bind is sufficient for the application, the rebind process need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option set to ON (default value) will automatically follow referrals using an anonymous bind. .LP If the application needs stronger authentication than an anonymous bind, you need to provide a rebind process for that authentication method. The bind method must be synchronous. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_open (3), .BR ldap_set_option (3), .BR ldap_url_parse (3) .B RFC 4422 (http://www.rfc-editor.org), .B Cyrus SASL (http://asg.web.cmu.edu/sasl/) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 335 stdin PK! ldap_value_free_len.3nu[.lf 1 stdin .TH LDAP_GET_VALUES 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char **ldap_get_values(ld, entry, attr) .ft LDAP *ld; LDAPMessage *entry; char *attr; .LP .ft B struct berval **ldap_get_values_len(ld, entry, attr) .ft LDAP *ld; LDAPMessage *entry; char *attr; .LP .ft B int ldap_count_values(vals) .ft char **vals; .LP .ft B int ldap_count_values_len(vals) .ft struct berval **vals; .LP .ft B void ldap_value_free(vals) .ft char **vals; .LP .ft B void ldap_value_free_len(vals) .ft struct berval **vals; .SH DESCRIPTION These routines are used to retrieve and manipulate attribute values from an LDAP entry as returned by .BR ldap_first_entry (3) or .BR ldap_next_entry (3). .B ldap_get_values() takes the \fIentry\fP and the attribute \fIattr\fP whose values are desired and returns a NULL-terminated array of the attribute's values. \fIattr\fP may be an attribute type as returned from .BR ldap_first_attribute (3) or .BR ldap_next_attribute (3), or if the attribute type is known it can simply be given. .LP The number of values in the array can be counted by calling .BR ldap_count_values() . The array of values returned can be freed by calling .BR ldap_value_free() . .LP If the attribute values are binary in nature, and thus not suitable to be returned as an array of char *'s, the .B ldap_get_values_len() routine can be used instead. It takes the same parameters as .BR ldap_get_values() , but returns a NULL-terminated array of pointers to berval structures, each containing the length of and a pointer to a value. .LP The number of values in the array can be counted by calling .BR ldap_count_values_len() . The array of values returned can be freed by calling .BR ldap_value_free_len() . .SH ERRORS If an error occurs in .B ldap_get_values() or .BR ldap_get_values_len() , NULL is returned and the .B ld_errno field in the \fIld\fP parameter is set to indicate the error. See .BR ldap_error (3) for a description of possible error codes. .SH NOTES These routines dynamically allocate memory which the caller must free using the supplied routines. .SH SEE ALSO .BR ldap (3), .BR ldap_first_entry (3), .BR ldap_first_attribute (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 103 stdin PK!MK$K$ ber_printf.3nu[.lf 1 stdin .TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");" .LP .BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");" .LP .BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");" .LP .BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");" .LP .BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_seq(BerElement *" ber ");" .LP .BI "int ber_put_set(BerElement *" ber ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the encoding routines in the lber library. See .BR lber-decode (3) for details on the corresponding decoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_alloc_t () to allocate a BER element for encoding, .BR ber_printf () to do the actual encoding, and .BR ber_flush2 () to actually write the element. The other routines are provided for those applications that need more control than .BR ber_printf () provides. In general, these routines return the length of the element encoded, or \-1 if an error occurred. .LP The .BR ber_alloc_t () routine is used to allocate a new BER element. It should be called with an argument of LBER_USE_DER. .LP The .BR ber_flush2 () routine is used to actually write the element to a socket (or file) descriptor, once it has been fully encoded (using .BR ber_printf () and friends). See .BR lber-sockbuf (3) for more details on the Sockbuf implementation of the \fIsb\fP parameter. If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will be freed. If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed when successfully flushed, otherwise it is left intact; if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed when an error occurs, otherwise it is left intact; if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway. This function differs from the original .BR ber_flush (3) function, whose behavior corresponds to that indicated for \fILBER_FLUSH_FREE_ON_SUCCESS\fP. Note that in the future, the behavior of .BR ber_flush (3) with \fIfreeit\fP non-zero might change into that of .BR ber_flush2 (3) with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP. .LP The .BR ber_printf () routine is used to encode a BER element in much the same way that .BR sprintf (3) works. One important difference, though, is that some state information is kept with the \fIber\fP parameter so that multiple calls can be made to .BR ber_printf () to append things to the end of the BER element. .BR Ber_printf () writes to \fIber\fP, a pointer to a BerElement such as returned by .BR ber_alloc_t (). It interprets and formats its arguments according to the format string \fIfmt\fP. The format string can contain the following characters: .RS .LP .TP 3 .B b Boolean. An ber_int_t parameter should be supplied. A boolean element is output. .TP .B e Enumeration. An ber_int_t parameter should be supplied. An enumeration element is output. .TP .B i Integer. An ber_int_t parameter should be supplied. An integer element is output. .TP .B B Bitstring. A char * pointer to the start of the bitstring is supplied, followed by the number of bits in the bitstring. A bitstring element is output. .TP .B n Null. No parameter is required. A null element is output. .TP .B o Octet string. A char * is supplied, followed by the length of the string pointed to. An octet string element is output. .TP .B O Octet string. A struct berval * is supplied. An octet string element is output. .TP .B s Octet string. A null-terminated string is supplied. An octet string element is output, not including the trailing NULL octet. .TP .B t Tag. A ber_tag_t specifying the tag to give the next element is provided. This works across calls. .TP .B v Several octet strings. A null-terminated array of char *'s is supplied. Note that a construct like '{v}' is required to get an actual SEQUENCE OF octet strings. .TP .B V Several octet strings. A null-terminated array of struct berval *'s is supplied. Note that a construct like '{V}' is required to get an actual SEQUENCE OF octet strings. .TP .B W Several octet strings. An array of struct berval's is supplied. The array is terminated by a struct berval with a NULL bv_val. Note that a construct like '{W}' is required to get an actual SEQUENCE OF octet strings. .TP .B { Begin sequence. No parameter is required. .TP .B } End sequence. No parameter is required. .TP .B [ Begin set. No parameter is required. .TP .B ] End set. No parameter is required. .RE .LP The .BR ber_put_int () routine writes the integer element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_enum () routine writes the enumeration element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_boolean () routine writes the boolean value given by \fIbool\fP to the BER element. .LP The .BR ber_put_bitstring () routine writes \fIblen\fP bits starting at \fIstr\fP as a bitstring value to the given BER element. Note that \fIblen\fP is the length \fIin bits\fP of the bitstring. .LP The .BR ber_put_ostring () routine writes \fIlen\fP bytes starting at \fIstr\fP to the BER element as an octet string. .LP The .BR ber_put_string () routine writes the null-terminated string (minus the terminating '\0') to the BER element as an octet string. .LP The .BR ber_put_null () routine writes a NULL element to the BER element. .LP The .BR ber_start_seq () routine is used to start a sequence in the BER element. The .BR ber_start_set () routine works similarly. The end of the sequence or set is marked by the nearest matching call to .BR ber_put_seq () or .BR ber_put_set (), respectively. .SH EXAMPLES Assuming the following variable declarations, and that the variables have been assigned appropriately, an lber encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP can be achieved like so: .LP .nf int rc; ber_int_t scope, ali, size, time, attrsonly; char *dn, **attrs; BerElement *ber; /* ... fill in values ... */ ber = ber_alloc_t( LBER_USE_DER ); if ( ber == NULL ) { /* error */ } rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali, size, time, attrsonly, attrs ); if( rc == \-1 ) { /* error */ } else { /* success */ } .fi .SH ERRORS If an error occurs during encoding, generally these routines return \-1. .LP .SH NOTES .LP The return values for all of these functions are declared in the header file. .SH SEE ALSO .BR lber-decode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 289 stdin PK!qq ldap_dn2str.3nu[.lf 1 stdin .TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char *ldap_get_dn( LDAP *ld, LDAPMessage *entry ) .LP .ft B int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags ) .LP .ft B void ldap_dnfree( LDAPDN dn ) .LP .ft B int ldap_dn2str( LDAPDN dn, char **str, unsigned flags ) .LP .ft B char **ldap_explode_dn( const char *dn, int notypes ) .LP .ft B char **ldap_explode_rdn( const char *rdn, int notypes ) .LP .ft B char *ldap_dn2ufn( const char * dn ) .LP .ft B char *ldap_dn2dcedn( const char * dn ) .LP .ft B char *ldap_dcedn2dn( const char * dn ) .LP .ft B char *ldap_dn2ad_canonical( const char * dn ) .SH DESCRIPTION These routines allow LDAP entry names (Distinguished Names, or DNs) to be obtained, parsed, converted to a user-friendly form, and tested. A DN has the form described in RFC 4414 "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names". .LP The .B ldap_get_dn() routine takes an \fIentry\fP as returned by .BR ldap_first_entry (3) or .BR ldap_next_entry (3) and returns a copy of the entry's DN. Space for the DN will be obtained dynamically and should be freed by the caller using .BR ldap_memfree (3). .LP .B ldap_str2dn() parses a string representation of a distinguished name contained in .B str into its components, which are stored in .B dn as .B ldap_ava structures, arranged in .B LDAPAVA, .B LDAPRDN, and .B LDAPDN terms. Space for .B dn will be obtained dynamically and should be freed by the caller using .BR ldap_dnfree (3). The .B LDAPDN is defined as: .nf .ft B typedef struct ldap_ava { struct berval la_attr; struct berval la_value; unsigned la_flags; } LDAPAVA; typedef LDAPAVA** LDAPRDN; typedef LDAPRDN* LDAPDN; .ft .fi The attribute types and the attribute values are not normalized. The .B la_flags can be either .B LDAP_AVA_STRING or .B LDAP_AVA_BINARY, the latter meaning that the value is BER/DER encoded and thus must be represented as, quoting from RFC 4514, " ... an octothorpe character ('#' ASCII 35) followed by the hexadecimal representation of each of the bytes of the BER encoding of the X.500 AttributeValue." The .B flags parameter to .B ldap_str2dn() can be .LP .nf LDAP_DN_FORMAT_LDAPV3 LDAP_DN_FORMAT_LDAPV2 LDAP_DN_FORMAT_DCE .fi which defines what DN syntax is expected (according to RFC 4514, RFC 1779 and DCE, respectively). The format can be \fIOR\fPed to the flags .LP .nf LDAP_DN_P_NO_SPACES LDAP_DN_P_NO_SPACE_AFTER_RDN ... LDAP_DN_PEDANTIC .fi The latter is a shortcut for all the previous limitations. .LP .B LDAP_DN_P_NO_SPACES does not allow extra spaces in the dn; the default is to silently eliminate spaces around AVA separators ('='), RDN component separators ('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators (',' LDAPv3/LDAPv2 or '/' for DCE). .LP .B LDAP_DN_P_NO_SPACE_AFTER_RDN does not allow a single space after RDN separators. .LP .B ldap_dn2str() performs the inverse operation, yielding in .B str a string representation of .B dn. It allows the same values for .B flags as .B ldap_str2dn(), plus .LP .nf LDAP_DN_FORMAT_UFN LDAP_DN_FORMAT_AD_CANONICAL .fi for user-friendly naming (RFC 1781) and AD canonical. .LP The following routines are viewed as deprecated in favor of .B ldap_str2dn() and .BR ldap_dn2str(). They are provided to support legacy applications. .LP The .B ldap_explode_dn() routine takes a DN as returned by .B ldap_get_dn() and breaks it up into its component parts. Each part is known as a Relative Distinguished Name, or RDN. .B ldap_explode_dn() returns a NULL-terminated array, each component of which contains an RDN from the DN. The \fInotypes\fP parameter is used to request that only the RDN values be returned, not their types. For example, the DN "cn=Bob, c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob", "US", NULL }, depending on whether notypes was 0 or 1, respectively. Assertion values in RDN strings may included escaped characters. The result can be freed by calling .BR ldap_value_free (3). .LP Similarly, the .B ldap_explode_rdn() routine takes an RDN as returned by .B ldap_explode_dn(dn,0) and breaks it up into its "type=value" component parts (or just "value", if the \fInotypes\fP parameter is set). Note the value is not unescaped. The result can be freed by calling .BR ldap_value_free (3). .LP .B ldap_dn2ufn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a more user-friendly form, stripping off all type names. See "Using the Directory to Achieve User Friendly Naming" (RFC 1781) for more details on the UFN format. Due to the ambiguous nature of the format, it is generally only used for display purposes. The space for the UFN returned is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .LP .B ldap_dn2dcedn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a DCE-style DN, e.g. a string with most-significant to least significant rdns separated by slashes ('/'); rdn components are separated by commas (','). Only printable chars (e.g. LDAPv2 printable string) are allowed, at least in this implementation. .B ldap_dcedn2dn() performs the opposite operation. .B ldap_dn2ad_canonical() turns a DN into a AD canonical name, which is basically a DCE dn with attribute types omitted. The trailing domain, if present, is turned in a DNS-like domain. The space for the returned value is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .SH ERRORS If an error occurs in .BR ldap_get_dn() , NULL is returned and the .B ld_errno field in the \fIld\fP parameter is set to indicate the error. See .BR ldap_error (3) for a description of possible error codes. .BR ldap_explode_dn() , .BR ldap_explode_rdn() , .B ldap_dn2ufn(), .B ldap_dn2dcedn(), .B ldap_dcedn2dn(), and .B ldap_dn2ad_canonical() will return NULL with .BR errno (3) set appropriately in case of trouble. .SH NOTES These routines dynamically allocate memory that the caller must free. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_first_entry (3), .BR ldap_memfree (3), .BR ldap_value_free (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 247 stdin PK!gd"#"#ldap_matchingrule_free.3nu[.lf 1 stdin .TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B LDAPSyntax * ldap_str2syntax(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_syntax2str(syn) .ft const LDAPSyntax * syn; .LP .ft B const char * ldap_syntax2name(syn) .ft LDAPSyntax * syn; .LP .ft B ldap_syntax_free(syn) .ft LDAPSyntax * syn; .LP .ft B LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_matchingrule2str(mr); .ft const LDAPMatchingRule * mr; .LP .ft B const char * ldap_matchingrule2name(mr) .ft LDAPMatchingRule * mr; .LP .ft B ldap_matchingrule_free(mr) .ft LDAPMatchingRule * mr; .LP .ft B LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_attributetype2str(at) .ft const LDAPAttributeType * at; .LP .ft B const char * ldap_attributetype2name(at) .ft LDAPAttributeType * at; .LP .ft B ldap_attributetype_free(at) .ft LDAPAttributeType * at; .LP .ft B LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_objectclass2str(oc) .ft const LDAPObjectClass * oc; .LP .ft B const char * ldap_objectclass2name(oc) .ft LDAPObjectClass * oc; .LP .ft B ldap_objectclass_free(oc) .ft LDAPObjectClass * oc; .LP .ft B char * ldap_scherr2str(code) .ft int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is responsible for freeing the struct by calling .B ldap_xxx_free() when not needed any longer. The routine returns NULL if some problem happened. In this case, the integer pointed at by argument .IR code will receive an error code (see below the description of .B ldap_scherr2str() for an explanation of the values) and a pointer to a NUL-terminated string will be placed where requested by argument .IR errp , indicating where in argument .IR s the error happened, so it must not be freed by the caller. Argument .IR flags is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. .TP .B LDAP_SCHEMA_ALLOW_QUOTED permit quotes around some items that should not have them. .TP .B LDAP_SCHEMA_ALLOW_DESCR permit a .B descr instead of a numeric OID in places where the syntax expect the latter. .TP .B LDAP_SCHEMA_ALLOW_DESCR_PREFIX permit that the initial numeric OID contains a prefix in .B descr format. .TP .B LDAP_SCHEMA_ALLOW_ALL be very liberal, include all options. .LP The structures returned are as follows: .sp .RS .nf .ne 7 .ta 8n 16n 32n typedef struct ldap_schema_extension_item { char *lsei_name; /* Extension name */ char **lsei_values; /* Extension values */ } LDAPSchemaExtensionItem; typedef struct ldap_syntax { char *syn_oid; /* OID */ char **syn_names; /* Names */ char *syn_desc; /* Description */ LDAPSchemaExtensionItem **syn_extensions; /* Extension */ } LDAPSyntax; typedef struct ldap_matchingrule { char *mr_oid; /* OID */ char **mr_names; /* Names */ char *mr_desc; /* Description */ int mr_obsolete; /* Is obsolete? */ char *mr_syntax_oid; /* Syntax of asserted values */ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */ } LDAPMatchingRule; typedef struct ldap_attributetype { char *at_oid; /* OID */ char **at_names; /* Names */ char *at_desc; /* Description */ int at_obsolete; /* Is obsolete? */ char *at_sup_oid; /* OID of superior type */ char *at_equality_oid; /* OID of equality matching rule */ char *at_ordering_oid; /* OID of ordering matching rule */ char *at_substr_oid; /* OID of substrings matching rule */ char *at_syntax_oid; /* OID of syntax of values */ int at_syntax_len; /* Suggested minimum maximum length */ int at_single_value; /* Is single-valued? */ int at_collective; /* Is collective? */ int at_no_user_mod; /* Are changes forbidden through LDAP? */ int at_usage; /* Usage, see below */ LDAPSchemaExtensionItem **at_extensions; /* Extensions */ } LDAPAttributeType; typedef struct ldap_objectclass { char *oc_oid; /* OID */ char **oc_names; /* Names */ char *oc_desc; /* Description */ int oc_obsolete; /* Is obsolete? */ char **oc_sup_oids; /* OIDs of superior classes */ int oc_kind; /* Kind, see below */ char **oc_at_oids_must; /* OIDs of required attribute types */ char **oc_at_oids_may; /* OIDs of optional attribute types */ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */ } LDAPObjectClass; .ta .fi .RE .PP Some integer fields (those described with a question mark) have a truth value, for these fields the possible values are: .TP .B LDAP_SCHEMA_NO The answer to the question is no. .TP .B LDAP_SCHEMA_YES The answer to the question is yes. .LP For attribute types, the following usages are possible: .TP .B LDAP_SCHEMA_USER_APPLICATIONS the attribute type is non-operational. .TP .B LDAP_SCHEMA_DIRECTORY_OPERATION the attribute type is operational and is pertinent to the directory itself, i.e. it has the same value on all servers that master the entry containing this attribute type. .TP .B LDAP_SCHEMA_DISTRIBUTED_OPERATION the attribute type is operational and is pertinent to replication, shadowing or other distributed directory aspect. TBC. .TP .B LDAP_SCHEMA_DSA_OPERATION the attribute type is operational and is pertinent to the directory server itself, i.e. it may have different values for the same entry when retrieved from different servers that master the entry. .LP Object classes can be of three kinds: .TP .B LDAP_SCHEMA_ABSTRACT the object class is abstract, i.e. there cannot be entries of this class alone. .TP .B LDAP_SCHEMA_STRUCTURAL the object class is structural, i.e. it describes the main role of the entry. On some servers, once the entry is created the set of structural object classes assigned cannot be changed: none of those present can be removed and none other can be added. .TP .B LDAP_SCHEMA_AUXILIARY the object class is auxiliary, i.e. it is intended to go with other, structural, object classes. These can be added or removed at any time if attribute types are added or removed at the same time as needed by the set of object classes resulting from the operation. .LP Routines .B ldap_xxx2name() return a canonical name for the definition. .LP Routines .B ldap_xxx2str() return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. .LP .B ldap_scherr2str() returns a NUL-terminated string with a text description of the error found. This is a pointer to a static area, so it must not be freed by the caller. The argument .IR code comes from one of the parsing routines and can adopt the following values: .TP .B LDAP_SCHERR_OUTOFMEM Out of memory. .TP .B LDAP_SCHERR_UNEXPTOKEN Unexpected token. .TP .B LDAP_SCHERR_NOLEFTPAREN Missing opening parenthesis. .TP .B LDAP_SCHERR_NORIGHTPAREN Missing closing parenthesis. .TP .B LDAP_SCHERR_NODIGIT Expecting digit. .TP .B LDAP_SCHERR_BADNAME Expecting a name. .TP .B LDAP_SCHERR_BADDESC Bad description. .TP .B LDAP_SCHERR_BADSUP Bad superiors. .TP .B LDAP_SCHERR_DUPOPT Duplicate option. .TP .B LDAP_SCHERR_EMPTY Unexpected end of data. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 321 stdin PK!..ldap_sasl_bind_s.3nu[.lf 1 stdin .TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .B #include .LP .BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], int *" msgidp ");" .RE .LP .BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");" .RE .LP .BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res "," .RS .BI "struct berval **" servercredp ", int " freeit ");" .RE .LP .BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ");" .RE .LP .BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ", LDAPMessage *" result "," .BI "const char **" rmechp ", int *" msgidp ");" .RE .LP .BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");" .LP .BI "int ldap_unbind(LDAP *" ld ");" .LP .BI "int ldap_unbind_s(LDAP *" ld ");" .LP .BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");" .LP .BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");" .SH DESCRIPTION .LP These routines provide various interfaces to the LDAP bind operation. After an association with an LDAP server is made using .BR ldap_init (3), an LDAP bind operation should be performed before other operations are attempted over the connection. An LDAP bind is required when using Version 2 of the LDAP protocol; it is optional for Version 3 but is usually needed due to security considerations. .LP There are three types of bind calls, ones providing simple authentication, ones providing SASL authentication, and general routines capable of doing either simple or SASL authentication. .LP .B SASL (Simple Authentication and Security Layer) can negotiate one of many different kinds of authentication. Both synchronous and asynchronous versions of each variant of the bind call are provided. All routines take \fIld\fP as their first parameter, as returned from .BR ldap_init (3). .SH SIMPLE AUTHENTICATION The simplest form of the bind call is .BR ldap_simple_bind_s() . It takes the DN to bind as in \fIwho\fP, and the userPassword associated with the entry in \fIpasswd\fP. It returns an LDAP error indication (see .BR ldap_error (3)). The .B ldap_simple_bind() call is asynchronous, taking the same parameters but only initiating the bind operation and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The .B ldap_sasl_bind_s() and asynchronous .B ldap_sasl_bind() functions can also be used to make a simple bind by using LDAP_SASL_SIMPLE as the SASL mechanism. .SH GENERAL AUTHENTICATION The .B ldap_bind() and .B ldap_bind_s() routines can be used when the authentication method to use needs to be selected at runtime. They both take an extra \fImethod\fP parameter selecting the authentication method to use. It should be set to LDAP_AUTH_SIMPLE to select simple authentication. .B ldap_bind() returns the message id of the request it initiates. .B ldap_bind_s() returns an LDAP error indication. .SH SASL AUTHENTICATION For SASL binds the server always ignores any provided DN, so the .I dn parameter should always be NULL. .BR ldap_sasl_bind_s () sends a single SASL bind request with the given SASL .I mechanism and credentials in the .I cred parameter. The format of the credentials depends on the particular SASL mechanism in use. For mechanisms that provide mutual authentication the server's credentials will be returned in the .I servercredp parameter. The routine returns an LDAP error indication (see .BR ldap_error (3)). The .BR ldap_sasl_bind () call is asynchronous, taking the same parameters but only sending the request and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The result must be additionally parsed by .BR ldap_parse_sasl_bind_result () to obtain any server credentials sent from the server. .LP Many SASL mechanisms require multiple message exchanges to perform a complete authentication. Applications should generally use .BR ldap_sasl_interactive_bind_s () rather than calling the basic .BR ldap_sasl_bind () functions directly. The .I mechs parameter should contain a space-separated list of candidate mechanisms to use. If this parameter is NULL or empty the library will query the supportedSASLMechanisms attribute from the server's rootDSE for the list of SASL mechanisms the server supports. The .I flags parameter controls the interaction used to retrieve any necessary SASL authentication parameters and should be one of: .TP LDAP_SASL_AUTOMATIC use defaults if available, prompt otherwise .TP LDAP_SASL_INTERACTIVE always prompt .TP LDAP_SASL_QUIET never prompt .LP The .I interact function uses the provided .I defaults to handle requests from the SASL library for particular authentication parameters. There is no defined format for the .I defaults information; it is up to the caller to use whatever format is appropriate for the supplied .I interact function. The .I sasl_interact parameter comes from the underlying SASL library. When used with Cyrus SASL this is an array of .B sasl_interact_t structures. The Cyrus SASL library will prompt for a variety of inputs, including: .TP SASL_CB_GETREALM the realm for the authentication attempt .TP SASL_CB_AUTHNAME the username to authenticate .TP SASL_CB_PASS the password for the provided username .TP SASL_CB_USER the username to use for proxy authorization .TP SASL_CB_NOECHOPROMPT generic prompt for input with input echoing disabled .TP SASL_CB_ECHOPROMPT generic prompt for input with input echoing enabled .TP SASL_CB_LIST_END indicates the end of the array of prompts .LP See the Cyrus SASL documentation for more details. .LP Applications which need to manage connections asynchronously may use .BR ldap_sasl_interactive_bind () instead of the synchronous version. A valid mechs parameter must be supplied, otherwise the library will be forced to query the server for a list of supported mechanisms, and this query will be performed synchronously. The other parameters are the same as for the synchronous function, with three additional parameters. The actual SASL mechanism that was used, and the message ID for use with .BR ldap_result () will be returned in rmechp and msgidp, respectively. The value in rmechp must not be modified by the caller and must be passed back on each subsequent call. The message obtained from .BR ldap_result () must be passed in the result parameter. This parameter must be NULL when initiating a new Bind. The caller must free the result message after each call using .BR ldap_msgfree (). The .BR ldap_sasl_interactive_bind () function returns an LDAP result code. If the code is LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and this function must be called again with the next result from the server. .SH REBINDING .LP The .B ldap_set_rebind_proc function() sets the process to use for binding when an operation returns a referral. This function is used when an application needs to bind to another server in order to follow a referral or search continuation reference. .LP The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP, the arbitrary data like state information which the client might need to properly rebind. The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries to use the rebind function. Use the .BR ldap_set_option function to set the value. .LP The rebind function parameters are as follows: .LP The \fIld\fP parameter must be used by the application when binding to the referred server if the application wants the libraries to follow the referral. .LP The \fIurl\fP parameter points to the URL referral string received from the LDAP server. The LDAP application can use the .BR ldap_url_parse (3) function to parse the string into its components. .LP The \fIrequest\fP parameter specifies the type of request that generated the referral. .LP The \fImsgid\fP parameter specifies the message ID of the request generating the referral. .LP The \fIparams\fP parameter is the same value as passed originally to the .BR ldap_set_rebind_proc () function. .LP The LDAP libraries set all the parameters when they call the rebind function. The application should not attempt to free either the ld or the url structures in the rebind function. .LP The application must supply to the rebind function the required authentication information such as, user name, password, and certificates. The rebind function must use a synchronous bind method. .SH UNBINDING The .B ldap_unbind() call is used to unbind from the directory, terminate the current association, and free the resources contained in the \fIld\fP structure. Once it is called, the connection to the LDAP server is closed, and the \fIld\fP structure is invalid. The .B ldap_unbind_s() call is just another name for .BR ldap_unbind() ; both of these calls are synchronous in nature. .LP The .B ldap_unbind_ext() and .B ldap_unbind_ext_s() allows the operations to specify controls. .SH ERRORS Asynchronous routines will return \-1 in case of error, setting the \fIld_errno\fP parameter of the \fIld\fP structure. Synchronous routines return whatever \fIld_errno\fP is set to. See .BR ldap_error (3) for more information. .SH NOTES If an anonymous bind is sufficient for the application, the rebind process need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option set to ON (default value) will automatically follow referrals using an anonymous bind. .LP If the application needs stronger authentication than an anonymous bind, you need to provide a rebind process for that authentication method. The bind method must be synchronous. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_open (3), .BR ldap_set_option (3), .BR ldap_url_parse (3) .B RFC 4422 (http://www.rfc-editor.org), .B Cyrus SASL (http://asg.web.cmu.edu/sasl/) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 335 stdin PK!n ldap_open.3nu[.lf 1 stdin .TH LDAP_OPEN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_init, ldap_initialize, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B LDAP *ldap_open(host, port) .ft char *host; int port; .LP .ft B LDAP *ldap_init(host, port) .ft char *host; int port; .LP .ft B int ldap_initialize(ldp, uri) .ft LDAP **ldp; char *uri; .LP .ft B int ldap_set_urllist_proc(ld, proc, params) .ft LDAP *ld; LDAP_URLLIST_PROC *proc; void *params; .LP .ft B int (LDAP_URLLIST_PROC)(ld, urllist, url, params); .ft LDAP *ld; LDAPURLDesc **urllist; LDAPURLDesc **url; void *params; .LP .ft B #include .LP .ft B int ldap_init_fd(fd, proto, uri, ldp) .ft ber_socket_t fd; int proto; char *uri; LDAP **ldp; .SH DESCRIPTION .LP .B ldap_open() opens a connection to an LDAP server and allocates an LDAP structure which is used to identify the connection and to maintain per-connection information. .B ldap_init() allocates an LDAP structure but does not open an initial connection. .B ldap_initialize() allocates an LDAP structure but does not open an initial connection. .B ldap_init_fd() allocates an LDAP structure using an existing connection on the provided socket. One of these routines must be called before any operations are attempted. .LP .B ldap_open() takes \fIhost\fP, the hostname on which the LDAP server is running, and \fIport\fP, the port number to which to connect. If the default IANA-assigned port of 389 is desired, LDAP_PORT should be specified for \fIport\fP. The \fIhost\fP parameter may contain a blank-separated list of hosts to try to connect to, and each host may optionally by of the form \fIhost:port\fP. If present, the \fI:port\fP overrides the \fIport\fP parameter to .BR ldap_open() . Upon successfully making a connection to an LDAP server, .B ldap_open() returns a pointer to an opaque LDAP structure, which should be passed to subsequent calls to .BR ldap_bind() , .BR ldap_search() , etc. Certain fields in the LDAP structure can be set to indicate size limit, time limit, and how aliases are handled during operations; read and write access to those fields must occur by calling .BR ldap_get_option (3) and .BR ldap_set_option (3) respectively, whenever possible. .LP .B ldap_init() acts just like .BR ldap_open() , but does not open a connection to the LDAP server. The actual connection open will occur when the first operation is attempted. .LP .B ldap_initialize() acts like .BR ldap_init() , but it returns an integer indicating either success or the failure reason, and it allows to specify details for the connection in the schema portion of the URI. The .I uri parameter may be a comma- or whitespace-separated list of URIs containing only the .IR schema , the .IR host , and the .I port fields. Apart from .BR ldap , other (non-standard) recognized values of the .I schema field are .B ldaps (LDAP over TLS), .B ldapi (LDAP over IPC), and .B cldap (connectionless LDAP). If other fields are present, the behavior is undefined. .LP At this time, .B ldap_open() and .B ldap_init() are deprecated in favor of .BR ldap_initialize() , essentially because the latter allows to specify a schema in the URI and it explicitly returns an error code. .LP .B ldap_init_fd() allows an LDAP structure to be initialized using an already-opened connection. The .I proto parameter should be one of LDAP_PROTO_TCP, LDAP_PROTO_UDP, or LDAP_PROTO_IPC for a connection using TCP, UDP, or IPC, respectively. The value LDAP_PROTO_EXT may also be specified if user-supplied sockbuf handlers are going to be used. Note that support for UDP is not implemented unless libldap was built with LDAP_CONNECTIONLESS defined. The .I uri parameter may optionally be provided for informational purposes. .LP .B ldap_set_urllist_proc() allows to set a function .I proc of type .I LDAP_URLLIST_PROC that is called when a successful connection can be established. This function receives the list of URIs parsed from the .I uri string originally passed to .BR ldap_initialize() , and the one that successfully connected. The function may manipulate the URI list; the typical use consists in moving the successful URI to the head of the list, so that subsequent attempts to connect to one of the URIs using the same LDAP handle will try it first. If .I ld is null, .I proc is set as a global parameter that is inherited by all handlers within the process that are created after the call to .BR ldap_set_urllist_proc() . By default, no .I LDAP_URLLIST_PROC is set. In a multithreaded environment, .B ldap_set_urllist_proc() must be called before any concurrent operation using the LDAP handle is started. Note: the first call into the LDAP library also initializes the global options for the library. As such the first call should be single-threaded or otherwise protected to insure that only one call is active. It is recommended that .BR ldap_get_option () or .BR ldap_set_option () be used in the program's main thread before any additional threads are created. See .BR ldap_get_option (3). .SH ERRORS If an error occurs, .B ldap_open() and .B ldap_init() will return NULL and .I errno should be set appropriately. .B ldap_initialize() and .B ldap_init_fd() will directly return the LDAP code associated to the error (or .I LDAP_SUCCESS in case of success); .I errno should be set as well whenever appropriate. .B ldap_set_urllist_proc() returns LDAP_OPT_ERROR on error, and LDAP_OPT_SUCCESS on success. .SH SEE ALSO .BR ldap (3), .BR ldap_bind (3), .BR ldap_get_option (3), .BR ldap_set_option (3), .BR lber-sockbuf (3), .BR errno (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 226 stdin PK!c%uu ldap_search.3nu[.lf 1 stdin .TH LDAP_SEARCH 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B int ldap_search_ext( .RS LDAP *\fIld\fB, char *\fIbase\fB, int \fIscope\fB, char *\fIfilter\fB, char *\fIattrs\fB[], int \fIattrsonly\fB, LDAPControl **\fIserverctrls\fB, LDAPControl **\fIclientctrls\fB, struct timeval *\fItimeout\fB, int \fIsizelimit\fB, int *\fImsgidp\fB ); .RE .LP .ft B int ldap_search_ext_s( .RS LDAP *\fIld\fB, char *\fIbase\fB, int \fIscope\fB, char *\fIfilter\fB, char *\fIattrs\fB[], int \fIattrsonly\fB, LDAPControl **\fIserverctrls\fB, LDAPControl **\fIclientctrls\fB, struct timeval *\fItimeout\fB, int \fIsizelimit\fB, LDAPMessage **\fIres\fB ); .RE .SH DESCRIPTION These routines are used to perform LDAP search operations. The .B ldap_search_ext_s() routine does the search synchronously (i.e., not returning until the operation completes), providing a pointer to the resulting LDAP messages at the location pointed to by the \fIres\fP parameter. .LP The .B ldap_search_ext() routine is the asynchronous version, initiating the search and returning the message id of the operation it initiated in the integer pointed to by the \fImsgidp\fP parameter. .LP The \fIbase\fP parameter is the DN of the entry at which to start the search. .LP The \fIscope\fP parameter is the scope of the search and should be one of LDAP_SCOPE_BASE, to search the object itself, LDAP_SCOPE_ONELEVEL, to search the object's immediate children, LDAP_SCOPE_SUBTREE, to search the object and all its descendants, or LDAP_SCOPE_CHILDREN, to search all of the descendants. Note that the latter requires the server support the LDAP Subordinates Search Scope extension. .LP The \fIfilter\fP is a string representation of the filter to apply in the search. The string should conform to the format specified in RFC 4515 as extended by RFC 4526. For instance, "(cn=Jane Doe)". Note that use of the extension requires the server to support the LDAP Absolute True/False Filter extension. NULL may be specified to indicate the library should send the filter (objectClass=*). .LP The \fIattrs\fP parameter is a null-terminated array of attribute descriptions to return from matching entries. If NULL is specified, the return of all user attributes is requested. The description "*" (LDAP_ALL_USER_ATTRIBUTES) may be used to request all user attributes to be returned. The description "+"(LDAP_ALL_OPERATIONAL_ATTRIBUTES) may be used to request all operational attributes to be returned. Note that this requires the server to support the LDAP All Operational Attribute extension. To request no attributes, the description "1.1" (LDAP_NO_ATTRS) should be listed by itself. .LP The \fIattrsonly\fP parameter should be set to a non-zero value if only attribute descriptions are wanted. It should be set to zero (0) if both attributes descriptions and attribute values are wanted. .LP The \fIserverctrls\fP and \fIclientctrls\fP parameters may be used to specify server and client controls, respectively. .LP The .B ldap_search_ext_s() routine is the synchronous version of .BR ldap_search_ext(). .LP It also returns a code indicating success or, in the case of failure, indicating the nature of the failure of the operation. See .BR ldap_error (3) for details. .SH NOTES Note that both read and list functionality are subsumed by these routines, by using a filter like "(objectclass=*)" and a scope of LDAP_SCOPE_BASE (to emulate read) or LDAP_SCOPE_ONELEVEL (to emulate list). .LP These routines may dynamically allocate memory. The caller is responsible for freeing such memory using supplied deallocation routines. Return values are contained in . .LP Note that \fIres\fR parameter of .B ldap_search_ext_s() and .B ldap_search_s() should be freed with .B ldap_msgfree() regardless of return value of these functions. .SH DEPRECATED INTERFACES The .B ldap_search() routine is deprecated in favor of the .B ldap_search_ext() routine. The .B ldap_search_s() and .B ldap_search_st() routines are deprecated in favor of the .B ldap_search_ext_s() routine. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 139 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_result (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 145 stdin PK!5^#v1v1ber_get_stringb.3nu[.lf 1 stdin .TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");" .LP .BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");" .LP .BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");" .LP .BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");" .LP .BI "ber_tag_t ber_get_null(BerElement *" ber ");" .LP .BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");" .LP .BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");" .LP .BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");" .LP .BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the decoding routines in the lber library. See .BR lber-encode (3) for details on the corresponding encoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_get_next () to get the next BER element and .BR ber_scanf () to do the actual decoding. In some cases, .BR ber_peek_tag () may also need to be called in normal usage. The other routines are provided for those applications that need more control than .BR ber_scanf () provides. In general, these routines return the tag of the element decoded, or LBER_ERROR if an error occurred. .LP The .BR ber_get_next () routine is used to read the next BER element from the given Sockbuf, \fIsb\fP. It strips off and returns the leading tag, strips off and returns the length of the entire element in \fIlen\fP, and sets up \fIber\fP for subsequent calls to .BR ber_scanf () et al to decode the element. See .BR lber-sockbuf (3) for details of the Sockbuf implementation of the \fIsb\fP parameter. .LP The .BR ber_scanf () routine is used to decode a BER element in much the same way that .BR scanf (3) works. It reads from \fIber\fP, a pointer to a BerElement such as returned by .BR ber_get_next (), interprets the bytes according to the format string \fIfmt\fP, and stores the results in its additional arguments. The format string contains conversion specifications which are used to direct the interpretation of the BER element. The format string can contain the following characters. .RS .LP .TP 3 .B a Octet string. A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter. The caller should free the returned string using .BR ber_memfree (). .TP .B A Octet string. A variant of "\fBa\fP". A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter, unless a zero-length string would result; in that case, the arg is set to NULL. The caller should free the returned string using .BR ber_memfree (). .TP .B s Octet string. A char * buffer should be supplied, followed by a pointer to a ber_len_t initialized to the size of the buffer. Upon return, the null-terminated octet string is put into the buffer, and the ber_len_t is set to the actual size of the octet string. .TP .B O Octet string. A struct ber_val ** should be supplied, which upon return points to a dynamically allocated struct berval containing the octet string and its length. The caller should free the returned structure using .BR ber_bvfree (). .TP .B o Octet string. A struct ber_val * should be supplied, which upon return contains the dynamically allocated octet string and its length. The caller should free the returned octet string using .BR ber_memfree (). .TP .B m Octet string. A struct ber_val * should be supplied, which upon return contains the octet string and its length. The string resides in memory assigned to the BerElement, and must not be freed by the caller. .TP .B b Boolean. A pointer to a ber_int_t should be supplied. .TP .B e Enumeration. A pointer to a ber_int_t should be supplied. .TP .B i Integer. A pointer to a ber_int_t should be supplied. .TP .B B Bitstring. A char ** should be supplied which will point to the dynamically allocated bits, followed by a ber_len_t *, which will point to the length (in bits) of the bitstring returned. .TP .B n Null. No parameter is required. The element is simply skipped if it is recognized. .TP .B v Sequence of octet strings. A char *** should be supplied, which upon return points to a dynamically allocated null-terminated array of char *'s containing the octet strings. NULL is returned if the sequence is empty. The caller should free the returned array and octet strings using .BR ber_memvfree (). .TP .B V Sequence of octet strings with lengths. A struct berval *** should be supplied, which upon return points to a dynamically allocated null-terminated array of struct berval *'s containing the octet strings and their lengths. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvecfree (). .TP .B W Sequence of octet strings with lengths. A BerVarray * should be supplied, which upon return points to a dynamically allocated array of struct berval's containing the octet strings and their lengths. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvarray_free (). .TP .B M Sequence of octet strings with lengths. This is a generalized form of the previous three formats. A void ** (ptr) should be supplied, followed by a ber_len_t * (len) and a ber_len_t (off). Upon return (ptr) will point to a dynamically allocated array whose elements are all of size (*len). A struct berval will be filled starting at offset (off) in each element. The strings in each struct berval reside in memory assigned to the BerElement and must not be freed by the caller. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The number of elements in the array is also stored in (*len) on return. The caller should free the returned array using .BR ber_memfree (). .TP .B l Length of the next element. A pointer to a ber_len_t should be supplied. .TP .B t Tag of the next element. A pointer to a ber_tag_t should be supplied. .TP .B T Skip element and return its tag. A pointer to a ber_tag_t should be supplied. .TP .B x Skip element. The next element is skipped. .TP .B { Begin sequence. No parameter is required. The initial sequence tag and length are skipped. .TP .B } End sequence. No parameter is required and no action is taken. .TP .B [ Begin set. No parameter is required. The initial set tag and length are skipped. .TP .B ] End set. No parameter is required and no action is taken. .RE .LP The .BR ber_get_int () routine tries to interpret the next element as an integer, returning the result in \fInum\fP. The tag of whatever it finds is returned on success, LBER_ERROR (\-1) on failure. .LP The .BR ber_get_stringb () routine is used to read an octet string into a preallocated buffer. The \fIlen\fP parameter should be initialized to the size of the buffer, and will contain the length of the octet string read upon return. The buffer should be big enough to take the octet string value plus a terminating NULL byte. .LP The .BR ber_get_stringa () routine is used to dynamically allocate space into which an octet string is read. The caller should free the returned string using .BR ber_memfree(). .LP The .BR ber_get_stringal () routine is used to dynamically allocate space into which an octet string and its length are read. It takes a struct berval **, and returns the result in this parameter. The caller should free the returned structure using .BR ber_bvfree(). .LP The .BR ber_get_stringbv () routine is used to read an octet string and its length into the provided struct berval *. If the \fIalloc\fP parameter is zero, the string will reside in memory assigned to the BerElement, and must not be freed by the caller. If the \fIalloc\fP parameter is non-zero, the string will be copied into dynamically allocated space which should be returned using .BR ber_memfree (). .LP The .BR ber_get_null () routine is used to read a NULL element. It returns the tag of the element it skips over. .LP The .BR ber_get_boolean () routine is used to read a boolean value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_enum () routine is used to read a enumeration value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_bitstringa () routine is used to read a bitstring value. It takes a char ** which will hold the dynamically allocated bits, followed by an ber_len_t *, which will point to the length (in bits) of the bitstring returned. The caller should free the returned string using .BR ber_memfree (). .LP The .BR ber_first_element () routine is used to return the tag and length of the first element in a set or sequence. It also returns in \fIcookie\fP a magic cookie parameter that should be passed to subsequent calls to ber_next_element(), which returns similar information. .SH EXAMPLES Assume the variable \fIber\fP contains a lightweight BER encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP The element can be decoded using .BR ber_scanf () as follows. .LP .nf ber_int_t scope, deref, size, time, attrsonly; char *dn, **attrs; ber_tag_t tag; tag = ber_scanf( ber, "{aeeiib{v}}", &dn, &scope, &deref, &size, &time, &attrsonly, &attrs ); if( tag == LBER_ERROR ) { /* error */ } else { /* success */ } ber_memfree( dn ); ber_memvfree( attrs ); .fi .SH ERRORS If an error occurs during decoding, generally these routines return LBER_ERROR ((ber_tag_t)\-1). .LP .SH NOTES .LP The return values for all of these functions are declared in the .B header file. Some routines may dynamically allocate memory which must be freed by the caller using supplied deallocation routines. .SH SEE ALSO .BR lber-encode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 358 stdin PK!nldap_set_urllist_proc.3nu[.lf 1 stdin .TH LDAP_OPEN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_init, ldap_initialize, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B LDAP *ldap_open(host, port) .ft char *host; int port; .LP .ft B LDAP *ldap_init(host, port) .ft char *host; int port; .LP .ft B int ldap_initialize(ldp, uri) .ft LDAP **ldp; char *uri; .LP .ft B int ldap_set_urllist_proc(ld, proc, params) .ft LDAP *ld; LDAP_URLLIST_PROC *proc; void *params; .LP .ft B int (LDAP_URLLIST_PROC)(ld, urllist, url, params); .ft LDAP *ld; LDAPURLDesc **urllist; LDAPURLDesc **url; void *params; .LP .ft B #include .LP .ft B int ldap_init_fd(fd, proto, uri, ldp) .ft ber_socket_t fd; int proto; char *uri; LDAP **ldp; .SH DESCRIPTION .LP .B ldap_open() opens a connection to an LDAP server and allocates an LDAP structure which is used to identify the connection and to maintain per-connection information. .B ldap_init() allocates an LDAP structure but does not open an initial connection. .B ldap_initialize() allocates an LDAP structure but does not open an initial connection. .B ldap_init_fd() allocates an LDAP structure using an existing connection on the provided socket. One of these routines must be called before any operations are attempted. .LP .B ldap_open() takes \fIhost\fP, the hostname on which the LDAP server is running, and \fIport\fP, the port number to which to connect. If the default IANA-assigned port of 389 is desired, LDAP_PORT should be specified for \fIport\fP. The \fIhost\fP parameter may contain a blank-separated list of hosts to try to connect to, and each host may optionally by of the form \fIhost:port\fP. If present, the \fI:port\fP overrides the \fIport\fP parameter to .BR ldap_open() . Upon successfully making a connection to an LDAP server, .B ldap_open() returns a pointer to an opaque LDAP structure, which should be passed to subsequent calls to .BR ldap_bind() , .BR ldap_search() , etc. Certain fields in the LDAP structure can be set to indicate size limit, time limit, and how aliases are handled during operations; read and write access to those fields must occur by calling .BR ldap_get_option (3) and .BR ldap_set_option (3) respectively, whenever possible. .LP .B ldap_init() acts just like .BR ldap_open() , but does not open a connection to the LDAP server. The actual connection open will occur when the first operation is attempted. .LP .B ldap_initialize() acts like .BR ldap_init() , but it returns an integer indicating either success or the failure reason, and it allows to specify details for the connection in the schema portion of the URI. The .I uri parameter may be a comma- or whitespace-separated list of URIs containing only the .IR schema , the .IR host , and the .I port fields. Apart from .BR ldap , other (non-standard) recognized values of the .I schema field are .B ldaps (LDAP over TLS), .B ldapi (LDAP over IPC), and .B cldap (connectionless LDAP). If other fields are present, the behavior is undefined. .LP At this time, .B ldap_open() and .B ldap_init() are deprecated in favor of .BR ldap_initialize() , essentially because the latter allows to specify a schema in the URI and it explicitly returns an error code. .LP .B ldap_init_fd() allows an LDAP structure to be initialized using an already-opened connection. The .I proto parameter should be one of LDAP_PROTO_TCP, LDAP_PROTO_UDP, or LDAP_PROTO_IPC for a connection using TCP, UDP, or IPC, respectively. The value LDAP_PROTO_EXT may also be specified if user-supplied sockbuf handlers are going to be used. Note that support for UDP is not implemented unless libldap was built with LDAP_CONNECTIONLESS defined. The .I uri parameter may optionally be provided for informational purposes. .LP .B ldap_set_urllist_proc() allows to set a function .I proc of type .I LDAP_URLLIST_PROC that is called when a successful connection can be established. This function receives the list of URIs parsed from the .I uri string originally passed to .BR ldap_initialize() , and the one that successfully connected. The function may manipulate the URI list; the typical use consists in moving the successful URI to the head of the list, so that subsequent attempts to connect to one of the URIs using the same LDAP handle will try it first. If .I ld is null, .I proc is set as a global parameter that is inherited by all handlers within the process that are created after the call to .BR ldap_set_urllist_proc() . By default, no .I LDAP_URLLIST_PROC is set. In a multithreaded environment, .B ldap_set_urllist_proc() must be called before any concurrent operation using the LDAP handle is started. Note: the first call into the LDAP library also initializes the global options for the library. As such the first call should be single-threaded or otherwise protected to insure that only one call is active. It is recommended that .BR ldap_get_option () or .BR ldap_set_option () be used in the program's main thread before any additional threads are created. See .BR ldap_get_option (3). .SH ERRORS If an error occurs, .B ldap_open() and .B ldap_init() will return NULL and .I errno should be set appropriately. .B ldap_initialize() and .B ldap_init_fd() will directly return the LDAP code associated to the error (or .I LDAP_SUCCESS in case of success); .I errno should be set as well whenever appropriate. .B ldap_set_urllist_proc() returns LDAP_OPT_ERROR on error, and LDAP_OPT_SUCCESS on success. .SH SEE ALSO .BR ldap (3), .BR ldap_bind (3), .BR ldap_get_option (3), .BR ldap_set_option (3), .BR lber-sockbuf (3), .BR errno (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 226 stdin PK! m&$$ ldap_perror.3nu[.lf 1 stdin .TH LDAP_ERROR 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char *ldap_err2string( int \fIerr\fB ); .SH DESCRIPTION The .B ldap_err2string() routine provides short description of the various codes returned by routines in this library. The returned string is a pointer to a static area that should not be modified. These codes are either negative, indicating an API error code; positive, indicating an LDAP resultCode other than \'success' (0), or - zero, indicating both successful use of the API and the LDAP resultCode \'success' (0). The code associated with an LDAP session is accessible using .BR ldap_get_option (3) and .BR ldap_set_option (3) with the .B LDAP_OPT_RESULT_CODE option (previously called .BR LDAP_OPT_ERROR_NUMBER ). .SH PROTOCOL RESULT CODES This section provides a partial list of protocol codes recognized by the library. As LDAP is extensible, additional values may be returned. A complete listing of \fIregistered\fP LDAP result codes can be obtained from the \fIInternet Assigned Numbers Authority\fP . .LP .TP 20 .SM LDAP_SUCCESS The request was successful. .TP .SM LDAP_OPERATIONS_ERROR An operations error occurred. .TP .SM LDAP_PROTOCOL_ERROR A protocol violation was detected. .TP .SM LDAP_TIMELIMIT_EXCEEDED An LDAP time limit was exceeded. .TP .SM LDAP_SIZELIMIT_EXCEEDED An LDAP size limit was exceeded. .TP .SM LDAP_COMPARE_FALSE A compare operation returned false. .TP .SM LDAP_COMPARE_TRUE A compare operation returned true. .TP .SM LDAP_STRONG_AUTH_NOT_SUPPORTED The LDAP server does not support strong authentication. .TP .SM LDAP_STRONG_AUTH_REQUIRED Strong authentication is required for the operation. .TP .SM LDAP_PARTIAL_RESULTS Partial results only returned. .TP .SM LDAP_NO_SUCH_ATTRIBUTE The attribute type specified does not exist in the entry. .TP .SM LDAP_UNDEFINED_TYPE The attribute type specified is invalid. .TP .SM LDAP_INAPPROPRIATE_MATCHING Filter type not supported for the specified attribute. .TP .SM LDAP_CONSTRAINT_VIOLATION An attribute value specified violates some constraint (e.g., a postalAddress has too many lines, or a line that is too long). .TP .SM LDAP_TYPE_OR_VALUE_EXISTS An attribute type or attribute value specified already exists in the entry. .TP .SM LDAP_INVALID_SYNTAX An invalid attribute value was specified. .TP .SM LDAP_NO_SUCH_OBJECT The specified object does not exist in The Directory. .TP .SM LDAP_ALIAS_PROBLEM An alias in The Directory points to a nonexistent entry. .TP .SM LDAP_INVALID_DN_SYNTAX A syntactically invalid DN was specified. .TP .SM LDAP_IS_LEAF The object specified is a leaf. .TP .SM LDAP_ALIAS_DEREF_PROBLEM A problem was encountered when dereferencing an alias. .TP .SM LDAP_INAPPROPRIATE_AUTH Inappropriate authentication was specified (e.g., LDAP_AUTH_SIMPLE was specified and the entry does not have a userPassword attribute). .TP .SM LDAP_INVALID_CREDENTIALS Invalid credentials were presented (e.g., the wrong password). .TP .SM LDAP_INSUFFICIENT_ACCESS The user has insufficient access to perform the operation. .TP .SM LDAP_BUSY The DSA is busy. .TP .SM LDAP_UNAVAILABLE The DSA is unavailable. .TP .SM LDAP_UNWILLING_TO_PERFORM The DSA is unwilling to perform the operation. .TP .SM LDAP_LOOP_DETECT A loop was detected. .TP .SM LDAP_NAMING_VIOLATION A naming violation occurred. .TP .SM LDAP_OBJECT_CLASS_VIOLATION An object class violation occurred (e.g., a "must" attribute was missing from the entry). .TP .SM LDAP_NOT_ALLOWED_ON_NONLEAF The operation is not allowed on a nonleaf object. .TP .SM LDAP_NOT_ALLOWED_ON_RDN The operation is not allowed on an RDN. .TP .SM LDAP_ALREADY_EXISTS The entry already exists. .TP .SM LDAP_NO_OBJECT_CLASS_MODS Object class modifications are not allowed. .TP .SM LDAP_OTHER An unknown error occurred. .SH API ERROR CODES This section provides a complete list of API error codes recognized by the library. Note that LDAP_SUCCESS indicates success of an API call in addition to representing the return of the LDAP \'success' resultCode. .LP .TP 20 .SM LDAP_SERVER_DOWN The LDAP library can't contact the LDAP server. .TP .SM LDAP_LOCAL_ERROR Some local error occurred. This is usually a failed dynamic memory allocation. .TP .SM LDAP_ENCODING_ERROR An error was encountered encoding parameters to send to the LDAP server. .TP .SM LDAP_DECODING_ERROR An error was encountered decoding a result from the LDAP server. .TP .SM LDAP_TIMEOUT A timelimit was exceeded while waiting for a result. .TP .SM LDAP_AUTH_UNKNOWN The authentication method specified to ldap_bind() is not known. .TP .SM LDAP_FILTER_ERROR An invalid filter was supplied to ldap_search() (e.g., unbalanced parentheses). .TP .SM LDAP_PARAM_ERROR An ldap routine was called with a bad parameter. .TP .SM LDAP_NO_MEMORY An memory allocation (e.g., malloc(3) or other dynamic memory allocator) call failed in an ldap library routine. .TP .SM LDAP_USER_CANCELED Indicates the user cancelled the operation. .TP .SM LDAP_CONNECT_ERROR Indicates a connection problem. .TP .SM LDAP_NOT_SUPPORTED Indicates the routine was called in a manner not supported by the library. .TP .SM LDAP_CONTROL_NOT_FOUND Indicates the control provided is unknown to the client library. .TP .SM LDAP_NO_RESULTS_RETURNED Indicates no results returned. .TP .SM LDAP_MORE_RESULTS_TO_RETURN Indicates more results could be returned. .TP .SM LDAP_CLIENT_LOOP Indicates the library has detected a loop in its processing. .TP .SM LDAP_REFERRAL_LIMIT_EXCEEDED Indicates the referral limit has been exceeded. .SH DEPRECATED .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 220 stdin .SH SEE ALSO .BR ldap (3), .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 225 stdin PK!'t!ldap_start_tls_s.3nu[.lf 1 stdin .TH LDAP_TLS 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_start_tls, ldap_start_tls_s, ldap_tls_inplace, ldap_install_tls \- LDAP TLS initialization routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "int ldap_start_tls(LDAP *" ld ");" .LP .BI "int ldap_start_tls_s(LDAP *" ld ", LDAPControl **" serverctrls ", LDAPControl **" clientctrls ");" .LP .BI "int ldap_tls_inplace(LDAP *" ld ");" .LP .BI "int ldap_install_tls(LDAP *" ld ");" .SH DESCRIPTION These routines are used to initiate TLS processing on an LDAP session. .BR ldap_start_tls_s () sends a StartTLS request to a server, waits for the reply, and then installs TLS handlers on the session if the request succeeded. The routine returns .B LDAP_SUCCESS if everything succeeded, otherwise it returns an LDAP error code. .BR ldap_start_tls () sends a StartTLS request to a server and does nothing else. It returns .B LDAP_SUCCESS if the request was sent successfully. .BR ldap_tls_inplace () returns 1 if TLS handlers have been installed on the specified session, 0 otherwise. .BR ldap_install_tls () installs the TLS handlers on the given session. It returns .B LDAP_LOCAL_ERROR if TLS is already installed. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 42 stdin PK! m&$$ ldap_error.3nu[.lf 1 stdin .TH LDAP_ERROR 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char *ldap_err2string( int \fIerr\fB ); .SH DESCRIPTION The .B ldap_err2string() routine provides short description of the various codes returned by routines in this library. The returned string is a pointer to a static area that should not be modified. These codes are either negative, indicating an API error code; positive, indicating an LDAP resultCode other than \'success' (0), or - zero, indicating both successful use of the API and the LDAP resultCode \'success' (0). The code associated with an LDAP session is accessible using .BR ldap_get_option (3) and .BR ldap_set_option (3) with the .B LDAP_OPT_RESULT_CODE option (previously called .BR LDAP_OPT_ERROR_NUMBER ). .SH PROTOCOL RESULT CODES This section provides a partial list of protocol codes recognized by the library. As LDAP is extensible, additional values may be returned. A complete listing of \fIregistered\fP LDAP result codes can be obtained from the \fIInternet Assigned Numbers Authority\fP . .LP .TP 20 .SM LDAP_SUCCESS The request was successful. .TP .SM LDAP_OPERATIONS_ERROR An operations error occurred. .TP .SM LDAP_PROTOCOL_ERROR A protocol violation was detected. .TP .SM LDAP_TIMELIMIT_EXCEEDED An LDAP time limit was exceeded. .TP .SM LDAP_SIZELIMIT_EXCEEDED An LDAP size limit was exceeded. .TP .SM LDAP_COMPARE_FALSE A compare operation returned false. .TP .SM LDAP_COMPARE_TRUE A compare operation returned true. .TP .SM LDAP_STRONG_AUTH_NOT_SUPPORTED The LDAP server does not support strong authentication. .TP .SM LDAP_STRONG_AUTH_REQUIRED Strong authentication is required for the operation. .TP .SM LDAP_PARTIAL_RESULTS Partial results only returned. .TP .SM LDAP_NO_SUCH_ATTRIBUTE The attribute type specified does not exist in the entry. .TP .SM LDAP_UNDEFINED_TYPE The attribute type specified is invalid. .TP .SM LDAP_INAPPROPRIATE_MATCHING Filter type not supported for the specified attribute. .TP .SM LDAP_CONSTRAINT_VIOLATION An attribute value specified violates some constraint (e.g., a postalAddress has too many lines, or a line that is too long). .TP .SM LDAP_TYPE_OR_VALUE_EXISTS An attribute type or attribute value specified already exists in the entry. .TP .SM LDAP_INVALID_SYNTAX An invalid attribute value was specified. .TP .SM LDAP_NO_SUCH_OBJECT The specified object does not exist in The Directory. .TP .SM LDAP_ALIAS_PROBLEM An alias in The Directory points to a nonexistent entry. .TP .SM LDAP_INVALID_DN_SYNTAX A syntactically invalid DN was specified. .TP .SM LDAP_IS_LEAF The object specified is a leaf. .TP .SM LDAP_ALIAS_DEREF_PROBLEM A problem was encountered when dereferencing an alias. .TP .SM LDAP_INAPPROPRIATE_AUTH Inappropriate authentication was specified (e.g., LDAP_AUTH_SIMPLE was specified and the entry does not have a userPassword attribute). .TP .SM LDAP_INVALID_CREDENTIALS Invalid credentials were presented (e.g., the wrong password). .TP .SM LDAP_INSUFFICIENT_ACCESS The user has insufficient access to perform the operation. .TP .SM LDAP_BUSY The DSA is busy. .TP .SM LDAP_UNAVAILABLE The DSA is unavailable. .TP .SM LDAP_UNWILLING_TO_PERFORM The DSA is unwilling to perform the operation. .TP .SM LDAP_LOOP_DETECT A loop was detected. .TP .SM LDAP_NAMING_VIOLATION A naming violation occurred. .TP .SM LDAP_OBJECT_CLASS_VIOLATION An object class violation occurred (e.g., a "must" attribute was missing from the entry). .TP .SM LDAP_NOT_ALLOWED_ON_NONLEAF The operation is not allowed on a nonleaf object. .TP .SM LDAP_NOT_ALLOWED_ON_RDN The operation is not allowed on an RDN. .TP .SM LDAP_ALREADY_EXISTS The entry already exists. .TP .SM LDAP_NO_OBJECT_CLASS_MODS Object class modifications are not allowed. .TP .SM LDAP_OTHER An unknown error occurred. .SH API ERROR CODES This section provides a complete list of API error codes recognized by the library. Note that LDAP_SUCCESS indicates success of an API call in addition to representing the return of the LDAP \'success' resultCode. .LP .TP 20 .SM LDAP_SERVER_DOWN The LDAP library can't contact the LDAP server. .TP .SM LDAP_LOCAL_ERROR Some local error occurred. This is usually a failed dynamic memory allocation. .TP .SM LDAP_ENCODING_ERROR An error was encountered encoding parameters to send to the LDAP server. .TP .SM LDAP_DECODING_ERROR An error was encountered decoding a result from the LDAP server. .TP .SM LDAP_TIMEOUT A timelimit was exceeded while waiting for a result. .TP .SM LDAP_AUTH_UNKNOWN The authentication method specified to ldap_bind() is not known. .TP .SM LDAP_FILTER_ERROR An invalid filter was supplied to ldap_search() (e.g., unbalanced parentheses). .TP .SM LDAP_PARAM_ERROR An ldap routine was called with a bad parameter. .TP .SM LDAP_NO_MEMORY An memory allocation (e.g., malloc(3) or other dynamic memory allocator) call failed in an ldap library routine. .TP .SM LDAP_USER_CANCELED Indicates the user cancelled the operation. .TP .SM LDAP_CONNECT_ERROR Indicates a connection problem. .TP .SM LDAP_NOT_SUPPORTED Indicates the routine was called in a manner not supported by the library. .TP .SM LDAP_CONTROL_NOT_FOUND Indicates the control provided is unknown to the client library. .TP .SM LDAP_NO_RESULTS_RETURNED Indicates no results returned. .TP .SM LDAP_MORE_RESULTS_TO_RETURN Indicates more results could be returned. .TP .SM LDAP_CLIENT_LOOP Indicates the library has detected a loop in its processing. .TP .SM LDAP_REFERRAL_LIMIT_EXCEEDED Indicates the referral limit has been exceeded. .SH DEPRECATED .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 220 stdin .SH SEE ALSO .BR ldap (3), .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 225 stdin PK! ldap_value_free.3nu[.lf 1 stdin .TH LDAP_GET_VALUES 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char **ldap_get_values(ld, entry, attr) .ft LDAP *ld; LDAPMessage *entry; char *attr; .LP .ft B struct berval **ldap_get_values_len(ld, entry, attr) .ft LDAP *ld; LDAPMessage *entry; char *attr; .LP .ft B int ldap_count_values(vals) .ft char **vals; .LP .ft B int ldap_count_values_len(vals) .ft struct berval **vals; .LP .ft B void ldap_value_free(vals) .ft char **vals; .LP .ft B void ldap_value_free_len(vals) .ft struct berval **vals; .SH DESCRIPTION These routines are used to retrieve and manipulate attribute values from an LDAP entry as returned by .BR ldap_first_entry (3) or .BR ldap_next_entry (3). .B ldap_get_values() takes the \fIentry\fP and the attribute \fIattr\fP whose values are desired and returns a NULL-terminated array of the attribute's values. \fIattr\fP may be an attribute type as returned from .BR ldap_first_attribute (3) or .BR ldap_next_attribute (3), or if the attribute type is known it can simply be given. .LP The number of values in the array can be counted by calling .BR ldap_count_values() . The array of values returned can be freed by calling .BR ldap_value_free() . .LP If the attribute values are binary in nature, and thus not suitable to be returned as an array of char *'s, the .B ldap_get_values_len() routine can be used instead. It takes the same parameters as .BR ldap_get_values() , but returns a NULL-terminated array of pointers to berval structures, each containing the length of and a pointer to a value. .LP The number of values in the array can be counted by calling .BR ldap_count_values_len() . The array of values returned can be freed by calling .BR ldap_value_free_len() . .SH ERRORS If an error occurs in .B ldap_get_values() or .BR ldap_get_values_len() , NULL is returned and the .B ld_errno field in the \fIld\fP parameter is set to indicate the error. See .BR ldap_error (3) for a description of possible error codes. .SH NOTES These routines dynamically allocate memory which the caller must free using the supplied routines. .SH SEE ALSO .BR ldap (3), .BR ldap_first_entry (3), .BR ldap_first_attribute (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 103 stdin PK!շYber_bvecfree.3nu[.lf 1 stdin .TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .nf .ft B typedef impl_tag_t ber_tag_t; typedef impl_int_t ber_int_t; typedef impl_uint_t ber_uint_t; typedef impl_len_t ber_len_t; typedef impl_slen_t ber_slen_t; typedef struct berval { ber_len_t bv_len; char *bv_val; } BerValue, *BerVarray; typedef struct berelement BerElement; .ft .fi .LP .BI "void ber_bvfree(struct berval *" bv ");" .LP .BI "void ber_bvecfree(struct berval **" bvec ");" .LP .BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");" .LP .BI "void ber_bvarray_free(struct berval *" bvarray ");" .LP .BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");" .LP .BI "struct berval *ber_bvdup(const struct berval *" bv ");" .LP .BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");" .LP .BI "struct berval *ber_bvstr(const char *" str ");" .LP .BI "struct berval *ber_bvstrdup(const char *" str ");" .LP .BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");" .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "BerElement *ber_init(struct berval *" bv ");" .LP .BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");" .LP .BI "void ber_free(BerElement *" ber ", int " freebuf ");" .SH DESCRIPTION .LP The following are the basic types and structures defined for use with the Lightweight BER library. .LP .B ber_int_t is a signed integer of at least 32 bits. It is commonly equivalent to .BR int . .B ber_uint_t is the unsigned variant of .BR ber_int_t . .LP .B ber_len_t is an unsigned integer of at least 32 bits used to represent a length. It is commonly equivalent to a .BR size_t . .B ber_slen_t is the signed variant to .BR ber_len_t . .LP .B ber_tag_t is an unsigned integer of at least 32 bits used to represent a BER tag. It is commonly equivalent to a .BR unsigned\ long . .LP The actual definitions of the integral impl_TYPE_t types are platform specific. .LP .BR BerValue , commonly used as .BR struct\ berval , is used to hold an arbitrary sequence of octets. .B bv_val points to .B bv_len octets. .B bv_val is not necessarily terminated by a NULL (zero) octet. .BR ber_bvfree () frees a BerValue, pointed to by \fIbv\fP, returned from this API. If \fIbv\fP is NULL, the routine does nothing. .LP .BR ber_bvecfree () frees an array of BerValues (and the array), pointed to by \fIbvec\fP, returned from this API. If \fIbvec\fP is NULL, the routine does nothing. .BR ber_bvecadd () appends the \fIbv\fP pointer to the \fIbvec\fP array. Space for the array is allocated as needed. The end of the array is marked by a NULL pointer. .LP .BR ber_bvarray_free () frees an array of BerValues (and the array), pointed to by \fIbvarray\fP, returned from this API. If \fIbvarray\fP is NULL, the routine does nothing. .BR ber_bvarray_add () appends the contents of the BerValue pointed to by \fIbv\fP to the \fIbvarray\fP array. Space for the new element is allocated as needed. The end of the array is marked by a BerValue with a NULL bv_val field. .LP .BR ber_bvdup () returns a copy of a BerValue. The routine returns NULL upon error (e.g. out of memory). The caller should use .BR ber_bvfree () to deallocate the resulting BerValue. .BR ber_dupbv () copies a BerValue from \fIsrc\fP to \fIdst\fP. If \fIdst\fP is NULL a new BerValue will be allocated to hold the copy. The routine returns NULL upon error, otherwise it returns a pointer to the copy. If \fIdst\fP is NULL the caller should use .BR ber_bvfree () to deallocate the resulting BerValue, otherwise .BR ber_memfree () should be used to deallocate the \fIdst->bv_val\fP. (The .BR ber_bvdup () function is internally implemented as ber_dupbv(NULL, bv). .BR ber_bvdup () is provided only for compatibility with an expired draft of the LDAP C API; .BR ber_dupbv () is the preferred interface.) .LP .BR ber_bvstr () returns a BerValue containing the string pointed to by \fIstr\fP. .BR ber_bvstrdup () returns a BerValue containing a copy of the string pointed to by \fIstr\fP. .BR ber_str2bv () returns a BerValue containing the string pointed to by \fIstr\fP, whose length may be optionally specified in \fIlen\fP. If \fIdup\fP is non-zero, the BerValue will contain a copy of \fIstr\fP. If \fIlen\fP is zero, the number of bytes to copy will be determined by .BR strlen (3), otherwise \fIlen\fP bytes will be copied. If \fIbv\fP is non-NULL, the result will be stored in the given BerValue, otherwise a new BerValue will be allocated to store the result. NOTE: Both .BR ber_bvstr () and .BR ber_bvstrdup () are implemented as macros using .BR ber_str2bv () in this version of the library. .LP .B BerElement is an opaque structure used to maintain state information used in encoding and decoding. .BR ber_alloc_t () is used to create an empty BerElement structure. If .B LBER_USE_DER is specified for the .I options parameter then data lengths for data written to the BerElement will be encoded in the minimal number of octets required, otherwise they will always be written as four byte values. .BR ber_init () creates a BerElement structure that is initialized with a copy of the data in its .I bv parameter. .BR ber_init2 () initializes an existing BerElement .I ber using the data in the .I bv parameter. The data is referenced directly, not copied. The .I options parameter is the same as for .BR ber_alloc_t (). .BR ber_free () frees a BerElement pointed to by \fIber\fP. If \fIber\fP is NULL, the routine does nothing. If \fIfreebuf\fP is zero, the internal buffer is not freed. .SH SEE ALSO .BR lber-encode (3), .BR lber-decode (3), .BR lber-memory (3) .LP .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 189 stdin PK!]Ib ldap_delete_ext.3nu[.lf 1 stdin .TH LDAP_DELETE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_delete, ldap_delete_s, ldap_delete_ext, ldap_delete_ext_s \- Perform an LDAP delete operation. .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_delete_s(ld, dn) .ft LDAP *ld; char *dn; .LP .ft B int ldap_delete(ld, dn) .ft LDAP *ld; char *dn; .LP .ft B int ldap_delete_ext(ld, dn, serverctrls, clientctrls, msgidp) .ft LDAP *ld; char *dn; LDAPControl **serverctrls, **clientctrls; int *msgidp; .LP .ft B int ldap_delete_ext_s(ld, dn, serverctrls, clientctrls) .ft LDAP *ld; char *dn; LDAPControl **serverctrls, **clientctrls; .SH DESCRIPTION The .B ldap_delete_s() routine is used to perform an LDAP delete operation synchronously. It takes \fIdn\fP, the DN of the entry to be deleted. It returns an LDAP error code, indicating the success or failure of the operation. .LP The .B ldap_delete() routine is used to perform an LDAP delete operation asynchronously. It takes the same parameters as .BR ldap_delete_s(), but returns the message id of the request it initiated. The result of the delete can be obtained by a subsequent call to .BR ldap_result (3). .LP The .B ldap_delete_ext() routine allows server and client controls to be specified to extend the delete request. This routine is asynchronous like ldap_delete(), but its return value is an LDAP error code. It stores the message id of the request in the integer pointed to by msgidp. .LP The .B ldap_delete_ext_s() routine is the synchronous version of .BR ldap_delete_ext(). It also returns an LDAP error code indicating success or failure of the operation. .SH ERRORS .B ldap_delete_s() returns an LDAP error code which can be interpreted by calling one of .BR ldap_perror (3) and friends. .B ldap_delete() returns \-1 if something went wrong initiating the request. It returns the non-negative message id of the request if things went ok. .LP .B ldap_delete_ext() and .B ldap_delete_ext_s() return some Non-zero value if something went wrong initiating the request, else return 0. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 90 stdin PK!.. ldap_bind_s.3nu[.lf 1 stdin .TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .B #include .LP .BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], int *" msgidp ");" .RE .LP .BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");" .RE .LP .BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res "," .RS .BI "struct berval **" servercredp ", int " freeit ");" .RE .LP .BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ");" .RE .LP .BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ", LDAPMessage *" result "," .BI "const char **" rmechp ", int *" msgidp ");" .RE .LP .BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");" .LP .BI "int ldap_unbind(LDAP *" ld ");" .LP .BI "int ldap_unbind_s(LDAP *" ld ");" .LP .BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");" .LP .BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");" .SH DESCRIPTION .LP These routines provide various interfaces to the LDAP bind operation. After an association with an LDAP server is made using .BR ldap_init (3), an LDAP bind operation should be performed before other operations are attempted over the connection. An LDAP bind is required when using Version 2 of the LDAP protocol; it is optional for Version 3 but is usually needed due to security considerations. .LP There are three types of bind calls, ones providing simple authentication, ones providing SASL authentication, and general routines capable of doing either simple or SASL authentication. .LP .B SASL (Simple Authentication and Security Layer) can negotiate one of many different kinds of authentication. Both synchronous and asynchronous versions of each variant of the bind call are provided. All routines take \fIld\fP as their first parameter, as returned from .BR ldap_init (3). .SH SIMPLE AUTHENTICATION The simplest form of the bind call is .BR ldap_simple_bind_s() . It takes the DN to bind as in \fIwho\fP, and the userPassword associated with the entry in \fIpasswd\fP. It returns an LDAP error indication (see .BR ldap_error (3)). The .B ldap_simple_bind() call is asynchronous, taking the same parameters but only initiating the bind operation and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The .B ldap_sasl_bind_s() and asynchronous .B ldap_sasl_bind() functions can also be used to make a simple bind by using LDAP_SASL_SIMPLE as the SASL mechanism. .SH GENERAL AUTHENTICATION The .B ldap_bind() and .B ldap_bind_s() routines can be used when the authentication method to use needs to be selected at runtime. They both take an extra \fImethod\fP parameter selecting the authentication method to use. It should be set to LDAP_AUTH_SIMPLE to select simple authentication. .B ldap_bind() returns the message id of the request it initiates. .B ldap_bind_s() returns an LDAP error indication. .SH SASL AUTHENTICATION For SASL binds the server always ignores any provided DN, so the .I dn parameter should always be NULL. .BR ldap_sasl_bind_s () sends a single SASL bind request with the given SASL .I mechanism and credentials in the .I cred parameter. The format of the credentials depends on the particular SASL mechanism in use. For mechanisms that provide mutual authentication the server's credentials will be returned in the .I servercredp parameter. The routine returns an LDAP error indication (see .BR ldap_error (3)). The .BR ldap_sasl_bind () call is asynchronous, taking the same parameters but only sending the request and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The result must be additionally parsed by .BR ldap_parse_sasl_bind_result () to obtain any server credentials sent from the server. .LP Many SASL mechanisms require multiple message exchanges to perform a complete authentication. Applications should generally use .BR ldap_sasl_interactive_bind_s () rather than calling the basic .BR ldap_sasl_bind () functions directly. The .I mechs parameter should contain a space-separated list of candidate mechanisms to use. If this parameter is NULL or empty the library will query the supportedSASLMechanisms attribute from the server's rootDSE for the list of SASL mechanisms the server supports. The .I flags parameter controls the interaction used to retrieve any necessary SASL authentication parameters and should be one of: .TP LDAP_SASL_AUTOMATIC use defaults if available, prompt otherwise .TP LDAP_SASL_INTERACTIVE always prompt .TP LDAP_SASL_QUIET never prompt .LP The .I interact function uses the provided .I defaults to handle requests from the SASL library for particular authentication parameters. There is no defined format for the .I defaults information; it is up to the caller to use whatever format is appropriate for the supplied .I interact function. The .I sasl_interact parameter comes from the underlying SASL library. When used with Cyrus SASL this is an array of .B sasl_interact_t structures. The Cyrus SASL library will prompt for a variety of inputs, including: .TP SASL_CB_GETREALM the realm for the authentication attempt .TP SASL_CB_AUTHNAME the username to authenticate .TP SASL_CB_PASS the password for the provided username .TP SASL_CB_USER the username to use for proxy authorization .TP SASL_CB_NOECHOPROMPT generic prompt for input with input echoing disabled .TP SASL_CB_ECHOPROMPT generic prompt for input with input echoing enabled .TP SASL_CB_LIST_END indicates the end of the array of prompts .LP See the Cyrus SASL documentation for more details. .LP Applications which need to manage connections asynchronously may use .BR ldap_sasl_interactive_bind () instead of the synchronous version. A valid mechs parameter must be supplied, otherwise the library will be forced to query the server for a list of supported mechanisms, and this query will be performed synchronously. The other parameters are the same as for the synchronous function, with three additional parameters. The actual SASL mechanism that was used, and the message ID for use with .BR ldap_result () will be returned in rmechp and msgidp, respectively. The value in rmechp must not be modified by the caller and must be passed back on each subsequent call. The message obtained from .BR ldap_result () must be passed in the result parameter. This parameter must be NULL when initiating a new Bind. The caller must free the result message after each call using .BR ldap_msgfree (). The .BR ldap_sasl_interactive_bind () function returns an LDAP result code. If the code is LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and this function must be called again with the next result from the server. .SH REBINDING .LP The .B ldap_set_rebind_proc function() sets the process to use for binding when an operation returns a referral. This function is used when an application needs to bind to another server in order to follow a referral or search continuation reference. .LP The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP, the arbitrary data like state information which the client might need to properly rebind. The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries to use the rebind function. Use the .BR ldap_set_option function to set the value. .LP The rebind function parameters are as follows: .LP The \fIld\fP parameter must be used by the application when binding to the referred server if the application wants the libraries to follow the referral. .LP The \fIurl\fP parameter points to the URL referral string received from the LDAP server. The LDAP application can use the .BR ldap_url_parse (3) function to parse the string into its components. .LP The \fIrequest\fP parameter specifies the type of request that generated the referral. .LP The \fImsgid\fP parameter specifies the message ID of the request generating the referral. .LP The \fIparams\fP parameter is the same value as passed originally to the .BR ldap_set_rebind_proc () function. .LP The LDAP libraries set all the parameters when they call the rebind function. The application should not attempt to free either the ld or the url structures in the rebind function. .LP The application must supply to the rebind function the required authentication information such as, user name, password, and certificates. The rebind function must use a synchronous bind method. .SH UNBINDING The .B ldap_unbind() call is used to unbind from the directory, terminate the current association, and free the resources contained in the \fIld\fP structure. Once it is called, the connection to the LDAP server is closed, and the \fIld\fP structure is invalid. The .B ldap_unbind_s() call is just another name for .BR ldap_unbind() ; both of these calls are synchronous in nature. .LP The .B ldap_unbind_ext() and .B ldap_unbind_ext_s() allows the operations to specify controls. .SH ERRORS Asynchronous routines will return \-1 in case of error, setting the \fIld_errno\fP parameter of the \fIld\fP structure. Synchronous routines return whatever \fIld_errno\fP is set to. See .BR ldap_error (3) for more information. .SH NOTES If an anonymous bind is sufficient for the application, the rebind process need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option set to ON (default value) will automatically follow referrals using an anonymous bind. .LP If the application needs stronger authentication than an anonymous bind, you need to provide a rebind process for that authentication method. The bind method must be synchronous. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_open (3), .BR ldap_set_option (3), .BR ldap_url_parse (3) .B RFC 4422 (http://www.rfc-editor.org), .B Cyrus SASL (http://asg.web.cmu.edu/sasl/) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 335 stdin PK!E͡ldap_msgtype.3nu[.lf 1 stdin .TH LDAP_RESULT 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_result \- Wait for the result of an LDAP operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_result( LDAP *ld, int msgid, int all, struct timeval *timeout, LDAPMessage **result ); int ldap_msgfree( LDAPMessage *msg ); int ldap_msgtype( LDAPMessage *msg ); int ldap_msgid( LDAPMessage *msg ); .ft .SH DESCRIPTION The .B ldap_result() routine is used to wait for and return the result of an operation previously initiated by one of the LDAP asynchronous operation routines (e.g., .BR ldap_search_ext (3), .BR ldap_modify_ext (3), etc.). Those routines all return \-1 in case of error, and an invocation identifier upon successful initiation of the operation. The invocation identifier is picked by the library and is guaranteed to be unique across the LDAP session. It can be used to request the result of a specific operation from .B ldap_result() through the \fImsgid\fP parameter. .LP The .B ldap_result() routine will block or not, depending upon the setting of the \fItimeout\fP parameter. If timeout is not a NULL pointer, it specifies a maximum interval to wait for the selection to complete. If timeout is a NULL pointer, the LDAP_OPT_TIMEOUT value set by .BR ldap_set_option (3) is used. With the default setting, the select blocks indefinitely. To effect a poll, the timeout argument should be a non-NULL pointer, pointing to a zero-valued timeval structure. To obtain the behavior of the default setting, bypassing any value set by .BR ldap_set_option (3), set to -1 the \fItv_sec\fP field of the \fItimeout\fP parameter. See .BR select (2) for further details. .LP If the result of a specific operation is required, \fImsgid\fP should be set to the invocation identifier returned when the operation was initiated, otherwise LDAP_RES_ANY or LDAP_RES_UNSOLICITED should be supplied to wait for any or unsolicited response. .LP The \fIall\fP parameter, if non-zero, causes .B ldap_result() to return all responses with msgid, otherwise only the next response is returned. This is commonly used to obtain all the responses of a search operation. .LP A search response is made up of zero or more search entries, zero or more search references, and zero or more extended partial responses followed by a search result. If \fIall\fP is set to 0, search entries will be returned one at a time as they come in, via separate calls to .BR ldap_result() . If it's set to 1, the search response will only be returned in its entirety, i.e., after all entries, all references, all extended partial responses, and the final search result have been received. .SH RETURN VALUE Upon success, the type of the result received is returned and the \fIresult\fP parameter will contain the result of the operation; otherwise, the \fIresult\fP parameter is undefined. This result should be passed to the LDAP parsing routines, .BR ldap_first_message (3) and friends, for interpretation. .LP The possible result types returned are: .LP .nf LDAP_RES_BIND (0x61) LDAP_RES_SEARCH_ENTRY (0x64) LDAP_RES_SEARCH_REFERENCE (0x73) LDAP_RES_SEARCH_RESULT (0x65) LDAP_RES_MODIFY (0x67) LDAP_RES_ADD (0x69) LDAP_RES_DELETE (0x6b) LDAP_RES_MODDN (0x6d) LDAP_RES_COMPARE (0x6f) LDAP_RES_EXTENDED (0x78) LDAP_RES_INTERMEDIATE (0x79) .fi .LP The .B ldap_msgfree() routine is used to free the memory allocated for result(s) by .B ldap_result() or .BR ldap_search_ext_s (3) and friends. It takes a pointer to the result or result chain to be freed and returns the type of the last message in the chain. If the parameter is NULL, the function does nothing and returns zero. .LP The .B ldap_msgtype() routine returns the type of a message. .LP The .B ldap_msgid() routine returns the message id of a message. .SH ERRORS .B ldap_result() returns \-1 if something bad happens, and zero if the timeout specified was exceeded. .B ldap_msgtype() and .B ldap_msgid() return \-1 on error. .SH SEE ALSO .BR ldap (3), .BR ldap_first_message (3), .BR select (2) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 137 stdin PK!CB ldap_compare_ext_s.3nu[.lf 1 stdin .TH LDAP_COMPARE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_compare, ldap_compare_s, ldap_compare_ext, ldap_compare_ext_s \- Perform an LDAP compare operation. .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_compare_ext( .RS .ft B LDAP *\fIld\fB, char *\fIdn\fB, char *\fIattr\fB, const struct berval *\fIbvalue\fB, LDAPControl **\fIserverctrls\fB, LDAPControl **\fIclientctrls\fB, int *\fImsgidp\fB ); .RE .LP .ft B int ldap_compare_ext_s( .RS .ft B LDAP *\fIld\fB, char *\fIdn\fB, char *\fIattr\fB, const struct berval *\fIbvalue\fB, LDAPControl **\fIserverctrls\fB, LDAPControl **\fIclientctrls\fB ); .RE .SH DESCRIPTION The .B ldap_compare_ext_s() routine is used to perform an LDAP compare operation synchronously. It takes \fIdn\fP, the DN of the entry upon which to perform the compare, and \fIattr\fP and \fIvalue\fP, the attribute description and value to compare to those found in the entry. It returns a code, which will be LDAP_COMPARE_TRUE if the entry contains the attribute value and LDAP_COMPARE_FALSE if it does not. Otherwise, an error code is returned that indicates the nature of the problem. See .BR ldap (3) for details. .LP The .B ldap_compare_ext() routine is used to perform an LDAP compare operation asynchronously. It takes the same parameters as .BR ldap_compare_ext_s() , but provides the message id of the request it initiated in the integer pointed to \fImsgidp\fP. The result of the compare can be obtained by a subsequent call to .BR ldap_result (3). .LP Both routines allow server and client controls to be specified to extend the compare request. .SH DEPRECATED INTERFACES The routines .BR ldap_compare () and .BR ldap_compare_s () are deprecated in favor of .BR ldap_compare_ext () and .BR ldap_compare_ext_s (), respectively. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 75 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 80 stdin PK!S/6 6 ldap_first_attribute.3nu[.lf 1 stdin .TH LDAP_FIRST_ATTRIBUTE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_first_attribute, ldap_next_attribute \- step through LDAP entry attributes .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char *ldap_first_attribute( LDAP *ld, LDAPMessage *entry, BerElement **berptr ) .LP .ft B char *ldap_next_attribute( LDAP *ld, LDAPMessage *entry, BerElement *ber ) .SH DESCRIPTION The .B ldap_first_attribute() and .B ldap_next_attribute() routines are used to step through the attributes in an LDAP entry. .B ldap_first_attribute() takes an \fIentry\fP as returned by .BR ldap_first_entry (3) or .BR ldap_next_entry (3) and returns a pointer to character string containing the first attribute description in the entry. .B ldap_next_attribute() returns the next attribute description in the entry. .LP It also returns, in \fIberptr\fP, a pointer to a BerElement it has allocated to keep track of its current position. This pointer should be passed to subsequent calls to .B ldap_next_attribute() and is used to effectively step through the entry's attributes. The caller is solely responsible for freeing the BerElement pointed to by \fIberptr\fP when it is no longer needed by calling .BR ber_free (3). When calling .BR ber_free (3) in this instance, be sure the second argument is 0. .LP The attribute names returned are suitable for inclusion in a call to .BR ldap_get_values (3) to retrieve the attribute's values. .SH ERRORS If an error occurs, NULL is returned and the ld_errno field in the \fIld\fP parameter is set to indicate the error. See .BR ldap_error (3) for a description of possible error codes. .SH NOTES The .B ldap_first_attribute() and .B ldap_next_attribute() return dynamically allocated memory that must be freed by the caller via .BR ldap_memfree (3). .SH SEE ALSO .BR ldap (3), .BR ldap_first_entry (3), .BR ldap_get_values (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 74 stdin PK!MK$K$ ber_put_set.3nu[.lf 1 stdin .TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");" .LP .BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");" .LP .BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");" .LP .BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");" .LP .BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_seq(BerElement *" ber ");" .LP .BI "int ber_put_set(BerElement *" ber ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the encoding routines in the lber library. See .BR lber-decode (3) for details on the corresponding decoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_alloc_t () to allocate a BER element for encoding, .BR ber_printf () to do the actual encoding, and .BR ber_flush2 () to actually write the element. The other routines are provided for those applications that need more control than .BR ber_printf () provides. In general, these routines return the length of the element encoded, or \-1 if an error occurred. .LP The .BR ber_alloc_t () routine is used to allocate a new BER element. It should be called with an argument of LBER_USE_DER. .LP The .BR ber_flush2 () routine is used to actually write the element to a socket (or file) descriptor, once it has been fully encoded (using .BR ber_printf () and friends). See .BR lber-sockbuf (3) for more details on the Sockbuf implementation of the \fIsb\fP parameter. If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will be freed. If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed when successfully flushed, otherwise it is left intact; if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed when an error occurs, otherwise it is left intact; if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway. This function differs from the original .BR ber_flush (3) function, whose behavior corresponds to that indicated for \fILBER_FLUSH_FREE_ON_SUCCESS\fP. Note that in the future, the behavior of .BR ber_flush (3) with \fIfreeit\fP non-zero might change into that of .BR ber_flush2 (3) with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP. .LP The .BR ber_printf () routine is used to encode a BER element in much the same way that .BR sprintf (3) works. One important difference, though, is that some state information is kept with the \fIber\fP parameter so that multiple calls can be made to .BR ber_printf () to append things to the end of the BER element. .BR Ber_printf () writes to \fIber\fP, a pointer to a BerElement such as returned by .BR ber_alloc_t (). It interprets and formats its arguments according to the format string \fIfmt\fP. The format string can contain the following characters: .RS .LP .TP 3 .B b Boolean. An ber_int_t parameter should be supplied. A boolean element is output. .TP .B e Enumeration. An ber_int_t parameter should be supplied. An enumeration element is output. .TP .B i Integer. An ber_int_t parameter should be supplied. An integer element is output. .TP .B B Bitstring. A char * pointer to the start of the bitstring is supplied, followed by the number of bits in the bitstring. A bitstring element is output. .TP .B n Null. No parameter is required. A null element is output. .TP .B o Octet string. A char * is supplied, followed by the length of the string pointed to. An octet string element is output. .TP .B O Octet string. A struct berval * is supplied. An octet string element is output. .TP .B s Octet string. A null-terminated string is supplied. An octet string element is output, not including the trailing NULL octet. .TP .B t Tag. A ber_tag_t specifying the tag to give the next element is provided. This works across calls. .TP .B v Several octet strings. A null-terminated array of char *'s is supplied. Note that a construct like '{v}' is required to get an actual SEQUENCE OF octet strings. .TP .B V Several octet strings. A null-terminated array of struct berval *'s is supplied. Note that a construct like '{V}' is required to get an actual SEQUENCE OF octet strings. .TP .B W Several octet strings. An array of struct berval's is supplied. The array is terminated by a struct berval with a NULL bv_val. Note that a construct like '{W}' is required to get an actual SEQUENCE OF octet strings. .TP .B { Begin sequence. No parameter is required. .TP .B } End sequence. No parameter is required. .TP .B [ Begin set. No parameter is required. .TP .B ] End set. No parameter is required. .RE .LP The .BR ber_put_int () routine writes the integer element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_enum () routine writes the enumeration element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_boolean () routine writes the boolean value given by \fIbool\fP to the BER element. .LP The .BR ber_put_bitstring () routine writes \fIblen\fP bits starting at \fIstr\fP as a bitstring value to the given BER element. Note that \fIblen\fP is the length \fIin bits\fP of the bitstring. .LP The .BR ber_put_ostring () routine writes \fIlen\fP bytes starting at \fIstr\fP to the BER element as an octet string. .LP The .BR ber_put_string () routine writes the null-terminated string (minus the terminating '\0') to the BER element as an octet string. .LP The .BR ber_put_null () routine writes a NULL element to the BER element. .LP The .BR ber_start_seq () routine is used to start a sequence in the BER element. The .BR ber_start_set () routine works similarly. The end of the sequence or set is marked by the nearest matching call to .BR ber_put_seq () or .BR ber_put_set (), respectively. .SH EXAMPLES Assuming the following variable declarations, and that the variables have been assigned appropriately, an lber encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP can be achieved like so: .LP .nf int rc; ber_int_t scope, ali, size, time, attrsonly; char *dn, **attrs; BerElement *ber; /* ... fill in values ... */ ber = ber_alloc_t( LBER_USE_DER ); if ( ber == NULL ) { /* error */ } rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali, size, time, attrsonly, attrs ); if( rc == \-1 ) { /* error */ } else { /* success */ } .fi .SH ERRORS If an error occurs during encoding, generally these routines return \-1. .LP .SH NOTES .LP The return values for all of these functions are declared in the header file. .SH SEE ALSO .BR lber-decode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 289 stdin PK!4ldap_mods_free.3nu[.lf 1 stdin .TH LDAP_MODIFY 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_modify_ext, ldap_modify_ext_s \- Perform an LDAP modify operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_modify_ext( .RS .ft B LDAP *\fIld\fB, char *\fIdn\fB, LDAPMod *\fImods[]\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB, int *\fImsgidp\fB ); .RE .LP .nf .ft B int ldap_modify_ext_s( .RS .ft B LDAP *\fIld\fB, char *\fIdn\fB, LDAPMod *\fImods[]\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB ); .RE .LP .nf .ft B void ldap_mods_free( .RS .ft B LDAPMod **\fImods\fB, int \fIfreemods\fB ); .RE .SH DESCRIPTION The routine .B ldap_modify_ext_s() is used to perform an LDAP modify operation. \fIdn\fP is the DN of the entry to modify, and \fImods\fP is a null-terminated array of modifications to make to the entry. Each element of the \fImods\fP array is a pointer to an LDAPMod structure, which is defined below. .LP .nf typedef struct ldapmod { int mod_op; char *mod_type; union { char **modv_strvals; struct berval **modv_bvals; } mod_vals; struct ldapmod *mod_next; } LDAPMod; #define mod_values mod_vals.modv_strvals #define mod_bvalues mod_vals.modv_bvals .ft .fi .LP The \fImod_op\fP field is used to specify the type of modification to perform and should be one of LDAP_MOD_ADD, LDAP_MOD_DELETE, or LDAP_MOD_REPLACE. The \fImod_type\fP and \fImod_values\fP fields specify the attribute type to modify and a null-terminated array of values to add, delete, or replace respectively. The \fImod_next\fP field is used only by the LDAP server and may be ignored by the client. .LP If you need to specify a non-string value (e.g., to add a photo or audio attribute value), you should set \fImod_op\fP to the logical OR of the operation as above (e.g., LDAP_MOD_REPLACE) and the constant LDAP_MOD_BVALUES. In this case, \fImod_bvalues\fP should be used instead of \fImod_values\fP, and it should point to a null-terminated array of struct bervals, as defined in . .LP For LDAP_MOD_ADD modifications, the given values are added to the entry, creating the attribute if necessary. For LDAP_MOD_DELETE modifications, the given values are deleted from the entry, removing the attribute if no values remain. If the entire attribute is to be deleted, the \fImod_values\fP field should be set to NULL. For LDAP_MOD_REPLACE modifications, the attribute will have the listed values after the modification, having been created if necessary. All modifications are performed in the order in which they are listed. .LP .B ldap_mods_free() can be used to free each element of a NULL-terminated array of mod structures. If \fIfreemods\fP is non-zero, the \fImods\fP pointer itself is freed as well. .LP .B ldap_modify_ext_s() returns a code indicating success or, in the case of failure, indicating the nature of the failure. See .BR ldap_error (3) for details .LP The .B ldap_modify_ext() operation works the same way as .BR ldap_modify_ext_s() , except that it is asynchronous. The integer that \fImsgidp\fP points to is set to the message id of the modify request. The result of the operation can be obtained by calling .BR ldap_result (3). .LP Both .B ldap_modify_ext() and .B ldap_modify_ext_s() allows server and client controls to be passed in via the sctrls and cctrls parameters, respectively. .SH DEPRECATED INTERFACES The .B ldap_modify() and .B ldap_modify_s() routines are deprecated in favor of the .B ldap_modify_ext() and .B ldap_modify_ext_s() routines, respectively. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 132 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 137 stdin PK!MK$K$ber_start_set.3nu[.lf 1 stdin .TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");" .LP .BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");" .LP .BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");" .LP .BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");" .LP .BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_seq(BerElement *" ber ");" .LP .BI "int ber_put_set(BerElement *" ber ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the encoding routines in the lber library. See .BR lber-decode (3) for details on the corresponding decoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_alloc_t () to allocate a BER element for encoding, .BR ber_printf () to do the actual encoding, and .BR ber_flush2 () to actually write the element. The other routines are provided for those applications that need more control than .BR ber_printf () provides. In general, these routines return the length of the element encoded, or \-1 if an error occurred. .LP The .BR ber_alloc_t () routine is used to allocate a new BER element. It should be called with an argument of LBER_USE_DER. .LP The .BR ber_flush2 () routine is used to actually write the element to a socket (or file) descriptor, once it has been fully encoded (using .BR ber_printf () and friends). See .BR lber-sockbuf (3) for more details on the Sockbuf implementation of the \fIsb\fP parameter. If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will be freed. If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed when successfully flushed, otherwise it is left intact; if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed when an error occurs, otherwise it is left intact; if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway. This function differs from the original .BR ber_flush (3) function, whose behavior corresponds to that indicated for \fILBER_FLUSH_FREE_ON_SUCCESS\fP. Note that in the future, the behavior of .BR ber_flush (3) with \fIfreeit\fP non-zero might change into that of .BR ber_flush2 (3) with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP. .LP The .BR ber_printf () routine is used to encode a BER element in much the same way that .BR sprintf (3) works. One important difference, though, is that some state information is kept with the \fIber\fP parameter so that multiple calls can be made to .BR ber_printf () to append things to the end of the BER element. .BR Ber_printf () writes to \fIber\fP, a pointer to a BerElement such as returned by .BR ber_alloc_t (). It interprets and formats its arguments according to the format string \fIfmt\fP. The format string can contain the following characters: .RS .LP .TP 3 .B b Boolean. An ber_int_t parameter should be supplied. A boolean element is output. .TP .B e Enumeration. An ber_int_t parameter should be supplied. An enumeration element is output. .TP .B i Integer. An ber_int_t parameter should be supplied. An integer element is output. .TP .B B Bitstring. A char * pointer to the start of the bitstring is supplied, followed by the number of bits in the bitstring. A bitstring element is output. .TP .B n Null. No parameter is required. A null element is output. .TP .B o Octet string. A char * is supplied, followed by the length of the string pointed to. An octet string element is output. .TP .B O Octet string. A struct berval * is supplied. An octet string element is output. .TP .B s Octet string. A null-terminated string is supplied. An octet string element is output, not including the trailing NULL octet. .TP .B t Tag. A ber_tag_t specifying the tag to give the next element is provided. This works across calls. .TP .B v Several octet strings. A null-terminated array of char *'s is supplied. Note that a construct like '{v}' is required to get an actual SEQUENCE OF octet strings. .TP .B V Several octet strings. A null-terminated array of struct berval *'s is supplied. Note that a construct like '{V}' is required to get an actual SEQUENCE OF octet strings. .TP .B W Several octet strings. An array of struct berval's is supplied. The array is terminated by a struct berval with a NULL bv_val. Note that a construct like '{W}' is required to get an actual SEQUENCE OF octet strings. .TP .B { Begin sequence. No parameter is required. .TP .B } End sequence. No parameter is required. .TP .B [ Begin set. No parameter is required. .TP .B ] End set. No parameter is required. .RE .LP The .BR ber_put_int () routine writes the integer element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_enum () routine writes the enumeration element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_boolean () routine writes the boolean value given by \fIbool\fP to the BER element. .LP The .BR ber_put_bitstring () routine writes \fIblen\fP bits starting at \fIstr\fP as a bitstring value to the given BER element. Note that \fIblen\fP is the length \fIin bits\fP of the bitstring. .LP The .BR ber_put_ostring () routine writes \fIlen\fP bytes starting at \fIstr\fP to the BER element as an octet string. .LP The .BR ber_put_string () routine writes the null-terminated string (minus the terminating '\0') to the BER element as an octet string. .LP The .BR ber_put_null () routine writes a NULL element to the BER element. .LP The .BR ber_start_seq () routine is used to start a sequence in the BER element. The .BR ber_start_set () routine works similarly. The end of the sequence or set is marked by the nearest matching call to .BR ber_put_seq () or .BR ber_put_set (), respectively. .SH EXAMPLES Assuming the following variable declarations, and that the variables have been assigned appropriately, an lber encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP can be achieved like so: .LP .nf int rc; ber_int_t scope, ali, size, time, attrsonly; char *dn, **attrs; BerElement *ber; /* ... fill in values ... */ ber = ber_alloc_t( LBER_USE_DER ); if ( ber == NULL ) { /* error */ } rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali, size, time, attrsonly, attrs ); if( rc == \-1 ) { /* error */ } else { /* success */ } .fi .SH ERRORS If an error occurs during encoding, generally these routines return \-1. .LP .SH NOTES .LP The return values for all of these functions are declared in the header file. .SH SEE ALSO .BR lber-decode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 289 stdin PK!gd"#"#ldap_str2syntax.3nu[.lf 1 stdin .TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B LDAPSyntax * ldap_str2syntax(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_syntax2str(syn) .ft const LDAPSyntax * syn; .LP .ft B const char * ldap_syntax2name(syn) .ft LDAPSyntax * syn; .LP .ft B ldap_syntax_free(syn) .ft LDAPSyntax * syn; .LP .ft B LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_matchingrule2str(mr); .ft const LDAPMatchingRule * mr; .LP .ft B const char * ldap_matchingrule2name(mr) .ft LDAPMatchingRule * mr; .LP .ft B ldap_matchingrule_free(mr) .ft LDAPMatchingRule * mr; .LP .ft B LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_attributetype2str(at) .ft const LDAPAttributeType * at; .LP .ft B const char * ldap_attributetype2name(at) .ft LDAPAttributeType * at; .LP .ft B ldap_attributetype_free(at) .ft LDAPAttributeType * at; .LP .ft B LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_objectclass2str(oc) .ft const LDAPObjectClass * oc; .LP .ft B const char * ldap_objectclass2name(oc) .ft LDAPObjectClass * oc; .LP .ft B ldap_objectclass_free(oc) .ft LDAPObjectClass * oc; .LP .ft B char * ldap_scherr2str(code) .ft int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is responsible for freeing the struct by calling .B ldap_xxx_free() when not needed any longer. The routine returns NULL if some problem happened. In this case, the integer pointed at by argument .IR code will receive an error code (see below the description of .B ldap_scherr2str() for an explanation of the values) and a pointer to a NUL-terminated string will be placed where requested by argument .IR errp , indicating where in argument .IR s the error happened, so it must not be freed by the caller. Argument .IR flags is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. .TP .B LDAP_SCHEMA_ALLOW_QUOTED permit quotes around some items that should not have them. .TP .B LDAP_SCHEMA_ALLOW_DESCR permit a .B descr instead of a numeric OID in places where the syntax expect the latter. .TP .B LDAP_SCHEMA_ALLOW_DESCR_PREFIX permit that the initial numeric OID contains a prefix in .B descr format. .TP .B LDAP_SCHEMA_ALLOW_ALL be very liberal, include all options. .LP The structures returned are as follows: .sp .RS .nf .ne 7 .ta 8n 16n 32n typedef struct ldap_schema_extension_item { char *lsei_name; /* Extension name */ char **lsei_values; /* Extension values */ } LDAPSchemaExtensionItem; typedef struct ldap_syntax { char *syn_oid; /* OID */ char **syn_names; /* Names */ char *syn_desc; /* Description */ LDAPSchemaExtensionItem **syn_extensions; /* Extension */ } LDAPSyntax; typedef struct ldap_matchingrule { char *mr_oid; /* OID */ char **mr_names; /* Names */ char *mr_desc; /* Description */ int mr_obsolete; /* Is obsolete? */ char *mr_syntax_oid; /* Syntax of asserted values */ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */ } LDAPMatchingRule; typedef struct ldap_attributetype { char *at_oid; /* OID */ char **at_names; /* Names */ char *at_desc; /* Description */ int at_obsolete; /* Is obsolete? */ char *at_sup_oid; /* OID of superior type */ char *at_equality_oid; /* OID of equality matching rule */ char *at_ordering_oid; /* OID of ordering matching rule */ char *at_substr_oid; /* OID of substrings matching rule */ char *at_syntax_oid; /* OID of syntax of values */ int at_syntax_len; /* Suggested minimum maximum length */ int at_single_value; /* Is single-valued? */ int at_collective; /* Is collective? */ int at_no_user_mod; /* Are changes forbidden through LDAP? */ int at_usage; /* Usage, see below */ LDAPSchemaExtensionItem **at_extensions; /* Extensions */ } LDAPAttributeType; typedef struct ldap_objectclass { char *oc_oid; /* OID */ char **oc_names; /* Names */ char *oc_desc; /* Description */ int oc_obsolete; /* Is obsolete? */ char **oc_sup_oids; /* OIDs of superior classes */ int oc_kind; /* Kind, see below */ char **oc_at_oids_must; /* OIDs of required attribute types */ char **oc_at_oids_may; /* OIDs of optional attribute types */ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */ } LDAPObjectClass; .ta .fi .RE .PP Some integer fields (those described with a question mark) have a truth value, for these fields the possible values are: .TP .B LDAP_SCHEMA_NO The answer to the question is no. .TP .B LDAP_SCHEMA_YES The answer to the question is yes. .LP For attribute types, the following usages are possible: .TP .B LDAP_SCHEMA_USER_APPLICATIONS the attribute type is non-operational. .TP .B LDAP_SCHEMA_DIRECTORY_OPERATION the attribute type is operational and is pertinent to the directory itself, i.e. it has the same value on all servers that master the entry containing this attribute type. .TP .B LDAP_SCHEMA_DISTRIBUTED_OPERATION the attribute type is operational and is pertinent to replication, shadowing or other distributed directory aspect. TBC. .TP .B LDAP_SCHEMA_DSA_OPERATION the attribute type is operational and is pertinent to the directory server itself, i.e. it may have different values for the same entry when retrieved from different servers that master the entry. .LP Object classes can be of three kinds: .TP .B LDAP_SCHEMA_ABSTRACT the object class is abstract, i.e. there cannot be entries of this class alone. .TP .B LDAP_SCHEMA_STRUCTURAL the object class is structural, i.e. it describes the main role of the entry. On some servers, once the entry is created the set of structural object classes assigned cannot be changed: none of those present can be removed and none other can be added. .TP .B LDAP_SCHEMA_AUXILIARY the object class is auxiliary, i.e. it is intended to go with other, structural, object classes. These can be added or removed at any time if attribute types are added or removed at the same time as needed by the set of object classes resulting from the operation. .LP Routines .B ldap_xxx2name() return a canonical name for the definition. .LP Routines .B ldap_xxx2str() return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. .LP .B ldap_scherr2str() returns a NUL-terminated string with a text description of the error found. This is a pointer to a static area, so it must not be freed by the caller. The argument .IR code comes from one of the parsing routines and can adopt the following values: .TP .B LDAP_SCHERR_OUTOFMEM Out of memory. .TP .B LDAP_SCHERR_UNEXPTOKEN Unexpected token. .TP .B LDAP_SCHERR_NOLEFTPAREN Missing opening parenthesis. .TP .B LDAP_SCHERR_NORIGHTPAREN Missing closing parenthesis. .TP .B LDAP_SCHERR_NODIGIT Expecting digit. .TP .B LDAP_SCHERR_BADNAME Expecting a name. .TP .B LDAP_SCHERR_BADDESC Bad description. .TP .B LDAP_SCHERR_BADSUP Bad superiors. .TP .B LDAP_SCHERR_DUPOPT Duplicate option. .TP .B LDAP_SCHERR_EMPTY Unexpected end of data. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 321 stdin PK! m&$$ldap_result2error.3nu[.lf 1 stdin .TH LDAP_ERROR 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char *ldap_err2string( int \fIerr\fB ); .SH DESCRIPTION The .B ldap_err2string() routine provides short description of the various codes returned by routines in this library. The returned string is a pointer to a static area that should not be modified. These codes are either negative, indicating an API error code; positive, indicating an LDAP resultCode other than \'success' (0), or - zero, indicating both successful use of the API and the LDAP resultCode \'success' (0). The code associated with an LDAP session is accessible using .BR ldap_get_option (3) and .BR ldap_set_option (3) with the .B LDAP_OPT_RESULT_CODE option (previously called .BR LDAP_OPT_ERROR_NUMBER ). .SH PROTOCOL RESULT CODES This section provides a partial list of protocol codes recognized by the library. As LDAP is extensible, additional values may be returned. A complete listing of \fIregistered\fP LDAP result codes can be obtained from the \fIInternet Assigned Numbers Authority\fP . .LP .TP 20 .SM LDAP_SUCCESS The request was successful. .TP .SM LDAP_OPERATIONS_ERROR An operations error occurred. .TP .SM LDAP_PROTOCOL_ERROR A protocol violation was detected. .TP .SM LDAP_TIMELIMIT_EXCEEDED An LDAP time limit was exceeded. .TP .SM LDAP_SIZELIMIT_EXCEEDED An LDAP size limit was exceeded. .TP .SM LDAP_COMPARE_FALSE A compare operation returned false. .TP .SM LDAP_COMPARE_TRUE A compare operation returned true. .TP .SM LDAP_STRONG_AUTH_NOT_SUPPORTED The LDAP server does not support strong authentication. .TP .SM LDAP_STRONG_AUTH_REQUIRED Strong authentication is required for the operation. .TP .SM LDAP_PARTIAL_RESULTS Partial results only returned. .TP .SM LDAP_NO_SUCH_ATTRIBUTE The attribute type specified does not exist in the entry. .TP .SM LDAP_UNDEFINED_TYPE The attribute type specified is invalid. .TP .SM LDAP_INAPPROPRIATE_MATCHING Filter type not supported for the specified attribute. .TP .SM LDAP_CONSTRAINT_VIOLATION An attribute value specified violates some constraint (e.g., a postalAddress has too many lines, or a line that is too long). .TP .SM LDAP_TYPE_OR_VALUE_EXISTS An attribute type or attribute value specified already exists in the entry. .TP .SM LDAP_INVALID_SYNTAX An invalid attribute value was specified. .TP .SM LDAP_NO_SUCH_OBJECT The specified object does not exist in The Directory. .TP .SM LDAP_ALIAS_PROBLEM An alias in The Directory points to a nonexistent entry. .TP .SM LDAP_INVALID_DN_SYNTAX A syntactically invalid DN was specified. .TP .SM LDAP_IS_LEAF The object specified is a leaf. .TP .SM LDAP_ALIAS_DEREF_PROBLEM A problem was encountered when dereferencing an alias. .TP .SM LDAP_INAPPROPRIATE_AUTH Inappropriate authentication was specified (e.g., LDAP_AUTH_SIMPLE was specified and the entry does not have a userPassword attribute). .TP .SM LDAP_INVALID_CREDENTIALS Invalid credentials were presented (e.g., the wrong password). .TP .SM LDAP_INSUFFICIENT_ACCESS The user has insufficient access to perform the operation. .TP .SM LDAP_BUSY The DSA is busy. .TP .SM LDAP_UNAVAILABLE The DSA is unavailable. .TP .SM LDAP_UNWILLING_TO_PERFORM The DSA is unwilling to perform the operation. .TP .SM LDAP_LOOP_DETECT A loop was detected. .TP .SM LDAP_NAMING_VIOLATION A naming violation occurred. .TP .SM LDAP_OBJECT_CLASS_VIOLATION An object class violation occurred (e.g., a "must" attribute was missing from the entry). .TP .SM LDAP_NOT_ALLOWED_ON_NONLEAF The operation is not allowed on a nonleaf object. .TP .SM LDAP_NOT_ALLOWED_ON_RDN The operation is not allowed on an RDN. .TP .SM LDAP_ALREADY_EXISTS The entry already exists. .TP .SM LDAP_NO_OBJECT_CLASS_MODS Object class modifications are not allowed. .TP .SM LDAP_OTHER An unknown error occurred. .SH API ERROR CODES This section provides a complete list of API error codes recognized by the library. Note that LDAP_SUCCESS indicates success of an API call in addition to representing the return of the LDAP \'success' resultCode. .LP .TP 20 .SM LDAP_SERVER_DOWN The LDAP library can't contact the LDAP server. .TP .SM LDAP_LOCAL_ERROR Some local error occurred. This is usually a failed dynamic memory allocation. .TP .SM LDAP_ENCODING_ERROR An error was encountered encoding parameters to send to the LDAP server. .TP .SM LDAP_DECODING_ERROR An error was encountered decoding a result from the LDAP server. .TP .SM LDAP_TIMEOUT A timelimit was exceeded while waiting for a result. .TP .SM LDAP_AUTH_UNKNOWN The authentication method specified to ldap_bind() is not known. .TP .SM LDAP_FILTER_ERROR An invalid filter was supplied to ldap_search() (e.g., unbalanced parentheses). .TP .SM LDAP_PARAM_ERROR An ldap routine was called with a bad parameter. .TP .SM LDAP_NO_MEMORY An memory allocation (e.g., malloc(3) or other dynamic memory allocator) call failed in an ldap library routine. .TP .SM LDAP_USER_CANCELED Indicates the user cancelled the operation. .TP .SM LDAP_CONNECT_ERROR Indicates a connection problem. .TP .SM LDAP_NOT_SUPPORTED Indicates the routine was called in a manner not supported by the library. .TP .SM LDAP_CONTROL_NOT_FOUND Indicates the control provided is unknown to the client library. .TP .SM LDAP_NO_RESULTS_RETURNED Indicates no results returned. .TP .SM LDAP_MORE_RESULTS_TO_RETURN Indicates more results could be returned. .TP .SM LDAP_CLIENT_LOOP Indicates the library has detected a loop in its processing. .TP .SM LDAP_REFERRAL_LIMIT_EXCEEDED Indicates the referral limit has been exceeded. .SH DEPRECATED .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 220 stdin .SH SEE ALSO .BR ldap (3), .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 225 stdin PK!E͡ ldap_msgid.3nu[.lf 1 stdin .TH LDAP_RESULT 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_result \- Wait for the result of an LDAP operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_result( LDAP *ld, int msgid, int all, struct timeval *timeout, LDAPMessage **result ); int ldap_msgfree( LDAPMessage *msg ); int ldap_msgtype( LDAPMessage *msg ); int ldap_msgid( LDAPMessage *msg ); .ft .SH DESCRIPTION The .B ldap_result() routine is used to wait for and return the result of an operation previously initiated by one of the LDAP asynchronous operation routines (e.g., .BR ldap_search_ext (3), .BR ldap_modify_ext (3), etc.). Those routines all return \-1 in case of error, and an invocation identifier upon successful initiation of the operation. The invocation identifier is picked by the library and is guaranteed to be unique across the LDAP session. It can be used to request the result of a specific operation from .B ldap_result() through the \fImsgid\fP parameter. .LP The .B ldap_result() routine will block or not, depending upon the setting of the \fItimeout\fP parameter. If timeout is not a NULL pointer, it specifies a maximum interval to wait for the selection to complete. If timeout is a NULL pointer, the LDAP_OPT_TIMEOUT value set by .BR ldap_set_option (3) is used. With the default setting, the select blocks indefinitely. To effect a poll, the timeout argument should be a non-NULL pointer, pointing to a zero-valued timeval structure. To obtain the behavior of the default setting, bypassing any value set by .BR ldap_set_option (3), set to -1 the \fItv_sec\fP field of the \fItimeout\fP parameter. See .BR select (2) for further details. .LP If the result of a specific operation is required, \fImsgid\fP should be set to the invocation identifier returned when the operation was initiated, otherwise LDAP_RES_ANY or LDAP_RES_UNSOLICITED should be supplied to wait for any or unsolicited response. .LP The \fIall\fP parameter, if non-zero, causes .B ldap_result() to return all responses with msgid, otherwise only the next response is returned. This is commonly used to obtain all the responses of a search operation. .LP A search response is made up of zero or more search entries, zero or more search references, and zero or more extended partial responses followed by a search result. If \fIall\fP is set to 0, search entries will be returned one at a time as they come in, via separate calls to .BR ldap_result() . If it's set to 1, the search response will only be returned in its entirety, i.e., after all entries, all references, all extended partial responses, and the final search result have been received. .SH RETURN VALUE Upon success, the type of the result received is returned and the \fIresult\fP parameter will contain the result of the operation; otherwise, the \fIresult\fP parameter is undefined. This result should be passed to the LDAP parsing routines, .BR ldap_first_message (3) and friends, for interpretation. .LP The possible result types returned are: .LP .nf LDAP_RES_BIND (0x61) LDAP_RES_SEARCH_ENTRY (0x64) LDAP_RES_SEARCH_REFERENCE (0x73) LDAP_RES_SEARCH_RESULT (0x65) LDAP_RES_MODIFY (0x67) LDAP_RES_ADD (0x69) LDAP_RES_DELETE (0x6b) LDAP_RES_MODDN (0x6d) LDAP_RES_COMPARE (0x6f) LDAP_RES_EXTENDED (0x78) LDAP_RES_INTERMEDIATE (0x79) .fi .LP The .B ldap_msgfree() routine is used to free the memory allocated for result(s) by .B ldap_result() or .BR ldap_search_ext_s (3) and friends. It takes a pointer to the result or result chain to be freed and returns the type of the last message in the chain. If the parameter is NULL, the function does nothing and returns zero. .LP The .B ldap_msgtype() routine returns the type of a message. .LP The .B ldap_msgid() routine returns the message id of a message. .SH ERRORS .B ldap_result() returns \-1 if something bad happens, and zero if the timeout specified was exceeded. .B ldap_msgtype() and .B ldap_msgid() return \-1 on error. .SH SEE ALSO .BR ldap (3), .BR ldap_first_message (3), .BR select (2) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 137 stdin PK!%&}..ldap_destroy.3nu[.lf 1 stdin .TH LDAP_OPEN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_dup, ldap_destroy, \- Duplicate and destroy LDAP session handles .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B LDAP *ldap_dup( .RS .ft B LDAP *\fIold\fB ); .RE .LP .ft B int ldap_destroy( .RS .ft B LDAP *\fIold\fB ); .RE .SH DESCRIPTION .LP .B ldap_dup() duplicates an existing LDAP .RB ( "LDAP *" ) session handle. The new session handle may be used concurrently with the original session handle. In a threaded environment, different threads may execute concurrent requests on the same connection/session without fear of contamination. Each session handle manages its own private error results. .LP .B ldap_destroy() destroys an existing session handle. .LP The .B ldap_dup() and .B ldap_destroy() functions are used in conjunction with a "thread safe" version of .B libldap .RB ( libldap_r ) to enable operation thread safe API calls, so that a single session may be simultaneously used across multiple threads with consistent error handling. .LP When a session is created through the use of one of the session creation functions including .BR ldap_open (3), .BR ldap_init (3), .BR ldap_initialize (3) or .BR ldap_init_fd (3) an .B "LDAP *" session handle is returned to the application. The session handle may be shared amongst threads, however the error codes are unique to a session handle. Multiple threads performing different operations using the same session handle will result in inconsistent error codes and return values. .LP To prevent this confusion, .B ldap_dup() is used duplicate an existing session handle so that multiple threads can share the session, and maintain consistent error information and results. .LP The message queues for a session are shared between sibling session handles. Results of operations on a sibling session handles are accessible to all the sibling session handles. Applications desiring results associated with a specific operation should provide the appropriate msgid to .BR ldap_result() . Applications should avoid calling .B ldap_result() with .B LDAP_RES_ANY as that may "steal" and return results in the calling thread that another operation in a different thread, using a different session handle, may require to complete. .LP When .B ldap_unbind() is called on a session handle with siblings, all the siblings become invalid. .LP Siblings must be destroyed using .BR ldap_destroy() . Session handle resources associated with the original .RB ( "LDAP *" ) will be freed when the last session handle is destroyed or when .B ldap_unbind() is called, if no other session handles currently exist. .SH ERRORS If an error occurs, .B ldap_dup() will return NULL and .I errno should be set appropriately. .B ldap_destroy() will directly return the LDAP code associated to the error (or .I LDAP_SUCCESS in case of success); .I errno should be set as well whenever appropriate. .SH SEE ALSO .BR ldap_open (3), .BR ldap_init (3), .BR ldap_initialize (3), .BR ldap_init_fd (3), .BR errno (3) .SH ACKNOWLEDGEMENTS This work is based on the previously proposed .B LDAP C API Concurrency Extensions draft .BR ( draft-zeilenga-ldap-c-api-concurrency-00.txt ) effort. .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 127 stdin PK!qq ldap_get_dn.3nu[.lf 1 stdin .TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char *ldap_get_dn( LDAP *ld, LDAPMessage *entry ) .LP .ft B int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags ) .LP .ft B void ldap_dnfree( LDAPDN dn ) .LP .ft B int ldap_dn2str( LDAPDN dn, char **str, unsigned flags ) .LP .ft B char **ldap_explode_dn( const char *dn, int notypes ) .LP .ft B char **ldap_explode_rdn( const char *rdn, int notypes ) .LP .ft B char *ldap_dn2ufn( const char * dn ) .LP .ft B char *ldap_dn2dcedn( const char * dn ) .LP .ft B char *ldap_dcedn2dn( const char * dn ) .LP .ft B char *ldap_dn2ad_canonical( const char * dn ) .SH DESCRIPTION These routines allow LDAP entry names (Distinguished Names, or DNs) to be obtained, parsed, converted to a user-friendly form, and tested. A DN has the form described in RFC 4414 "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names". .LP The .B ldap_get_dn() routine takes an \fIentry\fP as returned by .BR ldap_first_entry (3) or .BR ldap_next_entry (3) and returns a copy of the entry's DN. Space for the DN will be obtained dynamically and should be freed by the caller using .BR ldap_memfree (3). .LP .B ldap_str2dn() parses a string representation of a distinguished name contained in .B str into its components, which are stored in .B dn as .B ldap_ava structures, arranged in .B LDAPAVA, .B LDAPRDN, and .B LDAPDN terms. Space for .B dn will be obtained dynamically and should be freed by the caller using .BR ldap_dnfree (3). The .B LDAPDN is defined as: .nf .ft B typedef struct ldap_ava { struct berval la_attr; struct berval la_value; unsigned la_flags; } LDAPAVA; typedef LDAPAVA** LDAPRDN; typedef LDAPRDN* LDAPDN; .ft .fi The attribute types and the attribute values are not normalized. The .B la_flags can be either .B LDAP_AVA_STRING or .B LDAP_AVA_BINARY, the latter meaning that the value is BER/DER encoded and thus must be represented as, quoting from RFC 4514, " ... an octothorpe character ('#' ASCII 35) followed by the hexadecimal representation of each of the bytes of the BER encoding of the X.500 AttributeValue." The .B flags parameter to .B ldap_str2dn() can be .LP .nf LDAP_DN_FORMAT_LDAPV3 LDAP_DN_FORMAT_LDAPV2 LDAP_DN_FORMAT_DCE .fi which defines what DN syntax is expected (according to RFC 4514, RFC 1779 and DCE, respectively). The format can be \fIOR\fPed to the flags .LP .nf LDAP_DN_P_NO_SPACES LDAP_DN_P_NO_SPACE_AFTER_RDN ... LDAP_DN_PEDANTIC .fi The latter is a shortcut for all the previous limitations. .LP .B LDAP_DN_P_NO_SPACES does not allow extra spaces in the dn; the default is to silently eliminate spaces around AVA separators ('='), RDN component separators ('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators (',' LDAPv3/LDAPv2 or '/' for DCE). .LP .B LDAP_DN_P_NO_SPACE_AFTER_RDN does not allow a single space after RDN separators. .LP .B ldap_dn2str() performs the inverse operation, yielding in .B str a string representation of .B dn. It allows the same values for .B flags as .B ldap_str2dn(), plus .LP .nf LDAP_DN_FORMAT_UFN LDAP_DN_FORMAT_AD_CANONICAL .fi for user-friendly naming (RFC 1781) and AD canonical. .LP The following routines are viewed as deprecated in favor of .B ldap_str2dn() and .BR ldap_dn2str(). They are provided to support legacy applications. .LP The .B ldap_explode_dn() routine takes a DN as returned by .B ldap_get_dn() and breaks it up into its component parts. Each part is known as a Relative Distinguished Name, or RDN. .B ldap_explode_dn() returns a NULL-terminated array, each component of which contains an RDN from the DN. The \fInotypes\fP parameter is used to request that only the RDN values be returned, not their types. For example, the DN "cn=Bob, c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob", "US", NULL }, depending on whether notypes was 0 or 1, respectively. Assertion values in RDN strings may included escaped characters. The result can be freed by calling .BR ldap_value_free (3). .LP Similarly, the .B ldap_explode_rdn() routine takes an RDN as returned by .B ldap_explode_dn(dn,0) and breaks it up into its "type=value" component parts (or just "value", if the \fInotypes\fP parameter is set). Note the value is not unescaped. The result can be freed by calling .BR ldap_value_free (3). .LP .B ldap_dn2ufn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a more user-friendly form, stripping off all type names. See "Using the Directory to Achieve User Friendly Naming" (RFC 1781) for more details on the UFN format. Due to the ambiguous nature of the format, it is generally only used for display purposes. The space for the UFN returned is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .LP .B ldap_dn2dcedn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a DCE-style DN, e.g. a string with most-significant to least significant rdns separated by slashes ('/'); rdn components are separated by commas (','). Only printable chars (e.g. LDAPv2 printable string) are allowed, at least in this implementation. .B ldap_dcedn2dn() performs the opposite operation. .B ldap_dn2ad_canonical() turns a DN into a AD canonical name, which is basically a DCE dn with attribute types omitted. The trailing domain, if present, is turned in a DNS-like domain. The space for the returned value is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .SH ERRORS If an error occurs in .BR ldap_get_dn() , NULL is returned and the .B ld_errno field in the \fIld\fP parameter is set to indicate the error. See .BR ldap_error (3) for a description of possible error codes. .BR ldap_explode_dn() , .BR ldap_explode_rdn() , .B ldap_dn2ufn(), .B ldap_dn2dcedn(), .B ldap_dcedn2dn(), and .B ldap_dn2ad_canonical() will return NULL with .BR errno (3) set appropriately in case of trouble. .SH NOTES These routines dynamically allocate memory that the caller must free. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_first_entry (3), .BR ldap_memfree (3), .BR ldap_value_free (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 247 stdin PK!.. ldap_unbind.3nu[.lf 1 stdin .TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .B #include .LP .BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], int *" msgidp ");" .RE .LP .BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");" .RE .LP .BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res "," .RS .BI "struct berval **" servercredp ", int " freeit ");" .RE .LP .BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ");" .RE .LP .BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ", LDAPMessage *" result "," .BI "const char **" rmechp ", int *" msgidp ");" .RE .LP .BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");" .LP .BI "int ldap_unbind(LDAP *" ld ");" .LP .BI "int ldap_unbind_s(LDAP *" ld ");" .LP .BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");" .LP .BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");" .SH DESCRIPTION .LP These routines provide various interfaces to the LDAP bind operation. After an association with an LDAP server is made using .BR ldap_init (3), an LDAP bind operation should be performed before other operations are attempted over the connection. An LDAP bind is required when using Version 2 of the LDAP protocol; it is optional for Version 3 but is usually needed due to security considerations. .LP There are three types of bind calls, ones providing simple authentication, ones providing SASL authentication, and general routines capable of doing either simple or SASL authentication. .LP .B SASL (Simple Authentication and Security Layer) can negotiate one of many different kinds of authentication. Both synchronous and asynchronous versions of each variant of the bind call are provided. All routines take \fIld\fP as their first parameter, as returned from .BR ldap_init (3). .SH SIMPLE AUTHENTICATION The simplest form of the bind call is .BR ldap_simple_bind_s() . It takes the DN to bind as in \fIwho\fP, and the userPassword associated with the entry in \fIpasswd\fP. It returns an LDAP error indication (see .BR ldap_error (3)). The .B ldap_simple_bind() call is asynchronous, taking the same parameters but only initiating the bind operation and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The .B ldap_sasl_bind_s() and asynchronous .B ldap_sasl_bind() functions can also be used to make a simple bind by using LDAP_SASL_SIMPLE as the SASL mechanism. .SH GENERAL AUTHENTICATION The .B ldap_bind() and .B ldap_bind_s() routines can be used when the authentication method to use needs to be selected at runtime. They both take an extra \fImethod\fP parameter selecting the authentication method to use. It should be set to LDAP_AUTH_SIMPLE to select simple authentication. .B ldap_bind() returns the message id of the request it initiates. .B ldap_bind_s() returns an LDAP error indication. .SH SASL AUTHENTICATION For SASL binds the server always ignores any provided DN, so the .I dn parameter should always be NULL. .BR ldap_sasl_bind_s () sends a single SASL bind request with the given SASL .I mechanism and credentials in the .I cred parameter. The format of the credentials depends on the particular SASL mechanism in use. For mechanisms that provide mutual authentication the server's credentials will be returned in the .I servercredp parameter. The routine returns an LDAP error indication (see .BR ldap_error (3)). The .BR ldap_sasl_bind () call is asynchronous, taking the same parameters but only sending the request and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The result must be additionally parsed by .BR ldap_parse_sasl_bind_result () to obtain any server credentials sent from the server. .LP Many SASL mechanisms require multiple message exchanges to perform a complete authentication. Applications should generally use .BR ldap_sasl_interactive_bind_s () rather than calling the basic .BR ldap_sasl_bind () functions directly. The .I mechs parameter should contain a space-separated list of candidate mechanisms to use. If this parameter is NULL or empty the library will query the supportedSASLMechanisms attribute from the server's rootDSE for the list of SASL mechanisms the server supports. The .I flags parameter controls the interaction used to retrieve any necessary SASL authentication parameters and should be one of: .TP LDAP_SASL_AUTOMATIC use defaults if available, prompt otherwise .TP LDAP_SASL_INTERACTIVE always prompt .TP LDAP_SASL_QUIET never prompt .LP The .I interact function uses the provided .I defaults to handle requests from the SASL library for particular authentication parameters. There is no defined format for the .I defaults information; it is up to the caller to use whatever format is appropriate for the supplied .I interact function. The .I sasl_interact parameter comes from the underlying SASL library. When used with Cyrus SASL this is an array of .B sasl_interact_t structures. The Cyrus SASL library will prompt for a variety of inputs, including: .TP SASL_CB_GETREALM the realm for the authentication attempt .TP SASL_CB_AUTHNAME the username to authenticate .TP SASL_CB_PASS the password for the provided username .TP SASL_CB_USER the username to use for proxy authorization .TP SASL_CB_NOECHOPROMPT generic prompt for input with input echoing disabled .TP SASL_CB_ECHOPROMPT generic prompt for input with input echoing enabled .TP SASL_CB_LIST_END indicates the end of the array of prompts .LP See the Cyrus SASL documentation for more details. .LP Applications which need to manage connections asynchronously may use .BR ldap_sasl_interactive_bind () instead of the synchronous version. A valid mechs parameter must be supplied, otherwise the library will be forced to query the server for a list of supported mechanisms, and this query will be performed synchronously. The other parameters are the same as for the synchronous function, with three additional parameters. The actual SASL mechanism that was used, and the message ID for use with .BR ldap_result () will be returned in rmechp and msgidp, respectively. The value in rmechp must not be modified by the caller and must be passed back on each subsequent call. The message obtained from .BR ldap_result () must be passed in the result parameter. This parameter must be NULL when initiating a new Bind. The caller must free the result message after each call using .BR ldap_msgfree (). The .BR ldap_sasl_interactive_bind () function returns an LDAP result code. If the code is LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and this function must be called again with the next result from the server. .SH REBINDING .LP The .B ldap_set_rebind_proc function() sets the process to use for binding when an operation returns a referral. This function is used when an application needs to bind to another server in order to follow a referral or search continuation reference. .LP The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP, the arbitrary data like state information which the client might need to properly rebind. The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries to use the rebind function. Use the .BR ldap_set_option function to set the value. .LP The rebind function parameters are as follows: .LP The \fIld\fP parameter must be used by the application when binding to the referred server if the application wants the libraries to follow the referral. .LP The \fIurl\fP parameter points to the URL referral string received from the LDAP server. The LDAP application can use the .BR ldap_url_parse (3) function to parse the string into its components. .LP The \fIrequest\fP parameter specifies the type of request that generated the referral. .LP The \fImsgid\fP parameter specifies the message ID of the request generating the referral. .LP The \fIparams\fP parameter is the same value as passed originally to the .BR ldap_set_rebind_proc () function. .LP The LDAP libraries set all the parameters when they call the rebind function. The application should not attempt to free either the ld or the url structures in the rebind function. .LP The application must supply to the rebind function the required authentication information such as, user name, password, and certificates. The rebind function must use a synchronous bind method. .SH UNBINDING The .B ldap_unbind() call is used to unbind from the directory, terminate the current association, and free the resources contained in the \fIld\fP structure. Once it is called, the connection to the LDAP server is closed, and the \fIld\fP structure is invalid. The .B ldap_unbind_s() call is just another name for .BR ldap_unbind() ; both of these calls are synchronous in nature. .LP The .B ldap_unbind_ext() and .B ldap_unbind_ext_s() allows the operations to specify controls. .SH ERRORS Asynchronous routines will return \-1 in case of error, setting the \fIld_errno\fP parameter of the \fIld\fP structure. Synchronous routines return whatever \fIld_errno\fP is set to. See .BR ldap_error (3) for more information. .SH NOTES If an anonymous bind is sufficient for the application, the rebind process need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option set to ON (default value) will automatically follow referrals using an anonymous bind. .LP If the application needs stronger authentication than an anonymous bind, you need to provide a rebind process for that authentication method. The bind method must be synchronous. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_open (3), .BR ldap_set_option (3), .BR ldap_url_parse (3) .B RFC 4422 (http://www.rfc-editor.org), .B Cyrus SASL (http://asg.web.cmu.edu/sasl/) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 335 stdin PK!n ldap_init.3nu[.lf 1 stdin .TH LDAP_OPEN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_init, ldap_initialize, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B LDAP *ldap_open(host, port) .ft char *host; int port; .LP .ft B LDAP *ldap_init(host, port) .ft char *host; int port; .LP .ft B int ldap_initialize(ldp, uri) .ft LDAP **ldp; char *uri; .LP .ft B int ldap_set_urllist_proc(ld, proc, params) .ft LDAP *ld; LDAP_URLLIST_PROC *proc; void *params; .LP .ft B int (LDAP_URLLIST_PROC)(ld, urllist, url, params); .ft LDAP *ld; LDAPURLDesc **urllist; LDAPURLDesc **url; void *params; .LP .ft B #include .LP .ft B int ldap_init_fd(fd, proto, uri, ldp) .ft ber_socket_t fd; int proto; char *uri; LDAP **ldp; .SH DESCRIPTION .LP .B ldap_open() opens a connection to an LDAP server and allocates an LDAP structure which is used to identify the connection and to maintain per-connection information. .B ldap_init() allocates an LDAP structure but does not open an initial connection. .B ldap_initialize() allocates an LDAP structure but does not open an initial connection. .B ldap_init_fd() allocates an LDAP structure using an existing connection on the provided socket. One of these routines must be called before any operations are attempted. .LP .B ldap_open() takes \fIhost\fP, the hostname on which the LDAP server is running, and \fIport\fP, the port number to which to connect. If the default IANA-assigned port of 389 is desired, LDAP_PORT should be specified for \fIport\fP. The \fIhost\fP parameter may contain a blank-separated list of hosts to try to connect to, and each host may optionally by of the form \fIhost:port\fP. If present, the \fI:port\fP overrides the \fIport\fP parameter to .BR ldap_open() . Upon successfully making a connection to an LDAP server, .B ldap_open() returns a pointer to an opaque LDAP structure, which should be passed to subsequent calls to .BR ldap_bind() , .BR ldap_search() , etc. Certain fields in the LDAP structure can be set to indicate size limit, time limit, and how aliases are handled during operations; read and write access to those fields must occur by calling .BR ldap_get_option (3) and .BR ldap_set_option (3) respectively, whenever possible. .LP .B ldap_init() acts just like .BR ldap_open() , but does not open a connection to the LDAP server. The actual connection open will occur when the first operation is attempted. .LP .B ldap_initialize() acts like .BR ldap_init() , but it returns an integer indicating either success or the failure reason, and it allows to specify details for the connection in the schema portion of the URI. The .I uri parameter may be a comma- or whitespace-separated list of URIs containing only the .IR schema , the .IR host , and the .I port fields. Apart from .BR ldap , other (non-standard) recognized values of the .I schema field are .B ldaps (LDAP over TLS), .B ldapi (LDAP over IPC), and .B cldap (connectionless LDAP). If other fields are present, the behavior is undefined. .LP At this time, .B ldap_open() and .B ldap_init() are deprecated in favor of .BR ldap_initialize() , essentially because the latter allows to specify a schema in the URI and it explicitly returns an error code. .LP .B ldap_init_fd() allows an LDAP structure to be initialized using an already-opened connection. The .I proto parameter should be one of LDAP_PROTO_TCP, LDAP_PROTO_UDP, or LDAP_PROTO_IPC for a connection using TCP, UDP, or IPC, respectively. The value LDAP_PROTO_EXT may also be specified if user-supplied sockbuf handlers are going to be used. Note that support for UDP is not implemented unless libldap was built with LDAP_CONNECTIONLESS defined. The .I uri parameter may optionally be provided for informational purposes. .LP .B ldap_set_urllist_proc() allows to set a function .I proc of type .I LDAP_URLLIST_PROC that is called when a successful connection can be established. This function receives the list of URIs parsed from the .I uri string originally passed to .BR ldap_initialize() , and the one that successfully connected. The function may manipulate the URI list; the typical use consists in moving the successful URI to the head of the list, so that subsequent attempts to connect to one of the URIs using the same LDAP handle will try it first. If .I ld is null, .I proc is set as a global parameter that is inherited by all handlers within the process that are created after the call to .BR ldap_set_urllist_proc() . By default, no .I LDAP_URLLIST_PROC is set. In a multithreaded environment, .B ldap_set_urllist_proc() must be called before any concurrent operation using the LDAP handle is started. Note: the first call into the LDAP library also initializes the global options for the library. As such the first call should be single-threaded or otherwise protected to insure that only one call is active. It is recommended that .BR ldap_get_option () or .BR ldap_set_option () be used in the program's main thread before any additional threads are created. See .BR ldap_get_option (3). .SH ERRORS If an error occurs, .B ldap_open() and .B ldap_init() will return NULL and .I errno should be set appropriately. .B ldap_initialize() and .B ldap_init_fd() will directly return the LDAP code associated to the error (or .I LDAP_SUCCESS in case of success); .I errno should be set as well whenever appropriate. .B ldap_set_urllist_proc() returns LDAP_OPT_ERROR on error, and LDAP_OPT_SUCCESS on success. .SH SEE ALSO .BR ldap (3), .BR ldap_bind (3), .BR ldap_get_option (3), .BR ldap_set_option (3), .BR lber-sockbuf (3), .BR errno (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 226 stdin PK! NO O ldap_next_message.3nu[.lf 1 stdin .TH LDAP_FIRST_MESSAGE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_first_message, ldap_next_message, ldap_count_messages \- Stepping through messages in a result chain .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_count_messages( LDAP *ld, LDAPMessage *result ) .LP .ft B LDAPMessage *ldap_first_message( LDAP *ld, LDAPMessage *result ) .LP .ft B LDAPMessage *ldap_next_message( LDAP *ld, LDAPMessage *message ) .SH DESCRIPTION .LP These routines are used to step through the messages in a result chain received from .BR ldap_result (3) . For search operations, the result chain can contain referral, entry and result messages. The .BR ldap_msgtype (3) function can be used to distinguish between the different message types. .LP The .B ldap_first_message() routine is used to retrieve the first message in a result chain. It takes the \fIresult\fP as returned by a call to .BR ldap_result (3) , .BR ldap_search_s (3) or .BR ldap_search_st (3) and returns a pointer to the first message in the result chain. .LP This pointer should be supplied on a subsequent call to .B ldap_next_message() to get the next message, the result of which should be supplied to the next call to .BR ldap_next_message() , etc. .B ldap_next_message() will return NULL when there are no more messages. .LP These functions are useful when using routines like .BR ldap_parse_result (3) that only operate on the first result in the chain. .LP A count of the number of messages in the result chain can be obtained by calling .BR ldap_count_messages() . It can also be used to count the number of remaining messages in a chain if called with a message, entry or reference returned by .B ldap_first_message() , .B ldap_next_message() , .BR ldap_first_entry (3) , .BR ldap_next_entry (3) , .BR ldap_first_reference (3) , .BR ldap_next_reference (3) . .SH ERRORS If an error occurs in .B ldap_first_message() or .BR ldap_next_message() , NULL is returned. If an error occurs in .BR ldap_count_messages() , -1 is returned. .SH SEE ALSO .BR ldap (3), .BR ldap_search (3), .BR ldap_result (3), .BR ldap_parse_result (3), .BR ldap_first_entry (3), .BR ldap_first_reference (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 83 stdin PK!w;+- - ldap_first_reference.3nu[.lf 1 stdin .TH LDAP_FIRST_REFERENCE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_first_reference, ldap_next_reference, ldap_count_references \- Stepping through continuation references in a result chain .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_count_references( LDAP *ld, LDAPMessage *result ) .LP .ft B LDAPMessage *ldap_first_reference( LDAP *ld, LDAPMessage *result ) .LP .ft B LDAPMessage *ldap_next_reference( LDAP *ld, LDAPMessage *reference ) .SH DESCRIPTION .LP These routines are used to step through the continuation references in a result chain received from .BR ldap_result (3) or the synchronous LDAP search operation routines. .LP The .B ldap_first_reference() routine is used to retrieve the first reference message in a result chain. It takes the \fIresult\fP as returned by a call to .BR ldap_result (3) , .BR ldap_search_s (3) or .BR ldap_search_st (3) and returns a pointer to the first reference message in the result chain. .LP This pointer should be supplied on a subsequent call to .B ldap_next_reference() to get the next reference message, the result of which should be supplied to the next call to .BR ldap_next_reference() , etc. .B ldap_next_reference() will return NULL when there are no more reference messages. The reference messages returned from these calls are used by .BR ldap_parse_reference (3) to extract referrals and controls. .LP A count of the number of reference messages in the search result can be obtained by calling .BR ldap_count_references() . It can also be used to count the number of reference messages remaining in a result chain. .SH ERRORS If an error occurs in .B ldap_first_reference() or .BR ldap_next_reference() , NULL is returned. If an error occurs in .BR ldap_count_references() , -1 is returned. .SH SEE ALSO .BR ldap (3), .BR ldap_result (3), .BR ldap_search (3), .BR ldap_parse_reference (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 72 stdin PK!}q ldap_add_ext.3nu[.lf 1 stdin .TH LDAP_ADD 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_add_ext, ldap_add_ext_s \- Perform an LDAP add operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .ft B #include .LP .ft B .nf int ldap_add_ext( .RS .ft B LDAP *\fIld, const char *\fIdn\fB, LDAPMod **\fIattrs\fB, LDAPControl **\fIsctrls\fB, LDAPControl **\fIcctrls\fB, int *\fImsgidp\fB ); .RE .LP .ft B .nf int ldap_add_ext_s( .RS LDAP *\fIld\fB, const char *\fIdn\fB, LDAPMod **\fIattrs\fB, LDAPControl *\fIsctrls\fB, LDAPControl *\fIcctrls\fB ); .RE .fi .SH DESCRIPTION The .B ldap_add_ext_s() routine is used to perform an LDAP add operation. It takes \fIdn\fP, the DN of the entry to add, and \fIattrs\fP, a null-terminated array of the entry's attributes. The LDAPMod structure is used to represent attributes, with the \fImod_type\fP and \fImod_values\fP fields being used as described under .BR ldap_modify_ext (3), and the \fIldap_op\fP field being used only if you need to specify the LDAP_MOD_BVALUES option. Otherwise, it should be set to zero. .LP Note that all entries except that specified by the last component in the given DN must already exist. .B ldap_add_ext_s() returns an code indicating success or, in the case of failure, indicating the nature of failure of the operation. See .BR ldap_error (3) for more details. .LP The .B ldap_add_ext() routine works just like .BR ldap_add_ext_s() , but it is asynchronous. It returns the message id of the request it initiated. The result of this operation can be obtained by calling .BR ldap_result (3). .SH DEPRECATED INTERFACES The .BR ldap_add () and .BR ldap_add_s () routines are deprecated in favor of the .BR ldap_add_ext () and .BR ldap_add_ext_s () routines, respectively. .LP .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 76 stdin .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_modify (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 82 stdin PK! m&$$ldap_err2string.3nu[.lf 1 stdin .TH LDAP_ERROR 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char *ldap_err2string( int \fIerr\fB ); .SH DESCRIPTION The .B ldap_err2string() routine provides short description of the various codes returned by routines in this library. The returned string is a pointer to a static area that should not be modified. These codes are either negative, indicating an API error code; positive, indicating an LDAP resultCode other than \'success' (0), or - zero, indicating both successful use of the API and the LDAP resultCode \'success' (0). The code associated with an LDAP session is accessible using .BR ldap_get_option (3) and .BR ldap_set_option (3) with the .B LDAP_OPT_RESULT_CODE option (previously called .BR LDAP_OPT_ERROR_NUMBER ). .SH PROTOCOL RESULT CODES This section provides a partial list of protocol codes recognized by the library. As LDAP is extensible, additional values may be returned. A complete listing of \fIregistered\fP LDAP result codes can be obtained from the \fIInternet Assigned Numbers Authority\fP . .LP .TP 20 .SM LDAP_SUCCESS The request was successful. .TP .SM LDAP_OPERATIONS_ERROR An operations error occurred. .TP .SM LDAP_PROTOCOL_ERROR A protocol violation was detected. .TP .SM LDAP_TIMELIMIT_EXCEEDED An LDAP time limit was exceeded. .TP .SM LDAP_SIZELIMIT_EXCEEDED An LDAP size limit was exceeded. .TP .SM LDAP_COMPARE_FALSE A compare operation returned false. .TP .SM LDAP_COMPARE_TRUE A compare operation returned true. .TP .SM LDAP_STRONG_AUTH_NOT_SUPPORTED The LDAP server does not support strong authentication. .TP .SM LDAP_STRONG_AUTH_REQUIRED Strong authentication is required for the operation. .TP .SM LDAP_PARTIAL_RESULTS Partial results only returned. .TP .SM LDAP_NO_SUCH_ATTRIBUTE The attribute type specified does not exist in the entry. .TP .SM LDAP_UNDEFINED_TYPE The attribute type specified is invalid. .TP .SM LDAP_INAPPROPRIATE_MATCHING Filter type not supported for the specified attribute. .TP .SM LDAP_CONSTRAINT_VIOLATION An attribute value specified violates some constraint (e.g., a postalAddress has too many lines, or a line that is too long). .TP .SM LDAP_TYPE_OR_VALUE_EXISTS An attribute type or attribute value specified already exists in the entry. .TP .SM LDAP_INVALID_SYNTAX An invalid attribute value was specified. .TP .SM LDAP_NO_SUCH_OBJECT The specified object does not exist in The Directory. .TP .SM LDAP_ALIAS_PROBLEM An alias in The Directory points to a nonexistent entry. .TP .SM LDAP_INVALID_DN_SYNTAX A syntactically invalid DN was specified. .TP .SM LDAP_IS_LEAF The object specified is a leaf. .TP .SM LDAP_ALIAS_DEREF_PROBLEM A problem was encountered when dereferencing an alias. .TP .SM LDAP_INAPPROPRIATE_AUTH Inappropriate authentication was specified (e.g., LDAP_AUTH_SIMPLE was specified and the entry does not have a userPassword attribute). .TP .SM LDAP_INVALID_CREDENTIALS Invalid credentials were presented (e.g., the wrong password). .TP .SM LDAP_INSUFFICIENT_ACCESS The user has insufficient access to perform the operation. .TP .SM LDAP_BUSY The DSA is busy. .TP .SM LDAP_UNAVAILABLE The DSA is unavailable. .TP .SM LDAP_UNWILLING_TO_PERFORM The DSA is unwilling to perform the operation. .TP .SM LDAP_LOOP_DETECT A loop was detected. .TP .SM LDAP_NAMING_VIOLATION A naming violation occurred. .TP .SM LDAP_OBJECT_CLASS_VIOLATION An object class violation occurred (e.g., a "must" attribute was missing from the entry). .TP .SM LDAP_NOT_ALLOWED_ON_NONLEAF The operation is not allowed on a nonleaf object. .TP .SM LDAP_NOT_ALLOWED_ON_RDN The operation is not allowed on an RDN. .TP .SM LDAP_ALREADY_EXISTS The entry already exists. .TP .SM LDAP_NO_OBJECT_CLASS_MODS Object class modifications are not allowed. .TP .SM LDAP_OTHER An unknown error occurred. .SH API ERROR CODES This section provides a complete list of API error codes recognized by the library. Note that LDAP_SUCCESS indicates success of an API call in addition to representing the return of the LDAP \'success' resultCode. .LP .TP 20 .SM LDAP_SERVER_DOWN The LDAP library can't contact the LDAP server. .TP .SM LDAP_LOCAL_ERROR Some local error occurred. This is usually a failed dynamic memory allocation. .TP .SM LDAP_ENCODING_ERROR An error was encountered encoding parameters to send to the LDAP server. .TP .SM LDAP_DECODING_ERROR An error was encountered decoding a result from the LDAP server. .TP .SM LDAP_TIMEOUT A timelimit was exceeded while waiting for a result. .TP .SM LDAP_AUTH_UNKNOWN The authentication method specified to ldap_bind() is not known. .TP .SM LDAP_FILTER_ERROR An invalid filter was supplied to ldap_search() (e.g., unbalanced parentheses). .TP .SM LDAP_PARAM_ERROR An ldap routine was called with a bad parameter. .TP .SM LDAP_NO_MEMORY An memory allocation (e.g., malloc(3) or other dynamic memory allocator) call failed in an ldap library routine. .TP .SM LDAP_USER_CANCELED Indicates the user cancelled the operation. .TP .SM LDAP_CONNECT_ERROR Indicates a connection problem. .TP .SM LDAP_NOT_SUPPORTED Indicates the routine was called in a manner not supported by the library. .TP .SM LDAP_CONTROL_NOT_FOUND Indicates the control provided is unknown to the client library. .TP .SM LDAP_NO_RESULTS_RETURNED Indicates no results returned. .TP .SM LDAP_MORE_RESULTS_TO_RETURN Indicates more results could be returned. .TP .SM LDAP_CLIENT_LOOP Indicates the library has detected a loop in its processing. .TP .SM LDAP_REFERRAL_LIMIT_EXCEEDED Indicates the referral limit has been exceeded. .SH DEPRECATED .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 220 stdin .SH SEE ALSO .BR ldap (3), .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 225 stdin PK!gd"#"#ldap_attributetype2str.3nu[.lf 1 stdin .TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B LDAPSyntax * ldap_str2syntax(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_syntax2str(syn) .ft const LDAPSyntax * syn; .LP .ft B const char * ldap_syntax2name(syn) .ft LDAPSyntax * syn; .LP .ft B ldap_syntax_free(syn) .ft LDAPSyntax * syn; .LP .ft B LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_matchingrule2str(mr); .ft const LDAPMatchingRule * mr; .LP .ft B const char * ldap_matchingrule2name(mr) .ft LDAPMatchingRule * mr; .LP .ft B ldap_matchingrule_free(mr) .ft LDAPMatchingRule * mr; .LP .ft B LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_attributetype2str(at) .ft const LDAPAttributeType * at; .LP .ft B const char * ldap_attributetype2name(at) .ft LDAPAttributeType * at; .LP .ft B ldap_attributetype_free(at) .ft LDAPAttributeType * at; .LP .ft B LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_objectclass2str(oc) .ft const LDAPObjectClass * oc; .LP .ft B const char * ldap_objectclass2name(oc) .ft LDAPObjectClass * oc; .LP .ft B ldap_objectclass_free(oc) .ft LDAPObjectClass * oc; .LP .ft B char * ldap_scherr2str(code) .ft int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is responsible for freeing the struct by calling .B ldap_xxx_free() when not needed any longer. The routine returns NULL if some problem happened. In this case, the integer pointed at by argument .IR code will receive an error code (see below the description of .B ldap_scherr2str() for an explanation of the values) and a pointer to a NUL-terminated string will be placed where requested by argument .IR errp , indicating where in argument .IR s the error happened, so it must not be freed by the caller. Argument .IR flags is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. .TP .B LDAP_SCHEMA_ALLOW_QUOTED permit quotes around some items that should not have them. .TP .B LDAP_SCHEMA_ALLOW_DESCR permit a .B descr instead of a numeric OID in places where the syntax expect the latter. .TP .B LDAP_SCHEMA_ALLOW_DESCR_PREFIX permit that the initial numeric OID contains a prefix in .B descr format. .TP .B LDAP_SCHEMA_ALLOW_ALL be very liberal, include all options. .LP The structures returned are as follows: .sp .RS .nf .ne 7 .ta 8n 16n 32n typedef struct ldap_schema_extension_item { char *lsei_name; /* Extension name */ char **lsei_values; /* Extension values */ } LDAPSchemaExtensionItem; typedef struct ldap_syntax { char *syn_oid; /* OID */ char **syn_names; /* Names */ char *syn_desc; /* Description */ LDAPSchemaExtensionItem **syn_extensions; /* Extension */ } LDAPSyntax; typedef struct ldap_matchingrule { char *mr_oid; /* OID */ char **mr_names; /* Names */ char *mr_desc; /* Description */ int mr_obsolete; /* Is obsolete? */ char *mr_syntax_oid; /* Syntax of asserted values */ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */ } LDAPMatchingRule; typedef struct ldap_attributetype { char *at_oid; /* OID */ char **at_names; /* Names */ char *at_desc; /* Description */ int at_obsolete; /* Is obsolete? */ char *at_sup_oid; /* OID of superior type */ char *at_equality_oid; /* OID of equality matching rule */ char *at_ordering_oid; /* OID of ordering matching rule */ char *at_substr_oid; /* OID of substrings matching rule */ char *at_syntax_oid; /* OID of syntax of values */ int at_syntax_len; /* Suggested minimum maximum length */ int at_single_value; /* Is single-valued? */ int at_collective; /* Is collective? */ int at_no_user_mod; /* Are changes forbidden through LDAP? */ int at_usage; /* Usage, see below */ LDAPSchemaExtensionItem **at_extensions; /* Extensions */ } LDAPAttributeType; typedef struct ldap_objectclass { char *oc_oid; /* OID */ char **oc_names; /* Names */ char *oc_desc; /* Description */ int oc_obsolete; /* Is obsolete? */ char **oc_sup_oids; /* OIDs of superior classes */ int oc_kind; /* Kind, see below */ char **oc_at_oids_must; /* OIDs of required attribute types */ char **oc_at_oids_may; /* OIDs of optional attribute types */ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */ } LDAPObjectClass; .ta .fi .RE .PP Some integer fields (those described with a question mark) have a truth value, for these fields the possible values are: .TP .B LDAP_SCHEMA_NO The answer to the question is no. .TP .B LDAP_SCHEMA_YES The answer to the question is yes. .LP For attribute types, the following usages are possible: .TP .B LDAP_SCHEMA_USER_APPLICATIONS the attribute type is non-operational. .TP .B LDAP_SCHEMA_DIRECTORY_OPERATION the attribute type is operational and is pertinent to the directory itself, i.e. it has the same value on all servers that master the entry containing this attribute type. .TP .B LDAP_SCHEMA_DISTRIBUTED_OPERATION the attribute type is operational and is pertinent to replication, shadowing or other distributed directory aspect. TBC. .TP .B LDAP_SCHEMA_DSA_OPERATION the attribute type is operational and is pertinent to the directory server itself, i.e. it may have different values for the same entry when retrieved from different servers that master the entry. .LP Object classes can be of three kinds: .TP .B LDAP_SCHEMA_ABSTRACT the object class is abstract, i.e. there cannot be entries of this class alone. .TP .B LDAP_SCHEMA_STRUCTURAL the object class is structural, i.e. it describes the main role of the entry. On some servers, once the entry is created the set of structural object classes assigned cannot be changed: none of those present can be removed and none other can be added. .TP .B LDAP_SCHEMA_AUXILIARY the object class is auxiliary, i.e. it is intended to go with other, structural, object classes. These can be added or removed at any time if attribute types are added or removed at the same time as needed by the set of object classes resulting from the operation. .LP Routines .B ldap_xxx2name() return a canonical name for the definition. .LP Routines .B ldap_xxx2str() return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. .LP .B ldap_scherr2str() returns a NUL-terminated string with a text description of the error found. This is a pointer to a static area, so it must not be freed by the caller. The argument .IR code comes from one of the parsing routines and can adopt the following values: .TP .B LDAP_SCHERR_OUTOFMEM Out of memory. .TP .B LDAP_SCHERR_UNEXPTOKEN Unexpected token. .TP .B LDAP_SCHERR_NOLEFTPAREN Missing opening parenthesis. .TP .B LDAP_SCHERR_NORIGHTPAREN Missing closing parenthesis. .TP .B LDAP_SCHERR_NODIGIT Expecting digit. .TP .B LDAP_SCHERR_BADNAME Expecting a name. .TP .B LDAP_SCHERR_BADDESC Bad description. .TP .B LDAP_SCHERR_BADSUP Bad superiors. .TP .B LDAP_SCHERR_DUPOPT Duplicate option. .TP .B LDAP_SCHERR_EMPTY Unexpected end of data. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 321 stdin PK!gd"#"#ldap_matchingrule2name.3nu[.lf 1 stdin .TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B LDAPSyntax * ldap_str2syntax(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_syntax2str(syn) .ft const LDAPSyntax * syn; .LP .ft B const char * ldap_syntax2name(syn) .ft LDAPSyntax * syn; .LP .ft B ldap_syntax_free(syn) .ft LDAPSyntax * syn; .LP .ft B LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_matchingrule2str(mr); .ft const LDAPMatchingRule * mr; .LP .ft B const char * ldap_matchingrule2name(mr) .ft LDAPMatchingRule * mr; .LP .ft B ldap_matchingrule_free(mr) .ft LDAPMatchingRule * mr; .LP .ft B LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_attributetype2str(at) .ft const LDAPAttributeType * at; .LP .ft B const char * ldap_attributetype2name(at) .ft LDAPAttributeType * at; .LP .ft B ldap_attributetype_free(at) .ft LDAPAttributeType * at; .LP .ft B LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_objectclass2str(oc) .ft const LDAPObjectClass * oc; .LP .ft B const char * ldap_objectclass2name(oc) .ft LDAPObjectClass * oc; .LP .ft B ldap_objectclass_free(oc) .ft LDAPObjectClass * oc; .LP .ft B char * ldap_scherr2str(code) .ft int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is responsible for freeing the struct by calling .B ldap_xxx_free() when not needed any longer. The routine returns NULL if some problem happened. In this case, the integer pointed at by argument .IR code will receive an error code (see below the description of .B ldap_scherr2str() for an explanation of the values) and a pointer to a NUL-terminated string will be placed where requested by argument .IR errp , indicating where in argument .IR s the error happened, so it must not be freed by the caller. Argument .IR flags is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. .TP .B LDAP_SCHEMA_ALLOW_QUOTED permit quotes around some items that should not have them. .TP .B LDAP_SCHEMA_ALLOW_DESCR permit a .B descr instead of a numeric OID in places where the syntax expect the latter. .TP .B LDAP_SCHEMA_ALLOW_DESCR_PREFIX permit that the initial numeric OID contains a prefix in .B descr format. .TP .B LDAP_SCHEMA_ALLOW_ALL be very liberal, include all options. .LP The structures returned are as follows: .sp .RS .nf .ne 7 .ta 8n 16n 32n typedef struct ldap_schema_extension_item { char *lsei_name; /* Extension name */ char **lsei_values; /* Extension values */ } LDAPSchemaExtensionItem; typedef struct ldap_syntax { char *syn_oid; /* OID */ char **syn_names; /* Names */ char *syn_desc; /* Description */ LDAPSchemaExtensionItem **syn_extensions; /* Extension */ } LDAPSyntax; typedef struct ldap_matchingrule { char *mr_oid; /* OID */ char **mr_names; /* Names */ char *mr_desc; /* Description */ int mr_obsolete; /* Is obsolete? */ char *mr_syntax_oid; /* Syntax of asserted values */ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */ } LDAPMatchingRule; typedef struct ldap_attributetype { char *at_oid; /* OID */ char **at_names; /* Names */ char *at_desc; /* Description */ int at_obsolete; /* Is obsolete? */ char *at_sup_oid; /* OID of superior type */ char *at_equality_oid; /* OID of equality matching rule */ char *at_ordering_oid; /* OID of ordering matching rule */ char *at_substr_oid; /* OID of substrings matching rule */ char *at_syntax_oid; /* OID of syntax of values */ int at_syntax_len; /* Suggested minimum maximum length */ int at_single_value; /* Is single-valued? */ int at_collective; /* Is collective? */ int at_no_user_mod; /* Are changes forbidden through LDAP? */ int at_usage; /* Usage, see below */ LDAPSchemaExtensionItem **at_extensions; /* Extensions */ } LDAPAttributeType; typedef struct ldap_objectclass { char *oc_oid; /* OID */ char **oc_names; /* Names */ char *oc_desc; /* Description */ int oc_obsolete; /* Is obsolete? */ char **oc_sup_oids; /* OIDs of superior classes */ int oc_kind; /* Kind, see below */ char **oc_at_oids_must; /* OIDs of required attribute types */ char **oc_at_oids_may; /* OIDs of optional attribute types */ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */ } LDAPObjectClass; .ta .fi .RE .PP Some integer fields (those described with a question mark) have a truth value, for these fields the possible values are: .TP .B LDAP_SCHEMA_NO The answer to the question is no. .TP .B LDAP_SCHEMA_YES The answer to the question is yes. .LP For attribute types, the following usages are possible: .TP .B LDAP_SCHEMA_USER_APPLICATIONS the attribute type is non-operational. .TP .B LDAP_SCHEMA_DIRECTORY_OPERATION the attribute type is operational and is pertinent to the directory itself, i.e. it has the same value on all servers that master the entry containing this attribute type. .TP .B LDAP_SCHEMA_DISTRIBUTED_OPERATION the attribute type is operational and is pertinent to replication, shadowing or other distributed directory aspect. TBC. .TP .B LDAP_SCHEMA_DSA_OPERATION the attribute type is operational and is pertinent to the directory server itself, i.e. it may have different values for the same entry when retrieved from different servers that master the entry. .LP Object classes can be of three kinds: .TP .B LDAP_SCHEMA_ABSTRACT the object class is abstract, i.e. there cannot be entries of this class alone. .TP .B LDAP_SCHEMA_STRUCTURAL the object class is structural, i.e. it describes the main role of the entry. On some servers, once the entry is created the set of structural object classes assigned cannot be changed: none of those present can be removed and none other can be added. .TP .B LDAP_SCHEMA_AUXILIARY the object class is auxiliary, i.e. it is intended to go with other, structural, object classes. These can be added or removed at any time if attribute types are added or removed at the same time as needed by the set of object classes resulting from the operation. .LP Routines .B ldap_xxx2name() return a canonical name for the definition. .LP Routines .B ldap_xxx2str() return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. .LP .B ldap_scherr2str() returns a NUL-terminated string with a text description of the error found. This is a pointer to a static area, so it must not be freed by the caller. The argument .IR code comes from one of the parsing routines and can adopt the following values: .TP .B LDAP_SCHERR_OUTOFMEM Out of memory. .TP .B LDAP_SCHERR_UNEXPTOKEN Unexpected token. .TP .B LDAP_SCHERR_NOLEFTPAREN Missing opening parenthesis. .TP .B LDAP_SCHERR_NORIGHTPAREN Missing closing parenthesis. .TP .B LDAP_SCHERR_NODIGIT Expecting digit. .TP .B LDAP_SCHERR_BADNAME Expecting a name. .TP .B LDAP_SCHERR_BADDESC Bad description. .TP .B LDAP_SCHERR_BADSUP Bad superiors. .TP .B LDAP_SCHERR_DUPOPT Duplicate option. .TP .B LDAP_SCHERR_EMPTY Unexpected end of data. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 321 stdin PK!6+ldap_parse_sort_control.3nu[.lf 1 stdin .TH LDAP_PARSE_SORT-CONTROL 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_parse_sort_control \- Decode the information returned from a search operation that used a server-side sort control .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_parse_sort_control(ld, ctrls, returnCode, attribute) .ft LDAP *ld; LDAPControl **ctrls; unsigned long *returnCode; char **attribute; .SH DESCRIPTION This function is used to parse the results returned in a search operation that uses a server-side sort control. .LP It takes a null terminated array of LDAPControl structures usually obtained by a call to the .BR ldap_parse_result function. A returncode which points to the sort control result code,and an array of LDAPControl structures that list the client controls to use with the search. The function also takes an out parameter \fIattribute\fP and if the sort operation fails, the server may return a string that indicates the first attribute in the sortKey list that caused the failure. If this parameter is NULL, no string is returned. If a string is returned, the memory should be freed by calling the ldap_memfree function. .SH NOTES .SH SEE ALSO .BR ldap_result (3), .BR ldap_controls_free (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 41 stdin PK!5^#v1v1 ber_get_int.3nu[.lf 1 stdin .TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");" .LP .BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");" .LP .BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");" .LP .BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");" .LP .BI "ber_tag_t ber_get_null(BerElement *" ber ");" .LP .BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");" .LP .BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");" .LP .BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");" .LP .BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the decoding routines in the lber library. See .BR lber-encode (3) for details on the corresponding encoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_get_next () to get the next BER element and .BR ber_scanf () to do the actual decoding. In some cases, .BR ber_peek_tag () may also need to be called in normal usage. The other routines are provided for those applications that need more control than .BR ber_scanf () provides. In general, these routines return the tag of the element decoded, or LBER_ERROR if an error occurred. .LP The .BR ber_get_next () routine is used to read the next BER element from the given Sockbuf, \fIsb\fP. It strips off and returns the leading tag, strips off and returns the length of the entire element in \fIlen\fP, and sets up \fIber\fP for subsequent calls to .BR ber_scanf () et al to decode the element. See .BR lber-sockbuf (3) for details of the Sockbuf implementation of the \fIsb\fP parameter. .LP The .BR ber_scanf () routine is used to decode a BER element in much the same way that .BR scanf (3) works. It reads from \fIber\fP, a pointer to a BerElement such as returned by .BR ber_get_next (), interprets the bytes according to the format string \fIfmt\fP, and stores the results in its additional arguments. The format string contains conversion specifications which are used to direct the interpretation of the BER element. The format string can contain the following characters. .RS .LP .TP 3 .B a Octet string. A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter. The caller should free the returned string using .BR ber_memfree (). .TP .B A Octet string. A variant of "\fBa\fP". A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter, unless a zero-length string would result; in that case, the arg is set to NULL. The caller should free the returned string using .BR ber_memfree (). .TP .B s Octet string. A char * buffer should be supplied, followed by a pointer to a ber_len_t initialized to the size of the buffer. Upon return, the null-terminated octet string is put into the buffer, and the ber_len_t is set to the actual size of the octet string. .TP .B O Octet string. A struct ber_val ** should be supplied, which upon return points to a dynamically allocated struct berval containing the octet string and its length. The caller should free the returned structure using .BR ber_bvfree (). .TP .B o Octet string. A struct ber_val * should be supplied, which upon return contains the dynamically allocated octet string and its length. The caller should free the returned octet string using .BR ber_memfree (). .TP .B m Octet string. A struct ber_val * should be supplied, which upon return contains the octet string and its length. The string resides in memory assigned to the BerElement, and must not be freed by the caller. .TP .B b Boolean. A pointer to a ber_int_t should be supplied. .TP .B e Enumeration. A pointer to a ber_int_t should be supplied. .TP .B i Integer. A pointer to a ber_int_t should be supplied. .TP .B B Bitstring. A char ** should be supplied which will point to the dynamically allocated bits, followed by a ber_len_t *, which will point to the length (in bits) of the bitstring returned. .TP .B n Null. No parameter is required. The element is simply skipped if it is recognized. .TP .B v Sequence of octet strings. A char *** should be supplied, which upon return points to a dynamically allocated null-terminated array of char *'s containing the octet strings. NULL is returned if the sequence is empty. The caller should free the returned array and octet strings using .BR ber_memvfree (). .TP .B V Sequence of octet strings with lengths. A struct berval *** should be supplied, which upon return points to a dynamically allocated null-terminated array of struct berval *'s containing the octet strings and their lengths. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvecfree (). .TP .B W Sequence of octet strings with lengths. A BerVarray * should be supplied, which upon return points to a dynamically allocated array of struct berval's containing the octet strings and their lengths. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvarray_free (). .TP .B M Sequence of octet strings with lengths. This is a generalized form of the previous three formats. A void ** (ptr) should be supplied, followed by a ber_len_t * (len) and a ber_len_t (off). Upon return (ptr) will point to a dynamically allocated array whose elements are all of size (*len). A struct berval will be filled starting at offset (off) in each element. The strings in each struct berval reside in memory assigned to the BerElement and must not be freed by the caller. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The number of elements in the array is also stored in (*len) on return. The caller should free the returned array using .BR ber_memfree (). .TP .B l Length of the next element. A pointer to a ber_len_t should be supplied. .TP .B t Tag of the next element. A pointer to a ber_tag_t should be supplied. .TP .B T Skip element and return its tag. A pointer to a ber_tag_t should be supplied. .TP .B x Skip element. The next element is skipped. .TP .B { Begin sequence. No parameter is required. The initial sequence tag and length are skipped. .TP .B } End sequence. No parameter is required and no action is taken. .TP .B [ Begin set. No parameter is required. The initial set tag and length are skipped. .TP .B ] End set. No parameter is required and no action is taken. .RE .LP The .BR ber_get_int () routine tries to interpret the next element as an integer, returning the result in \fInum\fP. The tag of whatever it finds is returned on success, LBER_ERROR (\-1) on failure. .LP The .BR ber_get_stringb () routine is used to read an octet string into a preallocated buffer. The \fIlen\fP parameter should be initialized to the size of the buffer, and will contain the length of the octet string read upon return. The buffer should be big enough to take the octet string value plus a terminating NULL byte. .LP The .BR ber_get_stringa () routine is used to dynamically allocate space into which an octet string is read. The caller should free the returned string using .BR ber_memfree(). .LP The .BR ber_get_stringal () routine is used to dynamically allocate space into which an octet string and its length are read. It takes a struct berval **, and returns the result in this parameter. The caller should free the returned structure using .BR ber_bvfree(). .LP The .BR ber_get_stringbv () routine is used to read an octet string and its length into the provided struct berval *. If the \fIalloc\fP parameter is zero, the string will reside in memory assigned to the BerElement, and must not be freed by the caller. If the \fIalloc\fP parameter is non-zero, the string will be copied into dynamically allocated space which should be returned using .BR ber_memfree (). .LP The .BR ber_get_null () routine is used to read a NULL element. It returns the tag of the element it skips over. .LP The .BR ber_get_boolean () routine is used to read a boolean value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_enum () routine is used to read a enumeration value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_bitstringa () routine is used to read a bitstring value. It takes a char ** which will hold the dynamically allocated bits, followed by an ber_len_t *, which will point to the length (in bits) of the bitstring returned. The caller should free the returned string using .BR ber_memfree (). .LP The .BR ber_first_element () routine is used to return the tag and length of the first element in a set or sequence. It also returns in \fIcookie\fP a magic cookie parameter that should be passed to subsequent calls to ber_next_element(), which returns similar information. .SH EXAMPLES Assume the variable \fIber\fP contains a lightweight BER encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP The element can be decoded using .BR ber_scanf () as follows. .LP .nf ber_int_t scope, deref, size, time, attrsonly; char *dn, **attrs; ber_tag_t tag; tag = ber_scanf( ber, "{aeeiib{v}}", &dn, &scope, &deref, &size, &time, &attrsonly, &attrs ); if( tag == LBER_ERROR ) { /* error */ } else { /* success */ } ber_memfree( dn ); ber_memvfree( attrs ); .fi .SH ERRORS If an error occurs during decoding, generally these routines return LBER_ERROR ((ber_tag_t)\-1). .LP .SH NOTES .LP The return values for all of these functions are declared in the .B header file. Some routines may dynamically allocate memory which must be freed by the caller using supplied deallocation routines. .SH SEE ALSO .BR lber-encode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 358 stdin PK! ݴ  ldap_is_ldap_url.3nu[.lf 1 stdin .TH LDAP_URL 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_is_ldap_url, ldap_url_parse, ldap_free_urldesc \- LDAP Uniform Resource Locator routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_is_ldap_url( const char *url ) .LP .ft B int ldap_url_parse( const char *url, LDAPURLDesc **ludpp ) .LP typedef struct ldap_url_desc { char * lud_scheme; /* URI scheme */ char * lud_host; /* LDAP host to contact */ int lud_port; /* port on host */ char * lud_dn; /* base for search */ char ** lud_attrs; /* list of attributes */ int lud_scope; /* a LDAP_SCOPE_... value */ char * lud_filter; /* LDAP search filter */ char ** lud_exts; /* LDAP extensions */ int lud_crit_exts; /* true if any extension is critical */ /* may contain additional fields for internal use */ } LDAPURLDesc; .LP .ft B void ldap_free_urldesc( LDAPURLDesc *ludp ); .SH DESCRIPTION These routines support the use of LDAP URLs (Uniform Resource Locators) as detailed in RFC 4516. LDAP URLs look like this: .nf \fBldap://\fP\fIhostport\fP\fB/\fP\fIdn\fP[\fB?\fP\fIattrs\fP[\fB?\fP\fIscope\fP[\fB?\fP\fIfilter\fP[\fB?\fP\fIexts\fP]]]] where: \fIhostport\fP is a host name with an optional ":portnumber" \fIdn\fP is the search base \fIattrs\fP is a comma separated list of attributes to request \fIscope\fP is one of these three strings: base one sub (default=base) \fIfilter\fP is filter \fIexts\fP are recognized set of LDAP and/or API extensions. Example: ldap://ldap.example.net/dc=example,dc=net?cn,sn?sub?(cn=*) .fi .LP URLs that are wrapped in angle-brackets and/or preceded by "URL:" are also tolerated. Alternative LDAP schemes such as ldaps:// and ldapi:// may be parsed using the below routines as well. .LP .B ldap_is_ldap_url() returns a non-zero value if \fIurl\fP looks like an LDAP URL (as opposed to some other kind of URL). It can be used as a quick check for an LDAP URL; the .B ldap_url_parse() routine should be used if a more thorough check is needed. .LP .B ldap_url_parse() breaks down an LDAP URL passed in \fIurl\fP into its component pieces. If successful, zero is returned, an LDAP URL description is allocated, filled in, and \fIludpp\fP is set to point to it. If an error occurs, a non-zero URL error code is returned. .LP .B ldap_free_urldesc() should be called to free an LDAP URL description that was obtained from a call to .B ldap_url_parse(). .SH SEE ALSO .nf .BR ldap (3) .BR "RFC 4516" " " .SH ACKNOWLEDGEMENTS .fi .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 84 stdin PK!ldap_parse_extended_result.3nu[.lf 1 stdin .TH LDAP_PARSE_RESULT 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_parse_result \- Parsing results .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_parse_result( LDAP *ld, LDAPMessage *result, int *errcodep, char **matcheddnp, char **errmsgp, char ***referralsp, LDAPControl ***serverctrlsp, int freeit ) .LP .ft B int ldap_parse_sasl_bind_result( LDAP *ld, LDAPMessage *result, struct berval **servercredp, int freeit ) .LP .ft B int ldap_parse_extended_result( LDAP *ld, LDAPMessage *result, char **retoidp, struct berval **retdatap, int freeit ) .SH DESCRIPTION .LP These routines are used to extract information from a result message. They will operate on the first result message in a chain of search results (skipping past other message types). They take the \fIresult\fP as returned by a call to .BR ldap_result (3), .BR ldap_search_s (3) or .BR ldap_search_st (3). In addition to .BR ldap_parse_result() , the routines .B ldap_parse_sasl_bind_result() and .B ldap_parse_extended_result() are used to get all the result information from SASL bind and extended operations. .LP The \fIerrcodep\fP parameter will be filled in with the result code from the result message. .LP The server might supply a matched DN string in the message indicating how much of a name in a request was recognized. The \fImatcheddnp\fP parameter will be filled in with this string if supplied, else it will be NULL. If a string is returned, it should be freed using .BR ldap_memfree (3). .LP The \fIerrmsgp\fP parameter will be filled in with the error message field from the parsed message. This string should be freed using .BR ldap_memfree (3). .LP The \fIreferralsp\fP parameter will be filled in with an allocated array of referral strings from the parsed message. This array should be freed using .BR ldap_memvfree (3). If no referrals were returned, \fI*referralsp\fP is set to NULL. .LP The \fIserverctrlsp\fP parameter will be filled in with an allocated array of controls copied from the parsed message. The array should be freed using .BR ldap_controls_free (3). If no controls were returned, \fI*serverctrlsp\fP is set to NULL. .LP The \fIfreeit\fP parameter determines whether the parsed message is freed or not after the extraction. Any non-zero value will make it free the message. The .BR ldap_msgfree (3) routine can also be used to free the message later. .LP For SASL bind results, the \fIservercredp\fP parameter will be filled in with an allocated berval structure containing the credentials from the server if present. The structure should be freed using .BR ber_bvfree (3). .LP For extended results, the \fIretoidp\fP parameter will be filled in with the dotted-OID text representation of the name of the extended operation response. The string should be freed using .BR ldap_memfree (3). If no OID was returned, \fI*retoidp\fP is set to NULL. .LP For extended results, the \fIretdatap\fP parameter will be filled in with a pointer to a berval structure containing the data from the extended operation response. The structure should be freed using .BR ber_bvfree (3). If no data were returned, \fI*retdatap\fP is set to NULL. .LP For all the above result parameters, NULL values can be used in calls in order to ignore certain fields. .SH ERRORS Upon success LDAP_SUCCESS is returned. Otherwise the values of the result parameters are undefined. .SH SEE ALSO .BR ldap (3), .BR ldap_result (3), .BR ldap_search (3), .BR ldap_memfree (3), .BR ldap_memvfree (3), .BR ldap_get_values (3), .BR ldap_controls_free (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 108 stdin PK!5^#v1v1 lber-decode.3nu[.lf 1 stdin .TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");" .LP .BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");" .LP .BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");" .LP .BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");" .LP .BI "ber_tag_t ber_get_null(BerElement *" ber ");" .LP .BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");" .LP .BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");" .LP .BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");" .LP .BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the decoding routines in the lber library. See .BR lber-encode (3) for details on the corresponding encoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_get_next () to get the next BER element and .BR ber_scanf () to do the actual decoding. In some cases, .BR ber_peek_tag () may also need to be called in normal usage. The other routines are provided for those applications that need more control than .BR ber_scanf () provides. In general, these routines return the tag of the element decoded, or LBER_ERROR if an error occurred. .LP The .BR ber_get_next () routine is used to read the next BER element from the given Sockbuf, \fIsb\fP. It strips off and returns the leading tag, strips off and returns the length of the entire element in \fIlen\fP, and sets up \fIber\fP for subsequent calls to .BR ber_scanf () et al to decode the element. See .BR lber-sockbuf (3) for details of the Sockbuf implementation of the \fIsb\fP parameter. .LP The .BR ber_scanf () routine is used to decode a BER element in much the same way that .BR scanf (3) works. It reads from \fIber\fP, a pointer to a BerElement such as returned by .BR ber_get_next (), interprets the bytes according to the format string \fIfmt\fP, and stores the results in its additional arguments. The format string contains conversion specifications which are used to direct the interpretation of the BER element. The format string can contain the following characters. .RS .LP .TP 3 .B a Octet string. A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter. The caller should free the returned string using .BR ber_memfree (). .TP .B A Octet string. A variant of "\fBa\fP". A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter, unless a zero-length string would result; in that case, the arg is set to NULL. The caller should free the returned string using .BR ber_memfree (). .TP .B s Octet string. A char * buffer should be supplied, followed by a pointer to a ber_len_t initialized to the size of the buffer. Upon return, the null-terminated octet string is put into the buffer, and the ber_len_t is set to the actual size of the octet string. .TP .B O Octet string. A struct ber_val ** should be supplied, which upon return points to a dynamically allocated struct berval containing the octet string and its length. The caller should free the returned structure using .BR ber_bvfree (). .TP .B o Octet string. A struct ber_val * should be supplied, which upon return contains the dynamically allocated octet string and its length. The caller should free the returned octet string using .BR ber_memfree (). .TP .B m Octet string. A struct ber_val * should be supplied, which upon return contains the octet string and its length. The string resides in memory assigned to the BerElement, and must not be freed by the caller. .TP .B b Boolean. A pointer to a ber_int_t should be supplied. .TP .B e Enumeration. A pointer to a ber_int_t should be supplied. .TP .B i Integer. A pointer to a ber_int_t should be supplied. .TP .B B Bitstring. A char ** should be supplied which will point to the dynamically allocated bits, followed by a ber_len_t *, which will point to the length (in bits) of the bitstring returned. .TP .B n Null. No parameter is required. The element is simply skipped if it is recognized. .TP .B v Sequence of octet strings. A char *** should be supplied, which upon return points to a dynamically allocated null-terminated array of char *'s containing the octet strings. NULL is returned if the sequence is empty. The caller should free the returned array and octet strings using .BR ber_memvfree (). .TP .B V Sequence of octet strings with lengths. A struct berval *** should be supplied, which upon return points to a dynamically allocated null-terminated array of struct berval *'s containing the octet strings and their lengths. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvecfree (). .TP .B W Sequence of octet strings with lengths. A BerVarray * should be supplied, which upon return points to a dynamically allocated array of struct berval's containing the octet strings and their lengths. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvarray_free (). .TP .B M Sequence of octet strings with lengths. This is a generalized form of the previous three formats. A void ** (ptr) should be supplied, followed by a ber_len_t * (len) and a ber_len_t (off). Upon return (ptr) will point to a dynamically allocated array whose elements are all of size (*len). A struct berval will be filled starting at offset (off) in each element. The strings in each struct berval reside in memory assigned to the BerElement and must not be freed by the caller. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The number of elements in the array is also stored in (*len) on return. The caller should free the returned array using .BR ber_memfree (). .TP .B l Length of the next element. A pointer to a ber_len_t should be supplied. .TP .B t Tag of the next element. A pointer to a ber_tag_t should be supplied. .TP .B T Skip element and return its tag. A pointer to a ber_tag_t should be supplied. .TP .B x Skip element. The next element is skipped. .TP .B { Begin sequence. No parameter is required. The initial sequence tag and length are skipped. .TP .B } End sequence. No parameter is required and no action is taken. .TP .B [ Begin set. No parameter is required. The initial set tag and length are skipped. .TP .B ] End set. No parameter is required and no action is taken. .RE .LP The .BR ber_get_int () routine tries to interpret the next element as an integer, returning the result in \fInum\fP. The tag of whatever it finds is returned on success, LBER_ERROR (\-1) on failure. .LP The .BR ber_get_stringb () routine is used to read an octet string into a preallocated buffer. The \fIlen\fP parameter should be initialized to the size of the buffer, and will contain the length of the octet string read upon return. The buffer should be big enough to take the octet string value plus a terminating NULL byte. .LP The .BR ber_get_stringa () routine is used to dynamically allocate space into which an octet string is read. The caller should free the returned string using .BR ber_memfree(). .LP The .BR ber_get_stringal () routine is used to dynamically allocate space into which an octet string and its length are read. It takes a struct berval **, and returns the result in this parameter. The caller should free the returned structure using .BR ber_bvfree(). .LP The .BR ber_get_stringbv () routine is used to read an octet string and its length into the provided struct berval *. If the \fIalloc\fP parameter is zero, the string will reside in memory assigned to the BerElement, and must not be freed by the caller. If the \fIalloc\fP parameter is non-zero, the string will be copied into dynamically allocated space which should be returned using .BR ber_memfree (). .LP The .BR ber_get_null () routine is used to read a NULL element. It returns the tag of the element it skips over. .LP The .BR ber_get_boolean () routine is used to read a boolean value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_enum () routine is used to read a enumeration value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_bitstringa () routine is used to read a bitstring value. It takes a char ** which will hold the dynamically allocated bits, followed by an ber_len_t *, which will point to the length (in bits) of the bitstring returned. The caller should free the returned string using .BR ber_memfree (). .LP The .BR ber_first_element () routine is used to return the tag and length of the first element in a set or sequence. It also returns in \fIcookie\fP a magic cookie parameter that should be passed to subsequent calls to ber_next_element(), which returns similar information. .SH EXAMPLES Assume the variable \fIber\fP contains a lightweight BER encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP The element can be decoded using .BR ber_scanf () as follows. .LP .nf ber_int_t scope, deref, size, time, attrsonly; char *dn, **attrs; ber_tag_t tag; tag = ber_scanf( ber, "{aeeiib{v}}", &dn, &scope, &deref, &size, &time, &attrsonly, &attrs ); if( tag == LBER_ERROR ) { /* error */ } else { /* success */ } ber_memfree( dn ); ber_memvfree( attrs ); .fi .SH ERRORS If an error occurs during decoding, generally these routines return LBER_ERROR ((ber_tag_t)\-1). .LP .SH NOTES .LP The return values for all of these functions are declared in the .B header file. Some routines may dynamically allocate memory which must be freed by the caller using supplied deallocation routines. .SH SEE ALSO .BR lber-encode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 358 stdin PK!5^#v1v1ber_get_enum.3nu[.lf 1 stdin .TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");" .LP .BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");" .LP .BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");" .LP .BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");" .LP .BI "ber_tag_t ber_get_null(BerElement *" ber ");" .LP .BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");" .LP .BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");" .LP .BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");" .LP .BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the decoding routines in the lber library. See .BR lber-encode (3) for details on the corresponding encoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_get_next () to get the next BER element and .BR ber_scanf () to do the actual decoding. In some cases, .BR ber_peek_tag () may also need to be called in normal usage. The other routines are provided for those applications that need more control than .BR ber_scanf () provides. In general, these routines return the tag of the element decoded, or LBER_ERROR if an error occurred. .LP The .BR ber_get_next () routine is used to read the next BER element from the given Sockbuf, \fIsb\fP. It strips off and returns the leading tag, strips off and returns the length of the entire element in \fIlen\fP, and sets up \fIber\fP for subsequent calls to .BR ber_scanf () et al to decode the element. See .BR lber-sockbuf (3) for details of the Sockbuf implementation of the \fIsb\fP parameter. .LP The .BR ber_scanf () routine is used to decode a BER element in much the same way that .BR scanf (3) works. It reads from \fIber\fP, a pointer to a BerElement such as returned by .BR ber_get_next (), interprets the bytes according to the format string \fIfmt\fP, and stores the results in its additional arguments. The format string contains conversion specifications which are used to direct the interpretation of the BER element. The format string can contain the following characters. .RS .LP .TP 3 .B a Octet string. A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter. The caller should free the returned string using .BR ber_memfree (). .TP .B A Octet string. A variant of "\fBa\fP". A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter, unless a zero-length string would result; in that case, the arg is set to NULL. The caller should free the returned string using .BR ber_memfree (). .TP .B s Octet string. A char * buffer should be supplied, followed by a pointer to a ber_len_t initialized to the size of the buffer. Upon return, the null-terminated octet string is put into the buffer, and the ber_len_t is set to the actual size of the octet string. .TP .B O Octet string. A struct ber_val ** should be supplied, which upon return points to a dynamically allocated struct berval containing the octet string and its length. The caller should free the returned structure using .BR ber_bvfree (). .TP .B o Octet string. A struct ber_val * should be supplied, which upon return contains the dynamically allocated octet string and its length. The caller should free the returned octet string using .BR ber_memfree (). .TP .B m Octet string. A struct ber_val * should be supplied, which upon return contains the octet string and its length. The string resides in memory assigned to the BerElement, and must not be freed by the caller. .TP .B b Boolean. A pointer to a ber_int_t should be supplied. .TP .B e Enumeration. A pointer to a ber_int_t should be supplied. .TP .B i Integer. A pointer to a ber_int_t should be supplied. .TP .B B Bitstring. A char ** should be supplied which will point to the dynamically allocated bits, followed by a ber_len_t *, which will point to the length (in bits) of the bitstring returned. .TP .B n Null. No parameter is required. The element is simply skipped if it is recognized. .TP .B v Sequence of octet strings. A char *** should be supplied, which upon return points to a dynamically allocated null-terminated array of char *'s containing the octet strings. NULL is returned if the sequence is empty. The caller should free the returned array and octet strings using .BR ber_memvfree (). .TP .B V Sequence of octet strings with lengths. A struct berval *** should be supplied, which upon return points to a dynamically allocated null-terminated array of struct berval *'s containing the octet strings and their lengths. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvecfree (). .TP .B W Sequence of octet strings with lengths. A BerVarray * should be supplied, which upon return points to a dynamically allocated array of struct berval's containing the octet strings and their lengths. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvarray_free (). .TP .B M Sequence of octet strings with lengths. This is a generalized form of the previous three formats. A void ** (ptr) should be supplied, followed by a ber_len_t * (len) and a ber_len_t (off). Upon return (ptr) will point to a dynamically allocated array whose elements are all of size (*len). A struct berval will be filled starting at offset (off) in each element. The strings in each struct berval reside in memory assigned to the BerElement and must not be freed by the caller. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The number of elements in the array is also stored in (*len) on return. The caller should free the returned array using .BR ber_memfree (). .TP .B l Length of the next element. A pointer to a ber_len_t should be supplied. .TP .B t Tag of the next element. A pointer to a ber_tag_t should be supplied. .TP .B T Skip element and return its tag. A pointer to a ber_tag_t should be supplied. .TP .B x Skip element. The next element is skipped. .TP .B { Begin sequence. No parameter is required. The initial sequence tag and length are skipped. .TP .B } End sequence. No parameter is required and no action is taken. .TP .B [ Begin set. No parameter is required. The initial set tag and length are skipped. .TP .B ] End set. No parameter is required and no action is taken. .RE .LP The .BR ber_get_int () routine tries to interpret the next element as an integer, returning the result in \fInum\fP. The tag of whatever it finds is returned on success, LBER_ERROR (\-1) on failure. .LP The .BR ber_get_stringb () routine is used to read an octet string into a preallocated buffer. The \fIlen\fP parameter should be initialized to the size of the buffer, and will contain the length of the octet string read upon return. The buffer should be big enough to take the octet string value plus a terminating NULL byte. .LP The .BR ber_get_stringa () routine is used to dynamically allocate space into which an octet string is read. The caller should free the returned string using .BR ber_memfree(). .LP The .BR ber_get_stringal () routine is used to dynamically allocate space into which an octet string and its length are read. It takes a struct berval **, and returns the result in this parameter. The caller should free the returned structure using .BR ber_bvfree(). .LP The .BR ber_get_stringbv () routine is used to read an octet string and its length into the provided struct berval *. If the \fIalloc\fP parameter is zero, the string will reside in memory assigned to the BerElement, and must not be freed by the caller. If the \fIalloc\fP parameter is non-zero, the string will be copied into dynamically allocated space which should be returned using .BR ber_memfree (). .LP The .BR ber_get_null () routine is used to read a NULL element. It returns the tag of the element it skips over. .LP The .BR ber_get_boolean () routine is used to read a boolean value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_enum () routine is used to read a enumeration value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_bitstringa () routine is used to read a bitstring value. It takes a char ** which will hold the dynamically allocated bits, followed by an ber_len_t *, which will point to the length (in bits) of the bitstring returned. The caller should free the returned string using .BR ber_memfree (). .LP The .BR ber_first_element () routine is used to return the tag and length of the first element in a set or sequence. It also returns in \fIcookie\fP a magic cookie parameter that should be passed to subsequent calls to ber_next_element(), which returns similar information. .SH EXAMPLES Assume the variable \fIber\fP contains a lightweight BER encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP The element can be decoded using .BR ber_scanf () as follows. .LP .nf ber_int_t scope, deref, size, time, attrsonly; char *dn, **attrs; ber_tag_t tag; tag = ber_scanf( ber, "{aeeiib{v}}", &dn, &scope, &deref, &size, &time, &attrsonly, &attrs ); if( tag == LBER_ERROR ) { /* error */ } else { /* success */ } ber_memfree( dn ); ber_memvfree( attrs ); .fi .SH ERRORS If an error occurs during decoding, generally these routines return LBER_ERROR ((ber_tag_t)\-1). .LP .SH NOTES .LP The return values for all of these functions are declared in the .B header file. Some routines may dynamically allocate memory which must be freed by the caller using supplied deallocation routines. .SH SEE ALSO .BR lber-encode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 358 stdin PK!1ܽ ldap_control_free.3nu[.lf 1 stdin .TH LDAP_CONTROLS 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_control_create, ldap_control_find, ldap_control_dup, ldap_controls_dup, ldap_control_free, ldap_controls_free \- LDAP control manipulation routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "int ldap_control_create(const char *" oid ", int " iscritical ", struct berval *" value ", int " dupval ", LDAPControl **" ctrlp ");" .LP .BI "LDAPControl *ldap_control_find( const char *" oid ", LDAPControl **" ctrls ", LDAPControl ***" nextctrlp ");" .LP .BI "LDAPControl *ldap_control_dup(LDAPControl *" ctrl ");" .LP .BI "LDAPControl **ldap_controls_dup(LDAPControl **" ctrls ");" .LP .BI "void ldap_control_free(LDAPControl *" ctrl ");" .LP .BI "void ldap_controls_free(LDAPControl **" ctrls ");" .SH DESCRIPTION These routines are used to manipulate structures used for LDAP controls. .BR ldap_control_create () creates a control with the specified .I OID using the contents of the .I value parameter for the control value, if any. The content of .I value is duplicated if .I dupval is non-zero. The .I iscritical parameter must be non-zero for a critical control. The created control is returned in the .I ctrlp parameter. The routine returns .B LDAP_SUCCESS on success or some other error code on failure. The content of .IR value , for supported control types, can be prepared using helpers provided by this implementation of libldap, usually in the form .BR "ldap_create__control_value" (). Otherwise, it can be BER-encoded using the functionalities of liblber. .BR ldap_control_find () searches the NULL-terminated .I ctrls array for a control whose OID matches the .I oid parameter. The routine returns a pointer to the control if found, NULL otherwise. If the parameter .I nextctrlp is not NULL, on return it will point to the next control in the array, and can be passed to the .BR ldap_control_find () routine for subsequent calls, to find further occurrences of the same control type. The use of this function is discouraged; the recommended way of handling controls in responses consists in going through the array of controls, dealing with each of them in the returned order, since it could matter. .BR ldap_control_dup () duplicates an individual control structure, and .BR ldap_controls_dup () duplicates a NULL-terminated array of controls. .BR ldap_control_free () frees an individual control structure, and .BR ldap_controls_free () frees a NULL-terminated array of controls. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 85 stdin PK!շY ber_bvstr.3nu[.lf 1 stdin .TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .nf .ft B typedef impl_tag_t ber_tag_t; typedef impl_int_t ber_int_t; typedef impl_uint_t ber_uint_t; typedef impl_len_t ber_len_t; typedef impl_slen_t ber_slen_t; typedef struct berval { ber_len_t bv_len; char *bv_val; } BerValue, *BerVarray; typedef struct berelement BerElement; .ft .fi .LP .BI "void ber_bvfree(struct berval *" bv ");" .LP .BI "void ber_bvecfree(struct berval **" bvec ");" .LP .BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");" .LP .BI "void ber_bvarray_free(struct berval *" bvarray ");" .LP .BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");" .LP .BI "struct berval *ber_bvdup(const struct berval *" bv ");" .LP .BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");" .LP .BI "struct berval *ber_bvstr(const char *" str ");" .LP .BI "struct berval *ber_bvstrdup(const char *" str ");" .LP .BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");" .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "BerElement *ber_init(struct berval *" bv ");" .LP .BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");" .LP .BI "void ber_free(BerElement *" ber ", int " freebuf ");" .SH DESCRIPTION .LP The following are the basic types and structures defined for use with the Lightweight BER library. .LP .B ber_int_t is a signed integer of at least 32 bits. It is commonly equivalent to .BR int . .B ber_uint_t is the unsigned variant of .BR ber_int_t . .LP .B ber_len_t is an unsigned integer of at least 32 bits used to represent a length. It is commonly equivalent to a .BR size_t . .B ber_slen_t is the signed variant to .BR ber_len_t . .LP .B ber_tag_t is an unsigned integer of at least 32 bits used to represent a BER tag. It is commonly equivalent to a .BR unsigned\ long . .LP The actual definitions of the integral impl_TYPE_t types are platform specific. .LP .BR BerValue , commonly used as .BR struct\ berval , is used to hold an arbitrary sequence of octets. .B bv_val points to .B bv_len octets. .B bv_val is not necessarily terminated by a NULL (zero) octet. .BR ber_bvfree () frees a BerValue, pointed to by \fIbv\fP, returned from this API. If \fIbv\fP is NULL, the routine does nothing. .LP .BR ber_bvecfree () frees an array of BerValues (and the array), pointed to by \fIbvec\fP, returned from this API. If \fIbvec\fP is NULL, the routine does nothing. .BR ber_bvecadd () appends the \fIbv\fP pointer to the \fIbvec\fP array. Space for the array is allocated as needed. The end of the array is marked by a NULL pointer. .LP .BR ber_bvarray_free () frees an array of BerValues (and the array), pointed to by \fIbvarray\fP, returned from this API. If \fIbvarray\fP is NULL, the routine does nothing. .BR ber_bvarray_add () appends the contents of the BerValue pointed to by \fIbv\fP to the \fIbvarray\fP array. Space for the new element is allocated as needed. The end of the array is marked by a BerValue with a NULL bv_val field. .LP .BR ber_bvdup () returns a copy of a BerValue. The routine returns NULL upon error (e.g. out of memory). The caller should use .BR ber_bvfree () to deallocate the resulting BerValue. .BR ber_dupbv () copies a BerValue from \fIsrc\fP to \fIdst\fP. If \fIdst\fP is NULL a new BerValue will be allocated to hold the copy. The routine returns NULL upon error, otherwise it returns a pointer to the copy. If \fIdst\fP is NULL the caller should use .BR ber_bvfree () to deallocate the resulting BerValue, otherwise .BR ber_memfree () should be used to deallocate the \fIdst->bv_val\fP. (The .BR ber_bvdup () function is internally implemented as ber_dupbv(NULL, bv). .BR ber_bvdup () is provided only for compatibility with an expired draft of the LDAP C API; .BR ber_dupbv () is the preferred interface.) .LP .BR ber_bvstr () returns a BerValue containing the string pointed to by \fIstr\fP. .BR ber_bvstrdup () returns a BerValue containing a copy of the string pointed to by \fIstr\fP. .BR ber_str2bv () returns a BerValue containing the string pointed to by \fIstr\fP, whose length may be optionally specified in \fIlen\fP. If \fIdup\fP is non-zero, the BerValue will contain a copy of \fIstr\fP. If \fIlen\fP is zero, the number of bytes to copy will be determined by .BR strlen (3), otherwise \fIlen\fP bytes will be copied. If \fIbv\fP is non-NULL, the result will be stored in the given BerValue, otherwise a new BerValue will be allocated to store the result. NOTE: Both .BR ber_bvstr () and .BR ber_bvstrdup () are implemented as macros using .BR ber_str2bv () in this version of the library. .LP .B BerElement is an opaque structure used to maintain state information used in encoding and decoding. .BR ber_alloc_t () is used to create an empty BerElement structure. If .B LBER_USE_DER is specified for the .I options parameter then data lengths for data written to the BerElement will be encoded in the minimal number of octets required, otherwise they will always be written as four byte values. .BR ber_init () creates a BerElement structure that is initialized with a copy of the data in its .I bv parameter. .BR ber_init2 () initializes an existing BerElement .I ber using the data in the .I bv parameter. The data is referenced directly, not copied. The .I options parameter is the same as for .BR ber_alloc_t (). .BR ber_free () frees a BerElement pointed to by \fIber\fP. If \fIber\fP is NULL, the routine does nothing. If \fIfreebuf\fP is zero, the internal buffer is not freed. .SH SEE ALSO .BR lber-encode (3), .BR lber-decode (3), .BR lber-memory (3) .LP .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 189 stdin PK!]Ib ldap_delete.3nu[.lf 1 stdin .TH LDAP_DELETE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_delete, ldap_delete_s, ldap_delete_ext, ldap_delete_ext_s \- Perform an LDAP delete operation. .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_delete_s(ld, dn) .ft LDAP *ld; char *dn; .LP .ft B int ldap_delete(ld, dn) .ft LDAP *ld; char *dn; .LP .ft B int ldap_delete_ext(ld, dn, serverctrls, clientctrls, msgidp) .ft LDAP *ld; char *dn; LDAPControl **serverctrls, **clientctrls; int *msgidp; .LP .ft B int ldap_delete_ext_s(ld, dn, serverctrls, clientctrls) .ft LDAP *ld; char *dn; LDAPControl **serverctrls, **clientctrls; .SH DESCRIPTION The .B ldap_delete_s() routine is used to perform an LDAP delete operation synchronously. It takes \fIdn\fP, the DN of the entry to be deleted. It returns an LDAP error code, indicating the success or failure of the operation. .LP The .B ldap_delete() routine is used to perform an LDAP delete operation asynchronously. It takes the same parameters as .BR ldap_delete_s(), but returns the message id of the request it initiated. The result of the delete can be obtained by a subsequent call to .BR ldap_result (3). .LP The .B ldap_delete_ext() routine allows server and client controls to be specified to extend the delete request. This routine is asynchronous like ldap_delete(), but its return value is an LDAP error code. It stores the message id of the request in the integer pointed to by msgidp. .LP The .B ldap_delete_ext_s() routine is the synchronous version of .BR ldap_delete_ext(). It also returns an LDAP error code indicating success or failure of the operation. .SH ERRORS .B ldap_delete_s() returns an LDAP error code which can be interpreted by calling one of .BR ldap_perror (3) and friends. .B ldap_delete() returns \-1 if something went wrong initiating the request. It returns the non-negative message id of the request if things went ok. .LP .B ldap_delete_ext() and .B ldap_delete_ext_s() return some Non-zero value if something went wrong initiating the request, else return 0. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 90 stdin PK!շYber_bvstrdup.3nu[.lf 1 stdin .TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .nf .ft B typedef impl_tag_t ber_tag_t; typedef impl_int_t ber_int_t; typedef impl_uint_t ber_uint_t; typedef impl_len_t ber_len_t; typedef impl_slen_t ber_slen_t; typedef struct berval { ber_len_t bv_len; char *bv_val; } BerValue, *BerVarray; typedef struct berelement BerElement; .ft .fi .LP .BI "void ber_bvfree(struct berval *" bv ");" .LP .BI "void ber_bvecfree(struct berval **" bvec ");" .LP .BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");" .LP .BI "void ber_bvarray_free(struct berval *" bvarray ");" .LP .BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");" .LP .BI "struct berval *ber_bvdup(const struct berval *" bv ");" .LP .BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");" .LP .BI "struct berval *ber_bvstr(const char *" str ");" .LP .BI "struct berval *ber_bvstrdup(const char *" str ");" .LP .BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");" .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "BerElement *ber_init(struct berval *" bv ");" .LP .BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");" .LP .BI "void ber_free(BerElement *" ber ", int " freebuf ");" .SH DESCRIPTION .LP The following are the basic types and structures defined for use with the Lightweight BER library. .LP .B ber_int_t is a signed integer of at least 32 bits. It is commonly equivalent to .BR int . .B ber_uint_t is the unsigned variant of .BR ber_int_t . .LP .B ber_len_t is an unsigned integer of at least 32 bits used to represent a length. It is commonly equivalent to a .BR size_t . .B ber_slen_t is the signed variant to .BR ber_len_t . .LP .B ber_tag_t is an unsigned integer of at least 32 bits used to represent a BER tag. It is commonly equivalent to a .BR unsigned\ long . .LP The actual definitions of the integral impl_TYPE_t types are platform specific. .LP .BR BerValue , commonly used as .BR struct\ berval , is used to hold an arbitrary sequence of octets. .B bv_val points to .B bv_len octets. .B bv_val is not necessarily terminated by a NULL (zero) octet. .BR ber_bvfree () frees a BerValue, pointed to by \fIbv\fP, returned from this API. If \fIbv\fP is NULL, the routine does nothing. .LP .BR ber_bvecfree () frees an array of BerValues (and the array), pointed to by \fIbvec\fP, returned from this API. If \fIbvec\fP is NULL, the routine does nothing. .BR ber_bvecadd () appends the \fIbv\fP pointer to the \fIbvec\fP array. Space for the array is allocated as needed. The end of the array is marked by a NULL pointer. .LP .BR ber_bvarray_free () frees an array of BerValues (and the array), pointed to by \fIbvarray\fP, returned from this API. If \fIbvarray\fP is NULL, the routine does nothing. .BR ber_bvarray_add () appends the contents of the BerValue pointed to by \fIbv\fP to the \fIbvarray\fP array. Space for the new element is allocated as needed. The end of the array is marked by a BerValue with a NULL bv_val field. .LP .BR ber_bvdup () returns a copy of a BerValue. The routine returns NULL upon error (e.g. out of memory). The caller should use .BR ber_bvfree () to deallocate the resulting BerValue. .BR ber_dupbv () copies a BerValue from \fIsrc\fP to \fIdst\fP. If \fIdst\fP is NULL a new BerValue will be allocated to hold the copy. The routine returns NULL upon error, otherwise it returns a pointer to the copy. If \fIdst\fP is NULL the caller should use .BR ber_bvfree () to deallocate the resulting BerValue, otherwise .BR ber_memfree () should be used to deallocate the \fIdst->bv_val\fP. (The .BR ber_bvdup () function is internally implemented as ber_dupbv(NULL, bv). .BR ber_bvdup () is provided only for compatibility with an expired draft of the LDAP C API; .BR ber_dupbv () is the preferred interface.) .LP .BR ber_bvstr () returns a BerValue containing the string pointed to by \fIstr\fP. .BR ber_bvstrdup () returns a BerValue containing a copy of the string pointed to by \fIstr\fP. .BR ber_str2bv () returns a BerValue containing the string pointed to by \fIstr\fP, whose length may be optionally specified in \fIlen\fP. If \fIdup\fP is non-zero, the BerValue will contain a copy of \fIstr\fP. If \fIlen\fP is zero, the number of bytes to copy will be determined by .BR strlen (3), otherwise \fIlen\fP bytes will be copied. If \fIbv\fP is non-NULL, the result will be stored in the given BerValue, otherwise a new BerValue will be allocated to store the result. NOTE: Both .BR ber_bvstr () and .BR ber_bvstrdup () are implemented as macros using .BR ber_str2bv () in this version of the library. .LP .B BerElement is an opaque structure used to maintain state information used in encoding and decoding. .BR ber_alloc_t () is used to create an empty BerElement structure. If .B LBER_USE_DER is specified for the .I options parameter then data lengths for data written to the BerElement will be encoded in the minimal number of octets required, otherwise they will always be written as four byte values. .BR ber_init () creates a BerElement structure that is initialized with a copy of the data in its .I bv parameter. .BR ber_init2 () initializes an existing BerElement .I ber using the data in the .I bv parameter. The data is referenced directly, not copied. The .I options parameter is the same as for .BR ber_alloc_t (). .BR ber_free () frees a BerElement pointed to by \fIber\fP. If \fIber\fP is NULL, the routine does nothing. If \fIfreebuf\fP is zero, the internal buffer is not freed. .SH SEE ALSO .BR lber-encode (3), .BR lber-decode (3), .BR lber-memory (3) .LP .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 189 stdin PK!qqldap_dcedn2dn.3nu[.lf 1 stdin .TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char *ldap_get_dn( LDAP *ld, LDAPMessage *entry ) .LP .ft B int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags ) .LP .ft B void ldap_dnfree( LDAPDN dn ) .LP .ft B int ldap_dn2str( LDAPDN dn, char **str, unsigned flags ) .LP .ft B char **ldap_explode_dn( const char *dn, int notypes ) .LP .ft B char **ldap_explode_rdn( const char *rdn, int notypes ) .LP .ft B char *ldap_dn2ufn( const char * dn ) .LP .ft B char *ldap_dn2dcedn( const char * dn ) .LP .ft B char *ldap_dcedn2dn( const char * dn ) .LP .ft B char *ldap_dn2ad_canonical( const char * dn ) .SH DESCRIPTION These routines allow LDAP entry names (Distinguished Names, or DNs) to be obtained, parsed, converted to a user-friendly form, and tested. A DN has the form described in RFC 4414 "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names". .LP The .B ldap_get_dn() routine takes an \fIentry\fP as returned by .BR ldap_first_entry (3) or .BR ldap_next_entry (3) and returns a copy of the entry's DN. Space for the DN will be obtained dynamically and should be freed by the caller using .BR ldap_memfree (3). .LP .B ldap_str2dn() parses a string representation of a distinguished name contained in .B str into its components, which are stored in .B dn as .B ldap_ava structures, arranged in .B LDAPAVA, .B LDAPRDN, and .B LDAPDN terms. Space for .B dn will be obtained dynamically and should be freed by the caller using .BR ldap_dnfree (3). The .B LDAPDN is defined as: .nf .ft B typedef struct ldap_ava { struct berval la_attr; struct berval la_value; unsigned la_flags; } LDAPAVA; typedef LDAPAVA** LDAPRDN; typedef LDAPRDN* LDAPDN; .ft .fi The attribute types and the attribute values are not normalized. The .B la_flags can be either .B LDAP_AVA_STRING or .B LDAP_AVA_BINARY, the latter meaning that the value is BER/DER encoded and thus must be represented as, quoting from RFC 4514, " ... an octothorpe character ('#' ASCII 35) followed by the hexadecimal representation of each of the bytes of the BER encoding of the X.500 AttributeValue." The .B flags parameter to .B ldap_str2dn() can be .LP .nf LDAP_DN_FORMAT_LDAPV3 LDAP_DN_FORMAT_LDAPV2 LDAP_DN_FORMAT_DCE .fi which defines what DN syntax is expected (according to RFC 4514, RFC 1779 and DCE, respectively). The format can be \fIOR\fPed to the flags .LP .nf LDAP_DN_P_NO_SPACES LDAP_DN_P_NO_SPACE_AFTER_RDN ... LDAP_DN_PEDANTIC .fi The latter is a shortcut for all the previous limitations. .LP .B LDAP_DN_P_NO_SPACES does not allow extra spaces in the dn; the default is to silently eliminate spaces around AVA separators ('='), RDN component separators ('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators (',' LDAPv3/LDAPv2 or '/' for DCE). .LP .B LDAP_DN_P_NO_SPACE_AFTER_RDN does not allow a single space after RDN separators. .LP .B ldap_dn2str() performs the inverse operation, yielding in .B str a string representation of .B dn. It allows the same values for .B flags as .B ldap_str2dn(), plus .LP .nf LDAP_DN_FORMAT_UFN LDAP_DN_FORMAT_AD_CANONICAL .fi for user-friendly naming (RFC 1781) and AD canonical. .LP The following routines are viewed as deprecated in favor of .B ldap_str2dn() and .BR ldap_dn2str(). They are provided to support legacy applications. .LP The .B ldap_explode_dn() routine takes a DN as returned by .B ldap_get_dn() and breaks it up into its component parts. Each part is known as a Relative Distinguished Name, or RDN. .B ldap_explode_dn() returns a NULL-terminated array, each component of which contains an RDN from the DN. The \fInotypes\fP parameter is used to request that only the RDN values be returned, not their types. For example, the DN "cn=Bob, c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob", "US", NULL }, depending on whether notypes was 0 or 1, respectively. Assertion values in RDN strings may included escaped characters. The result can be freed by calling .BR ldap_value_free (3). .LP Similarly, the .B ldap_explode_rdn() routine takes an RDN as returned by .B ldap_explode_dn(dn,0) and breaks it up into its "type=value" component parts (or just "value", if the \fInotypes\fP parameter is set). Note the value is not unescaped. The result can be freed by calling .BR ldap_value_free (3). .LP .B ldap_dn2ufn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a more user-friendly form, stripping off all type names. See "Using the Directory to Achieve User Friendly Naming" (RFC 1781) for more details on the UFN format. Due to the ambiguous nature of the format, it is generally only used for display purposes. The space for the UFN returned is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .LP .B ldap_dn2dcedn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a DCE-style DN, e.g. a string with most-significant to least significant rdns separated by slashes ('/'); rdn components are separated by commas (','). Only printable chars (e.g. LDAPv2 printable string) are allowed, at least in this implementation. .B ldap_dcedn2dn() performs the opposite operation. .B ldap_dn2ad_canonical() turns a DN into a AD canonical name, which is basically a DCE dn with attribute types omitted. The trailing domain, if present, is turned in a DNS-like domain. The space for the returned value is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .SH ERRORS If an error occurs in .BR ldap_get_dn() , NULL is returned and the .B ld_errno field in the \fIld\fP parameter is set to indicate the error. See .BR ldap_error (3) for a description of possible error codes. .BR ldap_explode_dn() , .BR ldap_explode_rdn() , .B ldap_dn2ufn(), .B ldap_dn2dcedn(), .B ldap_dcedn2dn(), and .B ldap_dn2ad_canonical() will return NULL with .BR errno (3) set appropriately in case of trouble. .SH NOTES These routines dynamically allocate memory that the caller must free. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_first_entry (3), .BR ldap_memfree (3), .BR ldap_value_free (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 247 stdin PK!'t!ldap_tls_inplace.3nu[.lf 1 stdin .TH LDAP_TLS 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_start_tls, ldap_start_tls_s, ldap_tls_inplace, ldap_install_tls \- LDAP TLS initialization routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "int ldap_start_tls(LDAP *" ld ");" .LP .BI "int ldap_start_tls_s(LDAP *" ld ", LDAPControl **" serverctrls ", LDAPControl **" clientctrls ");" .LP .BI "int ldap_tls_inplace(LDAP *" ld ");" .LP .BI "int ldap_install_tls(LDAP *" ld ");" .SH DESCRIPTION These routines are used to initiate TLS processing on an LDAP session. .BR ldap_start_tls_s () sends a StartTLS request to a server, waits for the reply, and then installs TLS handlers on the session if the request succeeded. The routine returns .B LDAP_SUCCESS if everything succeeded, otherwise it returns an LDAP error code. .BR ldap_start_tls () sends a StartTLS request to a server and does nothing else. It returns .B LDAP_SUCCESS if the request was sent successfully. .BR ldap_tls_inplace () returns 1 if TLS handlers have been installed on the specified session, 0 otherwise. .BR ldap_install_tls () installs the TLS handlers on the given session. It returns .B LDAP_LOCAL_ERROR if TLS is already installed. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 42 stdin PK!00ldap_memvfree.3nu[.lf 1 stdin .TH LDAP_MEMORY 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "void ldap_memfree(void *" p ");" .LP .BI "void ldap_memvfree(void **" v ");" .LP .BI "void *ldap_memalloc(ber_len_t " s ");" .LP .BI "void *ldap_memcalloc(ber_len_t " n ", ber_len_t " s ");" .LP .BI "void *ldap_memrealloc(void *" p ", ber_len_t " s ");" .LP .BI "char *ldap_strdup(LDAP_CONST char *" p ");" .SH DESCRIPTION These routines are used to allocate/deallocate memory used/returned by the LDAP library. .BR ldap_memalloc (), .BR ldap_memcalloc (), .BR ldap_memrealloc (), and .BR ldap_memfree () are used exactly like the standard .BR malloc (3), .BR calloc (3), .BR realloc (3), and .BR free (3) routines, respectively. The .BR ldap_memvfree () routine is used to free a dynamically allocated array of pointers to arbitrary dynamically allocated objects. The .BR ldap_strdup () routine is used exactly like the standard .BR strdup (3) routine. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 51 stdin PK!gd"#"#ldap_syntax_free.3nu[.lf 1 stdin .TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include #include .LP .ft B LDAPSyntax * ldap_str2syntax(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_syntax2str(syn) .ft const LDAPSyntax * syn; .LP .ft B const char * ldap_syntax2name(syn) .ft LDAPSyntax * syn; .LP .ft B ldap_syntax_free(syn) .ft LDAPSyntax * syn; .LP .ft B LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_matchingrule2str(mr); .ft const LDAPMatchingRule * mr; .LP .ft B const char * ldap_matchingrule2name(mr) .ft LDAPMatchingRule * mr; .LP .ft B ldap_matchingrule_free(mr) .ft LDAPMatchingRule * mr; .LP .ft B LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_attributetype2str(at) .ft const LDAPAttributeType * at; .LP .ft B const char * ldap_attributetype2name(at) .ft LDAPAttributeType * at; .LP .ft B ldap_attributetype_free(at) .ft LDAPAttributeType * at; .LP .ft B LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags) .ft const char * s; int * code; const char ** errp; const int flags; .LP .ft B char * ldap_objectclass2str(oc) .ft const LDAPObjectClass * oc; .LP .ft B const char * ldap_objectclass2name(oc) .ft LDAPObjectClass * oc; .LP .ft B ldap_objectclass_free(oc) .ft LDAPObjectClass * oc; .LP .ft B char * ldap_scherr2str(code) .ft int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is responsible for freeing the struct by calling .B ldap_xxx_free() when not needed any longer. The routine returns NULL if some problem happened. In this case, the integer pointed at by argument .IR code will receive an error code (see below the description of .B ldap_scherr2str() for an explanation of the values) and a pointer to a NUL-terminated string will be placed where requested by argument .IR errp , indicating where in argument .IR s the error happened, so it must not be freed by the caller. Argument .IR flags is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. .TP .B LDAP_SCHEMA_ALLOW_QUOTED permit quotes around some items that should not have them. .TP .B LDAP_SCHEMA_ALLOW_DESCR permit a .B descr instead of a numeric OID in places where the syntax expect the latter. .TP .B LDAP_SCHEMA_ALLOW_DESCR_PREFIX permit that the initial numeric OID contains a prefix in .B descr format. .TP .B LDAP_SCHEMA_ALLOW_ALL be very liberal, include all options. .LP The structures returned are as follows: .sp .RS .nf .ne 7 .ta 8n 16n 32n typedef struct ldap_schema_extension_item { char *lsei_name; /* Extension name */ char **lsei_values; /* Extension values */ } LDAPSchemaExtensionItem; typedef struct ldap_syntax { char *syn_oid; /* OID */ char **syn_names; /* Names */ char *syn_desc; /* Description */ LDAPSchemaExtensionItem **syn_extensions; /* Extension */ } LDAPSyntax; typedef struct ldap_matchingrule { char *mr_oid; /* OID */ char **mr_names; /* Names */ char *mr_desc; /* Description */ int mr_obsolete; /* Is obsolete? */ char *mr_syntax_oid; /* Syntax of asserted values */ LDAPSchemaExtensionItem **mr_extensions; /* Extensions */ } LDAPMatchingRule; typedef struct ldap_attributetype { char *at_oid; /* OID */ char **at_names; /* Names */ char *at_desc; /* Description */ int at_obsolete; /* Is obsolete? */ char *at_sup_oid; /* OID of superior type */ char *at_equality_oid; /* OID of equality matching rule */ char *at_ordering_oid; /* OID of ordering matching rule */ char *at_substr_oid; /* OID of substrings matching rule */ char *at_syntax_oid; /* OID of syntax of values */ int at_syntax_len; /* Suggested minimum maximum length */ int at_single_value; /* Is single-valued? */ int at_collective; /* Is collective? */ int at_no_user_mod; /* Are changes forbidden through LDAP? */ int at_usage; /* Usage, see below */ LDAPSchemaExtensionItem **at_extensions; /* Extensions */ } LDAPAttributeType; typedef struct ldap_objectclass { char *oc_oid; /* OID */ char **oc_names; /* Names */ char *oc_desc; /* Description */ int oc_obsolete; /* Is obsolete? */ char **oc_sup_oids; /* OIDs of superior classes */ int oc_kind; /* Kind, see below */ char **oc_at_oids_must; /* OIDs of required attribute types */ char **oc_at_oids_may; /* OIDs of optional attribute types */ LDAPSchemaExtensionItem **oc_extensions; /* Extensions */ } LDAPObjectClass; .ta .fi .RE .PP Some integer fields (those described with a question mark) have a truth value, for these fields the possible values are: .TP .B LDAP_SCHEMA_NO The answer to the question is no. .TP .B LDAP_SCHEMA_YES The answer to the question is yes. .LP For attribute types, the following usages are possible: .TP .B LDAP_SCHEMA_USER_APPLICATIONS the attribute type is non-operational. .TP .B LDAP_SCHEMA_DIRECTORY_OPERATION the attribute type is operational and is pertinent to the directory itself, i.e. it has the same value on all servers that master the entry containing this attribute type. .TP .B LDAP_SCHEMA_DISTRIBUTED_OPERATION the attribute type is operational and is pertinent to replication, shadowing or other distributed directory aspect. TBC. .TP .B LDAP_SCHEMA_DSA_OPERATION the attribute type is operational and is pertinent to the directory server itself, i.e. it may have different values for the same entry when retrieved from different servers that master the entry. .LP Object classes can be of three kinds: .TP .B LDAP_SCHEMA_ABSTRACT the object class is abstract, i.e. there cannot be entries of this class alone. .TP .B LDAP_SCHEMA_STRUCTURAL the object class is structural, i.e. it describes the main role of the entry. On some servers, once the entry is created the set of structural object classes assigned cannot be changed: none of those present can be removed and none other can be added. .TP .B LDAP_SCHEMA_AUXILIARY the object class is auxiliary, i.e. it is intended to go with other, structural, object classes. These can be added or removed at any time if attribute types are added or removed at the same time as needed by the set of object classes resulting from the operation. .LP Routines .B ldap_xxx2name() return a canonical name for the definition. .LP Routines .B ldap_xxx2str() return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. .LP .B ldap_scherr2str() returns a NUL-terminated string with a text description of the error found. This is a pointer to a static area, so it must not be freed by the caller. The argument .IR code comes from one of the parsing routines and can adopt the following values: .TP .B LDAP_SCHERR_OUTOFMEM Out of memory. .TP .B LDAP_SCHERR_UNEXPTOKEN Unexpected token. .TP .B LDAP_SCHERR_NOLEFTPAREN Missing opening parenthesis. .TP .B LDAP_SCHERR_NORIGHTPAREN Missing closing parenthesis. .TP .B LDAP_SCHERR_NODIGIT Expecting digit. .TP .B LDAP_SCHERR_BADNAME Expecting a name. .TP .B LDAP_SCHERR_BADDESC Bad description. .TP .B LDAP_SCHERR_BADSUP Bad superiors. .TP .B LDAP_SCHERR_DUPOPT Duplicate option. .TP .B LDAP_SCHERR_EMPTY Unexpected end of data. .SH SEE ALSO .BR ldap (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 321 stdin PK!A   ldap_modrdn2.3nu[.lf 1 stdin .TH LDAP_MODRDN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_modrdn, ldap_modrdn_s, ldap_modrdn2, ldap_modrdn2_s \- Perform an LDAP modify RDN operation .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_modrdn(ld, dn, newrdn) .ft LDAP \(**ld; char \(**dn, \(**newrdn; .LP .ft B .LP .ft B int ldap_modrdn_s(ld, dn, newrdn) .ft LDAP \(**ld; char \(**dn, \(**newrdn; .LP .ft B int ldap_modrdn2(ld, dn, newrdn, deleteoldrdn) .ft LDAP \(**ld; char \(**dn, \(**newrdn; int deleteoldrdn; .LP .ft B int ldap_modrdn2_s(ld, dn, newrdn, deleteoldrdn) .ft LDAP \(**ld; char \(**dn, \(**newrdn; int deleteoldrdn; .SH DESCRIPTION The .B ldap_modrdn() and .B ldap_modrdn_s() routines perform an LDAP modify RDN operation. They both take \fIdn\fP, the DN of the entry whose RDN is to be changed, and \fInewrdn\fP, the new RDN to give the entry. The old RDN of the entry is never kept as an attribute of the entry. .B ldap_modrdn() is asynchronous, returning the message id of the operation it initiates. .B ldap_modrdn_s() is synchronous, returning the LDAP error code indicating the success or failure of the operation. Use of these routines is deprecated. Use the versions described below instead. .LP The .B ldap_modrdn2() and .B ldap_modrdn2_s() routines also perform an LDAP modify RDN operation, taking the same parameters as above. In addition, they both take the \fIdeleteoldrdn\fP parameter which is used as a boolean value to indicate whether the old RDN values should be deleted from the entry or not. .SH ERRORS The synchronous (_s) versions of these routines return an LDAP error code, either LDAP_SUCCESS or an error if there was trouble. The asynchronous versions return \-1 in case of trouble, setting the .B ld_errno field of \fIld\fP. See .BR ldap_error (3) for more details. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 82 stdin PK!MK$K$ ber_alloc_t.3nu[.lf 1 stdin .TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");" .LP .BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");" .LP .BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");" .LP .BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");" .LP .BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_seq(BerElement *" ber ");" .LP .BI "int ber_put_set(BerElement *" ber ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the encoding routines in the lber library. See .BR lber-decode (3) for details on the corresponding decoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_alloc_t () to allocate a BER element for encoding, .BR ber_printf () to do the actual encoding, and .BR ber_flush2 () to actually write the element. The other routines are provided for those applications that need more control than .BR ber_printf () provides. In general, these routines return the length of the element encoded, or \-1 if an error occurred. .LP The .BR ber_alloc_t () routine is used to allocate a new BER element. It should be called with an argument of LBER_USE_DER. .LP The .BR ber_flush2 () routine is used to actually write the element to a socket (or file) descriptor, once it has been fully encoded (using .BR ber_printf () and friends). See .BR lber-sockbuf (3) for more details on the Sockbuf implementation of the \fIsb\fP parameter. If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will be freed. If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed when successfully flushed, otherwise it is left intact; if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed when an error occurs, otherwise it is left intact; if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway. This function differs from the original .BR ber_flush (3) function, whose behavior corresponds to that indicated for \fILBER_FLUSH_FREE_ON_SUCCESS\fP. Note that in the future, the behavior of .BR ber_flush (3) with \fIfreeit\fP non-zero might change into that of .BR ber_flush2 (3) with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP. .LP The .BR ber_printf () routine is used to encode a BER element in much the same way that .BR sprintf (3) works. One important difference, though, is that some state information is kept with the \fIber\fP parameter so that multiple calls can be made to .BR ber_printf () to append things to the end of the BER element. .BR Ber_printf () writes to \fIber\fP, a pointer to a BerElement such as returned by .BR ber_alloc_t (). It interprets and formats its arguments according to the format string \fIfmt\fP. The format string can contain the following characters: .RS .LP .TP 3 .B b Boolean. An ber_int_t parameter should be supplied. A boolean element is output. .TP .B e Enumeration. An ber_int_t parameter should be supplied. An enumeration element is output. .TP .B i Integer. An ber_int_t parameter should be supplied. An integer element is output. .TP .B B Bitstring. A char * pointer to the start of the bitstring is supplied, followed by the number of bits in the bitstring. A bitstring element is output. .TP .B n Null. No parameter is required. A null element is output. .TP .B o Octet string. A char * is supplied, followed by the length of the string pointed to. An octet string element is output. .TP .B O Octet string. A struct berval * is supplied. An octet string element is output. .TP .B s Octet string. A null-terminated string is supplied. An octet string element is output, not including the trailing NULL octet. .TP .B t Tag. A ber_tag_t specifying the tag to give the next element is provided. This works across calls. .TP .B v Several octet strings. A null-terminated array of char *'s is supplied. Note that a construct like '{v}' is required to get an actual SEQUENCE OF octet strings. .TP .B V Several octet strings. A null-terminated array of struct berval *'s is supplied. Note that a construct like '{V}' is required to get an actual SEQUENCE OF octet strings. .TP .B W Several octet strings. An array of struct berval's is supplied. The array is terminated by a struct berval with a NULL bv_val. Note that a construct like '{W}' is required to get an actual SEQUENCE OF octet strings. .TP .B { Begin sequence. No parameter is required. .TP .B } End sequence. No parameter is required. .TP .B [ Begin set. No parameter is required. .TP .B ] End set. No parameter is required. .RE .LP The .BR ber_put_int () routine writes the integer element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_enum () routine writes the enumeration element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_boolean () routine writes the boolean value given by \fIbool\fP to the BER element. .LP The .BR ber_put_bitstring () routine writes \fIblen\fP bits starting at \fIstr\fP as a bitstring value to the given BER element. Note that \fIblen\fP is the length \fIin bits\fP of the bitstring. .LP The .BR ber_put_ostring () routine writes \fIlen\fP bytes starting at \fIstr\fP to the BER element as an octet string. .LP The .BR ber_put_string () routine writes the null-terminated string (minus the terminating '\0') to the BER element as an octet string. .LP The .BR ber_put_null () routine writes a NULL element to the BER element. .LP The .BR ber_start_seq () routine is used to start a sequence in the BER element. The .BR ber_start_set () routine works similarly. The end of the sequence or set is marked by the nearest matching call to .BR ber_put_seq () or .BR ber_put_set (), respectively. .SH EXAMPLES Assuming the following variable declarations, and that the variables have been assigned appropriately, an lber encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP can be achieved like so: .LP .nf int rc; ber_int_t scope, ali, size, time, attrsonly; char *dn, **attrs; BerElement *ber; /* ... fill in values ... */ ber = ber_alloc_t( LBER_USE_DER ); if ( ber == NULL ) { /* error */ } rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali, size, time, attrsonly, attrs ); if( rc == \-1 ) { /* error */ } else { /* success */ } .fi .SH ERRORS If an error occurs during encoding, generally these routines return \-1. .LP .SH NOTES .LP The return values for all of these functions are declared in the header file. .SH SEE ALSO .BR lber-decode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 289 stdin PK!.. ldap_bind.3nu[.lf 1 stdin .TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .B #include .LP .BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred "," .RS .BI "int " method ");" .RE .LP .BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");" .LP .BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], int *" msgidp ");" .RE .LP .BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism "," .RS .BI "struct berval *" cred ", LDAPControl *" sctrls "[]," .BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");" .RE .LP .BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res "," .RS .BI "struct berval **" servercredp ", int " freeit ");" .RE .LP .BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ");" .RE .LP .BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn "," .RS .BI "const char *" mechs "," .BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[]," .BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact "," .BI "void *" defaults ", LDAPMessage *" result "," .BI "const char **" rmechp ", int *" msgidp ");" .RE .LP .BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");" .LP .BI "int ldap_unbind(LDAP *" ld ");" .LP .BI "int ldap_unbind_s(LDAP *" ld ");" .LP .BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[]," .RS .BI "LDAPControl *" cctrls "[]);" .RE .LP .BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");" .LP .BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");" .SH DESCRIPTION .LP These routines provide various interfaces to the LDAP bind operation. After an association with an LDAP server is made using .BR ldap_init (3), an LDAP bind operation should be performed before other operations are attempted over the connection. An LDAP bind is required when using Version 2 of the LDAP protocol; it is optional for Version 3 but is usually needed due to security considerations. .LP There are three types of bind calls, ones providing simple authentication, ones providing SASL authentication, and general routines capable of doing either simple or SASL authentication. .LP .B SASL (Simple Authentication and Security Layer) can negotiate one of many different kinds of authentication. Both synchronous and asynchronous versions of each variant of the bind call are provided. All routines take \fIld\fP as their first parameter, as returned from .BR ldap_init (3). .SH SIMPLE AUTHENTICATION The simplest form of the bind call is .BR ldap_simple_bind_s() . It takes the DN to bind as in \fIwho\fP, and the userPassword associated with the entry in \fIpasswd\fP. It returns an LDAP error indication (see .BR ldap_error (3)). The .B ldap_simple_bind() call is asynchronous, taking the same parameters but only initiating the bind operation and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The .B ldap_sasl_bind_s() and asynchronous .B ldap_sasl_bind() functions can also be used to make a simple bind by using LDAP_SASL_SIMPLE as the SASL mechanism. .SH GENERAL AUTHENTICATION The .B ldap_bind() and .B ldap_bind_s() routines can be used when the authentication method to use needs to be selected at runtime. They both take an extra \fImethod\fP parameter selecting the authentication method to use. It should be set to LDAP_AUTH_SIMPLE to select simple authentication. .B ldap_bind() returns the message id of the request it initiates. .B ldap_bind_s() returns an LDAP error indication. .SH SASL AUTHENTICATION For SASL binds the server always ignores any provided DN, so the .I dn parameter should always be NULL. .BR ldap_sasl_bind_s () sends a single SASL bind request with the given SASL .I mechanism and credentials in the .I cred parameter. The format of the credentials depends on the particular SASL mechanism in use. For mechanisms that provide mutual authentication the server's credentials will be returned in the .I servercredp parameter. The routine returns an LDAP error indication (see .BR ldap_error (3)). The .BR ldap_sasl_bind () call is asynchronous, taking the same parameters but only sending the request and returning the message id of the request it sent. The result of the operation can be obtained by a subsequent call to .BR ldap_result (3). The result must be additionally parsed by .BR ldap_parse_sasl_bind_result () to obtain any server credentials sent from the server. .LP Many SASL mechanisms require multiple message exchanges to perform a complete authentication. Applications should generally use .BR ldap_sasl_interactive_bind_s () rather than calling the basic .BR ldap_sasl_bind () functions directly. The .I mechs parameter should contain a space-separated list of candidate mechanisms to use. If this parameter is NULL or empty the library will query the supportedSASLMechanisms attribute from the server's rootDSE for the list of SASL mechanisms the server supports. The .I flags parameter controls the interaction used to retrieve any necessary SASL authentication parameters and should be one of: .TP LDAP_SASL_AUTOMATIC use defaults if available, prompt otherwise .TP LDAP_SASL_INTERACTIVE always prompt .TP LDAP_SASL_QUIET never prompt .LP The .I interact function uses the provided .I defaults to handle requests from the SASL library for particular authentication parameters. There is no defined format for the .I defaults information; it is up to the caller to use whatever format is appropriate for the supplied .I interact function. The .I sasl_interact parameter comes from the underlying SASL library. When used with Cyrus SASL this is an array of .B sasl_interact_t structures. The Cyrus SASL library will prompt for a variety of inputs, including: .TP SASL_CB_GETREALM the realm for the authentication attempt .TP SASL_CB_AUTHNAME the username to authenticate .TP SASL_CB_PASS the password for the provided username .TP SASL_CB_USER the username to use for proxy authorization .TP SASL_CB_NOECHOPROMPT generic prompt for input with input echoing disabled .TP SASL_CB_ECHOPROMPT generic prompt for input with input echoing enabled .TP SASL_CB_LIST_END indicates the end of the array of prompts .LP See the Cyrus SASL documentation for more details. .LP Applications which need to manage connections asynchronously may use .BR ldap_sasl_interactive_bind () instead of the synchronous version. A valid mechs parameter must be supplied, otherwise the library will be forced to query the server for a list of supported mechanisms, and this query will be performed synchronously. The other parameters are the same as for the synchronous function, with three additional parameters. The actual SASL mechanism that was used, and the message ID for use with .BR ldap_result () will be returned in rmechp and msgidp, respectively. The value in rmechp must not be modified by the caller and must be passed back on each subsequent call. The message obtained from .BR ldap_result () must be passed in the result parameter. This parameter must be NULL when initiating a new Bind. The caller must free the result message after each call using .BR ldap_msgfree (). The .BR ldap_sasl_interactive_bind () function returns an LDAP result code. If the code is LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and this function must be called again with the next result from the server. .SH REBINDING .LP The .B ldap_set_rebind_proc function() sets the process to use for binding when an operation returns a referral. This function is used when an application needs to bind to another server in order to follow a referral or search continuation reference. .LP The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP, the arbitrary data like state information which the client might need to properly rebind. The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries to use the rebind function. Use the .BR ldap_set_option function to set the value. .LP The rebind function parameters are as follows: .LP The \fIld\fP parameter must be used by the application when binding to the referred server if the application wants the libraries to follow the referral. .LP The \fIurl\fP parameter points to the URL referral string received from the LDAP server. The LDAP application can use the .BR ldap_url_parse (3) function to parse the string into its components. .LP The \fIrequest\fP parameter specifies the type of request that generated the referral. .LP The \fImsgid\fP parameter specifies the message ID of the request generating the referral. .LP The \fIparams\fP parameter is the same value as passed originally to the .BR ldap_set_rebind_proc () function. .LP The LDAP libraries set all the parameters when they call the rebind function. The application should not attempt to free either the ld or the url structures in the rebind function. .LP The application must supply to the rebind function the required authentication information such as, user name, password, and certificates. The rebind function must use a synchronous bind method. .SH UNBINDING The .B ldap_unbind() call is used to unbind from the directory, terminate the current association, and free the resources contained in the \fIld\fP structure. Once it is called, the connection to the LDAP server is closed, and the \fIld\fP structure is invalid. The .B ldap_unbind_s() call is just another name for .BR ldap_unbind() ; both of these calls are synchronous in nature. .LP The .B ldap_unbind_ext() and .B ldap_unbind_ext_s() allows the operations to specify controls. .SH ERRORS Asynchronous routines will return \-1 in case of error, setting the \fIld_errno\fP parameter of the \fIld\fP structure. Synchronous routines return whatever \fIld_errno\fP is set to. See .BR ldap_error (3) for more information. .SH NOTES If an anonymous bind is sufficient for the application, the rebind process need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option set to ON (default value) will automatically follow referrals using an anonymous bind. .LP If the application needs stronger authentication than an anonymous bind, you need to provide a rebind process for that authentication method. The bind method must be synchronous. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_open (3), .BR ldap_set_option (3), .BR ldap_url_parse (3) .B RFC 4422 (http://www.rfc-editor.org), .B Cyrus SASL (http://asg.web.cmu.edu/sasl/) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 335 stdin PK!ldap_parse_result.3nu[.lf 1 stdin .TH LDAP_PARSE_RESULT 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_parse_result \- Parsing results .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B int ldap_parse_result( LDAP *ld, LDAPMessage *result, int *errcodep, char **matcheddnp, char **errmsgp, char ***referralsp, LDAPControl ***serverctrlsp, int freeit ) .LP .ft B int ldap_parse_sasl_bind_result( LDAP *ld, LDAPMessage *result, struct berval **servercredp, int freeit ) .LP .ft B int ldap_parse_extended_result( LDAP *ld, LDAPMessage *result, char **retoidp, struct berval **retdatap, int freeit ) .SH DESCRIPTION .LP These routines are used to extract information from a result message. They will operate on the first result message in a chain of search results (skipping past other message types). They take the \fIresult\fP as returned by a call to .BR ldap_result (3), .BR ldap_search_s (3) or .BR ldap_search_st (3). In addition to .BR ldap_parse_result() , the routines .B ldap_parse_sasl_bind_result() and .B ldap_parse_extended_result() are used to get all the result information from SASL bind and extended operations. .LP The \fIerrcodep\fP parameter will be filled in with the result code from the result message. .LP The server might supply a matched DN string in the message indicating how much of a name in a request was recognized. The \fImatcheddnp\fP parameter will be filled in with this string if supplied, else it will be NULL. If a string is returned, it should be freed using .BR ldap_memfree (3). .LP The \fIerrmsgp\fP parameter will be filled in with the error message field from the parsed message. This string should be freed using .BR ldap_memfree (3). .LP The \fIreferralsp\fP parameter will be filled in with an allocated array of referral strings from the parsed message. This array should be freed using .BR ldap_memvfree (3). If no referrals were returned, \fI*referralsp\fP is set to NULL. .LP The \fIserverctrlsp\fP parameter will be filled in with an allocated array of controls copied from the parsed message. The array should be freed using .BR ldap_controls_free (3). If no controls were returned, \fI*serverctrlsp\fP is set to NULL. .LP The \fIfreeit\fP parameter determines whether the parsed message is freed or not after the extraction. Any non-zero value will make it free the message. The .BR ldap_msgfree (3) routine can also be used to free the message later. .LP For SASL bind results, the \fIservercredp\fP parameter will be filled in with an allocated berval structure containing the credentials from the server if present. The structure should be freed using .BR ber_bvfree (3). .LP For extended results, the \fIretoidp\fP parameter will be filled in with the dotted-OID text representation of the name of the extended operation response. The string should be freed using .BR ldap_memfree (3). If no OID was returned, \fI*retoidp\fP is set to NULL. .LP For extended results, the \fIretdatap\fP parameter will be filled in with a pointer to a berval structure containing the data from the extended operation response. The structure should be freed using .BR ber_bvfree (3). If no data were returned, \fI*retdatap\fP is set to NULL. .LP For all the above result parameters, NULL values can be used in calls in order to ignore certain fields. .SH ERRORS Upon success LDAP_SUCCESS is returned. Otherwise the values of the result parameters are undefined. .SH SEE ALSO .BR ldap (3), .BR ldap_result (3), .BR ldap_search (3), .BR ldap_memfree (3), .BR ldap_memvfree (3), .BR ldap_get_values (3), .BR ldap_controls_free (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 108 stdin PK!5^#v1v1ber_first_element.3nu[.lf 1 stdin .TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");" .LP .BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");" .LP .BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");" .LP .BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");" .LP .BI "ber_tag_t ber_get_null(BerElement *" ber ");" .LP .BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");" .LP .BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");" .LP .BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");" .LP .BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the decoding routines in the lber library. See .BR lber-encode (3) for details on the corresponding encoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_get_next () to get the next BER element and .BR ber_scanf () to do the actual decoding. In some cases, .BR ber_peek_tag () may also need to be called in normal usage. The other routines are provided for those applications that need more control than .BR ber_scanf () provides. In general, these routines return the tag of the element decoded, or LBER_ERROR if an error occurred. .LP The .BR ber_get_next () routine is used to read the next BER element from the given Sockbuf, \fIsb\fP. It strips off and returns the leading tag, strips off and returns the length of the entire element in \fIlen\fP, and sets up \fIber\fP for subsequent calls to .BR ber_scanf () et al to decode the element. See .BR lber-sockbuf (3) for details of the Sockbuf implementation of the \fIsb\fP parameter. .LP The .BR ber_scanf () routine is used to decode a BER element in much the same way that .BR scanf (3) works. It reads from \fIber\fP, a pointer to a BerElement such as returned by .BR ber_get_next (), interprets the bytes according to the format string \fIfmt\fP, and stores the results in its additional arguments. The format string contains conversion specifications which are used to direct the interpretation of the BER element. The format string can contain the following characters. .RS .LP .TP 3 .B a Octet string. A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter. The caller should free the returned string using .BR ber_memfree (). .TP .B A Octet string. A variant of "\fBa\fP". A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter, unless a zero-length string would result; in that case, the arg is set to NULL. The caller should free the returned string using .BR ber_memfree (). .TP .B s Octet string. A char * buffer should be supplied, followed by a pointer to a ber_len_t initialized to the size of the buffer. Upon return, the null-terminated octet string is put into the buffer, and the ber_len_t is set to the actual size of the octet string. .TP .B O Octet string. A struct ber_val ** should be supplied, which upon return points to a dynamically allocated struct berval containing the octet string and its length. The caller should free the returned structure using .BR ber_bvfree (). .TP .B o Octet string. A struct ber_val * should be supplied, which upon return contains the dynamically allocated octet string and its length. The caller should free the returned octet string using .BR ber_memfree (). .TP .B m Octet string. A struct ber_val * should be supplied, which upon return contains the octet string and its length. The string resides in memory assigned to the BerElement, and must not be freed by the caller. .TP .B b Boolean. A pointer to a ber_int_t should be supplied. .TP .B e Enumeration. A pointer to a ber_int_t should be supplied. .TP .B i Integer. A pointer to a ber_int_t should be supplied. .TP .B B Bitstring. A char ** should be supplied which will point to the dynamically allocated bits, followed by a ber_len_t *, which will point to the length (in bits) of the bitstring returned. .TP .B n Null. No parameter is required. The element is simply skipped if it is recognized. .TP .B v Sequence of octet strings. A char *** should be supplied, which upon return points to a dynamically allocated null-terminated array of char *'s containing the octet strings. NULL is returned if the sequence is empty. The caller should free the returned array and octet strings using .BR ber_memvfree (). .TP .B V Sequence of octet strings with lengths. A struct berval *** should be supplied, which upon return points to a dynamically allocated null-terminated array of struct berval *'s containing the octet strings and their lengths. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvecfree (). .TP .B W Sequence of octet strings with lengths. A BerVarray * should be supplied, which upon return points to a dynamically allocated array of struct berval's containing the octet strings and their lengths. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvarray_free (). .TP .B M Sequence of octet strings with lengths. This is a generalized form of the previous three formats. A void ** (ptr) should be supplied, followed by a ber_len_t * (len) and a ber_len_t (off). Upon return (ptr) will point to a dynamically allocated array whose elements are all of size (*len). A struct berval will be filled starting at offset (off) in each element. The strings in each struct berval reside in memory assigned to the BerElement and must not be freed by the caller. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The number of elements in the array is also stored in (*len) on return. The caller should free the returned array using .BR ber_memfree (). .TP .B l Length of the next element. A pointer to a ber_len_t should be supplied. .TP .B t Tag of the next element. A pointer to a ber_tag_t should be supplied. .TP .B T Skip element and return its tag. A pointer to a ber_tag_t should be supplied. .TP .B x Skip element. The next element is skipped. .TP .B { Begin sequence. No parameter is required. The initial sequence tag and length are skipped. .TP .B } End sequence. No parameter is required and no action is taken. .TP .B [ Begin set. No parameter is required. The initial set tag and length are skipped. .TP .B ] End set. No parameter is required and no action is taken. .RE .LP The .BR ber_get_int () routine tries to interpret the next element as an integer, returning the result in \fInum\fP. The tag of whatever it finds is returned on success, LBER_ERROR (\-1) on failure. .LP The .BR ber_get_stringb () routine is used to read an octet string into a preallocated buffer. The \fIlen\fP parameter should be initialized to the size of the buffer, and will contain the length of the octet string read upon return. The buffer should be big enough to take the octet string value plus a terminating NULL byte. .LP The .BR ber_get_stringa () routine is used to dynamically allocate space into which an octet string is read. The caller should free the returned string using .BR ber_memfree(). .LP The .BR ber_get_stringal () routine is used to dynamically allocate space into which an octet string and its length are read. It takes a struct berval **, and returns the result in this parameter. The caller should free the returned structure using .BR ber_bvfree(). .LP The .BR ber_get_stringbv () routine is used to read an octet string and its length into the provided struct berval *. If the \fIalloc\fP parameter is zero, the string will reside in memory assigned to the BerElement, and must not be freed by the caller. If the \fIalloc\fP parameter is non-zero, the string will be copied into dynamically allocated space which should be returned using .BR ber_memfree (). .LP The .BR ber_get_null () routine is used to read a NULL element. It returns the tag of the element it skips over. .LP The .BR ber_get_boolean () routine is used to read a boolean value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_enum () routine is used to read a enumeration value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_bitstringa () routine is used to read a bitstring value. It takes a char ** which will hold the dynamically allocated bits, followed by an ber_len_t *, which will point to the length (in bits) of the bitstring returned. The caller should free the returned string using .BR ber_memfree (). .LP The .BR ber_first_element () routine is used to return the tag and length of the first element in a set or sequence. It also returns in \fIcookie\fP a magic cookie parameter that should be passed to subsequent calls to ber_next_element(), which returns similar information. .SH EXAMPLES Assume the variable \fIber\fP contains a lightweight BER encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP The element can be decoded using .BR ber_scanf () as follows. .LP .nf ber_int_t scope, deref, size, time, attrsonly; char *dn, **attrs; ber_tag_t tag; tag = ber_scanf( ber, "{aeeiib{v}}", &dn, &scope, &deref, &size, &time, &attrsonly, &attrs ); if( tag == LBER_ERROR ) { /* error */ } else { /* success */ } ber_memfree( dn ); ber_memvfree( attrs ); .fi .SH ERRORS If an error occurs during decoding, generally these routines return LBER_ERROR ((ber_tag_t)\-1). .LP .SH NOTES .LP The return values for all of these functions are declared in the .B header file. Some routines may dynamically allocate memory which must be freed by the caller using supplied deallocation routines. .SH SEE ALSO .BR lber-encode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 358 stdin PK!MK$K$ lber-encode.3nu[.lf 1 stdin .TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");" .LP .BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");" .LP .BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");" .LP .BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");" .LP .BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");" .LP .BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");" .LP .BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");" .LP .BI "int ber_put_seq(BerElement *" ber ");" .LP .BI "int ber_put_set(BerElement *" ber ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the encoding routines in the lber library. See .BR lber-decode (3) for details on the corresponding decoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_alloc_t () to allocate a BER element for encoding, .BR ber_printf () to do the actual encoding, and .BR ber_flush2 () to actually write the element. The other routines are provided for those applications that need more control than .BR ber_printf () provides. In general, these routines return the length of the element encoded, or \-1 if an error occurred. .LP The .BR ber_alloc_t () routine is used to allocate a new BER element. It should be called with an argument of LBER_USE_DER. .LP The .BR ber_flush2 () routine is used to actually write the element to a socket (or file) descriptor, once it has been fully encoded (using .BR ber_printf () and friends). See .BR lber-sockbuf (3) for more details on the Sockbuf implementation of the \fIsb\fP parameter. If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will be freed. If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed when successfully flushed, otherwise it is left intact; if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed when an error occurs, otherwise it is left intact; if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway. This function differs from the original .BR ber_flush (3) function, whose behavior corresponds to that indicated for \fILBER_FLUSH_FREE_ON_SUCCESS\fP. Note that in the future, the behavior of .BR ber_flush (3) with \fIfreeit\fP non-zero might change into that of .BR ber_flush2 (3) with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP. .LP The .BR ber_printf () routine is used to encode a BER element in much the same way that .BR sprintf (3) works. One important difference, though, is that some state information is kept with the \fIber\fP parameter so that multiple calls can be made to .BR ber_printf () to append things to the end of the BER element. .BR Ber_printf () writes to \fIber\fP, a pointer to a BerElement such as returned by .BR ber_alloc_t (). It interprets and formats its arguments according to the format string \fIfmt\fP. The format string can contain the following characters: .RS .LP .TP 3 .B b Boolean. An ber_int_t parameter should be supplied. A boolean element is output. .TP .B e Enumeration. An ber_int_t parameter should be supplied. An enumeration element is output. .TP .B i Integer. An ber_int_t parameter should be supplied. An integer element is output. .TP .B B Bitstring. A char * pointer to the start of the bitstring is supplied, followed by the number of bits in the bitstring. A bitstring element is output. .TP .B n Null. No parameter is required. A null element is output. .TP .B o Octet string. A char * is supplied, followed by the length of the string pointed to. An octet string element is output. .TP .B O Octet string. A struct berval * is supplied. An octet string element is output. .TP .B s Octet string. A null-terminated string is supplied. An octet string element is output, not including the trailing NULL octet. .TP .B t Tag. A ber_tag_t specifying the tag to give the next element is provided. This works across calls. .TP .B v Several octet strings. A null-terminated array of char *'s is supplied. Note that a construct like '{v}' is required to get an actual SEQUENCE OF octet strings. .TP .B V Several octet strings. A null-terminated array of struct berval *'s is supplied. Note that a construct like '{V}' is required to get an actual SEQUENCE OF octet strings. .TP .B W Several octet strings. An array of struct berval's is supplied. The array is terminated by a struct berval with a NULL bv_val. Note that a construct like '{W}' is required to get an actual SEQUENCE OF octet strings. .TP .B { Begin sequence. No parameter is required. .TP .B } End sequence. No parameter is required. .TP .B [ Begin set. No parameter is required. .TP .B ] End set. No parameter is required. .RE .LP The .BR ber_put_int () routine writes the integer element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_enum () routine writes the enumeration element \fInum\fP to the BER element \fIber\fP. .LP The .BR ber_put_boolean () routine writes the boolean value given by \fIbool\fP to the BER element. .LP The .BR ber_put_bitstring () routine writes \fIblen\fP bits starting at \fIstr\fP as a bitstring value to the given BER element. Note that \fIblen\fP is the length \fIin bits\fP of the bitstring. .LP The .BR ber_put_ostring () routine writes \fIlen\fP bytes starting at \fIstr\fP to the BER element as an octet string. .LP The .BR ber_put_string () routine writes the null-terminated string (minus the terminating '\0') to the BER element as an octet string. .LP The .BR ber_put_null () routine writes a NULL element to the BER element. .LP The .BR ber_start_seq () routine is used to start a sequence in the BER element. The .BR ber_start_set () routine works similarly. The end of the sequence or set is marked by the nearest matching call to .BR ber_put_seq () or .BR ber_put_set (), respectively. .SH EXAMPLES Assuming the following variable declarations, and that the variables have been assigned appropriately, an lber encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP can be achieved like so: .LP .nf int rc; ber_int_t scope, ali, size, time, attrsonly; char *dn, **attrs; BerElement *ber; /* ... fill in values ... */ ber = ber_alloc_t( LBER_USE_DER ); if ( ber == NULL ) { /* error */ } rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali, size, time, attrsonly, attrs ); if( rc == \-1 ) { /* error */ } else { /* success */ } .fi .SH ERRORS If an error occurs during encoding, generally these routines return \-1. .LP .SH NOTES .LP The return values for all of these functions are declared in the header file. .SH SEE ALSO .BR lber-decode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 289 stdin PK!qqldap_explode_rdn.3nu[.lf 1 stdin .TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char *ldap_get_dn( LDAP *ld, LDAPMessage *entry ) .LP .ft B int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags ) .LP .ft B void ldap_dnfree( LDAPDN dn ) .LP .ft B int ldap_dn2str( LDAPDN dn, char **str, unsigned flags ) .LP .ft B char **ldap_explode_dn( const char *dn, int notypes ) .LP .ft B char **ldap_explode_rdn( const char *rdn, int notypes ) .LP .ft B char *ldap_dn2ufn( const char * dn ) .LP .ft B char *ldap_dn2dcedn( const char * dn ) .LP .ft B char *ldap_dcedn2dn( const char * dn ) .LP .ft B char *ldap_dn2ad_canonical( const char * dn ) .SH DESCRIPTION These routines allow LDAP entry names (Distinguished Names, or DNs) to be obtained, parsed, converted to a user-friendly form, and tested. A DN has the form described in RFC 4414 "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names". .LP The .B ldap_get_dn() routine takes an \fIentry\fP as returned by .BR ldap_first_entry (3) or .BR ldap_next_entry (3) and returns a copy of the entry's DN. Space for the DN will be obtained dynamically and should be freed by the caller using .BR ldap_memfree (3). .LP .B ldap_str2dn() parses a string representation of a distinguished name contained in .B str into its components, which are stored in .B dn as .B ldap_ava structures, arranged in .B LDAPAVA, .B LDAPRDN, and .B LDAPDN terms. Space for .B dn will be obtained dynamically and should be freed by the caller using .BR ldap_dnfree (3). The .B LDAPDN is defined as: .nf .ft B typedef struct ldap_ava { struct berval la_attr; struct berval la_value; unsigned la_flags; } LDAPAVA; typedef LDAPAVA** LDAPRDN; typedef LDAPRDN* LDAPDN; .ft .fi The attribute types and the attribute values are not normalized. The .B la_flags can be either .B LDAP_AVA_STRING or .B LDAP_AVA_BINARY, the latter meaning that the value is BER/DER encoded and thus must be represented as, quoting from RFC 4514, " ... an octothorpe character ('#' ASCII 35) followed by the hexadecimal representation of each of the bytes of the BER encoding of the X.500 AttributeValue." The .B flags parameter to .B ldap_str2dn() can be .LP .nf LDAP_DN_FORMAT_LDAPV3 LDAP_DN_FORMAT_LDAPV2 LDAP_DN_FORMAT_DCE .fi which defines what DN syntax is expected (according to RFC 4514, RFC 1779 and DCE, respectively). The format can be \fIOR\fPed to the flags .LP .nf LDAP_DN_P_NO_SPACES LDAP_DN_P_NO_SPACE_AFTER_RDN ... LDAP_DN_PEDANTIC .fi The latter is a shortcut for all the previous limitations. .LP .B LDAP_DN_P_NO_SPACES does not allow extra spaces in the dn; the default is to silently eliminate spaces around AVA separators ('='), RDN component separators ('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators (',' LDAPv3/LDAPv2 or '/' for DCE). .LP .B LDAP_DN_P_NO_SPACE_AFTER_RDN does not allow a single space after RDN separators. .LP .B ldap_dn2str() performs the inverse operation, yielding in .B str a string representation of .B dn. It allows the same values for .B flags as .B ldap_str2dn(), plus .LP .nf LDAP_DN_FORMAT_UFN LDAP_DN_FORMAT_AD_CANONICAL .fi for user-friendly naming (RFC 1781) and AD canonical. .LP The following routines are viewed as deprecated in favor of .B ldap_str2dn() and .BR ldap_dn2str(). They are provided to support legacy applications. .LP The .B ldap_explode_dn() routine takes a DN as returned by .B ldap_get_dn() and breaks it up into its component parts. Each part is known as a Relative Distinguished Name, or RDN. .B ldap_explode_dn() returns a NULL-terminated array, each component of which contains an RDN from the DN. The \fInotypes\fP parameter is used to request that only the RDN values be returned, not their types. For example, the DN "cn=Bob, c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob", "US", NULL }, depending on whether notypes was 0 or 1, respectively. Assertion values in RDN strings may included escaped characters. The result can be freed by calling .BR ldap_value_free (3). .LP Similarly, the .B ldap_explode_rdn() routine takes an RDN as returned by .B ldap_explode_dn(dn,0) and breaks it up into its "type=value" component parts (or just "value", if the \fInotypes\fP parameter is set). Note the value is not unescaped. The result can be freed by calling .BR ldap_value_free (3). .LP .B ldap_dn2ufn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a more user-friendly form, stripping off all type names. See "Using the Directory to Achieve User Friendly Naming" (RFC 1781) for more details on the UFN format. Due to the ambiguous nature of the format, it is generally only used for display purposes. The space for the UFN returned is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .LP .B ldap_dn2dcedn() is used to turn a DN as returned by .BR ldap_get_dn (3) into a DCE-style DN, e.g. a string with most-significant to least significant rdns separated by slashes ('/'); rdn components are separated by commas (','). Only printable chars (e.g. LDAPv2 printable string) are allowed, at least in this implementation. .B ldap_dcedn2dn() performs the opposite operation. .B ldap_dn2ad_canonical() turns a DN into a AD canonical name, which is basically a DCE dn with attribute types omitted. The trailing domain, if present, is turned in a DNS-like domain. The space for the returned value is obtained dynamically and the user is responsible for freeing it via a call to .BR ldap_memfree (3). .SH ERRORS If an error occurs in .BR ldap_get_dn() , NULL is returned and the .B ld_errno field in the \fIld\fP parameter is set to indicate the error. See .BR ldap_error (3) for a description of possible error codes. .BR ldap_explode_dn() , .BR ldap_explode_rdn() , .B ldap_dn2ufn(), .B ldap_dn2dcedn(), .B ldap_dcedn2dn(), and .B ldap_dn2ad_canonical() will return NULL with .BR errno (3) set appropriately in case of trouble. .SH NOTES These routines dynamically allocate memory that the caller must free. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3), .BR ldap_first_entry (3), .BR ldap_memfree (3), .BR ldap_value_free (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 247 stdin PK!1ܽ ldap_control_find.3nu[.lf 1 stdin .TH LDAP_CONTROLS 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_control_create, ldap_control_find, ldap_control_dup, ldap_controls_dup, ldap_control_free, ldap_controls_free \- LDAP control manipulation routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .B #include .LP .BI "int ldap_control_create(const char *" oid ", int " iscritical ", struct berval *" value ", int " dupval ", LDAPControl **" ctrlp ");" .LP .BI "LDAPControl *ldap_control_find( const char *" oid ", LDAPControl **" ctrls ", LDAPControl ***" nextctrlp ");" .LP .BI "LDAPControl *ldap_control_dup(LDAPControl *" ctrl ");" .LP .BI "LDAPControl **ldap_controls_dup(LDAPControl **" ctrls ");" .LP .BI "void ldap_control_free(LDAPControl *" ctrl ");" .LP .BI "void ldap_controls_free(LDAPControl **" ctrls ");" .SH DESCRIPTION These routines are used to manipulate structures used for LDAP controls. .BR ldap_control_create () creates a control with the specified .I OID using the contents of the .I value parameter for the control value, if any. The content of .I value is duplicated if .I dupval is non-zero. The .I iscritical parameter must be non-zero for a critical control. The created control is returned in the .I ctrlp parameter. The routine returns .B LDAP_SUCCESS on success or some other error code on failure. The content of .IR value , for supported control types, can be prepared using helpers provided by this implementation of libldap, usually in the form .BR "ldap_create__control_value" (). Otherwise, it can be BER-encoded using the functionalities of liblber. .BR ldap_control_find () searches the NULL-terminated .I ctrls array for a control whose OID matches the .I oid parameter. The routine returns a pointer to the control if found, NULL otherwise. If the parameter .I nextctrlp is not NULL, on return it will point to the next control in the array, and can be passed to the .BR ldap_control_find () routine for subsequent calls, to find further occurrences of the same control type. The use of this function is discouraged; the recommended way of handling controls in responses consists in going through the array of controls, dealing with each of them in the returned order, since it could matter. .BR ldap_control_dup () duplicates an individual control structure, and .BR ldap_controls_dup () duplicates a NULL-terminated array of controls. .BR ldap_control_free () frees an individual control structure, and .BR ldap_controls_free () frees a NULL-terminated array of controls. .SH SEE ALSO .BR ldap (3), .BR ldap_error (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 85 stdin PK!5^#v1v1ber_skip_tag.3nu[.lf 1 stdin .TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");" .LP .BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);" .LP .BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");" .LP .BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");" .LP .BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");" .LP .BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");" .LP .BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");" .LP .BI "ber_tag_t ber_get_null(BerElement *" ber ");" .LP .BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");" .LP .BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");" .LP .BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");" .LP .BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");" .SH DESCRIPTION .LP These routines provide a subroutine interface to a simplified implementation of the Basic Encoding Rules of ASN.1. The version of BER these routines support is the one defined for the LDAP protocol. The encoding rules are the same as BER, except that only definite form lengths are used, and bitstrings and octet strings are always encoded in primitive form. This man page describes the decoding routines in the lber library. See .BR lber-encode (3) for details on the corresponding encoding routines. Consult .BR lber-types (3) for information about types, allocators, and deallocators. .LP Normally, the only routines that need to be called by an application are .BR ber_get_next () to get the next BER element and .BR ber_scanf () to do the actual decoding. In some cases, .BR ber_peek_tag () may also need to be called in normal usage. The other routines are provided for those applications that need more control than .BR ber_scanf () provides. In general, these routines return the tag of the element decoded, or LBER_ERROR if an error occurred. .LP The .BR ber_get_next () routine is used to read the next BER element from the given Sockbuf, \fIsb\fP. It strips off and returns the leading tag, strips off and returns the length of the entire element in \fIlen\fP, and sets up \fIber\fP for subsequent calls to .BR ber_scanf () et al to decode the element. See .BR lber-sockbuf (3) for details of the Sockbuf implementation of the \fIsb\fP parameter. .LP The .BR ber_scanf () routine is used to decode a BER element in much the same way that .BR scanf (3) works. It reads from \fIber\fP, a pointer to a BerElement such as returned by .BR ber_get_next (), interprets the bytes according to the format string \fIfmt\fP, and stores the results in its additional arguments. The format string contains conversion specifications which are used to direct the interpretation of the BER element. The format string can contain the following characters. .RS .LP .TP 3 .B a Octet string. A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter. The caller should free the returned string using .BR ber_memfree (). .TP .B A Octet string. A variant of "\fBa\fP". A char ** should be supplied. Memory is allocated, filled with the contents of the octet string, null-terminated, and returned in the parameter, unless a zero-length string would result; in that case, the arg is set to NULL. The caller should free the returned string using .BR ber_memfree (). .TP .B s Octet string. A char * buffer should be supplied, followed by a pointer to a ber_len_t initialized to the size of the buffer. Upon return, the null-terminated octet string is put into the buffer, and the ber_len_t is set to the actual size of the octet string. .TP .B O Octet string. A struct ber_val ** should be supplied, which upon return points to a dynamically allocated struct berval containing the octet string and its length. The caller should free the returned structure using .BR ber_bvfree (). .TP .B o Octet string. A struct ber_val * should be supplied, which upon return contains the dynamically allocated octet string and its length. The caller should free the returned octet string using .BR ber_memfree (). .TP .B m Octet string. A struct ber_val * should be supplied, which upon return contains the octet string and its length. The string resides in memory assigned to the BerElement, and must not be freed by the caller. .TP .B b Boolean. A pointer to a ber_int_t should be supplied. .TP .B e Enumeration. A pointer to a ber_int_t should be supplied. .TP .B i Integer. A pointer to a ber_int_t should be supplied. .TP .B B Bitstring. A char ** should be supplied which will point to the dynamically allocated bits, followed by a ber_len_t *, which will point to the length (in bits) of the bitstring returned. .TP .B n Null. No parameter is required. The element is simply skipped if it is recognized. .TP .B v Sequence of octet strings. A char *** should be supplied, which upon return points to a dynamically allocated null-terminated array of char *'s containing the octet strings. NULL is returned if the sequence is empty. The caller should free the returned array and octet strings using .BR ber_memvfree (). .TP .B V Sequence of octet strings with lengths. A struct berval *** should be supplied, which upon return points to a dynamically allocated null-terminated array of struct berval *'s containing the octet strings and their lengths. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvecfree (). .TP .B W Sequence of octet strings with lengths. A BerVarray * should be supplied, which upon return points to a dynamically allocated array of struct berval's containing the octet strings and their lengths. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The caller should free the returned structures using .BR ber_bvarray_free (). .TP .B M Sequence of octet strings with lengths. This is a generalized form of the previous three formats. A void ** (ptr) should be supplied, followed by a ber_len_t * (len) and a ber_len_t (off). Upon return (ptr) will point to a dynamically allocated array whose elements are all of size (*len). A struct berval will be filled starting at offset (off) in each element. The strings in each struct berval reside in memory assigned to the BerElement and must not be freed by the caller. The array is terminated by a struct berval with a NULL bv_val string pointer. NULL is returned if the sequence is empty. The number of elements in the array is also stored in (*len) on return. The caller should free the returned array using .BR ber_memfree (). .TP .B l Length of the next element. A pointer to a ber_len_t should be supplied. .TP .B t Tag of the next element. A pointer to a ber_tag_t should be supplied. .TP .B T Skip element and return its tag. A pointer to a ber_tag_t should be supplied. .TP .B x Skip element. The next element is skipped. .TP .B { Begin sequence. No parameter is required. The initial sequence tag and length are skipped. .TP .B } End sequence. No parameter is required and no action is taken. .TP .B [ Begin set. No parameter is required. The initial set tag and length are skipped. .TP .B ] End set. No parameter is required and no action is taken. .RE .LP The .BR ber_get_int () routine tries to interpret the next element as an integer, returning the result in \fInum\fP. The tag of whatever it finds is returned on success, LBER_ERROR (\-1) on failure. .LP The .BR ber_get_stringb () routine is used to read an octet string into a preallocated buffer. The \fIlen\fP parameter should be initialized to the size of the buffer, and will contain the length of the octet string read upon return. The buffer should be big enough to take the octet string value plus a terminating NULL byte. .LP The .BR ber_get_stringa () routine is used to dynamically allocate space into which an octet string is read. The caller should free the returned string using .BR ber_memfree(). .LP The .BR ber_get_stringal () routine is used to dynamically allocate space into which an octet string and its length are read. It takes a struct berval **, and returns the result in this parameter. The caller should free the returned structure using .BR ber_bvfree(). .LP The .BR ber_get_stringbv () routine is used to read an octet string and its length into the provided struct berval *. If the \fIalloc\fP parameter is zero, the string will reside in memory assigned to the BerElement, and must not be freed by the caller. If the \fIalloc\fP parameter is non-zero, the string will be copied into dynamically allocated space which should be returned using .BR ber_memfree (). .LP The .BR ber_get_null () routine is used to read a NULL element. It returns the tag of the element it skips over. .LP The .BR ber_get_boolean () routine is used to read a boolean value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_enum () routine is used to read a enumeration value. It is called the same way that .BR ber_get_int () is called. .LP The .BR ber_get_bitstringa () routine is used to read a bitstring value. It takes a char ** which will hold the dynamically allocated bits, followed by an ber_len_t *, which will point to the length (in bits) of the bitstring returned. The caller should free the returned string using .BR ber_memfree (). .LP The .BR ber_first_element () routine is used to return the tag and length of the first element in a set or sequence. It also returns in \fIcookie\fP a magic cookie parameter that should be passed to subsequent calls to ber_next_element(), which returns similar information. .SH EXAMPLES Assume the variable \fIber\fP contains a lightweight BER encoding of the following ASN.1 object: .LP .nf AlmostASearchRequest := SEQUENCE { baseObject DistinguishedName, scope ENUMERATED { baseObject (0), singleLevel (1), wholeSubtree (2) }, derefAliases ENUMERATED { neverDerefaliases (0), derefInSearching (1), derefFindingBaseObj (2), alwaysDerefAliases (3) }, sizelimit INTEGER (0 .. 65535), timelimit INTEGER (0 .. 65535), attrsOnly BOOLEAN, attributes SEQUENCE OF AttributeType } .fi .LP The element can be decoded using .BR ber_scanf () as follows. .LP .nf ber_int_t scope, deref, size, time, attrsonly; char *dn, **attrs; ber_tag_t tag; tag = ber_scanf( ber, "{aeeiib{v}}", &dn, &scope, &deref, &size, &time, &attrsonly, &attrs ); if( tag == LBER_ERROR ) { /* error */ } else { /* success */ } ber_memfree( dn ); ber_memvfree( attrs ); .fi .SH ERRORS If an error occurs during decoding, generally these routines return LBER_ERROR ((ber_tag_t)\-1). .LP .SH NOTES .LP The return values for all of these functions are declared in the .B header file. Some routines may dynamically allocate memory which must be freed by the caller using supplied deallocation routines. .SH SEE ALSO .BR lber-encode (3), .BR lber-memory (3), .BR lber-sockbuf (3), .BR lber-types (3) .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 358 stdin PK!շY lber-types.3nu[.lf 1 stdin .TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions .SH LIBRARY OpenLDAP LBER (liblber, \-llber) .SH SYNOPSIS .B #include .LP .nf .ft B typedef impl_tag_t ber_tag_t; typedef impl_int_t ber_int_t; typedef impl_uint_t ber_uint_t; typedef impl_len_t ber_len_t; typedef impl_slen_t ber_slen_t; typedef struct berval { ber_len_t bv_len; char *bv_val; } BerValue, *BerVarray; typedef struct berelement BerElement; .ft .fi .LP .BI "void ber_bvfree(struct berval *" bv ");" .LP .BI "void ber_bvecfree(struct berval **" bvec ");" .LP .BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");" .LP .BI "void ber_bvarray_free(struct berval *" bvarray ");" .LP .BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");" .LP .BI "struct berval *ber_bvdup(const struct berval *" bv ");" .LP .BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");" .LP .BI "struct berval *ber_bvstr(const char *" str ");" .LP .BI "struct berval *ber_bvstrdup(const char *" str ");" .LP .BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");" .LP .BI "BerElement *ber_alloc_t(int " options ");" .LP .BI "BerElement *ber_init(struct berval *" bv ");" .LP .BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");" .LP .BI "void ber_free(BerElement *" ber ", int " freebuf ");" .SH DESCRIPTION .LP The following are the basic types and structures defined for use with the Lightweight BER library. .LP .B ber_int_t is a signed integer of at least 32 bits. It is commonly equivalent to .BR int . .B ber_uint_t is the unsigned variant of .BR ber_int_t . .LP .B ber_len_t is an unsigned integer of at least 32 bits used to represent a length. It is commonly equivalent to a .BR size_t . .B ber_slen_t is the signed variant to .BR ber_len_t . .LP .B ber_tag_t is an unsigned integer of at least 32 bits used to represent a BER tag. It is commonly equivalent to a .BR unsigned\ long . .LP The actual definitions of the integral impl_TYPE_t types are platform specific. .LP .BR BerValue , commonly used as .BR struct\ berval , is used to hold an arbitrary sequence of octets. .B bv_val points to .B bv_len octets. .B bv_val is not necessarily terminated by a NULL (zero) octet. .BR ber_bvfree () frees a BerValue, pointed to by \fIbv\fP, returned from this API. If \fIbv\fP is NULL, the routine does nothing. .LP .BR ber_bvecfree () frees an array of BerValues (and the array), pointed to by \fIbvec\fP, returned from this API. If \fIbvec\fP is NULL, the routine does nothing. .BR ber_bvecadd () appends the \fIbv\fP pointer to the \fIbvec\fP array. Space for the array is allocated as needed. The end of the array is marked by a NULL pointer. .LP .BR ber_bvarray_free () frees an array of BerValues (and the array), pointed to by \fIbvarray\fP, returned from this API. If \fIbvarray\fP is NULL, the routine does nothing. .BR ber_bvarray_add () appends the contents of the BerValue pointed to by \fIbv\fP to the \fIbvarray\fP array. Space for the new element is allocated as needed. The end of the array is marked by a BerValue with a NULL bv_val field. .LP .BR ber_bvdup () returns a copy of a BerValue. The routine returns NULL upon error (e.g. out of memory). The caller should use .BR ber_bvfree () to deallocate the resulting BerValue. .BR ber_dupbv () copies a BerValue from \fIsrc\fP to \fIdst\fP. If \fIdst\fP is NULL a new BerValue will be allocated to hold the copy. The routine returns NULL upon error, otherwise it returns a pointer to the copy. If \fIdst\fP is NULL the caller should use .BR ber_bvfree () to deallocate the resulting BerValue, otherwise .BR ber_memfree () should be used to deallocate the \fIdst->bv_val\fP. (The .BR ber_bvdup () function is internally implemented as ber_dupbv(NULL, bv). .BR ber_bvdup () is provided only for compatibility with an expired draft of the LDAP C API; .BR ber_dupbv () is the preferred interface.) .LP .BR ber_bvstr () returns a BerValue containing the string pointed to by \fIstr\fP. .BR ber_bvstrdup () returns a BerValue containing a copy of the string pointed to by \fIstr\fP. .BR ber_str2bv () returns a BerValue containing the string pointed to by \fIstr\fP, whose length may be optionally specified in \fIlen\fP. If \fIdup\fP is non-zero, the BerValue will contain a copy of \fIstr\fP. If \fIlen\fP is zero, the number of bytes to copy will be determined by .BR strlen (3), otherwise \fIlen\fP bytes will be copied. If \fIbv\fP is non-NULL, the result will be stored in the given BerValue, otherwise a new BerValue will be allocated to store the result. NOTE: Both .BR ber_bvstr () and .BR ber_bvstrdup () are implemented as macros using .BR ber_str2bv () in this version of the library. .LP .B BerElement is an opaque structure used to maintain state information used in encoding and decoding. .BR ber_alloc_t () is used to create an empty BerElement structure. If .B LBER_USE_DER is specified for the .I options parameter then data lengths for data written to the BerElement will be encoded in the minimal number of octets required, otherwise they will always be written as four byte values. .BR ber_init () creates a BerElement structure that is initialized with a copy of the data in its .I bv parameter. .BR ber_init2 () initializes an existing BerElement .I ber using the data in the .I bv parameter. The data is referenced directly, not copied. The .I options parameter is the same as for .BR ber_alloc_t (). .BR ber_free () frees a BerElement pointed to by \fIber\fP. If \fIber\fP is NULL, the routine does nothing. If \fIfreebuf\fP is zero, the internal buffer is not freed. .SH SEE ALSO .BR lber-encode (3), .BR lber-decode (3), .BR lber-memory (3) .LP .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 189 stdin PK! m&$$ldap_errlist.3nu[.lf 1 stdin .TH LDAP_ERROR 3 "2018/03/22" "OpenLDAP 2.4.46" .\" $OpenLDAP$ .\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .SH NAME ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines .SH LIBRARY OpenLDAP LDAP (libldap, \-lldap) .SH SYNOPSIS .nf .ft B #include .LP .ft B char *ldap_err2string( int \fIerr\fB ); .SH DESCRIPTION The .B ldap_err2string() routine provides short description of the various codes returned by routines in this library. The returned string is a pointer to a static area that should not be modified. These codes are either negative, indicating an API error code; positive, indicating an LDAP resultCode other than \'success' (0), or - zero, indicating both successful use of the API and the LDAP resultCode \'success' (0). The code associated with an LDAP session is accessible using .BR ldap_get_option (3) and .BR ldap_set_option (3) with the .B LDAP_OPT_RESULT_CODE option (previously called .BR LDAP_OPT_ERROR_NUMBER ). .SH PROTOCOL RESULT CODES This section provides a partial list of protocol codes recognized by the library. As LDAP is extensible, additional values may be returned. A complete listing of \fIregistered\fP LDAP result codes can be obtained from the \fIInternet Assigned Numbers Authority\fP . .LP .TP 20 .SM LDAP_SUCCESS The request was successful. .TP .SM LDAP_OPERATIONS_ERROR An operations error occurred. .TP .SM LDAP_PROTOCOL_ERROR A protocol violation was detected. .TP .SM LDAP_TIMELIMIT_EXCEEDED An LDAP time limit was exceeded. .TP .SM LDAP_SIZELIMIT_EXCEEDED An LDAP size limit was exceeded. .TP .SM LDAP_COMPARE_FALSE A compare operation returned false. .TP .SM LDAP_COMPARE_TRUE A compare operation returned true. .TP .SM LDAP_STRONG_AUTH_NOT_SUPPORTED The LDAP server does not support strong authentication. .TP .SM LDAP_STRONG_AUTH_REQUIRED Strong authentication is required for the operation. .TP .SM LDAP_PARTIAL_RESULTS Partial results only returned. .TP .SM LDAP_NO_SUCH_ATTRIBUTE The attribute type specified does not exist in the entry. .TP .SM LDAP_UNDEFINED_TYPE The attribute type specified is invalid. .TP .SM LDAP_INAPPROPRIATE_MATCHING Filter type not supported for the specified attribute. .TP .SM LDAP_CONSTRAINT_VIOLATION An attribute value specified violates some constraint (e.g., a postalAddress has too many lines, or a line that is too long). .TP .SM LDAP_TYPE_OR_VALUE_EXISTS An attribute type or attribute value specified already exists in the entry. .TP .SM LDAP_INVALID_SYNTAX An invalid attribute value was specified. .TP .SM LDAP_NO_SUCH_OBJECT The specified object does not exist in The Directory. .TP .SM LDAP_ALIAS_PROBLEM An alias in The Directory points to a nonexistent entry. .TP .SM LDAP_INVALID_DN_SYNTAX A syntactically invalid DN was specified. .TP .SM LDAP_IS_LEAF The object specified is a leaf. .TP .SM LDAP_ALIAS_DEREF_PROBLEM A problem was encountered when dereferencing an alias. .TP .SM LDAP_INAPPROPRIATE_AUTH Inappropriate authentication was specified (e.g., LDAP_AUTH_SIMPLE was specified and the entry does not have a userPassword attribute). .TP .SM LDAP_INVALID_CREDENTIALS Invalid credentials were presented (e.g., the wrong password). .TP .SM LDAP_INSUFFICIENT_ACCESS The user has insufficient access to perform the operation. .TP .SM LDAP_BUSY The DSA is busy. .TP .SM LDAP_UNAVAILABLE The DSA is unavailable. .TP .SM LDAP_UNWILLING_TO_PERFORM The DSA is unwilling to perform the operation. .TP .SM LDAP_LOOP_DETECT A loop was detected. .TP .SM LDAP_NAMING_VIOLATION A naming violation occurred. .TP .SM LDAP_OBJECT_CLASS_VIOLATION An object class violation occurred (e.g., a "must" attribute was missing from the entry). .TP .SM LDAP_NOT_ALLOWED_ON_NONLEAF The operation is not allowed on a nonleaf object. .TP .SM LDAP_NOT_ALLOWED_ON_RDN The operation is not allowed on an RDN. .TP .SM LDAP_ALREADY_EXISTS The entry already exists. .TP .SM LDAP_NO_OBJECT_CLASS_MODS Object class modifications are not allowed. .TP .SM LDAP_OTHER An unknown error occurred. .SH API ERROR CODES This section provides a complete list of API error codes recognized by the library. Note that LDAP_SUCCESS indicates success of an API call in addition to representing the return of the LDAP \'success' resultCode. .LP .TP 20 .SM LDAP_SERVER_DOWN The LDAP library can't contact the LDAP server. .TP .SM LDAP_LOCAL_ERROR Some local error occurred. This is usually a failed dynamic memory allocation. .TP .SM LDAP_ENCODING_ERROR An error was encountered encoding parameters to send to the LDAP server. .TP .SM LDAP_DECODING_ERROR An error was encountered decoding a result from the LDAP server. .TP .SM LDAP_TIMEOUT A timelimit was exceeded while waiting for a result. .TP .SM LDAP_AUTH_UNKNOWN The authentication method specified to ldap_bind() is not known. .TP .SM LDAP_FILTER_ERROR An invalid filter was supplied to ldap_search() (e.g., unbalanced parentheses). .TP .SM LDAP_PARAM_ERROR An ldap routine was called with a bad parameter. .TP .SM LDAP_NO_MEMORY An memory allocation (e.g., malloc(3) or other dynamic memory allocator) call failed in an ldap library routine. .TP .SM LDAP_USER_CANCELED Indicates the user cancelled the operation. .TP .SM LDAP_CONNECT_ERROR Indicates a connection problem. .TP .SM LDAP_NOT_SUPPORTED Indicates the routine was called in a manner not supported by the library. .TP .SM LDAP_CONTROL_NOT_FOUND Indicates the control provided is unknown to the client library. .TP .SM LDAP_NO_RESULTS_RETURNED Indicates no results returned. .TP .SM LDAP_MORE_RESULTS_TO_RETURN Indicates more results could be returned. .TP .SM LDAP_CLIENT_LOOP Indicates the library has detected a loop in its processing. .TP .SM LDAP_REFERRAL_LIMIT_EXCEEDED Indicates the referral limit has been exceeded. .SH DEPRECATED .lf 1 ./Deprecated Deprecated interfaces generally remain in the library. The macro LDAP_DEPRECATED can be defined to a non-zero value (e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use deprecated interfaces. It is recommended that developers writing new programs, or updating old programs, avoid use of deprecated interfaces. Over time, it is expected that documentation (and, eventually, support) for deprecated interfaces to be eliminated. .lf 220 stdin .SH SEE ALSO .BR ldap (3), .SH ACKNOWLEDGEMENTS .lf 1 ./../Project .\" Shared Project Acknowledgement Text .B "OpenLDAP Software" is developed and maintained by The OpenLDAP Project . .B "OpenLDAP Software" is derived from the University of Michigan LDAP 3.3 Release. .lf 225 stdin PK!Uy11 shadow.3.gznu[PK!.S** lEVP_aes.3nu[PK!u}/}/!2SSL_CTX_set_psk_client_callback.3nu[PK!9%]+]+ rbX509_dup.3nu[PK!׉)) RSA_padding_add_PKCS1_type_1.3nu[PK!Zv]EVP_chacha20.3nu[PK!&;;(SSL_CTX_use_certificate.3nu[PK!@ EVP_camellia.3nu[PK! 2&EVP_VerifyInit.3nu[PK!qPP Dd2i_X509.3nu[PK!11UI_create_method.3nu[PK!+W&,5,5JX509_LOOKUP_meth_new.3nu[PK!_vvSSL_get_current_cipher.3nu[PK!~M zBN_rand.3nu[PK!h!! |4SSL_CTX_set1_verify_cert_store.3nu[PK!77VOPENSSL_LH_COMPFUNC.3nu[PK!7nΎX509_get0_notBefore.3nu[PK!LP} /X509_new.3nu[PK!Uw ENGINE_add.3nu[PK! & &)^BN_add.3nu[PK!'Z[Z[kX509_VERIFY_PARAM_set_flags.3nu[PK!. ׅ MDC2_Init.3nu[PK!ERR_put_error.3nu[PK!)i2d_re_X509_tbs.3nu[PK!n#%#%1DSA_get0_pqg.3nu[PK!% 7VCONF_modules_free.3nu[PK! mEVP_des.3nu[PK! ʋMD5.3nu[PK!eNOOUI_UTIL_read_pw.3nu[PK!)<>>yOPENSSL_malloc.3nu[PK!͖`TTYPEM_read_CMS.3nu[PK!yS}OSSL_STORE_expect.3nu[PK!Ih.h.7BIO_set_callback.3nu[PK!x-- eOBJ_nid2obj.3nu[PK!#EVP_sha3_224.3nu[PK!2e@e@X509_STORE_set_verify_cb_func.3nu[PK!RE(E(eSSL_CTX_set_mode.3nu[PK!:gBIO_s_socket.3nu[PK!uR 2 2/+EVP_EncodeInit.3nu[PK!x]DH_get_1024_160.3nu[PK!EpqpqXwEVP_PKEY_CTX_ctrl.3nu[PK!ٮ))  UI_STRING.3nu[PK!lT - -CRYPTO_get_ex_new_index.3nu[PK!hi j@EVP_aria.3nu[PK!AA&^EC_GROUP_copy.3nu[PK!lL;;!TSSL_COMP_add_compression_method.3nu[PK!K?j=%=%SSL_get_ciphers.3nu[PK!??^UI_new.3nu[PK!Snx'x'%ASN1_INTEGER_get_int64.3nu[PK!qggRMPEM_read_bio_PrivateKey.3nu[PK! EVP_PKEY_CTX_set_scrypt_N.3nu[PK!74f'f'BN_BLINDING_new.3nu[PK!aBIO_get_ex_new_index.3nu[PK!WVV  EVP_CIPHER_CTX_get_cipher_data.3nu[PK!0O-i+i+/) X509v3_get_ext_by_NID.3nu[PK!!--T EVP_PKEY_keygen.3nu[PK!H !>> ݂ SSL_set_fd.3nu[PK!4߬SSW EVP_DigestInit.3nu[PK!e|H SSL_CTX_sess_number.3nu[PK!nϺ44 SSL_CTX_set_alpn_select_cb.3nu[PK!0S.S. B X509_LOOKUP.3nu[PK!~D~D3q RSA_meth_new.3nu[PK!?޺ OCSP_cert_to_id.3nu[PK!]] OPENSSL_VERSION_NUMBER.3nu[PK!٢00 OSSL_STORE_SEARCH.3nu[PK!F55 h! SSL_CTX_new.3nu[PK!f&""sW SSL_CTX_set_default_passwd_cb.3nu[PK!= y BN_copy.3nu[PK!v !! BIO_ADDRINFO.3nu[PK!,"&& OCSP_sendreq_new.3nu[PK!ү$ d2i_PrivateKey.3nu[PK!u@u@ ASN1_TIME_set.3nu[PK!qD0C$C$^: CRYPTO_THREAD_run_once.3nu[PK!5~܂-- ^ ADMISSIONS.3nu[PK!mӣ\\ SSL_CTX_get_verify_mode.3nu[PK!0ϯ L RAND_bytes.3nu[PK!ͣ{Z7 ERR_set_mark.3nu[PK!|=.##q X509_NAME_add_entry_by_txt.3nu[PK!C~-- SSL_CTX_add1_chain_cert.3nu[PK!] b' SHA256_Init.3nu[PK!,eH SSL_CTX_set_read_ahead.3nu[PK!hyd EVP_EncryptInit.3nu[PK!&^uqq  BIO_new_CMS.3nu[PK!7%"DDwEC_POINT_new.3nu[PK!kuuJEVP_PKEY_meth_new.3nu[PK!70X++SSL_CTX_set_client_hello_cb.3nu[PK!9bj(j(SSL_CTX_sess_set_get_cb.3nu[PK!Vs((BIO_should_retry.3nu[PK!k5і,,>X509_check_host.3nu[PK!>BkBN_cmp.3nu[PK!|X!X! BIO_connect.3nu[PK! %%4X509_STORE_add_cert.3nu[PK!sxP2P2!zSSL_CTX_set_split_send_fragment.3nu[PK!WD߽ EVP_rc4.3nu[PK!RAND_DRBG_set_ex_data.3nu[PK!O-''+SSL_CTX_set_tlsext_status_cb.3nu[PK!;#vDD 'TRAND_add.3nu[PK!=a=asSSL_read_early_data.3nu[PK!vߏh%h%'SSL_CTX_set_msg_callback.3nu[PK!YG++ BIO_s_mem.3nu[PK!` А &RAND_egd.3nu[PK!>v>?o2i_SCT_LIST.3nu[PK!`ua a UDSA_generate_parameters.3nu[PK!:SZZ4vSSL_get_default_timeout.3nu[PK!?C3=3=׋DSA_meth_new.3nu[PK!LV'V' HPEM_read.3nu[PK!ӱMSSL_get_version.3nu[PK!### X509_PUBKEY_new.3nu[PK!~l"l"/CMS_add1_signer.3nu[PK!രWW?RCMS_add0_cert.3nu[PK!'Ts's'!mSSL_CTX_set_generate_session_id.3nu[PK!C ҦRIPEMD160_Init.3nu[PK!DII%=%= BIO_f_ssl.3nu[PK!1KnCnCDEFINE_STACK_OF.3nu[PK!e`b1b1/EVP_MD_meth_new.3nu[PK!ƹ@@1aEVP_PKEY_cmp.3nu[PK!KK {DSA_SIG_new.3nu[PK! T6T67BIO_s_accept.3nu[PK!6A7&W&W&X509_get0_signature.3nu[PK!]]eEVP_PKEY_ASN1_METHOD.3nu[PK!2lbb*NSSL_get_peer_tmp_key.3nu[PK! z77 dEC_KEY_new.3nu[PK!<3y?%% BIO_s_file.3nu[PK!330RSA_get0_key.3nu[PK!bU8r&r&!OPENSSL_secure_malloc.3nu[PK!4f//ASYNC_WAIT_CTX_new.3nu[PK!22&LSSL_do_handshake.3nu[PK!Y Y gX509_CRL_get0_by_serial.3nu[PK!{SSL_set_session.3nu[PK!d{${$ۡDH_generate_parameters.3nu[PK!t%% BF_encrypt.3nu[PK!I5(5( DH_get0_pqg.3nu[PK!}22&BN_generate_prime.3nu[PK!\\&**GRAND_DRBG_generate.3nu[PK!=X,,meEVP_PKEY_set1_RSA.3nu[PK!Pw6w6ΑOCSP_resp_find_status.3nu[PK!MuOMMX509_SIG_get0.3nu[PK!x- B88OCSP_request_add1_nonce.3nu[PK!++EC_GROUP_new.3nu[PK! &SSL_pending.3nu[PK!S"BSSL_SESSION_get_protocol_version.3nu[PK!D&&ZX509_NAME_print_ex.3nu[PK!PiM||݁RSA_private_encrypt.3nu[PK! X]88SSL_alert_type_string.3nu[PK!Qu00BIO_meth_new.3nu[PK!//SSL_SESSION_get0_hostname.3nu[PK!.CC!OPENSSL_init_crypto.3nu[PK!:Q0Q0;eX509_STORE_CTX_set_verify_cb.3nu[PK! ڕSSL_CTX_set_session_id_context.3nu[PK!-h+LL EVP_rc2_cbc.3nu[PK!'ű kBIO_new.3nu[PK!!s??UX509_STORE_CTX_new.3nu[PK!g[##$EC_POINT_add.3nu[PK!|:HSSL_CTX_set_timeout.3nu[PK!]3+3+cCMS_get0_RecipientInfos.3nu[PK!1'   BN_CTX_new.3nu[PK!W}x 1 1YSSL_CTX_set_security_level.3nu[PK!8AASSL_CTX_sessions.3nu[PK!PPRPR4X509_STORE_CTX_get_error.3nu[PK!BSSL_get_all_async_fds.3nu[PK!'iiaBN_new.3nu[PK!" ""pyX509_NAME_get_index_by_NID.3nu[PK!#GEVP_PKEY_decrypt.3nu[PK!@T D D?ASYNC_start_job.3nu[PK!]-- DSA_size.3nu[PK!'qX509_get_version.3nu[PK!{// ).DH_meth_new.3nu[PK!pB..]RSA_set_method.3nu[PK!vSSSSL_CTX_set_ex_data.3nu[PK!f-PEM_bytes_read_bio.3nu[PK!}D + +EVP_PKEY_new.3nu[PK!K߄ X509_cmp.3nu[PK!X&& HMAC.3nu[PK!tqq1i2d_PKCS7_bio_stream.3nu[PK!?)GPEM_read_bio_ex.3nu[PK!:++ aSCT_new.3nu[PK!% EVP_md5.3nu[PK!.e11ģRAND_DRBG_get0_master.3nu[PK!=<CTLOG_STORE_new.3nu[PK!i^t%SSL_CTX_set_record_padding_callback.3nu[PK!w == aBN_add_word.3nu[PK!_c++SSL_CTX_use_psk_identity_hint.3nu[PK!E+==<OSSL_STORE_LOADER.3nu[PK!g`dllzOPENSSL_LH_stats.3nu[PK! ,uu jEVP_bf_cbc.3nu[PK!a CTLOG_new.3nu[PK!:U##SSL_CTX_set1_sigalgs.3nu[PK!RD7  ERR_load_crypto_strings.3nu[PK!23+ASN1_STRING_new.3nu[PK!Hs;; RSA_print.3nu[PK!̠k*SSL_SESSION_get_time.3nu[PK!q+DCMS_get0_type.3nu[PK!x22`PKCS12_parse.3nu[PK!'00F{BIO_s_connect.3nu[PK!PeN[3[3$SSL_CTX_set_session_ticket_cb.3nu[PK!Q))EVP_PKEY_CTX_set_hkdf_md.3nu[PK!񫅝&&  CMS_sign.3nu[PK!b!cr0SSL_CTX_set_cert_store.3nu[PK!%-۩##NPKCS7_sign_add_signer.3nu[PK!e+ + CrX509_EXTENSION_set_object.3nu[PK!FlPlPDES_random_key.3nu[PK!FeERR_load_strings.3nu[PK!mmSSL_set_connect_state.3nu[PK!9i u BN_zero.3nu[PK!(]]v- SSL_CTX_set_num_tickets.3nu[PK!TǙ H CT_POLICY_EVAL_CTX_new.3nu[PK!wI h BIO_read.3nu[PK! a33 SSL_CTX_set0_CA_list.3nu[PK!Sg EVP_SealInit.3nu[PK!țFFL CMS_get1_ReceiptRequest.3nu[PK!&Z!Z! SSL_CTX_set_cipher_list.3nu[PK!4ZVV~!X509_ALGOR_dup.3nu[PK!ßM5!X509_get_subject_name.3nu[PK!mg,g,_Q!OSSL_STORE_open.3nu[PK!!R5%5% ~!BIO_f_md.3nu[PK!33v!SSL_CIPHER_get_name.3nu[PK!7$$ }!PKCS7_sign.3nu[PK!/z[))$!SSL_CTX_set_ct_validation_callback.3nu[PK!I!!*&"SSL_CTX_set_stateless_cookie_generate_cb.3nu[PK!P< MH"SSL_CTX_set_ssl_version.3nu[PK!ɨG R`"X509_digest.3nu[PK!\S@;;#y"EVP_CIPHER_meth_new.3nu[PK!~-"SSL_SESSION_free.3nu[PK!GAJK&K& `"BIO_ADDR.3nu[PK!Na"CMS_sign_receipt.3nu[PK!a #CMS_get0_SignerInfos.3nu[PK!-#EVP_desx_cbc.3nu[PK!ɋ}Sss@B#BIO_get_data.3nu[PK!Fu9u9[#X509V3_get_d2i.3nu[PK!l0&& #BIO_ctrl.3nu[PK!6 6 #X509_NAME_ENTRY_get_object.3nu[PK!s( #ERR_GET_LIB.3nu[PK!eBV&V& M#SSL_CTX_set_session_cache_mode.3nu[PK!/,}V}V$SSL_CTX_dane_enable.3nu[PK!GO:b"b"r$SSL_get_session.3nu[PK! ;WW X$CMS_decrypt.3nu[PK!hQ*#*# $BN_bn2bin.3nu[PK!- Q$BN_set_bit.3nu[PK!>11$X509_get_extension_flags.3nu[PK!m" Y!%EVP_sha1.3nu[PK!$`O*6%DH_new.3nu[PK!/ CwwJ%SSL_alloc_buffers.3nu[PK!59 PPc%SSL_CTX_set_options.3nu[PK!tys!!%SSL_CTX_set1_curves.3nu[PK! "ŗ%DTLS_get_data_mtu.3nu[PK!Y٠//(s%SSL_CTX_set_tlsext_servername_callback.3nu[PK!}_k&EVP_SignInit.3nu[PK!c,s!s!U:&ASN1_STRING_length.3nu[PK!TFQQ \&X509_get_pubkey.3nu[PK!x&SSL_library_init.3nu[PK! pC&SSL_get_peer_cert_chain.3nu[PK!ʾϮ<<&OPENSSL_Applink.3nu[PK!-q!q!<&RAND_DRBG_new.3nu[PK!Ȩk\(\(&SSL_CTX_set_info_callback.3nu[PK! ='SSL_SESSION_get_compress_id.3nu[PK!zDD'SSL_extension_supported.3nu[PK! W!!a'ASN1_TYPE_get.3nu[PK!Wsol,'DH_set_method.3nu[PK!R ^^'SSL_CTX_set_quiet_shutdown.3nu[PK!ϗ|%%4'X509_LOOKUP_hash_dir.3nu[PK!'RSA_sign_ASN1_OCTET_STRING.3nu[PK!l~776'ERR_print_errors.3nu[PK!g (SSL_want.3nu[PK!& 3(BUF_MEM_new.3nu[PK!#%%L(SSL_CTX_set_tmp_dh_callback.3nu[PK!ī$ s(ERR_remove_state.3nu[PK!ϱ@##(ASN1_STRING_print_ex.3nu[PK!?# q"(SSL_state_string.3nu[PK!O]z   (BN_mod_mul_reciprocal.3nu[PK!|C##r(OCSP_response_status.3nu[PK!ȁqLqL)SSL_CTX_set_verify.3nu[PK!3nM)X509_verify_cert.3nu[PK!xB \e)X509_sign.3nu[PK!&%33 )BIO_s_bio.3nu[PK!gm C)SSL_in_init.3nu[PK!\ l)SCT_print.3nu[PK!BQ`` )EVP_sha224.3nu[PK!=   .*SSL_get_fd.3nu[PK!v\y%%s*OpenSSL_add_all_algorithms.3nu[PK!ϸ2*RSA_generate_key.3nu[PK!$^9R*ASN1_STRING_TABLE_add.3nu[PK!qePk*SSL_get_verify_result.3nu[PK! ##*SSL_get_SSL_CTX.3nu[PK!4&&*CONF_modules_load_file.3nu[PK!/}}F*EVP_idea_cbc.3nu[PK!USF4F4*OSSL_STORE_INFO.3nu[PK!s!!+RAND_DRBG_reseed.3nu[PK!=F(+SSL_CTX_add_session.3nu[PK!B+SMIME_write_PKCS7.3nu[PK!/R\+SSL_SESSION_get_ex_data.3nu[PK!Tr+SSL_export_keying_material.3nu[PK!;ӿ+ERR_get_error.3nu[PK!88+SSL_CTX_set_min_proto_version.3nu[PK!q+SSL_get_peer_signature_nid.3nu[PK! (+X509_STORE_new.3nu[PK!2<"w+BN_mod_inverse.3nu[PK! GZ ,d2i_SSL_SESSION.3nu[PK!jC""7$,SSL_key_update.3nu[PK!p_NNlG,EVP_PKEY_CTX_new.3nu[PK!K_,BIO_f_buffer.3nu[PK!P7,CTLOG_STORE_get0_log_by_id.3nu[PK!kđLL,SSL_get_psk_identity.3nu[PK!ʩ,EC_GFp_simple_method.3nu[PK!OO,SMIME_read_PKCS7.3nu[PK!]i},SSL_load_client_CA_file.3nu[PK!g ,DH_size.3nu[PK!O=-SSL_CONF_CTX_set_ssl_ctx.3nu[PK!8طww)-ECPKParameters_print.3nu[PK!N>-EVP_PKEY_CTX_set1_pbe_pass.3nu[PK!ۛT-BN_security_bits.3nu[PK!m>aak-DH_generate_key.3nu[PK!|"%22-ECDSA_SIG_new.3nu[PK!Z4  ٸ-BIO_parse_hostserv.3nu[PK!++'-EVP_DigestSignInit.3nu[PK!;11"5-SSL_CTX_set_tlsext_ticket_key_cb.3nu[PK!q.''!1.DSA_set_method.3nu[PK!|8<<O.d2i_PKCS8PrivateKey_bio.3nu[PK!о k.EVP_rc5_32_12_16_cbc.3nu[PK!l .DSA_do_sign.3nu[PK!msse.d2i_DHparams.3nu[PK! Mʴ .EVP_mdc2.3nu[PK!wr.OCSP_REQUEST_new.3nu[PK! ".EVP_OpenInit.3nu[PK!! .DSA_new.3nu[PK!1DD /RC4_set_key.3nu[PK!"!!,/SSL_get_client_random.3nu[PK!G?N/CMS_compress.3nu[PK!T((j/SSL_CTX_load_verify_locations.3nu[PK!LNʌ /RSA_public_encrypt.3nu[PK!iy/SCT_validate.3nu[PK!eqY \/SSL_set_bio.3nu[PK!g.uY2ASN1_ITEM_lookup.3nu[PK!+\\ 2RSA_size.3nu[PK!)')' 3RAND_DRBG_set_callbacks.3nu[PK!`<$$33ERR_error_string.3nu[PK!aDM3BIO_find_type.3nu[PK!݅f3EVP_whirlpool.3nu[PK! {3BIO_f_cipher.3nu[PK!;Ժח3SSL_CTX_add_extra_chain_cert.3nu[PK!yh߲3X509_STORE_get0_param.3nu[PK!(b3SSL_rstate_string.3nu[PK!v=ii3i2d_CMS_bio_stream.3nu[PK!3CMS_add1_recipient_cert.3nu[PK! ell4SMIME_write_CMS.3nu[PK!H]DDR-4RSA_check_key.3nu[PK!*hhI4PKCS7_decrypt.3nu[PK!==|a4X509_cmp_time.3nu[PK!E z4EVP_md2.3nu[PK!_jH4DH_new_by_nid.3nu[PK!ThP4SSL_CONF_CTX_set_flags.3nu[PK!T{L 54DSA_sign.3nu[PK!Ωu$u$B4SSL_CTX_set_client_cert_cb.3nu[PK!쑰4X509_check_private_key.3nu[PK!k##5PEM_write_bio_PKCS7_stream.3nu[PK!Nj[*5SSL_CTX_get0_param.3nu[PK!7JJjB5EVP_blake2b512.3nu[PK!}ZmmX5EVP_PKEY_print_private.3nu[PK!e}XX q5BIO_s_fd.3nu[PK!> x$;5EVP_PKEY_CTX_set_rsa_pss_keygen_md.3nu[PK!h a5SSL_CTX_flush_sessions.3nu[PK!\5DTLS_set_timer_cb.3nu[PK!ZZ5SSL_set_shutdown.3nu[PK!mF5DSA_generate_key.3nu[PK!LL 6BN_swap.3nu[PK!<6SSL_CTX_sess_set_cache_size.3nu[PK!$/[** K26SSL_read.3nu[PK!ku6]6SSL_SESSION_is_resumable.3nu[PK!xmr6EVP_PKEY_verify.3nu[PK!y::Z6SMIME_read_CMS.3nu[PK!Q##Ԩ6SSL_get_rbio.3nu[PK!ug/]56X509_check_ca.3nu[PK! 6ASN1_OBJECT_new.3nu[PK!` 6RSA_new.3nu[PK!2s(s( 6CMS_verify.3nu[PK!VEIx&7SSL_SESSION_get0_peer.3nu[PK!^uOO :7RSA_sign.3nu[PK!+S7EVP_PKEY_sign.3nu[PK!H[iir7EVP_PKEY_derive.3nu[PK!2j=  7SSL_SESSION_set1_id.3nu[PK!]Atm 7SSL_get_extms_support.3nu[PK!P3""7SSL_CTX_set_tlsext_use_srtp.3nu[PK!|-BI7SSL_get_shared_sigalgs.3nu[PK!CKK7SSL_CONF_CTX_new.3nu[PK!.. 8BIO_push.3nu[PK!W66.8SSL_SESSION_get0_id_context.3nu[PK!OuE8RAND_load_file.3nu[PK!v`8SSL_check_chain.3nu[PK!쩟33~8PEM_write_bio_CMS_stream.3nu[PK!F=$8X509_check_purpose.3nu[PK!bCmm[8SSL_CONF_cmd.3nu[PK!_99SSL_SESSION_has_ticket.3nu[PK!7O Q9SSL_connect.3nu[PK! ̦Fp9SSL_SESSION_print.3nu[PK!" 9CMS_encrypt.3nu[PK!nddde9EVP_BytesToKey.3nu[PK!@J 9PKCS5_PBKDF2_HMAC.3nu[PK!&'==9SSL_get_peer_certificate.3nu[PK!kdL Y9BIO_f_null.3nu[PK!7dwws :SSL_CTX_use_serverinfo.3nu[PK![[;00 2(:EVP_md4.3nu[PK!ˋQQ<:SSL_get0_peer_scts.3nu[PK!"\ 880R:SSL_set_verify_result.3nu[PK!*4 g:SSL_free.3nu[PK!ۚ-SS!~:EVP_PKEY_get_default_digest_nid.3nu[PK!;:OPENSSL_load_builtin_modules.3nu[PK!we++:DTLSv1_listen.3nu[PK!/Gss:CMS_verify_receipt.3nu[PK!tz@@`:SSL_CTX_free.3nu[PK!Ϧ;SSL_CTX_has_client_custom_ext.3nu[PK!V_3;X509_get_serialNumber.3nu[PK! # *3;SSL_clear.3nu[PK!h1G N;X509_NAME_get0_der.3nu[PK!( KKrb;SSL_SESSION_get0_cipher.3nu[PK! z;RAND_set_rand_method.3nu[PK!gKT;X509_check_issued.3nu[PK!9j"`;EVP_PKEY_CTX_set_tls1_prf_md.3nu[PK!&&& ;SSL_write.3nu[PK!x^;RSA_blinding_on.3nu[PK!URW<OPENSSL_init_ssl.3nu[PK!J(( !<SSL_new.3nu[PK!6 33 J<SSL_accept.3nu[PK!aPKCS12_newpass.3nu[PK!L  ~2>RAND_cleanup.3nu[PK!yIIF>CMS_uncompress.3nu[PK!gΨll ]^>CMS_final.3nu[PK!.1t>SSL_CONF_cmd_argv.3nu[PK! m&$$  >ld_errno.3nu[PK!շY i>ber_bvfree.3nu[PK!4+>ldap_modify_s.3nu[PK!1ܽ 3>ldap_control_create.3nu[PK!005>ldap_memfree.3nu[PK!00>ldap_memcalloc.3nu[PK!qq>ldap_explode_dn.3nu[PK!շY ?ber_bvecadd.3nu[PK!}q ?ldap_add.3nu[PK!qq\(?ldap_dn2dcedn.3nu[PK!00 C?ldap_memrealloc.3nu[PK!5^#v1v1}I?ber_get_stringa.3nu[PK!n4{?ldap_init_fd.3nu[PK!5^#v1v1I?ber_get_next.3nu[PK!VH- - ?ldap_abandon_ext.3nu[PK!..l?ldap_unbind_s.3nu[PK!'t!?ldap_start_tls.3nu[PK!qq @ldap_str2dn.3nu[PK!gd"#"#6@ldap_str2objectclass.3nu[PK!5^#v1v1B@ber_peek_tag.3nu[PK!5^#v1v1Rt@ber_get_boolean.3nu[PK!  @ldap_get_values.3nu[PK!A   2@ldap_modrdn2_s.3nu[PK!]Ib @ldap_delete_ext_s.3nu[PK!n@ldap_initialize.3nu[PK!@ldap_parse_sasl_bind_result.3nu[PK!CB @ldap_compare_ext.3nu[PK!S/6 6  @ldap_next_attribute.3nu[PK! ݴ  Aldap_free_urldesc.3nu[PK!MK$K$  Aber_put_int.3nu[PK! ȵi2Aldap_sort_entries.3nu[PK!aj j 7Aldap_count_entries.3nu[PK!%&}.. BAAldap_dup.3nu[PK!T OAlber-memory.3nu[PK!1ܽ VAldap_controls_dup.3nu[PK!..bAldap_unbind_ext_s.3nu[PK!..DAldap_simple_bind_s.3nu[PK! ݴ  Aldap_url_parse.3nu[PK!^E/ / Aldap_parse_reference.3nu[PK!շY TAber_dupbv.3nu[PK!MK$K$Aber_put_enum.3nu[PK! ȵBldap_sort_values.3nu[PK!qq Bldap_dnfree.3nu[PK!aj j v4Bldap_next_entry.3nu[PK!gd"#"#!>Bldap_syntax2str.3nu[PK! aBldap_count_values_len.3nu[PK!A   lBldap_modrdn.3nu[PK!gd"#"#vBldap_syntax2name.3nu[PK!MK$K$dBber_put_string.3nu[PK!շYBber_bvarray_add.3nu[PK!'t! Bldap_tls.3nu[PK!M7R#R#Bldap.3nu[PK!OPh Cldap_rename_s.3nu[PK!gd"#"# Cldap_objectclass2str.3nu[PK!gd"#"#G0Cldap_attributetype2name.3nu[PK!..SCldap_unbind_ext.3nu[PK! Cldap_count_values.3nu[PK!MK$K$ Cber_flush.3nu[PK!00 Cldap_memory.3nu[PK!aj j Cldap_first_entry.3nu[PK!Js* * Cldap_parse_vlv_control.3nu[PK!CB -Cldap_compare_s.3nu[PK!c%uuPCldap_search_st.3nu[PK!}q Cldap_add_ext_s.3nu[PK!YXNldap_tls_inplace.3nu[PK!00ENldap_memvfree.3nu[PK!gd"#"#;LNldap_syntax_free.3nu[PK!A   oNldap_modrdn2.3nu[PK!MK$K$ xNber_alloc_t.3nu[PK!.. uNldap_bind.3nu[PK!Nldap_parse_result.3nu[PK!5^#v1v1Nber_first_element.3nu[PK!MK$K$ nOlber-encode.3nu[PK!qq2Oldap_explode_rdn.3nu[PK!1ܽ MOldap_control_find.3nu[PK!5^#v1v1YOber_skip_tag.3nu[PK!շY ]Olber-types.3nu[PK! m&$$Oldap_errlist.3nu[PKVO