Passes options to MAC algorithm, specified by B<-mac> key.
Following options are supported by both by B<HMAC> and B<gost-mac>:
-=over 8
+=over 4
=item B<key:string>
=head2 Standard Commands
-=over 10
+=over 4
=item L<B<asn1parse>|asn1parse(1)>
=head2 Message Digest Commands
-=over 10
+=over 4
=item B<md2>
=head2 Encoding and Cipher Commands
-=over 10
+=over 4
=item B<base64>
=head2 Common Options
-=over 10
+=over 4
=item B<-help>
prompted to enter one: this will typically be read from the current
terminal with echoing turned off.
-=over 10
+=over 4
=item B<pass:password>
=head1 ENVIRONMENT
-=over
+=over 4
=item B<OPENSSL>
the configuration information. The general format of the string
is:
-=over 2
+=over 4
=item B<[modifier,]type[:value]>
The supported types are listed below. Unless otherwise specified
only the B<ASCII> format is permissible.
-=over 2
+=over 4
=item B<BOOLEAN>, B<BOOL>
the string format of the final type and value. The supported
formats are documented below.
-=over 2
+=over 4
=item B<EXPLICIT>, B<EXP>
is the type of the old format callback function. The meaning of each argument
is described below:
-=over
+=over 4
=item B<b>
determine this, an SCT's timestamp and signature must be verified.
This requires:
-=over
+=over 4
=item * the public key of the log that issued the SCT
CT_POLICY_EVAL_CTX_new() creates an empty policy evaluation context. This
should then be populated using:
-=over
+=over 4
=item * CT_POLICY_EVAL_CTX_set1_cert() to provide the certificate the SCTs were issued for
several flags can be or'd together.
The available flags are:
-=over
+=over 4
=item EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE,
EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE,
range of processors. For the moment of this writing following bits are
significant:
-=over
+=over 4
=item bit #4 denoting presence of Time-Stamp Counter.
The capability vector is further extended with EBX value returned by
CPUID with EAX=7 and ECX=0 as input. Following bits are significant:
-=over
+=over 4
=item bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;
The first option is to create a blank SCT, using SCT_new(), and then populate
it using:
-=over
+=over 4
=item * SCT_set_version() to set the SCT version.
Alternatively, the SCT can be pre-populated from the following data using
SCT_new_from_base64():
-=over
+=over 4
=item * The SCT version (only SCT_VERSION_V1 is currently supported).
A CT_POLICY_EVAL_CTX must be provided that specifies:
-=over
+=over 4
=item * The certificate the SCT was issued for.
SSL_version() and SSL_client_version() return an integer which could include any of
the following:
-=over 5
+=over 4
=item SSL3_VERSION
The following points about the data types might be useful:
-=over
+=over 4
=item B<ASN1_OBJECT>
Normally, this is found as the function I<algorithm>_ecb_encrypt().
-=over 2
+=over 4
=item *
Be aware that des_cbc_encrypt() is not really DES CBC (it does
not update the IV); use des_ncbc_encrypt() instead.
-=over 2
+=over 4
=item *
Normally, this is found as the function I<algorithm>_cfb_encrypt().
-=over 2
+=over 4
=item *
Normally, this is found as the function I<algorithm>_ofb_encrypt().
-=over 2
+=over 4
=item *
Normally, this is found as the function I<algorithm>_ecb3_encrypt().
-=over 2
+=over 4
=item *
Normally, this is found as the function I<algorithm>_ede3_cbc_encrypt().
-=over 2
-
+=over 4
=item *
The EVP_PKEY functions support the full range of asymmetric algorithm operations:
-=over
+=over 4
=item For key agreement see L<EVP_PKEY_derive(3)>
if $contents =~ /=head1 NAME.*[<>].*=head1 SYNOPSIS/ms;
print "$id Duplicate $1 in L<>\n"
if $contents =~ /L<([^>]*)\|([^>]*)>/ && $1 eq $2;
+ print "$id Bad =over $1\n"
+ if $contents =~ /=over([^ ][^4])/;
# Look for multiple consecutive openssl #include lines.
# Consecutive because of files like md5.pod. Sometimes it's okay
projects / oweals / openssl.git / commitdiff