aboutsummaryrefslogtreecommitdiffstats
path: root/doc/man3
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2020-04-21 19:07:46 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2020-04-21 19:07:46 +0000
commit65aa3028e51cba07879f3dc4608949c5c6b9fcc0 (patch)
tree310ff0dc688f5f84a478a310752abb888ac68e4e /doc/man3
parentb6cfecdc04a5a5e42ae4f2b025d8246cc16f3342 (diff)
downloadsrc-65aa3028e51cba07879f3dc4608949c5c6b9fcc0.tar.gz
src-65aa3028e51cba07879f3dc4608949c5c6b9fcc0.zip
Import OpenSSL 1.1.1g.vendor/openssl/1.1.1g
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=360173 svn path=/vendor-crypto/openssl/1.1.1g/; revision=360174; tag=vendor/openssl/1.1.1g
Diffstat (limited to 'doc/man3')
-rw-r--r--doc/man3/EVP_aes.pod9
-rw-r--r--doc/man3/RAND_set_rand_method.pod6
-rw-r--r--doc/man3/X509_check_purpose.pod74
3 files changed, 85 insertions, 4 deletions
diff --git a/doc/man3/EVP_aes.pod b/doc/man3/EVP_aes.pod
index 4192a9ec369f..6377fc9a21b0 100644
--- a/doc/man3/EVP_aes.pod
+++ b/doc/man3/EVP_aes.pod
@@ -160,6 +160,13 @@ In particular, XTS-AES-128 (B<EVP_aes_128_xts>) takes input of a 256-bit key to
achieve AES 128-bit security, and XTS-AES-256 (B<EVP_aes_256_xts>) takes input
of a 512-bit key to achieve AES 256-bit security.
+The XTS implementation in OpenSSL does not support streaming. That is there must
+only be one L<EVP_EncryptUpdate(3)> call per L<EVP_EncryptInit_ex(3)> call (and
+similarly with the "Decrypt" functions).
+
+The I<iv> parameter to L<EVP_EncryptInit_ex(3)> or L<EVP_DecryptInit_ex(3)> is
+the XTS "tweak" value.
+
=back
=head1 RETURN VALUES
@@ -176,7 +183,7 @@ L<EVP_CIPHER_meth_new(3)>
=head1 COPYRIGHT
-Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/RAND_set_rand_method.pod b/doc/man3/RAND_set_rand_method.pod
index b120e712e6f3..1e9360d220dc 100644
--- a/doc/man3/RAND_set_rand_method.pod
+++ b/doc/man3/RAND_set_rand_method.pod
@@ -33,10 +33,10 @@ RAND_get_rand_method() returns a pointer to the current B<RAND_METHOD>.
=head1 THE RAND_METHOD STRUCTURE
typedef struct rand_meth_st {
- void (*seed)(const void *buf, int num);
+ int (*seed)(const void *buf, int num);
int (*bytes)(unsigned char *buf, int num);
void (*cleanup)(void);
- void (*add)(const void *buf, int num, int randomness);
+ int (*add)(const void *buf, int num, double entropy);
int (*pseudorand)(unsigned char *buf, int num);
int (*status)(void);
} RAND_METHOD;
@@ -60,7 +60,7 @@ L<RAND(7)>
=head1 COPYRIGHT
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/X509_check_purpose.pod b/doc/man3/X509_check_purpose.pod
new file mode 100644
index 000000000000..bc38138743cd
--- /dev/null
+++ b/doc/man3/X509_check_purpose.pod
@@ -0,0 +1,74 @@
+=pod
+
+=head1 NAME
+
+X509_check_purpose - Check the purpose of a certificate
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509v3.h>
+
+ int X509_check_purpose(X509 *x, int id, int ca)
+
+=head1 DESCRIPTION
+
+This function checks if certificate I<x> was created with the purpose
+represented by I<id>. If I<ca> is nonzero, then certificate I<x> is
+checked to determine if it's a possible CA with various levels of certainty
+possibly returned.
+
+Below are the potential ID's that can be checked:
+
+ # define X509_PURPOSE_SSL_CLIENT 1
+ # define X509_PURPOSE_SSL_SERVER 2
+ # define X509_PURPOSE_NS_SSL_SERVER 3
+ # define X509_PURPOSE_SMIME_SIGN 4
+ # define X509_PURPOSE_SMIME_ENCRYPT 5
+ # define X509_PURPOSE_CRL_SIGN 6
+ # define X509_PURPOSE_ANY 7
+ # define X509_PURPOSE_OCSP_HELPER 8
+ # define X509_PURPOSE_TIMESTAMP_SIGN 9
+
+=head1 RETURN VALUES
+
+For non-CA checks
+
+=over 4
+
+=item -1 an error condition has occured
+
+=item E<32>1 if the certificate was created to perform the purpose represented by I<id>
+
+=item E<32>0 if the certificate was not created to perform the purpose represented by I<id>
+
+=back
+
+For CA checks the below integers could be returned with the following meanings:
+
+=over 4
+
+=item -1 an error condition has occured
+
+=item E<32>0 not a CA or does not have the purpose represented by I<id>
+
+=item E<32>1 is a CA.
+
+=item E<32>2 Only possible in old versions of openSSL when basicConstraints are absent.
+ New versions will not return this value. May be a CA
+
+=item E<32>3 basicConstraints absent but self signed V1.
+
+=item E<32>4 basicConstraints absent but keyUsage present and keyCertSign asserted.
+
+=item E<32>5 legacy Netscape specific CA Flags present
+
+=back
+
+=head1 COPYRIGHT
+
+Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+Licensed under the Apache License 2.0 (the "License"). You may not use this
+file except in compliance with the License. You can obtain a copy in the file
+LICENSE in the source distribution or at L<https://www.openssl.org/source/license.html>.
+
+=cut