.PHONY: doc-nits
doc-nits: build_generated
- (cd $(SRCDIR); $(PERL) util/find-doc-nits -n -e )
+ (cd $(SRCDIR); $(PERL) util/find-doc-nits -n -l -e )
# Test coverage is a good idea for the future
#coverage: $(PROGRAMS) $(TESTPROGRAMS)
=head1 SEE ALSO
-L<OSSL_CMP_CTX_new(3)>, L<ossl_cmp_certreq_new(3)>
+L<OSSL_CMP_CTX_new(3)>, L<ossl_cmp_certReq_new(3)>
=head1 HISTORY
=item B<-key> I<password>
+=for openssl foreign manual ps(1)
+
The password used to encrypt the private key. Since on some
systems the command line arguments are visible (e.g. Unix with
the L<ps(1)> utility) this option should be used with caution.
x509
- OpenSSL application commands
-=for comment foreign manuals: apropos(1)
+=for openssl foreign manual apropos(1)
=head1 SYNOPSIS
=head1 HISTORY
+=for openssl foreign manual apropos(1)
+
Initially, the manual page entry for the C<openssl I<cmd>> command used
to be available at I<cmd>(1). Later, the alias B<openssl-I<cmd>>(1) was
introduced, which made it easier to group the openssl commands using
=item B<-r>
+=for openssl foreign manual sha1sum(1)
+
Output the digest in the "coreutils" format, including newlines.
Used by programs like L<sha1sum(1)>.
=back
-=head1 WARNINGS
-
-This command combines the functionality of the L<openssl-dh(1)> and the
-L<openssl-gendh(1)> commands in previous OpenSSL versions.
-The L<openssl-dh(1)> and L<openssl-gendh(1)> commands are retained for now but
-may have different purposes in future versions of OpenSSL.
-
=head1 NOTES
+This command replaces the B<dh> and B<gendh> commands of previous
+releases.
+
OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42
DH.
-This program manipulates DH parameters not keys.
+This command manipulates DH parameters not keys.
=head1 BUGS
=head1 BUGS
-=for openssl foreign manuals: procmail(1), perl(1)
+=for openssl foreign manual procmail(1) perl(1)
=over 2
=head1 SEE ALSO
L<openssl(1)>,
-L<openssl-tsget(1)>,
+L<tsget(1)>,
L<openssl-req(1)>,
L<openssl-x509(1)>,
L<openssl-ca(1)>,
=head1 SEE ALSO
-=for openssl foreign manuals: WWW::Curl::Easy
+=for openssl foreign manual WWW::Curl::Easy
L<openssl(1)>,
L<openssl-ts(1)>,
See L<OSSL_PROVIDER(3)> for more information on providers.
See L<OSSL_PARAM(3)> for more information on parameters.
These functions must only be called after the EVP_PKEY_CTX has been initialised
-for use in an operation (for example by L<EVP_PKEY_sign_init_ex(3)>,
-L<EVP_PKEY_derive_init_ex(3)> or other similar functions).
+for use in an operation.
The parameters currently supported by the default provider are:
respectively.
See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.
These functions must only be called after the EVP_PKEY_CTX has been initialised
-for use in an operation (for example by L<EVP_PKEY_sign_init_ex(3)>,
-L<EVP_PKEY_derive_init_ex(3)> or other similar functions).
+for use in an operation.
The function EVP_PKEY_CTX_ctrl() sends a control operation to the context
B<ctx>. The key type used must match B<keytype> if it is not -1. The parameter
These functions are used to set up the necessary data to use the
scrypt KDF.
-For more information on scrypt, see L<EVP_KDF_SCRYPT(7)>.
+For more information on scrypt, see L<EVP_KDF-SCRYPT(7)>.
EVP_PKEY_CTX_set1_scrypt_salt() sets the B<saltlen> bytes long salt
value.
=head1 NOTES
-After the call to EVP_PKEY_derive_init() or EVP_PKEY_derive_init_ex() algorithm
+After the call to EVP_PKEY_derive_init(), algorithm
specific control operations can be performed to set any appropriate parameters
for the operation.
=head1 RETURN VALUES
-EVP_PKEY_derive_init_ex(), EVP_PKEY_derive_init() and EVP_PKEY_derive() return 1
+EVP_PKEY_derive_init() and EVP_PKEY_derive() return 1
for success and 0 or a negative value for failure.
In particular a return value of -2 indicates the operation is not supported by
the public key algorithm.
=head1 HISTORY
-These functions were added in OpenSSL 1.0.0. The EVP_PKEY_derive_init_ex()
-function was added in OpenSSL 3.0.
+These functions were added in OpenSSL 1.0.0.
=head1 COPYRIGHT
=head1 HISTORY
-EVP_PKEY_sign_init_ex() was added in OpenSSL 3.0.
These functions were added in OpenSSL 1.0.0.
=head1 COPYRIGHT
=head1 HISTORY
-EVP_PKEY_verify_init_ex() was added in OpenSSL 3.0.
-All other functions were added in OpenSSL 1.0.0.
+These functions were added in OpenSSL 1.0.0.
=head1 COPYRIGHT
=pod
-=for openssl foreign manuals: atexit(3)
+=for openssl foreign manual atexit(3)
=head1 NAME
=head1 SEE ALSO
L<PKCS12_get_friendlyname(3)>,
-L<PKCS12_get_localkeyid(3)>,
L<PKCS12_add_friendlyname_asc(3)>
=head1 COPYRIGHT
=head1 SEE ALSO
-L<ERR_get_error(3)>, L<CMS_type(3)>,
+L<ERR_get_error(3)>,
L<SMIME_read_CMS(3)>, L<CMS_sign(3)>,
L<CMS_verify(3)>, L<CMS_encrypt(3)>,
L<CMS_decrypt(3)>
B<X509_LOOKUP_store> is a method that allows access to any store of
certificates and CRLs through any loader supported by
-L<OSSL_STORE(3)>.
+L<ossl_store(7)>.
It works with the help of URIs, which can be direct references to
certificates or CRLs, but can also be references to catalogues of such
objects (that behave like directories).
This method overlaps the L</File Method> and L</Hashed Directory Method>
because of the 'file:' scheme loader.
-It does no caching of its own, but can use a caching L<OSSL_STORE(3)>
+It does no caching of its own, but can use a caching L<ossl_store(7)>
loader, and therefore depends on the loader's capability.
=head1 RETURN VALUES
L<X509_store_add_lookup(3)>,
L<SSL_CTX_load_verify_locations(3)>,
L<X509_LOOKUP_meth_new(3)>,
-L<OSSL_STORE(3)>
+L<ossl_store(7)>
=head1 HISTORY
=head1 SEE ALSO
L<EVP_KDF(3)>,
-L<EVP_KDF_CTX_new_id(3)>,
L<EVP_KDF_CTX_free(3)>,
L<EVP_KDF_ctrl(3)>,
L<EVP_KDF_size(3)>,
One of the requirements for the FIPS module is self testing. An optional callback
mechanism is available to return information to the user using
-L<OSSL_SELF_TEST_set_callback(7)>.
+L<OSSL_SELF_TEST_set_callback(3)>.
The OPENSSL FIPS module uses the following mechanism to provide information
about the self tests as they run.
L<openssl-fipsinstall(1)>,
L<fips_config(5)>,
-L<OSSL_SELF_TEST_set_callback(7)>,
+L<OSSL_SELF_TEST_set_callback(3)>,
L<OSSL_PARAM(3)>,
L<openssl-core.h(7)>
=item B<OPENSSL_MALLOC_FD>, B<OPENSSL_MALLOC_FAILURES>
If built with debugging, this allows memory allocation to fail.
-See L<OPENSSSL_malloc(3)>.
+See L<OPENSSL_malloc(3)>.
=item B<OPENSSL_MODULES>
The asymmetric cipher (OSSL_OP_ASYM_CIPHER) operation enables providers to
implement asymmetric cipher algorithms and make them available to applications
-via the API functions L<EVP_PKEY_encrypt_init_ex(3)>, L<EVP_PKEY_encrypt(3)>,
-L<EVP_PKEY_decrypt_init_ex(3)>, L<EVP_PKEY_decrypt(3)> (as well
-as other related functions).
+via the API functions L<EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)> and
+other related functions).
All "functions" mentioned here are passed as function pointers between
F<libcrypto> and the provider in B<OSSL_DISPATCH> arrays via
A pointer to this context will be passed back in a number of the other
asymmetric cipher operation function calls.
The parameter I<provctx> is the provider context generated during provider
-initialisation (see L<provider(3)>).
+initialisation (see L<provider(7)>).
OP_asym_cipher_freectx() is passed a pointer to the provider side asymmetric
cipher context in the I<ctx> parameter.
for further information.
The key exchange (OSSL_OP_KEYEXCH) operation enables providers to implement key
-exchange algorithms and make them available to applications via the API
-functions L<EVP_PKEY_derive_init_ex(3)>, and L<EVP_PKEY_derive(3)> (as well as
+exchange algorithms and make them available to applications via
+L<EVP_PKEY_derive(3)> and
other related functions).
All "functions" mentioned here are passed as function pointers between
The signature (OSSL_OP_SIGNATURE) operation enables providers to implement
signature algorithms and make them available to applications via the API
-functions L<EVP_PKEY_sign_init_ex(3)>, L<EVP_PKEY_sign(3)>,
-L<EVP_PKEY_verify_init_ex(3)>, L<EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verify_recover_init_ex(3)> and L<EVP_PKEY_verify_recover(3)> (as well
+functions L<EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)>,
+and L<EVP_PKEY_verify_recover(3)> (as well
as other related functions).
All "functions" mentioned here are passed as function pointers between
L<EVP_CipherInit_ex(3)>, the actual implementation to be used is
fetched implicitly using default search criteria.
-Implicit fetching can also occur with functions such as
-L<EVP_PKEY_derive_init_ex(3)> where a NULL algorithm parameter is
+Implicit fetching can also occur when a NULL algorithm parameter is
supplied.
In this case an algorithm implementation is implicitly fetched using
default search criteria and an algorithm name that is consistent with
=head1 SEE ALSO
L<EVP_DigestInit_ex(3)>, L<EVP_EncryptInit_ex(3)>,
-L<EVP_PKEY_derive_init_ex(3)>,
L<OPENSSL_CTX(3)>,
L<EVP_set_default_properties(3)>,
L<EVP_MD_fetch(3)>,
my @missing;
open FH, $missingfile
- || die "Can't open $missingfile";
+ or die "Can't open $missingfile";
while ( <FH> ) {
chomp;
next if /^#/;
next if $f eq 'include/openssl/asn1.h';
next if $f eq 'include/openssl/asn1t.h';
next if $f eq 'include/openssl/err.h';
- open(IN, $f) || die "Can't open $f, $!";
+ open(IN, $f)
+ or die "Can't open $f, $!";
while ( <IN> ) {
next unless /^#\s*define\s*(\S+)\(/;
my $macro = "$1(3)"; # We know they're all in section 3
my $count = 0;
my %seen;
- my @missing = loadmissing($missingfile) if ( $opt_v );
+ my @missing = loadmissing($missingfile) if $opt_v;
foreach my $func ( parsenum($numfile) ) {
$func .= '(3)'; # We know they're all in section 3
err($id, "$simplename not in NAME section");
push @{$podinfo{names}}, $simplename;
}
- foreach my $name (@{$podinfo{names}}) {
+ foreach my $name ( @{$podinfo{names}} ) {
next if $name eq "";
err($id, "'$name' contains white space")
if $name =~ /\s/;
}
}
- my @foreign_names =
- map { map { s/\s+//g; $_ } split(/,/, $_) }
- $podinfo{contents} =~ /=for\s+openssl\s+foreign\s+manuals:\s*(.*)\n\n/;
- foreach ( @foreign_names ) {
- $name_map{$_} = undef; # It still exists!
+ if ( $podinfo{contents} =~ /=for openssl foreign manual (.*)\n/ ) {
+ foreach my $f ( split / /, $1 ) {
+ $name_map{$f} = undef; # It still exists!
+ }
}
my @links =
# Look for L<> ("link") references that point to files that do not exist.
sub checklinks {
- foreach my $filename (sort keys %link_map) {
- foreach my $link (@{$link_map{$filename}}) {
+ foreach my $filename ( sort keys %link_map ) {
+ foreach my $link ( @{$link_map{$filename}} ) {
err("${filename}:1:", "reference to non-existing $link")
unless exists $name_map{$link};
}
# Get the list of options in the command.
open CFH, "./apps/openssl list --options $cmd|"
- || die "Can list options for $cmd, $!";
+ or die "Can list options for $cmd, $!";
while ( <CFH> ) {
chop;
s/ .$//;
# Get the list of flags from the synopsis
open CFH, "<$doc"
- || die "Can't open $doc, $!";
+ or die "Can't open $doc, $!";
while ( <CFH> ) {
chop;
last if /DESCRIPTION/;
# Get list of commands.
open FH, "./apps/openssl list -1 -commands|"
- || die "Can't list commands, $!";
+ or die "Can't list commands, $!";
while ( <FH> ) {
chop;
push @commands, $_;
# See what help is missing.
open FH, "./apps/openssl list --missing-help |"
- || die "Can't list missing help, $!";
+ or die "Can't list missing help, $!";
while ( <FH> ) {
chop;
my ($cmd, $flag) = split;
}
if ( $opt_l ) {
+ foreach my $func ( loadmissing("util/missingcrypto.txt") ) {
+ $name_map{$func} = undef;
+ }
checklinks();
}
# If not given args, check that all man1 commands are named properly.
if ( scalar @ARGV == 0 ) {
- foreach (glob('doc/man1/*.pod')) {
+ foreach ( glob('doc/man1/*.pod') ) {
next if /CA.pl/ || /openssl\.pod/ || /tsget\.pod/;
err("$_ doesn't start with openssl-") unless /openssl-/;
}
EVP_PKEY_meth_set_digest_custom 4532 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_get_digest_custom 4533 3_0_0 EXIST::FUNCTION:
EVP_MAC_CTX_new ? 3_0_0 EXIST::FUNCTION:
-EVP_MAC_CTX_new_id ? 3_0_0 NOEXIST::FUNCTION:
EVP_MAC_CTX_free ? 3_0_0 EXIST::FUNCTION:
EVP_MAC_CTX_dup ? 3_0_0 EXIST::FUNCTION:
EVP_MAC_CTX_mac ? 3_0_0 EXIST::FUNCTION:
BN_rand_range_ex ? 3_0_0 EXIST::FUNCTION:
BN_priv_rand_range_ex ? 3_0_0 EXIST::FUNCTION:
BN_generate_prime_ex2 ? 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_derive_init_ex ? 3_0_0 NOEXIST::FUNCTION:
EVP_KEYEXCH_free ? 3_0_0 EXIST::FUNCTION:
EVP_KEYEXCH_up_ref ? 3_0_0 EXIST::FUNCTION:
EVP_KEYEXCH_fetch ? 3_0_0 EXIST::FUNCTION:
EVP_KEYMGMT_free ? 3_0_0 EXIST::FUNCTION:
EVP_KEYMGMT_provider ? 3_0_0 EXIST::FUNCTION:
X509_PUBKEY_dup ? 3_0_0 EXIST::FUNCTION:
-ERR_put_func_error ? 3_0_0 NOEXIST::FUNCTION:
EVP_MD_name ? 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_name ? 3_0_0 EXIST::FUNCTION:
EVP_MD_provider ? 3_0_0 EXIST::FUNCTION:
EVP_MAC_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION:
EVP_MAC_free ? 3_0_0 EXIST::FUNCTION:
EVP_MAC_up_ref ? 3_0_0 EXIST::FUNCTION:
-EVP_MAC_name ? 3_0_0 NOEXIST::FUNCTION:
EVP_MAC_get_params ? 3_0_0 EXIST::FUNCTION:
EVP_MAC_gettable_params ? 3_0_0 EXIST::FUNCTION:
EVP_MAC_provider ? 3_0_0 EXIST::FUNCTION:
EVP_KDF_free ? 3_0_0 EXIST::FUNCTION:
EVP_KDF_fetch ? 3_0_0 EXIST::FUNCTION:
EVP_KDF_CTX_dup ? 3_0_0 EXIST::FUNCTION:
-EVP_KDF_name ? 3_0_0 NOEXIST::FUNCTION:
EVP_KDF_provider ? 3_0_0 EXIST::FUNCTION:
EVP_KDF_get_params ? 3_0_0 EXIST::FUNCTION:
EVP_KDF_CTX_get_params ? 3_0_0 EXIST::FUNCTION:
EVP_SIGNATURE_up_ref ? 3_0_0 EXIST::FUNCTION:
EVP_SIGNATURE_provider ? 3_0_0 EXIST::FUNCTION:
EVP_SIGNATURE_fetch ? 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_sign_init_ex ? 3_0_0 NOEXIST::FUNCTION:
EVP_PKEY_CTX_set_signature_md ? 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_verify_init_ex ? 3_0_0 NOEXIST::FUNCTION:
-EVP_PKEY_verify_recover_init_ex ? 3_0_0 NOEXIST::FUNCTION:
EVP_PKEY_CTX_get_signature_md ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get_params ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_gettable_params ? 3_0_0 EXIST::FUNCTION:
-# Missing functions in libcrypto, as of Tue Oct 1 16:13:38 EDT 2019
ACCESS_DESCRIPTION_it(3)
ADMISSIONS_it(3)
ADMISSION_SYNTAX_it(3)
ASIdOrRange_it(3)
ASIdentifierChoice_it(3)
ASIdentifiers_it(3)
+ASN1_item_sign(3)
+ASN1_item_verify(3)
ASRange_it(3)
AUTHORITY_INFO_ACCESS_it(3)
AUTHORITY_KEYID_it(3)
ERR_load_KDF_strings(3)
ERR_load_OBJ_strings(3)
ERR_load_OCSP_strings(3)
+ERR_load_OSSL_SERIALIZER_strings(3)
ERR_load_OSSL_STORE_strings(3)
ERR_load_PEM_strings(3)
ERR_load_PKCS12_strings(3)
ERR_load_PKCS7_strings(3)
ERR_load_RAND_strings(3)
ERR_load_RSA_strings(3)
-ERR_load_OSSL_SERIALIZER_strings(3)
ERR_load_TS_strings(3)
ERR_load_UI_strings(3)
ERR_load_X509V3_strings(3)
EVP_CIPHER_get_asn1_iv(3)
EVP_CIPHER_impl_ctx_size(3)
EVP_CIPHER_set_asn1_iv(3)
+EVP_KDF_ctrl(3)
EVP_MD_do_all(3)
EVP_MD_do_all_sorted(3)
EVP_PBE_CipherInit(3)
OPENSSL_uni2asc(3)
OPENSSL_uni2utf8(3)
OPENSSL_utf82uni(3)
+OSSL_CMP_MSG_http_perform(3)
+OSSL_CMP_exec_GENM_ses(3)
+OSSL_CMP_exec_IR_ses(3)
+OSSL_CMP_exec_KUR_ses(3)
OSSL_STORE_do_all_loaders(3)
OSSL_STORE_vctrl(3)
OTHERNAME_cmp(3)
SRP_Calc_x(3)
SRP_Verify_A_mod_N(3)
SRP_Verify_B_mod_N(3)
+SSL_CTX_set0_ctlog_store(3)
SXNETID_it(3)
SXNET_add_id_INTEGER(3)
SXNET_add_id_asc(3)
TS_VERIFY_CTX_free(3)
TS_VERIFY_CTX_init(3)
TS_VERIFY_CTX_new(3)
+TS_VERIFY_CTX_set_certs(3)
TS_VERIFY_CTX_set_data(3)
TS_VERIFY_CTX_set_flags(3)
TS_VERIFY_CTX_set_imprint(3)
X509_VERIFY_PARAM_move_peername(3)
X509_VERIFY_PARAM_new(3)
X509_VERIFY_PARAM_set1(3)
+X509_VERIFY_PARAM_set1_ipasc(3)
X509_VERIFY_PARAM_set1_name(3)
X509_VERIFY_PARAM_table_cleanup(3)
X509_add1_reject_object(3)
X509_reject_clear(3)
X509_signature_dump(3)
X509_signature_print(3)
+X509_store_add_lookup(3)
X509_subject_name_hash(3)
X509_subject_name_hash_old(3)
X509_supported_extension(3)
i2v_GENERAL_NAME(3)
i2v_GENERAL_NAMES(3)
o2i_ECPublicKey(3)
+openssl-core_numbers.h(7)
+ossl_cmp_certReq_new(3)
+provider-kdf(7)
s2i_ASN1_IA5STRING(3)
s2i_ASN1_INTEGER(3)
s2i_ASN1_OCTET_STRING(3)
ERR_raise_data define
EVP_DigestSignUpdate define
EVP_DigestVerifyUpdate define
-EVP_KDF_name define
-EVP_MAC_name define
EVP_MD_CTX_block_size define
EVP_MD_CTX_name define
EVP_MD_CTX_size define
projects / oweals / openssl.git / commitdiff