[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Thu Jun 8 10:59:08 UTC 2017
The branch master has been updated
via 95dd5fb21427d32272e05ce94d0769d55861fc8b (commit)
via d42e7759f5a6be55345dc9410d98b3ccf6330d3f (commit)
via 89a01e692f41cd4f048e706547c61a38342df604 (commit)
via 32c57705c9299db5344f9f2d1bb28edfb5d6a76d (commit)
via e9b77246879071308130cda42336338ddb63cbb4 (commit)
via 61ced34f8d7a7f1dedaa5a5b3554c4dcdec610df (commit)
via 7a67a3ba04c21e7f5befd4bd1c7649b5373953b3 (commit)
via 2947af32a0ec6666efd5b287ac4609ba3a984f0d (commit)
from 52df25cf2e656146cb3b206d8220124f0417d03f (commit)
- Log -----------------------------------------------------------------
commit 95dd5fb21427d32272e05ce94d0769d55861fc8b
Author: Beat Bolli <dev at drbeat.li>
Date: Mon Apr 3 19:52:33 2017 +0200
doc: use /* ... */ comments in code examples
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1956)
commit d42e7759f5a6be55345dc9410d98b3ccf6330d3f
Author: Beat Bolli <dev at drbeat.li>
Date: Thu Mar 30 19:40:04 2017 +0200
doc/man3: fix SSL_SESSSION typos
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1956)
commit 89a01e692f41cd4f048e706547c61a38342df604
Author: Beat Bolli <dev at drbeat.li>
Date: Fri Jan 20 20:04:25 2017 +0100
SSL_CTX_set_verify.pod: move a typedef in front of its first usage
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1956)
commit 32c57705c9299db5344f9f2d1bb28edfb5d6a76d
Author: Beat Bolli <dev at drbeat.li>
Date: Fri Jan 20 20:03:36 2017 +0100
doc/man3: unindent a few unintended code blocks
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1956)
commit e9b77246879071308130cda42336338ddb63cbb4
Author: Beat Bolli <dev at drbeat.li>
Date: Fri Jan 20 19:58:49 2017 +0100
doc/man3: reformat the function prototypes in the synopses
I tried hard to keep the lines at 80 characters or less, but in a few
cases I had to punt and just indented the subsequent lines by 4 spaces.
A few well-placed typedefs for callback functions would really help, but
these would be part of the API, so that's probably for later.
I also took the liberty of inserting empty lines in overlong blocks to
provide some visual space.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1956)
commit 61ced34f8d7a7f1dedaa5a5b3554c4dcdec610df
Author: Beat Bolli <dev at drbeat.li>
Date: Fri Jan 20 00:43:48 2017 +0100
ERR_put_error.pod: fix the name of function ERR_add_error_vdata()
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1956)
commit 7a67a3ba04c21e7f5befd4bd1c7649b5373953b3
Author: Beat Bolli <dev at drbeat.li>
Date: Wed Jan 18 23:49:43 2017 +0100
doc/man3: remove a duplicate BIO_do_accept() call
The SSL server example in BIO_f_ssl.pod contains two copies of the
BIO_do_accept() call. Remove the second one.
Signed-off-by: Beat Bolli <dev at drbeat.li>
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1956)
commit 2947af32a0ec6666efd5b287ac4609ba3a984f0d
Author: Beat Bolli <dev at drbeat.li>
Date: Sat Nov 19 00:10:05 2016 +0100
doc/man3: use the documented coding style in the example code
Adjust brace placement, whitespace after keywords, indentation and empty
lines after variable declarations according to
https://www.openssl.org/policies/codingstyle.html.
Indent literal sections by exactly one space.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1956)
-----------------------------------------------------------------------
Summary of changes:
doc/man3/ASN1_TIME_set.pod | 11 +-
doc/man3/ASYNC_WAIT_CTX_new.pod | 2 +-
doc/man3/ASYNC_start_job.pod | 15 +-
doc/man3/BF_encrypt.pod | 12 +-
doc/man3/BIO_connect.pod | 2 +-
doc/man3/BIO_ctrl.pod | 3 +-
doc/man3/BIO_f_base64.pod | 4 +-
doc/man3/BIO_f_cipher.pod | 2 +-
doc/man3/BIO_f_md.pod | 30 +--
doc/man3/BIO_f_null.pod | 2 +-
doc/man3/BIO_f_ssl.pod | 16 +-
doc/man3/BIO_find_type.pod | 13 +-
doc/man3/BIO_get_ex_new_index.pod | 6 +-
doc/man3/BIO_meth_new.pod | 58 +++---
doc/man3/BIO_new.pod | 12 +-
doc/man3/BIO_s_bio.pod | 4 +-
doc/man3/BIO_s_connect.pod | 2 +-
doc/man3/BIO_s_file.pod | 21 +-
doc/man3/BIO_s_mem.pod | 9 +-
doc/man3/BIO_s_null.pod | 2 +-
doc/man3/BIO_set_callback.pod | 9 +-
doc/man3/BN_BLINDING_new.pod | 18 +-
doc/man3/BN_CTX_new.pod | 3 +-
doc/man3/BN_add.pod | 10 +-
doc/man3/BN_generate_prime.pod | 22 ++-
doc/man3/BN_mod_inverse.pod | 2 +-
doc/man3/BN_mod_mul_montgomery.pod | 6 +-
doc/man3/BN_mod_mul_reciprocal.pod | 4 +-
doc/man3/CMS_add0_cert.pod | 1 -
doc/man3/CMS_add1_recipient_cert.pod | 12 +-
doc/man3/CMS_add1_signer.pod | 5 +-
doc/man3/CMS_decrypt.pod | 3 +-
doc/man3/CMS_encrypt.pod | 3 +-
doc/man3/CMS_get0_RecipientInfos.pod | 17 +-
doc/man3/CMS_get0_SignerInfos.pod | 3 +-
doc/man3/CMS_get1_ReceiptRequest.pod | 10 +-
doc/man3/CMS_sign.pod | 3 +-
doc/man3/CMS_sign_receipt.pod | 4 +-
doc/man3/CMS_verify.pod | 3 +-
doc/man3/CMS_verify_receipt.pod | 4 +-
doc/man3/CONF_modules_load_file.pod | 51 ++---
doc/man3/CRYPTO_THREAD_run_once.pod | 76 ++++----
doc/man3/CRYPTO_get_ex_new_index.pod | 8 +-
doc/man3/CT_POLICY_EVAL_CTX_new.pod | 3 +-
doc/man3/DEFINE_STACK_OF.pod | 3 +-
doc/man3/DES_random_key.pod | 93 +++++----
doc/man3/DH_generate_parameters.pod | 2 +-
doc/man3/DH_meth_new.pod | 33 ++--
doc/man3/DSA_do_sign.pod | 2 +-
doc/man3/DSA_dup_DH.pod | 2 +-
doc/man3/DSA_generate_parameters.pod | 11 +-
doc/man3/DSA_meth_new.pod | 88 +++++----
doc/man3/DSA_sign.pod | 9 +-
doc/man3/ECDSA_SIG_new.pod | 43 ++---
doc/man3/EC_GROUP_copy.pod | 5 +-
doc/man3/EC_GROUP_new.pod | 18 +-
doc/man3/EC_KEY_new.pod | 6 +-
doc/man3/EC_POINT_add.pod | 12 +-
doc/man3/ENGINE_add.pod | 38 ++--
doc/man3/ERR_get_error.pod | 6 +-
doc/man3/ERR_load_strings.pod | 4 +-
doc/man3/ERR_print_errors.pod | 3 +-
doc/man3/ERR_put_error.pod | 7 +-
doc/man3/EVP_CIPHER_meth_new.pod | 32 ++--
doc/man3/EVP_DigestInit.pod | 68 ++++---
doc/man3/EVP_DigestVerifyInit.pod | 2 +-
doc/man3/EVP_EncodeInit.pod | 3 +-
doc/man3/EVP_EncryptInit.pod | 208 ++++++++++----------
doc/man3/EVP_OpenInit.pod | 7 +-
doc/man3/EVP_PKEY_CTX_ctrl.pod | 4 +-
doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod | 12 +-
doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod | 11 +-
doc/man3/EVP_PKEY_decrypt.pod | 20 +-
doc/man3/EVP_PKEY_derive.pod | 12 +-
doc/man3/EVP_PKEY_encrypt.pod | 20 +-
doc/man3/EVP_PKEY_keygen.pod | 46 +++--
doc/man3/EVP_PKEY_print_private.pod | 6 +-
doc/man3/EVP_PKEY_sign.pod | 18 +-
doc/man3/EVP_PKEY_verify.pod | 19 +-
doc/man3/EVP_PKEY_verify_recover.pod | 22 ++-
doc/man3/EVP_SealInit.pod | 5 +-
doc/man3/EVP_VerifyInit.pod | 3 +-
doc/man3/HMAC.pod | 6 +-
doc/man3/MD5.pod | 18 +-
doc/man3/MDC2_Init.pod | 4 +-
doc/man3/OBJ_nid2obj.pod | 13 +-
doc/man3/OCSP_REQUEST_new.pod | 2 +-
doc/man3/OPENSSL_malloc.pod | 3 +-
doc/man3/PEM_read_bio_PrivateKey.pod | 25 ++-
doc/man3/PKCS12_newpass.pod | 65 +++----
doc/man3/PKCS5_PBKDF2_HMAC.pod | 6 +-
doc/man3/PKCS7_encrypt.pod | 3 +-
doc/man3/PKCS7_sign.pod | 4 +-
doc/man3/PKCS7_sign_add_signer.pod | 3 +-
doc/man3/PKCS7_verify.pod | 3 +-
doc/man3/RAND_set_rand_method.pod | 12 +-
doc/man3/RIPEMD160_Init.pod | 5 +-
doc/man3/RSA_generate_key.pod | 2 +-
doc/man3/RSA_meth_new.pod | 133 +++++++------
doc/man3/RSA_new.pod | 2 +-
doc/man3/RSA_padding_add_PKCS1_type_1.pod | 21 +-
doc/man3/RSA_private_encrypt.pod | 8 +-
doc/man3/RSA_public_encrypt.pod | 8 +-
doc/man3/RSA_set_method.pod | 54 +++---
doc/man3/RSA_sign.pod | 4 +-
doc/man3/RSA_sign_ASN1_OCTET_STRING.pod | 8 +-
doc/man3/SCT_new.pod | 18 +-
doc/man3/SCT_validate.pod | 12 +-
doc/man3/SHA256_Init.pod | 10 +-
doc/man3/SSL_CTX_add_session.pod | 8 +-
doc/man3/SSL_CTX_config.pod | 7 +-
doc/man3/SSL_CTX_dane_enable.pod | 264 +++++++++++++-------------
doc/man3/SSL_CTX_flush_sessions.pod | 2 +-
doc/man3/SSL_CTX_load_verify_locations.pod | 2 +-
doc/man3/SSL_CTX_sess_set_get_cb.pod | 24 +--
doc/man3/SSL_CTX_set1_sigalgs.pod | 6 +-
doc/man3/SSL_CTX_set_cert_cb.pod | 3 +-
doc/man3/SSL_CTX_set_cert_verify_callback.pod | 4 +-
doc/man3/SSL_CTX_set_client_CA_list.pod | 2 +-
doc/man3/SSL_CTX_set_client_cert_cb.pod | 7 +-
doc/man3/SSL_CTX_set_default_passwd_cb.pod | 6 +-
doc/man3/SSL_CTX_set_generate_session_id.pod | 41 ++--
doc/man3/SSL_CTX_set_info_callback.pod | 62 +++---
doc/man3/SSL_CTX_set_min_proto_version.pod | 1 +
doc/man3/SSL_CTX_set_msg_callback.pod | 10 +-
doc/man3/SSL_CTX_set_psk_client_callback.pod | 12 +-
doc/man3/SSL_CTX_set_security_level.pod | 23 ++-
doc/man3/SSL_CTX_set_tlsext_status_cb.pod | 6 +-
doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod | 99 +++++-----
doc/man3/SSL_CTX_set_tmp_dh_callback.pod | 35 ++--
doc/man3/SSL_CTX_set_verify.pod | 127 ++++++-------
doc/man3/SSL_CTX_use_psk_identity_hint.pod | 12 +-
doc/man3/SSL_SESSION_get0_cipher.pod | 2 +-
doc/man3/SSL_SESSION_get0_hostname.pod | 2 +-
doc/man3/SSL_get_client_random.pod | 3 +-
doc/man3/SSL_get_psk_identity.pod | 1 -
doc/man3/SSL_load_client_CA_file.pod | 4 +-
doc/man3/SSL_set1_host.pod | 31 ++-
doc/man3/UI_new.pod | 18 +-
doc/man3/X509_LOOKUP_hash_dir.pod | 12 +-
doc/man3/X509_NAME_ENTRY_get_object.pod | 21 +-
doc/man3/X509_NAME_add_entry_by_txt.pod | 24 ++-
doc/man3/X509_NAME_get_index_by_NID.pod | 24 ++-
doc/man3/X509_NAME_print_ex.pod | 2 +-
doc/man3/X509_STORE_CTX_get_error.pod | 2 +-
doc/man3/X509_STORE_CTX_set_verify_cb.pod | 140 +++++++-------
doc/man3/X509_VERIFY_PARAM_set_flags.pod | 19 +-
doc/man3/X509_check_ca.pod | 4 +-
doc/man3/X509_digest.pod | 2 +-
doc/man3/X509_get_extension_flags.pod | 20 +-
doc/man3/X509_get_subject_name.pod | 2 +-
doc/man3/X509v3_get_ext_by_NID.pod | 2 +-
doc/man3/d2i_PKCS8PrivateKey_bio.pod | 16 +-
doc/man3/d2i_SSL_SESSION.pod | 3 +-
doc/man3/o2i_SCT_LIST.pod | 3 +-
155 files changed, 1551 insertions(+), 1430 deletions(-)
diff --git a/doc/man3/ASN1_TIME_set.pod b/doc/man3/ASN1_TIME_set.pod
index 457b721..e1a5234 100644
--- a/doc/man3/ASN1_TIME_set.pod
+++ b/doc/man3/ASN1_TIME_set.pod
@@ -85,9 +85,11 @@ Set a time structure to one hour after the current time and print it out:
#include <time.h>
#include <openssl/asn1.h>
+
ASN1_TIME *tm;
time_t t;
BIO *b;
+
t = time(NULL);
tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60);
b = BIO_new_fp(stdout, BIO_NOCLOSE);
@@ -100,14 +102,13 @@ Determine if one time is later or sooner than the current time:
int day, sec;
if (!ASN1_TIME_diff(&day, &sec, NULL, to))
- /* Invalid time format */
-
+ /* Invalid time format */
if (day > 0 || sec > 0)
- printf("Later\n");
+ printf("Later\n");
else if (day < 0 || sec < 0)
- printf("Sooner\n");
+ printf("Sooner\n");
else
- printf("Same\n");
+ printf("Same\n");
=head1 RETURN VALUES
diff --git a/doc/man3/ASYNC_WAIT_CTX_new.pod b/doc/man3/ASYNC_WAIT_CTX_new.pod
index 017e328..2042802 100644
--- a/doc/man3/ASYNC_WAIT_CTX_new.pod
+++ b/doc/man3/ASYNC_WAIT_CTX_new.pod
@@ -17,7 +17,7 @@ waiting for asynchronous jobs to complete
OSSL_ASYNC_FD fd,
void *custom_data,
void (*cleanup)(ASYNC_WAIT_CTX *, const void *,
- OSSL_ASYNC_FD, void *));
+ OSSL_ASYNC_FD, void *));
int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key,
OSSL_ASYNC_FD *fd, void **custom_data);
int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd,
diff --git a/doc/man3/ASYNC_start_job.pod b/doc/man3/ASYNC_start_job.pod
index cb02295..21b77a9 100644
--- a/doc/man3/ASYNC_start_job.pod
+++ b/doc/man3/ASYNC_start_job.pod
@@ -187,6 +187,7 @@ The following example demonstrates how to use most of the core async APIs:
void cleanup(ASYNC_WAIT_CTX *ctx, const void *key, OSSL_ASYNC_FD r, void *vw)
{
OSSL_ASYNC_FD *w = (OSSL_ASYNC_FD *)vw;
+
close(r);
close(*w);
OPENSSL_free(w);
@@ -262,17 +263,17 @@ The following example demonstrates how to use most of the core async APIs:
}
for (;;) {
- switch(ASYNC_start_job(&job, ctx, &ret, jobfunc, msg, sizeof(msg))) {
+ switch (ASYNC_start_job(&job, ctx, &ret, jobfunc, msg, sizeof(msg))) {
case ASYNC_ERR:
case ASYNC_NO_JOBS:
- printf("An error occurred\n");
- goto end;
+ printf("An error occurred\n");
+ goto end;
case ASYNC_PAUSE:
- printf("Job was paused\n");
- break;
+ printf("Job was paused\n");
+ break;
case ASYNC_FINISH:
- printf("Job finished with return value %d\n", ret);
- goto end;
+ printf("Job finished with return value %d\n", ret);
+ goto end;
}
/* Wait for the job to be woken */
diff --git a/doc/man3/BF_encrypt.pod b/doc/man3/BF_encrypt.pod
index 0401e90..b20f634 100644
--- a/doc/man3/BF_encrypt.pod
+++ b/doc/man3/BF_encrypt.pod
@@ -12,14 +12,16 @@ BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption
void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
- BF_KEY *key, int enc);
+ BF_KEY *key, int enc);
void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
- long length, BF_KEY *schedule, unsigned char *ivec, int enc);
+ long length, BF_KEY *schedule,
+ unsigned char *ivec, int enc);
void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, BF_KEY *schedule, unsigned char *ivec, int *num,
- int enc);
+ long length, BF_KEY *schedule,
+ unsigned char *ivec, int *num, int enc);
void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, BF_KEY *schedule, unsigned char *ivec, int *num);
+ long length, BF_KEY *schedule,
+ unsigned char *ivec, int *num);
const char *BF_options(void);
void BF_encrypt(BF_LONG *data, const BF_KEY *key);
diff --git a/doc/man3/BIO_connect.pod b/doc/man3/BIO_connect.pod
index 5194033..bb1047a 100644
--- a/doc/man3/BIO_connect.pod
+++ b/doc/man3/BIO_connect.pod
@@ -73,7 +73,7 @@ and not IPv4 addresses mapped to IPv6.
These flags are bit flags, so they are to be combined with the
C<|> operator, for example:
- BIO_connect(sock, addr, BIO_SOCK_KEEPALIVE | BIO_SOCK_NONBLOCK);
+ BIO_connect(sock, addr, BIO_SOCK_KEEPALIVE | BIO_SOCK_NONBLOCK);
=head1 RETURN VALUES
diff --git a/doc/man3/BIO_ctrl.pod b/doc/man3/BIO_ctrl.pod
index a098946..4e02294 100644
--- a/doc/man3/BIO_ctrl.pod
+++ b/doc/man3/BIO_ctrl.pod
@@ -12,7 +12,8 @@ BIO_get_info_callback, BIO_set_info_callback, bio_info_cb
#include <openssl/bio.h>
- typedef void (*bio_info_cb)(BIO *b, int oper, const char *ptr, int arg1, long arg2, long arg3);
+ typedef void (*bio_info_cb)(BIO *b, int oper, const char *ptr,
+ int arg1, long arg2, long arg3);
long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
long BIO_callback_ctrl(BIO *b, int cmd, bio_info_cb cb);
diff --git a/doc/man3/BIO_f_base64.pod b/doc/man3/BIO_f_base64.pod
index 1740dad..5097c28 100644
--- a/doc/man3/BIO_f_base64.pod
+++ b/doc/man3/BIO_f_base64.pod
@@ -65,8 +65,8 @@ data to standard output:
bio = BIO_new_fp(stdin, BIO_NOCLOSE);
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
BIO_push(b64, bio);
- while((inlen = BIO_read(b64, inbuf, 512)) > 0)
- BIO_write(bio_out, inbuf, inlen);
+ while ((inlen = BIO_read(b64, inbuf, 512)) > 0)
+ BIO_write(bio_out, inbuf, inlen);
BIO_flush(bio_out);
BIO_free_all(b64);
diff --git a/doc/man3/BIO_f_cipher.pod b/doc/man3/BIO_f_cipher.pod
index a24857e..65c3d0b 100644
--- a/doc/man3/BIO_f_cipher.pod
+++ b/doc/man3/BIO_f_cipher.pod
@@ -13,7 +13,7 @@ BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx - cipher
const BIO_METHOD *BIO_f_cipher(void);
void BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher,
- unsigned char *key, unsigned char *iv, int enc);
+ unsigned char *key, unsigned char *iv, int enc);
int BIO_get_cipher_status(BIO *b)
int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx)
diff --git a/doc/man3/BIO_f_md.pod b/doc/man3/BIO_f_md.pod
index dede0cc..7074202 100644
--- a/doc/man3/BIO_f_md.pod
+++ b/doc/man3/BIO_f_md.pod
@@ -79,10 +79,12 @@ checking has been omitted for clarity.
BIO *bio, *mdtmp;
char message[] = "Hello World";
+
bio = BIO_new(BIO_s_null());
mdtmp = BIO_new(BIO_f_md());
BIO_set_md(mdtmp, EVP_sha1());
- /* For BIO_push() we want to append the sink BIO and keep a note of
+ /*
+ * For BIO_push() we want to append the sink BIO and keep a note of
* the start of the chain.
*/
bio = BIO_push(mdtmp, bio);
@@ -97,6 +99,7 @@ The next example digests data by reading through a chain instead:
BIO *bio, *mdtmp;
char buf[1024];
int rdlen;
+
bio = BIO_new_file(file, "rb");
mdtmp = BIO_new(BIO_f_md());
BIO_set_md(mdtmp, EVP_sha1());
@@ -105,8 +108,8 @@ The next example digests data by reading through a chain instead:
BIO_set_md(mdtmp, EVP_md5());
bio = BIO_push(mdtmp, bio);
do {
- rdlen = BIO_read(bio, buf, sizeof(buf));
- /* Might want to do something with the data here */
+ rdlen = BIO_read(bio, buf, sizeof(buf));
+ /* Might want to do something with the data here */
} while (rdlen > 0);
This next example retrieves the message digests from a BIO chain and
@@ -116,17 +119,20 @@ outputs them. This could be used with the examples above.
unsigned char mdbuf[EVP_MAX_MD_SIZE];
int mdlen;
int i;
+
mdtmp = bio; /* Assume bio has previously been set up */
do {
- EVP_MD *md;
- mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
- if (!mdtmp) break;
- BIO_get_md(mdtmp, &md);
- printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
- mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
- for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
- printf("\n");
- mdtmp = BIO_next(mdtmp);
+ EVP_MD *md;
+
+ mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
+ if (!mdtmp)
+ break;
+ BIO_get_md(mdtmp, &md);
+ printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
+ mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
+ for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
+ printf("\n");
+ mdtmp = BIO_next(mdtmp);
} while (mdtmp);
BIO_free_all(bio);
diff --git a/doc/man3/BIO_f_null.pod b/doc/man3/BIO_f_null.pod
index c4e4c66..53069b4 100644
--- a/doc/man3/BIO_f_null.pod
+++ b/doc/man3/BIO_f_null.pod
@@ -8,7 +8,7 @@ BIO_f_null - null filter
#include <openssl/bio.h>
- const BIO_METHOD * BIO_f_null(void);
+ const BIO_METHOD *BIO_f_null(void);
=head1 DESCRIPTION
diff --git a/doc/man3/BIO_f_ssl.pod b/doc/man3/BIO_f_ssl.pod
index d2046f2..1da1489 100644
--- a/doc/man3/BIO_f_ssl.pod
+++ b/doc/man3/BIO_f_ssl.pod
@@ -170,15 +170,15 @@ unencrypted example in L<BIO_s_connect(3)>.
exit(1);
}
if (BIO_do_handshake(sbio) <= 0) {
- fprintf(stderr, "Error establishing SSL connection\n");
- ERR_print_errors_fp(stderr);
- exit(1);
+ fprintf(stderr, "Error establishing SSL connection\n");
+ ERR_print_errors_fp(stderr);
+ exit(1);
}
/* XXX Could examine ssl here to get connection info */
BIO_puts(sbio, "GET / HTTP/1.0\n\n");
- for ( ; ; ) {
+ for (;;) {
len = BIO_read(sbio, tmpbuf, 1024);
if (len <= 0)
break;
@@ -241,12 +241,6 @@ a client and also echoes the request to standard output.
exit(1);
}
- if (BIO_do_accept(acpt) <= 0) {
- fprintf(stderr, "Error in connection\n");
- ERR_print_errors_fp(stderr);
- exit(1);
- }
-
/* We only want one connection so remove and free accept BIO */
sbio = BIO_pop(acpt);
BIO_free_all(acpt);
@@ -261,7 +255,7 @@ a client and also echoes the request to standard output.
BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
BIO_puts(sbio, "--------------------------------------------------\r\n");
- for ( ; ; ) {
+ for (;;) {
len = BIO_gets(sbio, tmpbuf, 1024);
if (len <= 0)
break;
diff --git a/doc/man3/BIO_find_type.pod b/doc/man3/BIO_find_type.pod
index ff7b488..b817194 100644
--- a/doc/man3/BIO_find_type.pod
+++ b/doc/man3/BIO_find_type.pod
@@ -45,15 +45,16 @@ BIO_method_type() returns the type of the BIO B<b>.
Traverse a chain looking for digest BIOs:
BIO *btmp;
- btmp = in_bio; /* in_bio is chain to search through */
+ btmp = in_bio; /* in_bio is chain to search through */
do {
- btmp = BIO_find_type(btmp, BIO_TYPE_MD);
- if (btmp == NULL) break; /* Not found */
- /* btmp is a digest BIO, do something with it ...*/
- ...
+ btmp = BIO_find_type(btmp, BIO_TYPE_MD);
+ if (btmp == NULL)
+ break; /* Not found */
+ /* btmp is a digest BIO, do something with it ...*/
+ ...
- btmp = BIO_next(btmp);
+ btmp = BIO_next(btmp);
} while (btmp);
diff --git a/doc/man3/BIO_get_ex_new_index.pod b/doc/man3/BIO_get_ex_new_index.pod
index 1a99d09..c4797b1 100644
--- a/doc/man3/BIO_get_ex_new_index.pod
+++ b/doc/man3/BIO_get_ex_new_index.pod
@@ -22,9 +22,9 @@ RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data
#include <openssl/x509.h>
int TYPE_get_ex_new_index(long argl, void *argp,
- CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func);
+ CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
int TYPE_set_ex_data(TYPE *d, int idx, void *arg);
diff --git a/doc/man3/BIO_meth_new.pod b/doc/man3/BIO_meth_new.pod
index cd55c78..53a68a1 100644
--- a/doc/man3/BIO_meth_new.pod
+++ b/doc/man3/BIO_meth_new.pod
@@ -16,41 +16,45 @@ BIO_meth_set_callback_ctrl - Routines to build up BIO methods
#include <openssl/bio.h>
int BIO_get_new_index(void);
+
BIO_METHOD *BIO_meth_new(int type, const char *name);
+
void BIO_meth_free(BIO_METHOD *biom);
- int (*BIO_meth_get_write_ex(BIO_METHOD *biom)) (BIO *, const char *, size_t,
- size_t *);
- int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int);
+
+ int (*BIO_meth_get_write_ex(BIO_METHOD *biom))(BIO *, const char *, size_t,
+ size_t *);
+ int (*BIO_meth_get_write(BIO_METHOD *biom))(BIO *, const char *, int);
int BIO_meth_set_write_ex(BIO_METHOD *biom,
- int (*bwrite) (BIO *, const char *, size_t,
- size_t *));
+ int (*bwrite)(BIO *, const char *, size_t, size_t *));
int BIO_meth_set_write(BIO_METHOD *biom,
- int (*write) (BIO *, const char *, int));
- int (*BIO_meth_get_read_ex(BIO_METHOD *biom)) (BIO *, char *, size_t,
- size_t *);
- int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int);
+ int (*write)(BIO *, const char *, int));
+
+ int (*BIO_meth_get_read_ex(BIO_METHOD *biom))(BIO *, char *, size_t, size_t *);
+ int (*BIO_meth_get_read(BIO_METHOD *biom))(BIO *, char *, int);
int BIO_meth_set_read_ex(BIO_METHOD *biom,
- int (*bread) (BIO *, char *, size_t, size_t *));
- int BIO_meth_set_read(BIO_METHOD *biom,
- int (*read) (BIO *, char *, int));
- int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *);
- int BIO_meth_set_puts(BIO_METHOD *biom,
- int (*puts) (BIO *, const char *));
- int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int);
+ int (*bread)(BIO *, char *, size_t, size_t *));
+ int BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int));
+
+ int (*BIO_meth_get_puts(BIO_METHOD *biom))(BIO *, const char *);
+ int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *));
+
+ int (*BIO_meth_get_gets(BIO_METHOD *biom))(BIO *, char *, int);
int BIO_meth_set_gets(BIO_METHOD *biom,
- int (*gets) (BIO *, char *, int));
- long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *);
+ int (*gets)(BIO *, char *, int));
+
+ long (*BIO_meth_get_ctrl(BIO_METHOD *biom))(BIO *, int, long, void *);
int BIO_meth_set_ctrl(BIO_METHOD *biom,
- long (*ctrl) (BIO *, int, long, void *));
- int (*BIO_meth_get_create(BIO_METHOD *bion)) (BIO *);
- int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *));
- int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *);
- int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *));
- long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom))
- (BIO *, int, bio_info_cb *);
+ long (*ctrl)(BIO *, int, long, void *));
+
+ int (*BIO_meth_get_create(BIO_METHOD *bion))(BIO *);
+ int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *));
+
+ int (*BIO_meth_get_destroy(BIO_METHOD *biom))(BIO *);
+ int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *));
+
+ long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom))(BIO *, int, bio_info_cb *);
int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
- long (*callback_ctrl) (BIO *, int,
- bio_info_cb *));
+ long (*callback_ctrl)(BIO *, int, bio_info_cb *));
=head1 DESCRIPTION
diff --git a/doc/man3/BIO_new.pod b/doc/man3/BIO_new.pod
index 006cf59..55ed50b 100644
--- a/doc/man3/BIO_new.pod
+++ b/doc/man3/BIO_new.pod
@@ -9,12 +9,12 @@ BIO_set - BIO allocation and freeing functions
#include <openssl/bio.h>
- BIO * BIO_new(const BIO_METHOD *type);
- int BIO_set(BIO *a, const BIO_METHOD *type);
- int BIO_up_ref(BIO *a);
- int BIO_free(BIO *a);
- void BIO_vfree(BIO *a);
- void BIO_free_all(BIO *a);
+ BIO *BIO_new(const BIO_METHOD *type);
+ int BIO_set(BIO *a, const BIO_METHOD *type);
+ int BIO_up_ref(BIO *a);
+ int BIO_free(BIO *a);
+ void BIO_vfree(BIO *a);
+ void BIO_free_all(BIO *a);
=head1 DESCRIPTION
diff --git a/doc/man3/BIO_s_bio.pod b/doc/man3/BIO_s_bio.pod
index 55567bb..dfafa35 100644
--- a/doc/man3/BIO_s_bio.pod
+++ b/doc/man3/BIO_s_bio.pod
@@ -17,7 +17,6 @@ BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request - BIO pair BIO
int BIO_destroy_bio_pair(BIO *b);
int BIO_shutdown_wr(BIO *b);
-
int BIO_set_write_buf_size(BIO *b, long size);
size_t BIO_get_write_buf_size(BIO *b, long size);
@@ -141,10 +140,11 @@ application. The application can call select() on the socket as required
without having to go through the SSL-interface.
BIO *internal_bio, *network_bio;
+
...
BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0);
SSL_set_bio(ssl, internal_bio, internal_bio);
- SSL_operations(); //e.g SSL_read and SSL_write
+ SSL_operations(); /* e.g SSL_read and SSL_write */
...
application | TLS-engine
diff --git a/doc/man3/BIO_s_connect.pod b/doc/man3/BIO_s_connect.pod
index 2143acd..be2f4e5 100644
--- a/doc/man3/BIO_s_connect.pod
+++ b/doc/man3/BIO_s_connect.pod
@@ -174,7 +174,7 @@ to retrieve a page and copy the result to standard output.
exit(1);
}
BIO_puts(cbio, "GET / HTTP/1.0\n\n");
- for ( ; ; ) {
+ for (;;) {
len = BIO_read(cbio, tmpbuf, 1024);
if (len <= 0)
break;
diff --git a/doc/man3/BIO_s_file.pod b/doc/man3/BIO_s_file.pod
index abbcdb0..14ce952 100644
--- a/doc/man3/BIO_s_file.pod
+++ b/doc/man3/BIO_s_file.pod
@@ -10,7 +10,7 @@ BIO_rw_filename - FILE bio
#include <openssl/bio.h>
- const BIO_METHOD * BIO_s_file(void);
+ const BIO_METHOD *BIO_s_file(void);
BIO *BIO_new_file(const char *filename, const char *mode);
BIO *BIO_new_fp(FILE *stream, int flags);
@@ -85,31 +85,40 @@ lingual environment, encode file names in UTF-8.
File BIO "hello world":
BIO *bio_out;
+
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
BIO_printf(bio_out, "Hello World\n");
Alternative technique:
BIO *bio_out;
+
bio_out = BIO_new(BIO_s_file());
- if (bio_out == NULL) /* Error ... */
- if (!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) /* Error ... */
+ if (bio_out == NULL)
+ /* Error */
+ if (!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE))
+ /* Error */
BIO_printf(bio_out, "Hello World\n");
Write to a file:
BIO *out;
+
out = BIO_new_file("filename.txt", "w");
- if (!out) /* Error occurred */
+ if (!out)
+ /* Error */
BIO_printf(out, "Hello World\n");
BIO_free(out);
Alternative technique:
BIO *out;
+
out = BIO_new(BIO_s_file());
- if (out == NULL) /* Error ... */
- if (!BIO_write_filename(out, "filename.txt")) /* Error ... */
+ if (out == NULL)
+ /* Error */
+ if (!BIO_write_filename(out, "filename.txt"))
+ /* Error */
BIO_printf(out, "Hello World\n");
BIO_free(out);
diff --git a/doc/man3/BIO_s_mem.pod b/doc/man3/BIO_s_mem.pod
index b272c41..0b559e5 100644
--- a/doc/man3/BIO_s_mem.pod
+++ b/doc/man3/BIO_s_mem.pod
@@ -10,8 +10,8 @@ BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO
#include <openssl/bio.h>
- const BIO_METHOD * BIO_s_mem(void);
- const BIO_METHOD * BIO_s_secmem(void);
+ const BIO_METHOD *BIO_s_mem(void);
+ const BIO_METHOD *BIO_s_secmem(void);
BIO_set_mem_eof_return(BIO *b, int v)
long BIO_get_mem_data(BIO *b, char **pp)
@@ -97,17 +97,18 @@ There should be an option to set the maximum size of a memory BIO.
Create a memory BIO and write some data to it:
BIO *mem = BIO_new(BIO_s_mem());
+
BIO_puts(mem, "Hello World\n");
Create a read only memory BIO:
char data[] = "Hello World";
- BIO *mem;
- mem = BIO_new_mem_buf(data, -1);
+ BIO *mem = BIO_new_mem_buf(data, -1);
Extract the BUF_MEM structure from a memory BIO and then free up the BIO:
BUF_MEM *bptr;
+
BIO_get_mem_ptr(mem, &bptr);
BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
BIO_free(mem);
diff --git a/doc/man3/BIO_s_null.pod b/doc/man3/BIO_s_null.pod
index 5a1d84d..dd39423 100644
--- a/doc/man3/BIO_s_null.pod
+++ b/doc/man3/BIO_s_null.pod
@@ -8,7 +8,7 @@ BIO_s_null - null data sink
#include <openssl/bio.h>
- const BIO_METHOD * BIO_s_null(void);
+ const BIO_METHOD *BIO_s_null(void);
=head1 DESCRIPTION
diff --git a/doc/man3/BIO_set_callback.pod b/doc/man3/BIO_set_callback.pod
index 3d15859..ac017e7 100644
--- a/doc/man3/BIO_set_callback.pod
+++ b/doc/man3/BIO_set_callback.pod
@@ -122,7 +122,8 @@ or
is called before the read and
- callback_ex(b, BIO_CB_READ | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, readbytes)
+ callback_ex(b, BIO_CB_READ | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue,
+ readbytes)
or
@@ -140,7 +141,8 @@ or
is called before the write and
- callback_ex(b, BIO_CB_WRITE | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, written)
+ callback_ex(b, BIO_CB_WRITE | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue,
+ written)
or
@@ -158,7 +160,8 @@ or
is called before the operation and
- callback_ex(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size, 0, 0L, retvalue, readbytes)
+ callback_ex(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size, 0, 0L, retvalue,
+ readbytes)
or
diff --git a/doc/man3/BN_BLINDING_new.pod b/doc/man3/BN_BLINDING_new.pod
index 4229e75..68b3cba 100644
--- a/doc/man3/BN_BLINDING_new.pod
+++ b/doc/man3/BN_BLINDING_new.pod
@@ -13,15 +13,15 @@ BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functi
#include <openssl/bn.h>
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
- BIGNUM *mod);
+ BIGNUM *mod);
void BN_BLINDING_free(BN_BLINDING *b);
int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
- BN_CTX *ctx);
+ BN_CTX *ctx);
int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
- BN_CTX *ctx);
+ BN_CTX *ctx);
int BN_BLINDING_is_current_thread(BN_BLINDING *b);
void BN_BLINDING_set_current_thread(BN_BLINDING *b);
int BN_BLINDING_lock(BN_BLINDING *b);
@@ -29,10 +29,14 @@ BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functi
unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
- const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
- BN_MONT_CTX *m_ctx);
+ const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+ int (*bn_mod_exp)(BIGNUM *r,
+ const BIGNUM *a,
+ const BIGNUM *p,
+ const BIGNUM *m,
+ BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx),
+ BN_MONT_CTX *m_ctx);
=head1 DESCRIPTION
diff --git a/doc/man3/BN_CTX_new.pod b/doc/man3/BN_CTX_new.pod
index 623fcd5..4cf3634 100644
--- a/doc/man3/BN_CTX_new.pod
+++ b/doc/man3/BN_CTX_new.pod
@@ -51,7 +51,8 @@ replace use of BN_CTX_init with BN_CTX_new instead:
BN_CTX *ctx;
ctx = BN_CTX_new();
- if(!ctx) /* Handle error */
+ if (!ctx)
+ /* error */
...
BN_CTX_free(ctx);
diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod
index db3b0d4..98f2970 100644
--- a/doc/man3/BN_add.pod
+++ b/doc/man3/BN_add.pod
@@ -19,27 +19,27 @@ arithmetic operations on BIGNUMs
int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
- BN_CTX *ctx);
+ BN_CTX *ctx);
int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
- BN_CTX *ctx);
+ BN_CTX *ctx);
int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
- BN_CTX *ctx);
+ BN_CTX *ctx);
int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
- BN_CTX *ctx);
+ BN_CTX *ctx);
int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
+ const BIGNUM *m, BN_CTX *ctx);
int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod
index c97536b..1c40a13 100644
--- a/doc/man3/BN_generate_prime.pod
+++ b/doc/man3/BN_generate_prime.pod
@@ -12,12 +12,12 @@ for primality
#include <openssl/bn.h>
int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
- const BIGNUM *rem, BN_GENCB *cb);
+ const BIGNUM *rem, BN_GENCB *cb);
int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
- int do_trial_division, BN_GENCB *cb);
+ int do_trial_division, BN_GENCB *cb);
int BN_GENCB_call(BN_GENCB *cb, int a, int b);
@@ -26,10 +26,10 @@ for primality
void BN_GENCB_free(BN_GENCB *cb);
void BN_GENCB_set_old(BN_GENCB *gencb,
- void (*callback)(int, int, void *), void *cb_arg);
+ void (*callback)(int, int, void *), void *cb_arg);
void BN_GENCB_set(BN_GENCB *gencb,
- int (*callback)(int, int, BN_GENCB *), void *cb_arg);
+ int (*callback)(int, int, BN_GENCB *), void *cb_arg);
void *BN_GENCB_get_arg(BN_GENCB *cb);
@@ -37,14 +37,15 @@ Deprecated:
#if OPENSSL_API_COMPAT < 0x00908000L
BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
- BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
+ BIGNUM *rem, void (*callback)(int, int, void *),
+ void *cb_arg);
- int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int,
- void *), BN_CTX *ctx, void *cb_arg);
+ int BN_is_prime(const BIGNUM *a, int checks,
+ void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg);
int BN_is_prime_fasttest(const BIGNUM *a, int checks,
- void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg,
- int do_trial_division);
+ void (*callback)(int, int, void *), BN_CTX *ctx,
+ void *cb_arg, int do_trial_division);
#endif
=head1 DESCRIPTION
@@ -169,7 +170,8 @@ Instead applications should create a BN_GENCB structure using BN_GENCB_new:
BN_GENCB *callback;
callback = BN_GENCB_new();
- if(!callback) /* handle error */
+ if (!callback)
+ /* error */
...
BN_GENCB_free(callback);
diff --git a/doc/man3/BN_mod_inverse.pod b/doc/man3/BN_mod_inverse.pod
index cb84a14..5c09aac 100644
--- a/doc/man3/BN_mod_inverse.pod
+++ b/doc/man3/BN_mod_inverse.pod
@@ -9,7 +9,7 @@ BN_mod_inverse - compute inverse modulo n
#include <openssl/bn.h>
BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
- BN_CTX *ctx);
+ BN_CTX *ctx);
=head1 DESCRIPTION
diff --git a/doc/man3/BN_mod_mul_montgomery.pod b/doc/man3/BN_mod_mul_montgomery.pod
index 81056c7..4dfcb21 100644
--- a/doc/man3/BN_mod_mul_montgomery.pod
+++ b/doc/man3/BN_mod_mul_montgomery.pod
@@ -17,13 +17,13 @@ BN_from_montgomery, BN_to_montgomery - Montgomery multiplication
BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
- BN_MONT_CTX *mont, BN_CTX *ctx);
+ BN_MONT_CTX *mont, BN_CTX *ctx);
int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
- BN_CTX *ctx);
+ BN_CTX *ctx);
int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
- BN_CTX *ctx);
+ BN_CTX *ctx);
=head1 DESCRIPTION
diff --git a/doc/man3/BN_mod_mul_reciprocal.pod b/doc/man3/BN_mod_mul_reciprocal.pod
index d480fed..07f93ba 100644
--- a/doc/man3/BN_mod_mul_reciprocal.pod
+++ b/doc/man3/BN_mod_mul_reciprocal.pod
@@ -16,10 +16,10 @@ reciprocal
int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp,
- BN_CTX *ctx);
+ BN_CTX *ctx);
int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
- BN_RECP_CTX *recp, BN_CTX *ctx);
+ BN_RECP_CTX *recp, BN_CTX *ctx);
=head1 DESCRIPTION
diff --git a/doc/man3/CMS_add0_cert.pod b/doc/man3/CMS_add0_cert.pod
index a5be002..9fbbe9d 100644
--- a/doc/man3/CMS_add0_cert.pod
+++ b/doc/man3/CMS_add0_cert.pod
@@ -17,7 +17,6 @@ CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_ge
int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
-
=head1 DESCRIPTION
CMS_add0_cert() and CMS_add1_cert() add certificate B<cert> to B<cms>.
diff --git a/doc/man3/CMS_add1_recipient_cert.pod b/doc/man3/CMS_add1_recipient_cert.pod
index 0dae5cf..56399f9 100644
--- a/doc/man3/CMS_add1_recipient_cert.pod
+++ b/doc/man3/CMS_add1_recipient_cert.pod
@@ -8,9 +8,15 @@ CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS envelo
#include <openssl/cms.h>
- CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags);
-
- CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, unsigned char *key, size_t keylen, unsigned char *id, size_t idlen, ASN1_GENERALIZEDTIME *date, ASN1_OBJECT *otherTypeId, ASN1_TYPE *otherType);
+ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+ X509 *recip, unsigned int flags);
+
+ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+ unsigned char *key, size_t keylen,
+ unsigned char *id, size_t idlen,
+ ASN1_GENERALIZEDTIME *date,
+ ASN1_OBJECT *otherTypeId,
+ ASN1_TYPE *otherType);
=head1 DESCRIPTION
diff --git a/doc/man3/CMS_add1_signer.pod b/doc/man3/CMS_add1_signer.pod
index f4738e0..48d0154 100644
--- a/doc/man3/CMS_add1_signer.pod
+++ b/doc/man3/CMS_add1_signer.pod
@@ -8,11 +8,12 @@ CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed
#include <openssl/cms.h>
- CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags);
+ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert,
+ EVP_PKEY *pkey, const EVP_MD *md,
+ unsigned int flags);
int CMS_SignerInfo_sign(CMS_SignerInfo *si);
-
=head1 DESCRIPTION
CMS_add1_signer() adds a signer with certificate B<signcert> and private
diff --git a/doc/man3/CMS_decrypt.pod b/doc/man3/CMS_decrypt.pod
index 1174734..b9f2c28 100644
--- a/doc/man3/CMS_decrypt.pod
+++ b/doc/man3/CMS_decrypt.pod
@@ -8,7 +8,8 @@ CMS_decrypt - decrypt content from a CMS envelopedData structure
#include <openssl/cms.h>
- int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *dcont, BIO *out, unsigned int flags);
+ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
+ BIO *dcont, BIO *out, unsigned int flags);
=head1 DESCRIPTION
diff --git a/doc/man3/CMS_encrypt.pod b/doc/man3/CMS_encrypt.pod
index 0ed4262..8d72110 100644
--- a/doc/man3/CMS_encrypt.pod
+++ b/doc/man3/CMS_encrypt.pod
@@ -8,7 +8,8 @@ CMS_encrypt - create a CMS envelopedData structure
#include <openssl/cms.h>
- CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, unsigned int flags);
+ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
+ const EVP_CIPHER *cipher, unsigned int flags);
=head1 DESCRIPTION
diff --git a/doc/man3/CMS_get0_RecipientInfos.pod b/doc/man3/CMS_get0_RecipientInfos.pod
index 80370d6..ba4a60a 100644
--- a/doc/man3/CMS_get0_RecipientInfos.pod
+++ b/doc/man3/CMS_get0_RecipientInfos.pod
@@ -16,13 +16,22 @@ CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt
STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
- int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
+ int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+ ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer,
+ ASN1_INTEGER **sno);
int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
- int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate, ASN1_OBJECT **potherid, ASN1_TYPE **pothertype);
- int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, const unsigned char *id, size_t idlen);
- int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key, size_t keylen);
+ int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
+ ASN1_OCTET_STRING **pid,
+ ASN1_GENERALIZEDTIME **pdate,
+ ASN1_OBJECT **potherid,
+ ASN1_TYPE **pothertype);
+ int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
+ const unsigned char *id, size_t idlen);
+ int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
+ unsigned char *key, size_t keylen);
int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
diff --git a/doc/man3/CMS_get0_SignerInfos.pod b/doc/man3/CMS_get0_SignerInfos.pod
index e5532c9..7abe39f 100644
--- a/doc/man3/CMS_get0_SignerInfos.pod
+++ b/doc/man3/CMS_get0_SignerInfos.pod
@@ -13,7 +13,8 @@ CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp
STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
- int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
+ int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer, ASN1_INTEGER **sno);
ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
diff --git a/doc/man3/CMS_get1_ReceiptRequest.pod b/doc/man3/CMS_get1_ReceiptRequest.pod
index 79f5f42..4f7f245 100644
--- a/doc/man3/CMS_get1_ReceiptRequest.pod
+++ b/doc/man3/CMS_get1_ReceiptRequest.pod
@@ -8,10 +8,16 @@ CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CM
#include <openssl/cms.h>
- CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo);
+ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+ int allorfirst,
+ STACK_OF(GENERAL_NAMES) *receiptList,
+ STACK_OF(GENERAL_NAMES) *receiptsTo);
int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
- void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid, int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist, STACK_OF(GENERAL_NAMES) **prto);
+ void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
+ int *pallorfirst,
+ STACK_OF(GENERAL_NAMES) **plist,
+ STACK_OF(GENERAL_NAMES) **prto);
=head1 DESCRIPTION
diff --git a/doc/man3/CMS_sign.pod b/doc/man3/CMS_sign.pod
index 396deef..79446b1 100644
--- a/doc/man3/CMS_sign.pod
+++ b/doc/man3/CMS_sign.pod
@@ -8,7 +8,8 @@ CMS_sign - create a CMS SignedData structure
#include <openssl/cms.h>
- CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, unsigned int flags);
+ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+ BIO *data, unsigned int flags);
=head1 DESCRIPTION
diff --git a/doc/man3/CMS_sign_receipt.pod b/doc/man3/CMS_sign_receipt.pod
index 8ea6df1..d65a208 100644
--- a/doc/man3/CMS_sign_receipt.pod
+++ b/doc/man3/CMS_sign_receipt.pod
@@ -8,7 +8,9 @@ CMS_sign_receipt - create a CMS signed receipt
#include <openssl/cms.h>
- CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, unsigned int flags);
+ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert,
+ EVP_PKEY *pkey, STACK_OF(X509) *certs,
+ unsigned int flags);
=head1 DESCRIPTION
diff --git a/doc/man3/CMS_verify.pod b/doc/man3/CMS_verify.pod
index c2ff57b..7187d98 100644
--- a/doc/man3/CMS_verify.pod
+++ b/doc/man3/CMS_verify.pod
@@ -8,7 +8,8 @@ CMS_verify, CMS_get0_signers - verify a CMS SignedData structure
#include <openssl/cms.h>
- int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, unsigned int flags);
+ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store,
+ BIO *indata, BIO *out, unsigned int flags);
STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
diff --git a/doc/man3/CMS_verify_receipt.pod b/doc/man3/CMS_verify_receipt.pod
index 193241c..6773529 100644
--- a/doc/man3/CMS_verify_receipt.pod
+++ b/doc/man3/CMS_verify_receipt.pod
@@ -8,7 +8,9 @@ CMS_verify_receipt - verify a CMS signed receipt
#include <openssl/cms.h>
- int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags);
+ int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+ STACK_OF(X509) *certs, X509_STORE *store,
+ unsigned int flags);
=head1 DESCRIPTION
diff --git a/doc/man3/CONF_modules_load_file.pod b/doc/man3/CONF_modules_load_file.pod
index 4f02f52..ecf294a 100644
--- a/doc/man3/CONF_modules_load_file.pod
+++ b/doc/man3/CONF_modules_load_file.pod
@@ -9,9 +9,9 @@ CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions
#include <openssl/conf.h>
int CONF_modules_load_file(const char *filename, const char *appname,
- unsigned long flags);
+ unsigned long flags);
int CONF_modules_load(const CONF *cnf, const char *appname,
- unsigned long flags);
+ unsigned long flags);
=head1 DESCRIPTION
@@ -65,9 +65,9 @@ Load a configuration file and print out any errors and exit (missing file
considered fatal):
if (CONF_modules_load_file(NULL, NULL, 0) <= 0) {
- fprintf(stderr, "FATAL: error loading configuration file\n");
- ERR_print_errors_fp(stderr);
- exit(1);
+ fprintf(stderr, "FATAL: error loading configuration file\n");
+ ERR_print_errors_fp(stderr);
+ exit(1);
}
Load default configuration file using the section indicated by "myapp",
@@ -75,9 +75,9 @@ tolerate missing files, but exit on other errors:
if (CONF_modules_load_file(NULL, "myapp",
CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
- fprintf(stderr, "FATAL: error loading configuration file\n");
- ERR_print_errors_fp(stderr);
- exit(1);
+ fprintf(stderr, "FATAL: error loading configuration file\n");
+ ERR_print_errors_fp(stderr);
+ exit(1);
}
Load custom configuration file and section, only print warnings on error,
@@ -85,8 +85,8 @@ missing configuration file ignored:
if (CONF_modules_load_file("/something/app.cnf", "myapp",
CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
- fprintf(stderr, "WARNING: error loading configuration file\n");
- ERR_print_errors_fp(stderr);
+ fprintf(stderr, "WARNING: error loading configuration file\n");
+ ERR_print_errors_fp(stderr);
}
Load and parse configuration file manually, custom error handling:
@@ -94,24 +94,25 @@ Load and parse configuration file manually, custom error handling:
FILE *fp;
CONF *cnf = NULL;
long eline;
+
fp = fopen("/somepath/app.cnf", "r");
if (fp == NULL) {
- fprintf(stderr, "Error opening configuration file\n");
- /* Other missing configuration file behaviour */
+ fprintf(stderr, "Error opening configuration file\n");
+ /* Other missing configuration file behaviour */
} else {
- cnf = NCONF_new(NULL);
- if (NCONF_load_fp(cnf, fp, &eline) == 0) {
- fprintf(stderr, "Error on line %ld of configuration file\n", eline);
- ERR_print_errors_fp(stderr);
- /* Other malformed configuration file behaviour */
- } else if (CONF_modules_load(cnf, "appname", 0) <= 0) {
- fprintf(stderr, "Error configuring application\n");
- ERR_print_errors_fp(stderr);
- /* Other configuration error behaviour */
- }
- fclose(fp);
- NCONF_free(cnf);
- }
+ cnf = NCONF_new(NULL);
+ if (NCONF_load_fp(cnf, fp, &eline) == 0) {
+ fprintf(stderr, "Error on line %ld of configuration file\n", eline);
+ ERR_print_errors_fp(stderr);
+ /* Other malformed configuration file behaviour */
+ } else if (CONF_modules_load(cnf, "appname", 0) <= 0) {
+ fprintf(stderr, "Error configuring application\n");
+ ERR_print_errors_fp(stderr);
+ /* Other configuration error behaviour */
+ }
+ fclose(fp);
+ NCONF_free(cnf);
+ }
=head1 RETURN VALUES
diff --git a/doc/man3/CRYPTO_THREAD_run_once.pod b/doc/man3/CRYPTO_THREAD_run_once.pod
index b256a18..9a4df19 100644
--- a/doc/man3/CRYPTO_THREAD_run_once.pod
+++ b/doc/man3/CRYPTO_THREAD_run_once.pod
@@ -100,42 +100,42 @@ crypto.h where use of CRYPTO_THREAD_* types and functions is required.
This example safely initializes and uses a lock.
- #ifdef _WIN32
- # include <windows.h>
- #endif
- #include <openssl/crypto.h>
-
- static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT;
- static CRYPTO_RWLOCK *lock;
-
- static void myinit(void)
- {
- lock = CRYPTO_THREAD_lock_new();
- }
-
- static int mylock(void)
- {
- if (!CRYPTO_THREAD_run_once(&once, void init) || lock == NULL)
- return 0;
- return CRYPTO_THREAD_write_lock(lock);
- }
-
- static int myunlock(void)
- {
- return CRYPTO_THREAD_unlock(lock);
- }
-
- int serialized(void)
- {
- int ret = 0;
-
- if (mylock()) {
- /* Your code here, do not return without releasing the lock! */
- ret = ... ;
- }
- myunlock();
- return ret;
- }
+ #ifdef _WIN32
+ # include <windows.h>
+ #endif
+ #include <openssl/crypto.h>
+
+ static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT;
+ static CRYPTO_RWLOCK *lock;
+
+ static void myinit(void)
+ {
+ lock = CRYPTO_THREAD_lock_new();
+ }
+
+ static int mylock(void)
+ {
+ if (!CRYPTO_THREAD_run_once(&once, void init) || lock == NULL)
+ return 0;
+ return CRYPTO_THREAD_write_lock(lock);
+ }
+
+ static int myunlock(void)
+ {
+ return CRYPTO_THREAD_unlock(lock);
+ }
+
+ int serialized(void)
+ {
+ int ret = 0;
+
+ if (mylock()) {
+ /* Your code here, do not return without releasing the lock! */
+ ret = ... ;
+ }
+ myunlock();
+ return ret;
+ }
Finalization of locks is an advanced topic, not covered in this example.
This can only be done at process exit or when a dynamically loaded library is
@@ -149,9 +149,9 @@ You can find out if OpenSSL was configured with thread support:
#include <openssl/opensslconf.h>
#if defined(OPENSSL_THREADS)
- // thread support enabled
+ /* thread support enabled */
#else
- // no thread support
+ /* no thread support */
#endif
=head1 SEE ALSO
diff --git a/doc/man3/CRYPTO_get_ex_new_index.pod b/doc/man3/CRYPTO_get_ex_new_index.pod
index a5bf620..8251dda 100644
--- a/doc/man3/CRYPTO_get_ex_new_index.pod
+++ b/doc/man3/CRYPTO_get_ex_new_index.pod
@@ -12,10 +12,10 @@ CRYPTO_get_ex_data, CRYPTO_free_ex_data, CRYPTO_new_ex_data
#include <openssl/crypto.h>
int CRYPTO_get_ex_new_index(int class_index,
- long argl, void *argp,
- CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func);
+ long argl, void *argp,
+ CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
typedef void CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
int idx, long argl, void *argp);
diff --git a/doc/man3/CT_POLICY_EVAL_CTX_new.pod b/doc/man3/CT_POLICY_EVAL_CTX_new.pod
index 4d0cae3..f068fde 100644
--- a/doc/man3/CT_POLICY_EVAL_CTX_new.pod
+++ b/doc/man3/CT_POLICY_EVAL_CTX_new.pod
@@ -20,7 +20,8 @@ Encapsulates the data required to evaluate whether SCTs meet a Certificate Trans
X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);
int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx);
- void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, CTLOG_STORE *log_store);
+ void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
+ CTLOG_STORE *log_store);
uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx);
void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms);
diff --git a/doc/man3/DEFINE_STACK_OF.pod b/doc/man3/DEFINE_STACK_OF.pod
index e6684f8..82989fa 100644
--- a/doc/man3/DEFINE_STACK_OF.pod
+++ b/doc/man3/DEFINE_STACK_OF.pod
@@ -56,7 +56,8 @@ stack container
STACK_OF(TYPE) *sk_TYPE_deep_copy(const STACK_OF(TYPE) *sk,
sk_TYPE_copyfunc copyfunc,
sk_TYPE_freefunc freefunc);
- sk_TYPE_compfunc (*sk_TYPE_set_cmp_func(STACK_OF(TYPE) *sk, sk_TYPE_compfunc compare);
+ sk_TYPE_compfunc (*sk_TYPE_set_cmp_func(STACK_OF(TYPE) *sk,
+ sk_TYPE_compfunc compare));
=head1 DESCRIPTION
diff --git a/doc/man3/DES_random_key.pod b/doc/man3/DES_random_key.pod
index 4a7b106..748ea38 100644
--- a/doc/man3/DES_random_key.pod
+++ b/doc/man3/DES_random_key.pod
@@ -20,75 +20,74 @@ DES_fcrypt, DES_crypt - DES encryption
int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
- int DES_set_key_checked(const_DES_cblock *key,
- DES_key_schedule *schedule);
- void DES_set_key_unchecked(const_DES_cblock *key,
- DES_key_schedule *schedule);
+ int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule);
+ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule);
void DES_set_odd_parity(DES_cblock *key);
int DES_is_weak_key(const_DES_cblock *key);
void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
- DES_key_schedule *ks, int enc);
+ DES_key_schedule *ks, int enc);
void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output,
- DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
+ DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
- DES_key_schedule *ks1, DES_key_schedule *ks2,
- DES_key_schedule *ks3, int enc);
+ DES_key_schedule *ks1, DES_key_schedule *ks2,
+ DES_key_schedule *ks3, int enc);
void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
- long length, DES_key_schedule *schedule, DES_cblock *ivec,
- int enc);
+ long length, DES_key_schedule *schedule, DES_cblock *ivec,
+ int enc);
void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,
- int numbits, long length, DES_key_schedule *schedule,
- DES_cblock *ivec, int enc);
+ int numbits, long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int enc);
void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,
- int numbits, long length, DES_key_schedule *schedule,
- DES_cblock *ivec);
+ int numbits, long length, DES_key_schedule *schedule,
+ DES_cblock *ivec);
void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
- long length, DES_key_schedule *schedule, DES_cblock *ivec,
- int enc);
+ long length, DES_key_schedule *schedule, DES_cblock *ivec,
+ int enc);
void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *schedule, DES_cblock *ivec,
- int *num, int enc);
+ long length, DES_key_schedule *schedule, DES_cblock *ivec,
+ int *num, int enc);
void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *schedule, DES_cblock *ivec,
- int *num);
+ long length, DES_key_schedule *schedule, DES_cblock *ivec,
+ int *num);
void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
- long length, DES_key_schedule *schedule, DES_cblock *ivec,
- const_DES_cblock *inw, const_DES_cblock *outw, int enc);
-
- void DES_ede2_cbc_encrypt(const unsigned char *input,
- unsigned char *output, long length, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_cblock *ivec, int enc);
- void DES_ede2_cfb64_encrypt(const unsigned char *in,
- unsigned char *out, long length, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_cblock *ivec, int *num, int enc);
- void DES_ede2_ofb64_encrypt(const unsigned char *in,
- unsigned char *out, long length, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_cblock *ivec, int *num);
-
- void DES_ede3_cbc_encrypt(const unsigned char *input,
- unsigned char *output, long length, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec,
- int enc);
+ long length, DES_key_schedule *schedule, DES_cblock *ivec,
+ const_DES_cblock *inw, const_DES_cblock *outw, int enc);
+
+ void DES_ede2_cbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_cblock *ivec, int enc);
+ void DES_ede2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_cblock *ivec,
+ int *num, int enc);
+ void DES_ede2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_cblock *ivec, int *num);
+
+ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3,
+ DES_cblock *ivec, int enc);
void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
- DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc);
+ long length, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3,
+ DES_cblock *ivec, int *num, int enc);
void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_key_schedule *ks3,
- DES_cblock *ivec, int *num);
+ long length, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3,
+ DES_cblock *ivec, int *num);
DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
- long length, DES_key_schedule *schedule,
- const_DES_cblock *ivec);
+ long length, DES_key_schedule *schedule,
+ const_DES_cblock *ivec);
DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
- long length, int out_count, DES_cblock *seed);
+ long length, int out_count, DES_cblock *seed);
void DES_string_to_key(const char *str, DES_cblock *key);
- void DES_string_to_2keys(const char *str, DES_cblock *key1,
- DES_cblock *key2);
+ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
char *DES_fcrypt(const char *buf, const char *salt, char *ret);
char *DES_crypt(const char *buf, const char *salt);
diff --git a/doc/man3/DH_generate_parameters.pod b/doc/man3/DH_generate_parameters.pod
index ce178af..54e98f5 100644
--- a/doc/man3/DH_generate_parameters.pod
+++ b/doc/man3/DH_generate_parameters.pod
@@ -19,7 +19,7 @@ Deprecated:
#if OPENSSL_API_COMPAT < 0x00908000L
DH *DH_generate_parameters(int prime_len, int generator,
- void (*callback)(int, int, void *), void *cb_arg);
+ void (*callback)(int, int, void *), void *cb_arg);
#endif
=head1 DESCRIPTION
diff --git a/doc/man3/DH_meth_new.pod b/doc/man3/DH_meth_new.pod
index bf38c37..02acb54 100644
--- a/doc/man3/DH_meth_new.pod
+++ b/doc/man3/DH_meth_new.pod
@@ -15,35 +15,46 @@ DH_meth_set_generate_params - Routines to build up DH methods
#include <openssl/dh.h>
DH_METHOD *DH_meth_new(const char *name, int flags);
+
void DH_meth_free(DH_METHOD *dhm);
+
DH_METHOD *DH_meth_dup(const DH_METHOD *dhm);
+
const char *DH_meth_get0_name(const DH_METHOD *dhm);
int DH_meth_set1_name(DH_METHOD *dhm, const char *name);
+
int DH_meth_get_flags(DH_METHOD *dhm);
int DH_meth_set_flags(DH_METHOD *dhm, int flags);
+
void *DH_meth_get0_app_data(const DH_METHOD *dhm);
int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data);
- int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *);
- int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *));
+
+ int (*DH_meth_get_generate_key(const DH_METHOD *dhm))(DH *);
+ int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key)(DH *));
+
int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
- (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+ (unsigned char *key, const BIGNUM *pub_key, DH *dh);
int DH_meth_set_compute_key(DH_METHOD *dhm,
- int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh));
+ int (*compute_key)(unsigned char *key, const BIGNUM *pub_key, DH *dh));
+
int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
- int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx));
+ int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx));
+
int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *);
int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *));
- int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *);
- int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *));
+
+ int (*DH_meth_get_finish(const DH_METHOD *dhm))(DH *);
+ int DH_meth_set_finish(DH_METHOD *dhm, int (*finish)(DH *));
+
int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
- (DH *, int, int, BN_GENCB *);
+ (DH *, int, int, BN_GENCB *);
int DH_meth_set_generate_params(DH_METHOD *dhm,
- int (*generate_params) (DH *, int, int, BN_GENCB *));
+ int (*generate_params)(DH *, int, int, BN_GENCB *));
=head1 DESCRIPTION
diff --git a/doc/man3/DSA_do_sign.pod b/doc/man3/DSA_do_sign.pod
index 9372124..a0dd8bb 100644
--- a/doc/man3/DSA_do_sign.pod
+++ b/doc/man3/DSA_do_sign.pod
@@ -11,7 +11,7 @@ DSA_do_sign, DSA_do_verify - raw DSA signature operations
DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
int DSA_do_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
+ DSA_SIG *sig, DSA *dsa);
=head1 DESCRIPTION
diff --git a/doc/man3/DSA_dup_DH.pod b/doc/man3/DSA_dup_DH.pod
index b911300..ecc9fdf 100644
--- a/doc/man3/DSA_dup_DH.pod
+++ b/doc/man3/DSA_dup_DH.pod
@@ -8,7 +8,7 @@ DSA_dup_DH - create a DH structure out of DSA structure
#include <openssl/dsa.h>
- DH * DSA_dup_DH(const DSA *r);
+ DH *DSA_dup_DH(const DSA *r);
=head1 DESCRIPTION
diff --git a/doc/man3/DSA_generate_parameters.pod b/doc/man3/DSA_generate_parameters.pod
index fc05149..4e3d748 100644
--- a/doc/man3/DSA_generate_parameters.pod
+++ b/doc/man3/DSA_generate_parameters.pod
@@ -9,15 +9,16 @@ DSA_generate_parameters_ex, DSA_generate_parameters - generate DSA parameters
#include <openssl/dsa.h>
int DSA_generate_parameters_ex(DSA *dsa, int bits,
- const unsigned char *seed, int seed_len,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+ const unsigned char *seed, int seed_len,
+ int *counter_ret, unsigned long *h_ret,
+ BN_GENCB *cb);
Deprecated:
#if OPENSSL_API_COMPAT < 0x00908000L
- DSA *DSA_generate_parameters(int bits, unsigned char *seed,
- int seed_len, int *counter_ret, unsigned long *h_ret,
- void (*callback)(int, int, void *), void *cb_arg);
+ DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len,
+ int *counter_ret, unsigned long *h_ret,
+ void (*callback)(int, int, void *), void *cb_arg);
#endif
=head1 DESCRIPTION
diff --git a/doc/man3/DSA_meth_new.pod b/doc/man3/DSA_meth_new.pod
index ea251cd..cd1735c 100644
--- a/doc/man3/DSA_meth_new.pod
+++ b/doc/man3/DSA_meth_new.pod
@@ -17,50 +17,72 @@ DSA_meth_set_keygen - Routines to build up DSA methods
#include <openssl/dsa.h>
DSA_METHOD *DSA_meth_new(const char *name, int flags);
+
void DSA_meth_free(DSA_METHOD *dsam);
+
DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth);
+
const char *DSA_meth_get0_name(const DSA_METHOD *dsam);
int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name);
+
int DSA_meth_get_flags(DSA_METHOD *dsam);
int DSA_meth_set_flags(DSA_METHOD *dsam, int flags);
+
void *DSA_meth_get0_app_data(const DSA_METHOD *dsam);
int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data);
- DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
- (const unsigned char *, int, DSA *);
- int DSA_meth_set_sign(DSA_METHOD *dsam,
- DSA_SIG *(*sign) (const unsigned char *, int, DSA *));
- int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
- (DSA *, BN_CTX *, BIGNUM **, BIGNUM **);
- int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
- int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **));
- int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
- (const unsigned char *, int , DSA_SIG *, DSA *);
- int DSA_meth_set_verify(DSA_METHOD *dsam,
- int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *));
- int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
- (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
- BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
- int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
- int (*mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
- BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *mont));
- int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
- (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *mont);
- int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
- int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *mont));
+
+ DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))(const unsigned char *,
+ int, DSA *);
+ int DSA_meth_set_sign(DSA_METHOD *dsam, DSA_SIG *(*sign)(const unsigned char *,
+ int, DSA *));
+
+ int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))(DSA *, BN_CTX *,$
+ BIGNUM **, BIGNUM **);
+ int DSA_meth_set_sign_setup(DSA_METHOD *dsam, int (*sign_setup)(DSA *, BN_CTX *,
+ BIGNUM **, BIGNUM **));
+
+ int (*DSA_meth_get_verify(const DSA_METHOD *dsam))(const unsigned char *,
+ int, DSA_SIG *, DSA *);
+ int DSA_meth_set_verify(DSA_METHOD *dsam, int (*verify)(const unsigned char *,
+ int, DSA_SIG *, DSA *));
+
+ int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
+ BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont);
+ int DSA_meth_set_mod_exp(DSA_METHOD *dsam, int (*mod_exp)(DSA *dsa, BIGNUM *rr,
+ BIGNUM *a1, BIGNUM *p1,
+ BIGNUM *a2, BIGNUM *p2,
+ BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *mont));
+
+ int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *mont);
+ int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, int (*bn_mod_exp)(DSA *dsa,
+ BIGNUM *r,
+ BIGNUM *a,
+ const BIGNUM *p,
+ const BIGNUM *m,
+ BN_CTX *ctx,
+ BN_MONT_CTX *mont));
+
int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
- int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *);
- int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *));
- int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
- (DSA *, int, const unsigned char *, int, int *, unsigned long *,
- BN_GENCB *);
+
+ int (*DSA_meth_get_finish(const DSA_METHOD *dsam))(DSA *);
+ int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish)(DSA *));
+
+ int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))(DSA *, int,
+ const unsigned char *,
+ int, int *, unsigned long *,
+ BN_GENCB *);
int DSA_meth_set_paramgen(DSA_METHOD *dsam,
- int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
- unsigned long *, BN_GENCB *));
- int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *);
- int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *));
+ int (*paramgen)(DSA *, int, const unsigned char *,
+ int, int *, unsigned long *, BN_GENCB *));
+
+ int (*DSA_meth_get_keygen(const DSA_METHOD *dsam))(DSA *);
+ int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen)(DSA *));
=head1 DESCRIPTION
diff --git a/doc/man3/DSA_sign.pod b/doc/man3/DSA_sign.pod
index c7108c4..458e16a 100644
--- a/doc/man3/DSA_sign.pod
+++ b/doc/man3/DSA_sign.pod
@@ -8,13 +8,12 @@ DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures
#include <openssl/dsa.h>
- int DSA_sign(int type, const unsigned char *dgst, int len,
- unsigned char *sigret, unsigned int *siglen, DSA *dsa);
+ int DSA_sign(int type, const unsigned char *dgst, int len,
+ unsigned char *sigret, unsigned int *siglen, DSA *dsa);
- int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
- BIGNUM **rp);
+ int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, BIGNUM **rp);
- int DSA_verify(int type, const unsigned char *dgst, int len,
+ int DSA_verify(int type, const unsigned char *dgst, int len,
unsigned char *sigbuf, int siglen, DSA *dsa);
=head1 DESCRIPTION
diff --git a/doc/man3/ECDSA_SIG_new.pod b/doc/man3/ECDSA_SIG_new.pod
index 9e1f662..9d3cdce 100644
--- a/doc/man3/ECDSA_SIG_new.pod
+++ b/doc/man3/ECDSA_SIG_new.pod
@@ -136,35 +136,33 @@ named curve prime256v1 (aka P-256).
First step: create an EC_KEY object (note: this part is B<not> ECDSA
specific)
- int ret;
+ int ret;
ECDSA_SIG *sig;
- EC_KEY *eckey;
+ EC_KEY *eckey;
+
eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- if (eckey == NULL) {
- /* error */
- }
- if (EC_KEY_generate_key(eckey) == 0) {
- /* error */
- }
+ if (eckey == NULL)
+ /* error */
+ if (EC_KEY_generate_key(eckey) == 0)
+ /* error */
Second step: compute the ECDSA signature of a SHA-256 hash value
using ECDSA_do_sign():
sig = ECDSA_do_sign(digest, 32, eckey);
- if (sig == NULL) {
- /* error */
- }
+ if (sig == NULL)
+ /* error */
or using ECDSA_sign():
unsigned char *buffer, *pp;
- int buf_len;
+ int buf_len;
+
buf_len = ECDSA_size(eckey);
- buffer = OPENSSL_malloc(buf_len);
+ buffer = OPENSSL_malloc(buf_len);
pp = buffer;
- if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) {
- /* error */
- }
+ if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0)
+ /* error */
Third step: verify the created ECDSA signature using ECDSA_do_verify():
@@ -176,13 +174,12 @@ or using ECDSA_verify():
and finally evaluate the return value:
- if (ret == 1) {
- /* signature ok */
- } else if (ret == 0) {
- /* incorrect signature */
- } else {
- /* error */
- }
+ if (ret == 1)
+ /* signature ok */
+ else if (ret == 0)
+ /* incorrect signature */
+ else
+ /* error */
=head1 CONFORMING TO
diff --git a/doc/man3/EC_GROUP_copy.pod b/doc/man3/EC_GROUP_copy.pod
index fd5f58c..ee20f95 100644
--- a/doc/man3/EC_GROUP_copy.pod
+++ b/doc/man3/EC_GROUP_copy.pod
@@ -23,7 +23,8 @@ EC_GROUP_get_pentanomial_basis
const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
- int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
+ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
+ const BIGNUM *order, const BIGNUM *cofactor);
const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
@@ -56,7 +57,7 @@ EC_GROUP_get_pentanomial_basis
int EC_GROUP_get_basis_type(const EC_GROUP *);
int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
- unsigned int *k2, unsigned int *k3);
+ unsigned int *k2, unsigned int *k3);
=head1 DESCRIPTION
diff --git a/doc/man3/EC_GROUP_new.pod b/doc/man3/EC_GROUP_new.pod
index 2f658dc..e36c3cb 100644
--- a/doc/man3/EC_GROUP_new.pod
+++ b/doc/man3/EC_GROUP_new.pod
@@ -21,14 +21,20 @@ objects
void EC_GROUP_free(EC_GROUP *group);
void EC_GROUP_clear_free(EC_GROUP *group);
- EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
- EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *ctx);
+ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *ctx);
EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
- int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
- int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
- int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
- int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+ int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p,
+ const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+ int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p,
+ BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+ int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p,
+ const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+ int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p,
+ BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params)
ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params)
diff --git a/doc/man3/EC_KEY_new.pod b/doc/man3/EC_KEY_new.pod
index c040706..9d32d78 100644
--- a/doc/man3/EC_KEY_new.pod
+++ b/doc/man3/EC_KEY_new.pod
@@ -41,13 +41,11 @@ EC_KEY objects
int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
int EC_KEY_generate_key(EC_KEY *key);
int EC_KEY_check_key(const EC_KEY *key);
- int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key,
- BIGNUM *x, BIGNUM *y);
+ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y);
const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
- int EC_KEY_oct2key(EC_KEY *eckey, const unsigned char *buf, size_t len,
- BN_CTX *ctx);
+ int EC_KEY_oct2key(EC_KEY *eckey, const unsigned char *buf, size_t len, BN_CTX *ctx);
size_t EC_KEY_key2buf(const EC_KEY *eckey, point_conversion_form_t form,
unsigned char **pbuf, BN_CTX *ctx);
diff --git a/doc/man3/EC_POINT_add.pod b/doc/man3/EC_POINT_add.pod
index 6f3e230..3c047e1 100644
--- a/doc/man3/EC_POINT_add.pod
+++ b/doc/man3/EC_POINT_add.pod
@@ -8,16 +8,20 @@ EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_i
#include <openssl/ec.h>
- int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
+ int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+ const EC_POINT *b, BN_CTX *ctx);
int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx);
int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
- int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
- int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
- int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
+ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
+ EC_POINT *points[], BN_CTX *ctx);
+ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num,
+ const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
+ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
+ const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
diff --git a/doc/man3/ENGINE_add.pod b/doc/man3/ENGINE_add.pod
index c9181df..9585b00 100644
--- a/doc/man3/ENGINE_add.pod
+++ b/doc/man3/ENGINE_add.pod
@@ -115,9 +115,9 @@ ENGINE_unregister_digests
int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
- long i, void *p, void (*f)(void), int cmd_optional);
+ long i, void *p, void (*f)(void), int cmd_optional);
int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
- int cmd_optional);
+ int cmd_optional);
ENGINE *ENGINE_new(void);
int ENGINE_free(ENGINE *e);
@@ -164,9 +164,9 @@ ENGINE_unregister_digests
const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
+ UI_METHOD *ui_method, void *callback_data);
EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
+ UI_METHOD *ui_method, void *callback_data);
Deprecated:
@@ -385,17 +385,19 @@ illustrates how to approach this;
const char *engine_id = "ACME";
ENGINE_load_builtin_engines();
e = ENGINE_by_id(engine_id);
- if(!e)
+ if (!e)
/* the engine isn't available */
return;
- if(!ENGINE_init(e)) {
+ if (!ENGINE_init(e)) {
/* the engine couldn't initialise, release 'e' */
ENGINE_free(e);
return;
}
- if(!ENGINE_set_default_RSA(e))
- /* This should only happen when 'e' can't initialise, but the previous
- * statement suggests it did. */
+ if (!ENGINE_set_default_RSA(e))
+ /*
+ * This should only happen when 'e' can't initialise, but the previous
+ * statement suggests it did.
+ */
abort();
ENGINE_set_default_DSA(e);
ENGINE_set_default_ciphers(e);
@@ -474,9 +476,9 @@ boolean success or failure.
ENGINE *e = ENGINE_by_id(engine_id);
if (!e) return 0;
while (pre_num--) {
- if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
+ if (!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
- pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
+ pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
ENGINE_free(e);
return 0;
}
@@ -487,13 +489,15 @@ boolean success or failure.
ENGINE_free(e);
return 0;
}
- /* ENGINE_init() returned a functional reference, so free the structural
- * reference from ENGINE_by_id(). */
+ /*
+ * ENGINE_init() returned a functional reference, so free the structural
+ * reference from ENGINE_by_id().
+ */
ENGINE_free(e);
- while(post_num--) {
- if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
+ while (post_num--) {
+ if (!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
- post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
+ post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
ENGINE_finish(e);
return 0;
}
@@ -546,7 +550,7 @@ If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will
simply pass all these "core" control commands directly to the ENGINE's ctrl()
handler (and thus, it must have supplied one), so it is up to the ENGINE to
reply to these "discovery" commands itself. If that flag is not set, then the
-OpenSSL framework code will work with the following rules;
+OpenSSL framework code will work with the following rules:
if no ctrl() handler supplied;
ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
diff --git a/doc/man3/ERR_get_error.pod b/doc/man3/ERR_get_error.pod
index 3b223c9..a76df03 100644
--- a/doc/man3/ERR_get_error.pod
+++ b/doc/man3/ERR_get_error.pod
@@ -20,11 +20,11 @@ ERR_peek_last_error_line_data - obtain error code and data
unsigned long ERR_peek_last_error_line(const char **file, int *line);
unsigned long ERR_get_error_line_data(const char **file, int *line,
- const char **data, int *flags);
+ const char **data, int *flags);
unsigned long ERR_peek_error_line_data(const char **file, int *line,
- const char **data, int *flags);
+ const char **data, int *flags);
unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
- const char **data, int *flags);
+ const char **data, int *flags);
=head1 DESCRIPTION
diff --git a/doc/man3/ERR_load_strings.pod b/doc/man3/ERR_load_strings.pod
index ee8de2c..b82e778 100644
--- a/doc/man3/ERR_load_strings.pod
+++ b/doc/man3/ERR_load_strings.pod
@@ -23,8 +23,8 @@ B<str> is an array of error string data:
typedef struct ERR_string_data_st
{
- unsigned long error;
- char *string;
+ unsigned long error;
+ char *string;
} ERR_STRING_DATA;
The error code is generated from the library number and a function and
diff --git a/doc/man3/ERR_print_errors.pod b/doc/man3/ERR_print_errors.pod
index 134b374..f7e612f 100644
--- a/doc/man3/ERR_print_errors.pod
+++ b/doc/man3/ERR_print_errors.pod
@@ -11,8 +11,7 @@ ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb
void ERR_print_errors(BIO *bp);
void ERR_print_errors_fp(FILE *fp);
- void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
- void *u)
+ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u)
=head1 DESCRIPTION
diff --git a/doc/man3/ERR_put_error.pod b/doc/man3/ERR_put_error.pod
index 14695ba..4fba618 100644
--- a/doc/man3/ERR_put_error.pod
+++ b/doc/man3/ERR_put_error.pod
@@ -2,17 +2,16 @@
=head1 NAME
-ERR_put_error, ERR_add_error_data - record an error
+ERR_put_error, ERR_add_error_data, ERR_add_error_vdata - record an error
=head1 SYNOPSIS
#include <openssl/err.h>
- void ERR_put_error(int lib, int func, int reason, const char *file,
- int line);
+ void ERR_put_error(int lib, int func, int reason, const char *file, int line);
void ERR_add_error_data(int num, ...);
- void ERR_add_error_data(int num, va_list arg);
+ void ERR_add_error_vdata(int num, va_list arg);
=head1 DESCRIPTION
diff --git a/doc/man3/EVP_CIPHER_meth_new.pod b/doc/man3/EVP_CIPHER_meth_new.pod
index 6190b71..f8478e3 100644
--- a/doc/man3/EVP_CIPHER_meth_new.pod
+++ b/doc/man3/EVP_CIPHER_meth_new.pod
@@ -24,26 +24,26 @@ EVP_CIPHER_meth_get_ctrl - Routines to build up EVP_CIPHER methods
int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size);
int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
- int (*init) (EVP_CIPHER_CTX *ctx,
- const unsigned char *key,
- const unsigned char *iv,
- int enc));
+ int (*init)(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv,
+ int enc));
int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
- int (*do_cipher) (EVP_CIPHER_CTX *ctx,
- unsigned char *out,
- const unsigned char *in,
- size_t inl));
+ int (*do_cipher)(EVP_CIPHER_CTX *ctx,
+ unsigned char *out,
+ const unsigned char *in,
+ size_t inl));
int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
- int (*cleanup) (EVP_CIPHER_CTX *));
+ int (*cleanup)(EVP_CIPHER_CTX *));
int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
- int (*set_asn1_parameters) (EVP_CIPHER_CTX *,
- ASN1_TYPE *));
+ int (*set_asn1_parameters)(EVP_CIPHER_CTX *,
+ ASN1_TYPE *));
int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
- int (*get_asn1_parameters) (EVP_CIPHER_CTX *,
- ASN1_TYPE *));
+ int (*get_asn1_parameters)(EVP_CIPHER_CTX *,
+ ASN1_TYPE *));
int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
- int (*ctrl) (EVP_CIPHER_CTX *, int type,
- int arg, void *ptr));
+ int (*ctrl)(EVP_CIPHER_CTX *, int type,
+ int arg, void *ptr));
int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
@@ -57,7 +57,7 @@ EVP_CIPHER_meth_get_ctrl - Routines to build up EVP_CIPHER methods
int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
ASN1_TYPE *);
int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
- ASN1_TYPE *);
+ ASN1_TYPE *);
int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
int type, int arg,
void *ptr);
diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod
index 7d283fa..d0bb337 100644
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@@ -22,14 +22,12 @@ EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
- int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
- unsigned int *s);
+ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
- int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
- unsigned int *s);
+ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in);
@@ -203,37 +201,37 @@ digest name passed on the command line.
main(int argc, char *argv[])
{
- EVP_MD_CTX *mdctx;
- const EVP_MD *md;
- char mess1[] = "Test Message\n";
- char mess2[] = "Hello World\n";
- unsigned char md_value[EVP_MAX_MD_SIZE];
- int md_len, i;
-
- if (argv[1] == NULL) {
- printf("Usage: mdtest digestname\n");
- exit(1);
- }
-
- md = EVP_get_digestbyname(argv[1]);
- if (md == NULL) {
- printf("Unknown message digest %s\n", argv[1]);
- exit(1);
- }
-
- mdctx = EVP_MD_CTX_new();
- EVP_DigestInit_ex(mdctx, md, NULL);
- EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
- EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
- EVP_DigestFinal_ex(mdctx, md_value, &md_len);
- EVP_MD_CTX_free(mdctx);
-
- printf("Digest is: ");
- for (i = 0; i < md_len; i++)
- printf("%02x", md_value[i]);
- printf("\n");
-
- exit(0);
+ EVP_MD_CTX *mdctx;
+ const EVP_MD *md;
+ char mess1[] = "Test Message\n";
+ char mess2[] = "Hello World\n";
+ unsigned char md_value[EVP_MAX_MD_SIZE];
+ int md_len, i;
+
+ if (argv[1] == NULL) {
+ printf("Usage: mdtest digestname\n");
+ exit(1);
+ }
+
+ md = EVP_get_digestbyname(argv[1]);
+ if (md == NULL) {
+ printf("Unknown message digest %s\n", argv[1]);
+ exit(1);
+ }
+
+ mdctx = EVP_MD_CTX_new();
+ EVP_DigestInit_ex(mdctx, md, NULL);
+ EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
+ EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
+ EVP_DigestFinal_ex(mdctx, md_value, &md_len);
+ EVP_MD_CTX_free(mdctx);
+
+ printf("Digest is: ");
+ for (i = 0; i < md_len; i++)
+ printf("%02x", md_value[i]);
+ printf("\n");
+
+ exit(0);
}
=head1 SEE ALSO
diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod
index c48b559..a1f0473 100644
--- a/doc/man3/EVP_DigestVerifyInit.pod
+++ b/doc/man3/EVP_DigestVerifyInit.pod
@@ -10,7 +10,7 @@ EVP_DigestVerify - EVP signature verification functions
#include <openssl/evp.h>
int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+ const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen);
diff --git a/doc/man3/EVP_EncodeInit.pod b/doc/man3/EVP_EncodeInit.pod
index 55a17be..8055b10 100644
--- a/doc/man3/EVP_EncodeInit.pod
+++ b/doc/man3/EVP_EncodeInit.pod
@@ -24,8 +24,7 @@ EVP_DecodeBlock - EVP base 64 encode/decode routines
void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl);
- int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
- char *out, int *outl);
+ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
=head1 DESCRIPTION
diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index 012acfd..46e6a57 100644
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -45,40 +45,34 @@ EVP_chacha20, EVP_chacha20_poly1305 - EVP cipher routines
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- ENGINE *impl, unsigned char *key, unsigned char *iv);
+ ENGINE *impl, unsigned char *key, unsigned char *iv);
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, unsigned char *in, int inl);
- int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl);
+ int *outl, unsigned char *in, int inl);
+ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- ENGINE *impl, unsigned char *key, unsigned char *iv);
+ ENGINE *impl, unsigned char *key, unsigned char *iv);
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, unsigned char *in, int inl);
- int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
- int *outl);
+ int *outl, unsigned char *in, int inl);
+ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- ENGINE *impl, unsigned char *key, unsigned char *iv, int enc);
+ ENGINE *impl, unsigned char *key, unsigned char *iv, int enc);
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, unsigned char *in, int inl);
- int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
- int *outl);
+ int *outl, unsigned char *in, int inl);
+ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- unsigned char *key, unsigned char *iv);
- int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl);
+ unsigned char *key, unsigned char *iv);
+ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- unsigned char *key, unsigned char *iv);
- int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
- int *outl);
+ unsigned char *key, unsigned char *iv);
+ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- unsigned char *key, unsigned char *iv, int enc);
- int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
- int *outl);
+ unsigned char *key, unsigned char *iv, int enc);
+ int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
@@ -540,101 +534,101 @@ for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode.
Encrypt a string using IDEA:
int do_crypt(char *outfile)
- {
- unsigned char outbuf[1024];
- int outlen, tmplen;
- /* Bogus key and IV: we'd normally set these from
- * another source.
- */
- unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
- unsigned char iv[] = {1,2,3,4,5,6,7,8};
- char intext[] = "Some Crypto Text";
- EVP_CIPHER_CTX *ctx;
- FILE *out;
-
- ctx = EVP_CIPHER_CTX_new();
- EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv);
-
- if(!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext)))
- {
- /* Error */
- return 0;
- }
- /* Buffer passed to EVP_EncryptFinal() must be after data just
- * encrypted to avoid overwriting it.
- */
- if(!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen))
- {
- /* Error */
- return 0;
- }
- outlen += tmplen;
- EVP_CIPHER_CTX_free(ctx);
- /* Need binary mode for fopen because encrypted data is
- * binary data. Also cannot use strlen() on it because
- * it won't be null terminated and may contain embedded
- * nulls.
- */
- out = fopen(outfile, "wb");
- fwrite(outbuf, 1, outlen, out);
- fclose(out);
- return 1;
- }
+ {
+ unsigned char outbuf[1024];
+ int outlen, tmplen;
+ /*
+ * Bogus key and IV: we'd normally set these from
+ * another source.
+ */
+ unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
+ unsigned char iv[] = {1,2,3,4,5,6,7,8};
+ char intext[] = "Some Crypto Text";
+ EVP_CIPHER_CTX *ctx;
+ FILE *out;
+
+ ctx = EVP_CIPHER_CTX_new();
+ EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv);
+
+ if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) {
+ /* Error */
+ return 0;
+ }
+ /*
+ * Buffer passed to EVP_EncryptFinal() must be after data just
+ * encrypted to avoid overwriting it.
+ */
+ if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) {
+ /* Error */
+ return 0;
+ }
+ outlen += tmplen;
+ EVP_CIPHER_CTX_free(ctx);
+ /*
+ * Need binary mode for fopen because encrypted data is
+ * binary data. Also cannot use strlen() on it because
+ * it won't be NUL terminated and may contain embedded
+ * NULs.
+ */
+ out = fopen(outfile, "wb");
+ fwrite(outbuf, 1, outlen, out);
+ fclose(out);
+ return 1;
+ }
The ciphertext from the above example can be decrypted using the B<openssl>
utility with the command line (shown on two lines for clarity):
- openssl idea -d <filename
- -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708
+ openssl idea -d \
+ -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 <filename
General encryption and decryption function example using FILE I/O and AES128
with a 128-bit key:
int do_crypt(FILE *in, FILE *out, int do_encrypt)
- {
- /* Allow enough space in output buffer for additional block */
- unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
- int inlen, outlen;
- EVP_CIPHER_CTX *ctx;
- /* Bogus key and IV: we'd normally set these from
- * another source.
- */
- unsigned char key[] = "0123456789abcdeF";
- unsigned char iv[] = "1234567887654321";
-
- /* Don't set key or IV right away; we want to check lengths */
- ctx = EVP_CIPHER_CTX_new();
- EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
- do_encrypt);
- OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
- OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
-
- /* Now we can set key and IV */
- EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt);
-
- for(;;)
- {
- inlen = fread(inbuf, 1, 1024, in);
- if (inlen <= 0) break;
- if(!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen))
- {
- /* Error */
- EVP_CIPHER_CTX_free(ctx);
- return 0;
- }
- fwrite(outbuf, 1, outlen, out);
- }
- if(!EVP_CipherFinal_ex(ctx, outbuf, &outlen))
- {
- /* Error */
- EVP_CIPHER_CTX_free(ctx);
- return 0;
- }
- fwrite(outbuf, 1, outlen, out);
-
- EVP_CIPHER_CTX_free(ctx);
- return 1;
- }
+ {
+ /* Allow enough space in output buffer for additional block */
+ unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
+ int inlen, outlen;
+ EVP_CIPHER_CTX *ctx;
+ /*
+ * Bogus key and IV: we'd normally set these from
+ * another source.
+ */
+ unsigned char key[] = "0123456789abcdeF";
+ unsigned char iv[] = "1234567887654321";
+
+ /* Don't set key or IV right away; we want to check lengths */
+ ctx = EVP_CIPHER_CTX_new();
+ EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
+ do_encrypt);
+ OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
+ OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
+
+ /* Now we can set key and IV */
+ EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt);
+
+ for (;;) {
+ inlen = fread(inbuf, 1, 1024, in);
+ if (inlen <= 0)
+ break;
+ if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen)) {
+ /* Error */
+ EVP_CIPHER_CTX_free(ctx);
+ return 0;
+ }
+ fwrite(outbuf, 1, outlen, out);
+ }
+ if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) {
+ /* Error */
+ EVP_CIPHER_CTX_free(ctx);
+ return 0;
+ }
+ fwrite(outbuf, 1, outlen, out);
+
+ EVP_CIPHER_CTX_free(ctx);
+ return 1;
+ }
=head1 SEE ALSO
diff --git a/doc/man3/EVP_OpenInit.pod b/doc/man3/EVP_OpenInit.pod
index 3b6fd1a..61b4307 100644
--- a/doc/man3/EVP_OpenInit.pod
+++ b/doc/man3/EVP_OpenInit.pod
@@ -9,11 +9,10 @@ EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption
#include <openssl/evp.h>
int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek,
- int ekl, unsigned char *iv, EVP_PKEY *priv);
+ int ekl, unsigned char *iv, EVP_PKEY *priv);
int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, unsigned char *in, int inl);
- int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl);
+ int *outl, unsigned char *in, int inl);
+ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
=head1 DESCRIPTION
diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
index 0e043f1..5c8df6d 100644
--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod
+++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod
@@ -16,9 +16,9 @@ EVP_PKEY_CTX_set_ec_param_enc - algorithm specific control operations
#include <openssl/evp.h>
int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
- int cmd, int p1, void *p2);
+ int cmd, int p1, void *p2);
int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
- const char *value);
+ const char *value);
#include <openssl/rsa.h>
diff --git a/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod b/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod
index 1115e13..12843d0 100644
--- a/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod
+++ b/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod
@@ -132,17 +132,17 @@ salt value "salt" and info value "label":
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
if (EVP_PKEY_derive_init(pctx) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 6) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
- /* Error */
+ /* Error */
=head1 CONFORMING TO
diff --git a/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod b/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod
index 8aa2152..30e50bc 100644
--- a/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod
+++ b/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod
@@ -78,17 +78,18 @@ and seed value "seed":
EVP_PKEY_CTX *pctx;
unsigned char out[10];
size_t outlen = sizeof(out);
+
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
if (EVP_PKEY_derive_init(pctx) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
- /* Error */
+ /* Error */
=head1 SEE ALSO
diff --git a/doc/man3/EVP_PKEY_decrypt.pod b/doc/man3/EVP_PKEY_decrypt.pod
index ca732ed..07eaa04 100644
--- a/doc/man3/EVP_PKEY_decrypt.pod
+++ b/doc/man3/EVP_PKEY_decrypt.pod
@@ -10,8 +10,8 @@ EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm
int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
- unsigned char *out, size_t *outlen,
- const unsigned char *in, size_t inlen);
+ unsigned char *out, size_t *outlen,
+ const unsigned char *in, size_t inlen);
=head1 DESCRIPTION
@@ -52,28 +52,30 @@ Decrypt data using OAEP (for RSA keys):
unsigned char *out, *in;
size_t outlen, inlen;
EVP_PKEY *key;
- /* NB: assumes key in, inlen are already set up
+
+ /*
+ * NB: assumes key in, inlen are already set up
* and that key is an RSA private key
*/
ctx = EVP_PKEY_CTX_new(key);
if (!ctx)
- /* Error occurred */
+ /* Error occurred */
if (EVP_PKEY_decrypt_init(ctx) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
- /* Error */
+ /* Error */
/* Determine buffer length */
if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
- /* Error */
+ /* Error */
out = OPENSSL_malloc(outlen);
if (!out)
- /* malloc failure */
+ /* malloc failure */
if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
- /* Error */
+ /* Error */
/* Decrypted data is outlen bytes written to buffer out */
diff --git a/doc/man3/EVP_PKEY_derive.pod b/doc/man3/EVP_PKEY_derive.pod
index f70a0b8..3ee6bb3 100644
--- a/doc/man3/EVP_PKEY_derive.pod
+++ b/doc/man3/EVP_PKEY_derive.pod
@@ -57,23 +57,23 @@ Derive shared secret (for example DH or EC keys):
ctx = EVP_PKEY_CTX_new(pkey);
if (!ctx)
- /* Error occurred */
+ /* Error occurred */
if (EVP_PKEY_derive_init(ctx) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0)
- /* Error */
+ /* Error */
/* Determine buffer length */
if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0)
- /* Error */
+ /* Error */
skey = OPENSSL_malloc(skeylen);
if (!skey)
- /* malloc failure */
+ /* malloc failure */
if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
- /* Error */
+ /* Error */
/* Shared secret is skey bytes written to buffer skey */
diff --git a/doc/man3/EVP_PKEY_encrypt.pod b/doc/man3/EVP_PKEY_encrypt.pod
index 24a0b0a..4e9a34e 100644
--- a/doc/man3/EVP_PKEY_encrypt.pod
+++ b/doc/man3/EVP_PKEY_encrypt.pod
@@ -10,8 +10,8 @@ EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm
int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
- unsigned char *out, size_t *outlen,
- const unsigned char *in, size_t inlen);
+ unsigned char *out, size_t *outlen,
+ const unsigned char *in, size_t inlen);
=head1 DESCRIPTION
@@ -56,28 +56,30 @@ set 'eng = NULL;' to start with the default OpenSSL RSA implementation:
unsigned char *out, *in;
size_t outlen, inlen;
EVP_PKEY *key;
- /* NB: assumes eng, key, in, inlen are already set up,
+
+ /*
+ * NB: assumes eng, key, in, inlen are already set up,
* and that key is an RSA public key
*/
ctx = EVP_PKEY_CTX_new(key, eng);
if (!ctx)
- /* Error occurred */
+ /* Error occurred */
if (EVP_PKEY_encrypt_init(ctx) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
- /* Error */
+ /* Error */
/* Determine buffer length */
if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0)
- /* Error */
+ /* Error */
out = OPENSSL_malloc(outlen);
if (!out)
- /* malloc failure */
+ /* malloc failure */
if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
- /* Error */
+ /* Error */
/* Encrypted data is outlen bytes written to buffer out */
diff --git a/doc/man3/EVP_PKEY_keygen.pod b/doc/man3/EVP_PKEY_keygen.pod
index ed4a3e1..b7f2128 100644
--- a/doc/man3/EVP_PKEY_keygen.pod
+++ b/doc/man3/EVP_PKEY_keygen.pod
@@ -98,17 +98,18 @@ Generate a 2048 bit RSA key:
EVP_PKEY_CTX *ctx;
EVP_PKEY *pkey = NULL;
+
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
if (!ctx)
- /* Error occurred */
+ /* Error occurred */
if (EVP_PKEY_keygen_init(ctx) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
- /* Error */
+ /* Error */
/* Generate key */
if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
- /* Error */
+ /* Error */
Generate a key from a set of parameters:
@@ -117,16 +118,17 @@ Generate a key from a set of parameters:
EVP_PKEY_CTX *ctx;
EVP_PKEY *pkey = NULL, *param;
+
/* Assumed param is set up already */
ctx = EVP_PKEY_CTX_new(param);
if (!ctx)
- /* Error occurred */
+ /* Error occurred */
if (EVP_PKEY_keygen_init(ctx) <= 0)
- /* Error */
+ /* Error */
/* Generate key */
if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
- /* Error */
+ /* Error */
Example of generation callback for OpenSSL public key implementations:
@@ -135,19 +137,23 @@ Example of generation callback for OpenSSL public key implementations:
EVP_PKEY_CTX_set_app_data(ctx, status_bio);
static int genpkey_cb(EVP_PKEY_CTX *ctx)
- {
- char c = '*';
- BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
- int p;
- p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
- if (p == 0) c = '.';
- if (p == 1) c = '+';
- if (p == 2) c = '*';
- if (p == 3) c = '\n';
- BIO_write(b, &c, 1);
- (void)BIO_flush(b);
- return 1;
- }
+ {
+ char c = '*';
+ BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+ int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+
+ if (p == 0)
+ c = '.';
+ if (p == 1)
+ c = '+';
+ if (p == 2)
+ c = '*';
+ if (p == 3)
+ c = '\n';
+ BIO_write(b, &c, 1);
+ (void)BIO_flush(b);
+ return 1;
+ }
=head1 SEE ALSO
diff --git a/doc/man3/EVP_PKEY_print_private.pod b/doc/man3/EVP_PKEY_print_private.pod
index 9f1d324..d652819 100644
--- a/doc/man3/EVP_PKEY_print_private.pod
+++ b/doc/man3/EVP_PKEY_print_private.pod
@@ -9,11 +9,11 @@ EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public ke
#include <openssl/evp.h>
int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
- int indent, ASN1_PCTX *pctx);
+ int indent, ASN1_PCTX *pctx);
int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
- int indent, ASN1_PCTX *pctx);
+ int indent, ASN1_PCTX *pctx);
int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
- int indent, ASN1_PCTX *pctx);
+ int indent, ASN1_PCTX *pctx);
=head1 DESCRIPTION
diff --git a/doc/man3/EVP_PKEY_sign.pod b/doc/man3/EVP_PKEY_sign.pod
index 9b3c8d4..bdebf0b 100644
--- a/doc/man3/EVP_PKEY_sign.pod
+++ b/doc/man3/EVP_PKEY_sign.pod
@@ -10,8 +10,8 @@ EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm
int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
- unsigned char *sig, size_t *siglen,
- const unsigned char *tbs, size_t tbslen);
+ unsigned char *sig, size_t *siglen,
+ const unsigned char *tbs, size_t tbslen);
=head1 DESCRIPTION
@@ -66,25 +66,25 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest:
*/
ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */);
if (!ctx)
- /* Error occurred */
+ /* Error occurred */
if (EVP_PKEY_sign_init(ctx) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
- /* Error */
+ /* Error */
/* Determine buffer length */
if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0)
- /* Error */
+ /* Error */
sig = OPENSSL_malloc(siglen);
if (!sig)
- /* malloc failure */
+ /* malloc failure */
if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
- /* Error */
+ /* Error */
/* Signature is siglen bytes written to buffer sig */
diff --git a/doc/man3/EVP_PKEY_verify.pod b/doc/man3/EVP_PKEY_verify.pod
index e84f880..5c41692 100644
--- a/doc/man3/EVP_PKEY_verify.pod
+++ b/doc/man3/EVP_PKEY_verify.pod
@@ -10,8 +10,8 @@ EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public ke
int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
- const unsigned char *sig, size_t siglen,
- const unsigned char *tbs, size_t tbslen);
+ const unsigned char *sig, size_t siglen,
+ const unsigned char *tbs, size_t tbslen);
=head1 DESCRIPTION
@@ -55,23 +55,26 @@ Verify signature using PKCS#1 and SHA256 digest:
unsigned char *md, *sig;
size_t mdlen, siglen;
EVP_PKEY *verify_key;
- /* NB: assumes verify_key, sig, siglen md and mdlen are already set up
+
+ /*
+ * NB: assumes verify_key, sig, siglen md and mdlen are already set up
* and that verify_key is an RSA public key
*/
ctx = EVP_PKEY_CTX_new(verify_key);
if (!ctx)
- /* Error occurred */
+ /* Error occurred */
if (EVP_PKEY_verify_init(ctx) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
- /* Error */
+ /* Error */
/* Perform operation */
ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
- /* ret == 1 indicates success, 0 verify failure and < 0 for some
+ /*
+ * ret == 1 indicates success, 0 verify failure and < 0 for some
* other error.
*/
diff --git a/doc/man3/EVP_PKEY_verify_recover.pod b/doc/man3/EVP_PKEY_verify_recover.pod
index 837bc64..830ec03 100644
--- a/doc/man3/EVP_PKEY_verify_recover.pod
+++ b/doc/man3/EVP_PKEY_verify_recover.pod
@@ -10,8 +10,8 @@ EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using
int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
- unsigned char *rout, size_t *routlen,
- const unsigned char *sig, size_t siglen);
+ unsigned char *rout, size_t *routlen,
+ const unsigned char *sig, size_t siglen);
=head1 DESCRIPTION
@@ -60,30 +60,32 @@ Recover digest originally signed using PKCS#1 and SHA256 digest:
unsigned char *rout, *sig;
size_t routlen, siglen;
EVP_PKEY *verify_key;
- /* NB: assumes verify_key, sig and siglen are already set up
+
+ /*
+ * NB: assumes verify_key, sig and siglen are already set up
* and that verify_key is an RSA public key
*/
ctx = EVP_PKEY_CTX_new(verify_key);
if (!ctx)
- /* Error occurred */
+ /* Error occurred */
if (EVP_PKEY_verify_recover_init(ctx) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
- /* Error */
+ /* Error */
if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
- /* Error */
+ /* Error */
/* Determine buffer length */
if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
- /* Error */
+ /* Error */
rout = OPENSSL_malloc(routlen);
if (!rout)
- /* malloc failure */
+ /* malloc failure */
if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
- /* Error */
+ /* Error */
/* Recovered data is routlen bytes written to buffer rout */
diff --git a/doc/man3/EVP_SealInit.pod b/doc/man3/EVP_SealInit.pod
index fda0102..29d89c3 100644
--- a/doc/man3/EVP_SealInit.pod
+++ b/doc/man3/EVP_SealInit.pod
@@ -12,9 +12,8 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
unsigned char **ek, int *ekl, unsigned char *iv,
EVP_PKEY **pubk, int npubk);
int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, unsigned char *in, int inl);
- int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl);
+ int *outl, unsigned char *in, int inl);
+ int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
=head1 DESCRIPTION
diff --git a/doc/man3/EVP_VerifyInit.pod b/doc/man3/EVP_VerifyInit.pod
index ffb6f14..ad8a8c0 100644
--- a/doc/man3/EVP_VerifyInit.pod
+++ b/doc/man3/EVP_VerifyInit.pod
@@ -12,7 +12,8 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal
int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
- int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey);
+ int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen,
+ EVP_PKEY *pkey);
int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
diff --git a/doc/man3/HMAC.pod b/doc/man3/HMAC.pod
index ad7aaeb..8cc3df9 100644
--- a/doc/man3/HMAC.pod
+++ b/doc/man3/HMAC.pod
@@ -21,14 +21,14 @@ HMAC_size
#include <openssl/hmac.h>
unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
- int key_len, const unsigned char *d, int n,
- unsigned char *md, unsigned int *md_len);
+ int key_len, const unsigned char *d, int n,
+ unsigned char *md, unsigned int *md_len);
HMAC_CTX *HMAC_CTX_new(void);
int HMAC_CTX_reset(HMAC_CTX *ctx);
int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
- const EVP_MD *md, ENGINE *impl);
+ const EVP_MD *md, ENGINE *impl);
int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
diff --git a/doc/man3/MD5.pod b/doc/man3/MD5.pod
index 78da750..83547f2 100644
--- a/doc/man3/MD5.pod
+++ b/doc/man3/MD5.pod
@@ -9,34 +9,28 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions
#include <openssl/md2.h>
- unsigned char *MD2(const unsigned char *d, unsigned long n,
- unsigned char *md);
+ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md);
int MD2_Init(MD2_CTX *c);
- int MD2_Update(MD2_CTX *c, const unsigned char *data,
- unsigned long len);
+ int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len);
int MD2_Final(unsigned char *md, MD2_CTX *c);
#include <openssl/md4.h>
- unsigned char *MD4(const unsigned char *d, unsigned long n,
- unsigned char *md);
+ unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md);
int MD4_Init(MD4_CTX *c);
- int MD4_Update(MD4_CTX *c, const void *data,
- unsigned long len);
+ int MD4_Update(MD4_CTX *c, const void *data, unsigned long len);
int MD4_Final(unsigned char *md, MD4_CTX *c);
#include <openssl/md5.h>
- unsigned char *MD5(const unsigned char *d, unsigned long n,
- unsigned char *md);
+ unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md);
int MD5_Init(MD5_CTX *c);
- int MD5_Update(MD5_CTX *c, const void *data,
- unsigned long len);
+ int MD5_Update(MD5_CTX *c, const void *data, unsigned long len);
int MD5_Final(unsigned char *md, MD5_CTX *c);
=head1 DESCRIPTION
diff --git a/doc/man3/MDC2_Init.pod b/doc/man3/MDC2_Init.pod
index f7db71b..fb8d25a 100644
--- a/doc/man3/MDC2_Init.pod
+++ b/doc/man3/MDC2_Init.pod
@@ -9,11 +9,11 @@ MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function
#include <openssl/mdc2.h>
unsigned char *MDC2(const unsigned char *d, unsigned long n,
- unsigned char *md);
+ unsigned char *md);
int MDC2_Init(MDC2_CTX *c);
int MDC2_Update(MDC2_CTX *c, const unsigned char *data,
- unsigned long len);
+ unsigned long len);
int MDC2_Final(unsigned char *md, MDC2_CTX *c);
=head1 DESCRIPTION
diff --git a/doc/man3/OBJ_nid2obj.pod b/doc/man3/OBJ_nid2obj.pod
index 3ada667..5c628f5 100644
--- a/doc/man3/OBJ_nid2obj.pod
+++ b/doc/man3/OBJ_nid2obj.pod
@@ -137,22 +137,17 @@ The latter cannot be constant because it needs to be freed after use.
Create an object for B<commonName>:
- ASN1_OBJECT *o;
- o = OBJ_nid2obj(NID_commonName);
+ ASN1_OBJECT *o = OBJ_nid2obj(NID_commonName);
Check if an object is B<commonName>
if (OBJ_obj2nid(obj) == NID_commonName)
- /* Do something */
+ /* Do something */
Create a new NID and initialize an object from it:
- int new_nid;
- ASN1_OBJECT *obj;
-
- new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
-
- obj = OBJ_nid2obj(new_nid);
+ int new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
+ ASN1_OBJECT *obj = OBJ_nid2obj(new_nid);
Create a new object directly:
diff --git a/doc/man3/OCSP_REQUEST_new.pod b/doc/man3/OCSP_REQUEST_new.pod
index becdd45..a382b16 100644
--- a/doc/man3/OCSP_REQUEST_new.pod
+++ b/doc/man3/OCSP_REQUEST_new.pod
@@ -93,7 +93,7 @@ B<issuer>:
if (OCSP_REQUEST_add0_id(req, cid) == NULL)
/* error */
- /* Do something with req, e.g. query responder */
+ /* Do something with req, e.g. query responder */
OCSP_REQUEST_free(req);
diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod
index afcdb55..39f9047 100644
--- a/doc/man3/OPENSSL_malloc.pod
+++ b/doc/man3/OPENSSL_malloc.pod
@@ -49,7 +49,8 @@ OPENSSL_MALLOC_FD
void CRYPTO_free(void *str, const char *, int)
char *CRYPTO_strdup(const char *p, const char *file, int line)
char *CRYPTO_strndup(const char *p, size_t num, const char *file, int line)
- void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num, const char *file, int line)
+ void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num,
+ const char *file, int line)
void CRYPTO_clear_free(void *str, size_t num, const char *, int)
void CRYPTO_get_mem_functions(
diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod
index fbfe975..5fb14e9 100644
--- a/doc/man3/PEM_read_bio_PrivateKey.pod
+++ b/doc/man3/PEM_read_bio_PrivateKey.pod
@@ -305,44 +305,41 @@ most of them are set to 0 or NULL.
Read a certificate in PEM format from a BIO:
X509 *x;
+
x = PEM_read_bio_X509(bp, NULL, 0, NULL);
- if (x == NULL) {
+ if (x == NULL)
/* Error */
- }
Alternative method:
X509 *x = NULL;
- if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
+
+ if (!PEM_read_bio_X509(bp, &x, 0, NULL))
/* Error */
- }
Write a certificate to a BIO:
- if (!PEM_write_bio_X509(bp, x)) {
+ if (!PEM_write_bio_X509(bp, x))
/* Error */
- }
Write a private key (using traditional format) to a BIO using
triple DES encryption, the pass phrase is prompted for:
- if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) {
+ if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL))
/* Error */
- }
Write a private key (using PKCS#8 format) to a BIO using triple
DES encryption, using the pass phrase "hello":
- if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello")) {
+ if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
+ NULL, 0, 0, "hello"))
/* Error */
- }
Read a private key from a BIO using a pass phrase callback:
key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
- if (key == NULL) {
+ if (key == NULL)
/* Error */
- }
Skeleton pass phrase callback:
@@ -382,6 +379,7 @@ A frequent cause of problems is attempting to use the PEM routines like
this:
X509 *x;
+
PEM_read_bio_X509(bp, &x, 0, NULL);
this is a bug because an attempt will be made to reuse the data at B<x>
@@ -432,9 +430,8 @@ The pseudo code to derive the key would look similar to:
memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv);
rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/);
- if (rc != nkey) {
+ if (rc != nkey)
/* Error */
- }
/* On success, use key and iv to initialize the cipher */
diff --git a/doc/man3/PKCS12_newpass.pod b/doc/man3/PKCS12_newpass.pod
index 6b22fd7..58207f5 100644
--- a/doc/man3/PKCS12_newpass.pod
+++ b/doc/man3/PKCS12_newpass.pod
@@ -47,38 +47,39 @@ the result to a new file.
int main(int argc, char **argv)
{
- FILE *fp;
- PKCS12 *p12;
- if (argc != 5) {
- fprintf(stderr, "Usage: pkread p12file password newpass opfile\n");
- return 1;
- }
- if ((fp = fopen(argv[1], "rb")) == NULL) {
- fprintf(stderr, "Error opening file %s\n", argv[1]);
- return 1;
- }
- p12 = d2i_PKCS12_fp(fp, NULL);
- fclose(fp);
- if (p12 == NULL) {
- fprintf(stderr, "Error reading PKCS#12 file\n");
- ERR_print_errors_fp(stderr);
- return 1;
- }
- if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) {
- fprintf(stderr, "Error changing password\n");
- ERR_print_errors_fp(stderr);
- PKCS12_free(p12);
- return 1;
- }
- if ((fp = fopen(argv[4], "wb")) == NULL) {
- fprintf(stderr, "Error opening file %s\n", argv[4]);
- PKCS12_free(p12);
- return 1;
- }
- i2d_PKCS12_fp(fp, p12);
- PKCS12_free(p12);
- fclose(fp);
- return 0;
+ FILE *fp;
+ PKCS12 *p12;
+
+ if (argc != 5) {
+ fprintf(stderr, "Usage: pkread p12file password newpass opfile\n");
+ return 1;
+ }
+ if ((fp = fopen(argv[1], "rb")) == NULL) {
+ fprintf(stderr, "Error opening file %s\n", argv[1]);
+ return 1;
+ }
+ p12 = d2i_PKCS12_fp(fp, NULL);
+ fclose(fp);
+ if (p12 == NULL) {
+ fprintf(stderr, "Error reading PKCS#12 file\n");
+ ERR_print_errors_fp(stderr);
+ return 1;
+ }
+ if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) {
+ fprintf(stderr, "Error changing password\n");
+ ERR_print_errors_fp(stderr);
+ PKCS12_free(p12);
+ return 1;
+ }
+ if ((fp = fopen(argv[4], "wb")) == NULL) {
+ fprintf(stderr, "Error opening file %s\n", argv[4]);
+ PKCS12_free(p12);
+ return 1;
+ }
+ i2d_PKCS12_fp(fp, p12);
+ PKCS12_free(p12);
+ fclose(fp);
+ return 0;
}
diff --git a/doc/man3/PKCS5_PBKDF2_HMAC.pod b/doc/man3/PKCS5_PBKDF2_HMAC.pod
index 5217b19..e5d1689 100644
--- a/doc/man3/PKCS5_PBKDF2_HMAC.pod
+++ b/doc/man3/PKCS5_PBKDF2_HMAC.pod
@@ -13,9 +13,9 @@ PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 - password based derivation routines w
const EVP_MD *digest,
int keylen, unsigned char *out);
-int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
- const unsigned char *salt, int saltlen, int iter,
- int keylen, unsigned char *out);
+ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+ const unsigned char *salt, int saltlen, int iter,
+ int keylen, unsigned char *out);
=head1 DESCRIPTION
diff --git a/doc/man3/PKCS7_encrypt.pod b/doc/man3/PKCS7_encrypt.pod
index 4e1afc9..9895a1f 100644
--- a/doc/man3/PKCS7_encrypt.pod
+++ b/doc/man3/PKCS7_encrypt.pod
@@ -8,7 +8,8 @@ PKCS7_encrypt - create a PKCS#7 envelopedData structure
#include <openssl/pkcs7.h>
- PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
+ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
+ int flags);
=head1 DESCRIPTION
diff --git a/doc/man3/PKCS7_sign.pod b/doc/man3/PKCS7_sign.pod
index b5a52da..567d7db 100644
--- a/doc/man3/PKCS7_sign.pod
+++ b/doc/man3/PKCS7_sign.pod
@@ -8,7 +8,8 @@ PKCS7_sign - create a PKCS#7 signedData structure
#include <openssl/pkcs7.h>
- PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
+ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+ BIO *data, int flags);
=head1 DESCRIPTION
@@ -65,7 +66,6 @@ way data can be signed in a single pass.
If the B<PKCS7_PARTIAL> flag is set a partial B<PKCS7> structure is output to
which additional signers and capabilities can be added before finalization.
-
=head1 NOTES
If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not>
diff --git a/doc/man3/PKCS7_sign_add_signer.pod b/doc/man3/PKCS7_sign_add_signer.pod
index c2a06e7..048a948 100644
--- a/doc/man3/PKCS7_sign_add_signer.pod
+++ b/doc/man3/PKCS7_sign_add_signer.pod
@@ -8,7 +8,8 @@ PKCS7_sign_add_signer - add a signer PKCS7 signed data structure
#include <openssl/pkcs7.h>
- PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, int flags);
+ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
+ EVP_PKEY *pkey, const EVP_MD *md, int flags);
=head1 DESCRIPTION
diff --git a/doc/man3/PKCS7_verify.pod b/doc/man3/PKCS7_verify.pod
index c34808e..ebcdde0 100644
--- a/doc/man3/PKCS7_verify.pod
+++ b/doc/man3/PKCS7_verify.pod
@@ -8,7 +8,8 @@ PKCS7_verify, PKCS7_get0_signers - verify a PKCS#7 signedData structure
#include <openssl/pkcs7.h>
- int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+ BIO *indata, BIO *out, int flags);
STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
diff --git a/doc/man3/RAND_set_rand_method.pod b/doc/man3/RAND_set_rand_method.pod
index 02a8e02..7ebb72c 100644
--- a/doc/man3/RAND_set_rand_method.pod
+++ b/doc/man3/RAND_set_rand_method.pod
@@ -37,12 +37,12 @@ API is being used, so this function is no longer recommended.
typedef struct rand_meth_st
{
- void (*seed)(const void *buf, int num);
- int (*bytes)(unsigned char *buf, int num);
- void (*cleanup)(void);
- void (*add)(const void *buf, int num, int entropy);
- int (*pseudorand)(unsigned char *buf, int num);
- int (*status)(void);
+ void (*seed)(const void *buf, int num);
+ int (*bytes)(unsigned char *buf, int num);
+ void (*cleanup)(void);
+ void (*add)(const void *buf, int num, int entropy);
+ int (*pseudorand)(unsigned char *buf, int num);
+ int (*status)(void);
} RAND_METHOD;
The components point to method implementations used by (or called by), in order,
diff --git a/doc/man3/RIPEMD160_Init.pod b/doc/man3/RIPEMD160_Init.pod
index a372e32..a5c3c26 100644
--- a/doc/man3/RIPEMD160_Init.pod
+++ b/doc/man3/RIPEMD160_Init.pod
@@ -10,11 +10,10 @@ RIPEMD-160 hash function
#include <openssl/ripemd.h>
unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
- unsigned char *md);
+ unsigned char *md);
int RIPEMD160_Init(RIPEMD160_CTX *c);
- int RIPEMD160_Update(RIPEMD_CTX *c, const void *data,
- unsigned long len);
+ int RIPEMD160_Update(RIPEMD_CTX *c, const void *data, unsigned long len);
int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
=head1 DESCRIPTION
diff --git a/doc/man3/RSA_generate_key.pod b/doc/man3/RSA_generate_key.pod
index e51c0b1..6cda49d 100644
--- a/doc/man3/RSA_generate_key.pod
+++ b/doc/man3/RSA_generate_key.pod
@@ -14,7 +14,7 @@ Deprecated:
#if OPENSSL_API_COMPAT < 0x00908000L
RSA *RSA_generate_key(int num, unsigned long e,
- void (*callback)(int, int, void *), void *cb_arg);
+ void (*callback)(int, int, void *), void *cb_arg);
#endif
=head1 DESCRIPTION
diff --git a/doc/man3/RSA_meth_new.pod b/doc/man3/RSA_meth_new.pod
index e46b398..5e430d6 100644
--- a/doc/man3/RSA_meth_new.pod
+++ b/doc/man3/RSA_meth_new.pod
@@ -21,88 +21,95 @@ RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen
RSA_METHOD *RSA_meth_new(const char *name, int flags);
void RSA_meth_free(RSA_METHOD *meth);
+
RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
+
const char *RSA_meth_get0_name(const RSA_METHOD *meth);
int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
+
int RSA_meth_get_flags(RSA_METHOD *meth);
int RSA_meth_set_flags(RSA_METHOD *meth, int flags);
+
void *RSA_meth_get0_app_data(const RSA_METHOD *meth);
int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data);
- int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))
- (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
+
+ int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
int RSA_meth_set_pub_enc(RSA_METHOD *rsa,
- int (*pub_enc) (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,
- int padding));
+ int (*pub_enc)(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa,
+ int padding));
+
int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
int RSA_meth_set_pub_dec(RSA_METHOD *rsa,
- int (*pub_dec) (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,
- int padding));
- int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
- (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
+ int (*pub_dec)(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa,
+ int padding));
+
+ int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa,
+ int padding);
int RSA_meth_set_priv_enc(RSA_METHOD *rsa,
- int (*priv_enc) (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,
- int padding));
- int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
- (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
+ int (*priv_enc)(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding));
+
+ int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa,
+ int padding);
int RSA_meth_set_priv_dec(RSA_METHOD *rsa,
- int (*priv_dec) (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,
- int padding));
- /* Can be null */
- int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
- (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+ int (*priv_dec)(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding));
+
+ /* Can be null */
+ int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *I,
+ RSA *rsa, BN_CTX *ctx);
int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
- int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa,
- BN_CTX *ctx));
- /* Can be null */
- int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
- (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ int (*mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx));
+
+ /* Can be null */
+ int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa,
- int (*bn_mod_exp) (BIGNUM *r,
- const BIGNUM *a,
- const BIGNUM *p,
- const BIGNUM *m,
- BN_CTX *ctx,
- BN_MONT_CTX *m_ctx));
- /* called at new */
- int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa);
- int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa));
- /* called at free */
- int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa);
- int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa));
- int (*RSA_meth_get_sign(const RSA_METHOD *meth))
- (int type,
- const unsigned char *m, unsigned int m_length,
- unsigned char *sigret, unsigned int *siglen,
- const RSA *rsa);
+ int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx));
+
+ /* called at new */
+ int (*RSA_meth_get_init(const RSA_METHOD *meth) (RSA *rsa);
+ int RSA_meth_set_init(RSA_METHOD *rsa, int (*init (RSA *rsa));
+
+ /* called at free */
+ int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
+ int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish)(RSA *rsa));
+
+ int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type, const unsigned char *m,
+ unsigned int m_length,
+ unsigned char *sigret,
+ unsigned int *siglen, const RSA *rsa);
int RSA_meth_set_sign(RSA_METHOD *rsa,
- int (*sign) (int type, const unsigned char *m,
- unsigned int m_length,
- unsigned char *sigret, unsigned int *siglen,
- const RSA *rsa));
- int (*RSA_meth_get_verify(const RSA_METHOD *meth))
- (int dtype, const unsigned char *m,
- unsigned int m_length, const unsigned char *sigbuf,
- unsigned int siglen, const RSA *rsa);
+ int (*sign)(int type, const unsigned char *m,
+ unsigned int m_length, unsigned char *sigret,
+ unsigned int *siglen, const RSA *rsa));
+
+ int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype, const unsigned char *m,
+ unsigned int m_length,
+ const unsigned char *sigbuf,
+ unsigned int siglen, const RSA *rsa);
int RSA_meth_set_verify(RSA_METHOD *rsa,
- int (*verify) (int dtype, const unsigned char *m,
- unsigned int m_length,
- const unsigned char *sigbuf,
- unsigned int siglen, const RSA *rsa));
- int (*RSA_meth_get_keygen(const RSA_METHOD *meth))
- (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+ int (*verify)(int dtype, const unsigned char *m,
+ unsigned int m_length,
+ const unsigned char *sigbuf,
+ unsigned int siglen, const RSA *rsa));
+
+ int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e,
+ BN_GENCB *cb);
int RSA_meth_set_keygen(RSA_METHOD *rsa,
- int (*keygen) (RSA *rsa, int bits, BIGNUM *e,
- BN_GENCB *cb));
+ int (*keygen)(RSA *rsa, int bits, BIGNUM *e,
+ BN_GENCB *cb));
=head1 DESCRIPTION
diff --git a/doc/man3/RSA_new.pod b/doc/man3/RSA_new.pod
index 3317920..d57fe82 100644
--- a/doc/man3/RSA_new.pod
+++ b/doc/man3/RSA_new.pod
@@ -8,7 +8,7 @@ RSA_new, RSA_free - allocate and free RSA objects
#include <openssl/rsa.h>
- RSA * RSA_new(void);
+ RSA *RSA_new(void);
void RSA_free(RSA *rsa);
diff --git a/doc/man3/RSA_padding_add_PKCS1_type_1.pod b/doc/man3/RSA_padding_add_PKCS1_type_1.pod
index 3089944..52ca15a 100644
--- a/doc/man3/RSA_padding_add_PKCS1_type_1.pod
+++ b/doc/man3/RSA_padding_add_PKCS1_type_1.pod
@@ -14,34 +14,35 @@ padding
#include <openssl/rsa.h>
int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
- unsigned char *f, int fl);
+ unsigned char *f, int fl);
int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
- unsigned char *f, int fl, int rsa_len);
+ unsigned char *f, int fl, int rsa_len);
int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
- unsigned char *f, int fl);
+ unsigned char *f, int fl);
int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
- unsigned char *f, int fl, int rsa_len);
+ unsigned char *f, int fl, int rsa_len);
int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
- unsigned char *f, int fl, unsigned char *p, int pl);
+ unsigned char *f, int fl, unsigned char *p, int pl);
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
- unsigned char *f, int fl, int rsa_len, unsigned char *p, int pl);
+ unsigned char *f, int fl, int rsa_len,
+ unsigned char *p, int pl);
int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
- unsigned char *f, int fl);
+ unsigned char *f, int fl);
int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
- unsigned char *f, int fl, int rsa_len);
+ unsigned char *f, int fl, int rsa_len);
int RSA_padding_add_none(unsigned char *to, int tlen,
- unsigned char *f, int fl);
+ unsigned char *f, int fl);
int RSA_padding_check_none(unsigned char *to, int tlen,
- unsigned char *f, int fl, int rsa_len);
+ unsigned char *f, int fl, int rsa_len);
=head1 DESCRIPTION
diff --git a/doc/man3/RSA_private_encrypt.pod b/doc/man3/RSA_private_encrypt.pod
index 1eb7a0a..060a900 100644
--- a/doc/man3/RSA_private_encrypt.pod
+++ b/doc/man3/RSA_private_encrypt.pod
@@ -8,11 +8,11 @@ RSA_private_encrypt, RSA_public_decrypt - low level signature operations
#include <openssl/rsa.h>
- int RSA_private_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
+ int RSA_private_encrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
- int RSA_public_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
+ int RSA_public_decrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
=head1 DESCRIPTION
diff --git a/doc/man3/RSA_public_encrypt.pod b/doc/man3/RSA_public_encrypt.pod
index 182d2cf..a495ecd 100644
--- a/doc/man3/RSA_public_encrypt.pod
+++ b/doc/man3/RSA_public_encrypt.pod
@@ -8,11 +8,11 @@ RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography
#include <openssl/rsa.h>
- int RSA_public_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
+ int RSA_public_encrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
- int RSA_private_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
+ int RSA_private_decrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
=head1 DESCRIPTION
diff --git a/doc/man3/RSA_set_method.pod b/doc/man3/RSA_set_method.pod
index f34aac6..4bb6396 100644
--- a/doc/man3/RSA_set_method.pod
+++ b/doc/man3/RSA_set_method.pod
@@ -81,56 +81,56 @@ the default method is used.
typedef struct rsa_meth_st
{
/* name of the implementation */
- const char *name;
+ const char *name;
/* encrypt */
- int (*rsa_pub_enc)(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
+ int (*rsa_pub_enc)(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
/* verify arbitrary data */
- int (*rsa_pub_dec)(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
+ int (*rsa_pub_dec)(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
/* sign arbitrary data */
- int (*rsa_priv_enc)(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
+ int (*rsa_priv_enc)(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
/* decrypt */
- int (*rsa_priv_dec)(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
+ int (*rsa_priv_dec)(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
- /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some
- implementations) */
- int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
+ /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some implementations) */
+ int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
/* compute r = a ^ p mod m (May be NULL for some implementations) */
- int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
/* called at RSA_new */
- int (*init)(RSA *rsa);
+ int (*init)(RSA *rsa);
/* called at RSA_free */
- int (*finish)(RSA *rsa);
+ int (*finish)(RSA *rsa);
- /* RSA_FLAG_EXT_PKEY - rsa_mod_exp is called for private key
+ /*
+ * RSA_FLAG_EXT_PKEY - rsa_mod_exp is called for private key
* operations, even if p,q,dmp1,dmq1,iqmp
* are NULL
* RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
*/
- int flags;
+ int flags;
- char *app_data; /* ?? */
+ char *app_data; /* ?? */
- int (*rsa_sign)(int type,
- const unsigned char *m, unsigned int m_length,
- unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
- int (*rsa_verify)(int dtype,
- const unsigned char *m, unsigned int m_length,
- const unsigned char *sigbuf, unsigned int siglen,
- const RSA *rsa);
+ int (*rsa_sign)(int type,
+ const unsigned char *m, unsigned int m_length,
+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+ int (*rsa_verify)(int dtype,
+ const unsigned char *m, unsigned int m_length,
+ const unsigned char *sigbuf, unsigned int siglen,
+ const RSA *rsa);
/* keygen. If NULL builtin RSA key generation will be used */
- int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+ int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
} RSA_METHOD;
diff --git a/doc/man3/RSA_sign.pod b/doc/man3/RSA_sign.pod
index fbb38d8..310abd4 100644
--- a/doc/man3/RSA_sign.pod
+++ b/doc/man3/RSA_sign.pod
@@ -9,10 +9,10 @@ RSA_sign, RSA_verify - RSA signatures
#include <openssl/rsa.h>
int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+ unsigned char *sigret, unsigned int *siglen, RSA *rsa);
int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
- unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+ unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
=head1 DESCRIPTION
diff --git a/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod b/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod
index fb3fa25..f577e15 100644
--- a/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod
+++ b/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod
@@ -9,12 +9,12 @@ RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures
#include <openssl/rsa.h>
int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
- unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
- RSA *rsa);
+ unsigned int m_len, unsigned char *sigret,
+ unsigned int *siglen, RSA *rsa);
int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
- unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
- RSA *rsa);
+ unsigned int m_len, unsigned char *sigbuf,
+ unsigned int siglen, RSA *rsa);
=head1 DESCRIPTION
diff --git a/doc/man3/SCT_new.pod b/doc/man3/SCT_new.pod
index d1d537c..8da7f6a 100644
--- a/doc/man3/SCT_new.pod
+++ b/doc/man3/SCT_new.pod
@@ -18,21 +18,21 @@ SCT_get_source, SCT_set_source
#include <openssl/ct.h>
typedef enum {
- CT_LOG_ENTRY_TYPE_NOT_SET = -1,
- CT_LOG_ENTRY_TYPE_X509 = 0,
- CT_LOG_ENTRY_TYPE_PRECERT = 1
+ CT_LOG_ENTRY_TYPE_NOT_SET = -1,
+ CT_LOG_ENTRY_TYPE_X509 = 0,
+ CT_LOG_ENTRY_TYPE_PRECERT = 1
} ct_log_entry_type_t;
typedef enum {
- SCT_VERSION_NOT_SET = -1,
- SCT_VERSION_V1 = 0
+ SCT_VERSION_NOT_SET = -1,
+ SCT_VERSION_V1 = 0
} sct_version_t;
typedef enum {
- SCT_SOURCE_UNKNOWN,
- SCT_SOURCE_TLS_EXTENSION,
- SCT_SOURCE_X509V3_EXTENSION,
- SCT_SOURCE_OCSP_STAPLED_RESPONSE
+ SCT_SOURCE_UNKNOWN,
+ SCT_SOURCE_TLS_EXTENSION,
+ SCT_SOURCE_X509V3_EXTENSION,
+ SCT_SOURCE_OCSP_STAPLED_RESPONSE
} sct_source_t;
SCT *SCT_new(void);
diff --git a/doc/man3/SCT_validate.pod b/doc/man3/SCT_validate.pod
index 5ff0e8c..fa7e2a8 100644
--- a/doc/man3/SCT_validate.pod
+++ b/doc/man3/SCT_validate.pod
@@ -10,12 +10,12 @@ checks Signed Certificate Timestamps (SCTs) are valid
#include <openssl/ct.h>
typedef enum {
- SCT_VALIDATION_STATUS_NOT_SET,
- SCT_VALIDATION_STATUS_UNKNOWN_LOG,
- SCT_VALIDATION_STATUS_VALID,
- SCT_VALIDATION_STATUS_INVALID,
- SCT_VALIDATION_STATUS_UNVERIFIED,
- SCT_VALIDATION_STATUS_UNKNOWN_VERSION
+ SCT_VALIDATION_STATUS_NOT_SET,
+ SCT_VALIDATION_STATUS_UNKNOWN_LOG,
+ SCT_VALIDATION_STATUS_VALID,
+ SCT_VALIDATION_STATUS_INVALID,
+ SCT_VALIDATION_STATUS_UNVERIFIED,
+ SCT_VALIDATION_STATUS_UNKNOWN_VERSION
} sct_validation_status_t;
int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx);
diff --git a/doc/man3/SHA256_Init.pod b/doc/man3/SHA256_Init.pod
index f3565bb..6a8f2fa 100644
--- a/doc/man3/SHA256_Init.pod
+++ b/doc/man3/SHA256_Init.pod
@@ -15,31 +15,31 @@ SHA512_Final - Secure Hash Algorithm
int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
int SHA1_Final(unsigned char *md, SHA_CTX *c);
unsigned char *SHA1(const unsigned char *d, size_t n,
- unsigned char *md);
+ unsigned char *md);
int SHA224_Init(SHA256_CTX *c);
int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
int SHA224_Final(unsigned char *md, SHA256_CTX *c);
unsigned char *SHA224(const unsigned char *d, size_t n,
- unsigned char *md);
+ unsigned char *md);
int SHA256_Init(SHA256_CTX *c);
int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
int SHA256_Final(unsigned char *md, SHA256_CTX *c);
unsigned char *SHA256(const unsigned char *d, size_t n,
- unsigned char *md);
+ unsigned char *md);
int SHA384_Init(SHA512_CTX *c);
int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA384_Final(unsigned char *md, SHA512_CTX *c);
unsigned char *SHA384(const unsigned char *d, size_t n,
- unsigned char *md);
+ unsigned char *md);
int SHA512_Init(SHA512_CTX *c);
int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA512_Final(unsigned char *md, SHA512_CTX *c);
unsigned char *SHA512(const unsigned char *d, size_t n,
- unsigned char *md);
+ unsigned char *md);
=head1 DESCRIPTION
diff --git a/doc/man3/SSL_CTX_add_session.pod b/doc/man3/SSL_CTX_add_session.pod
index 02d93b8..3fc52ff 100644
--- a/doc/man3/SSL_CTX_add_session.pod
+++ b/doc/man3/SSL_CTX_add_session.pod
@@ -54,13 +54,13 @@ The following values are returned by all functions:
=item Z<>0
- The operation failed. In case of the add operation, it was tried to add
- the same (identical) session twice. In case of the remove operation, the
- session was not found in the cache.
+The operation failed. In case of the add operation, it was tried to add
+the same (identical) session twice. In case of the remove operation, the
+session was not found in the cache.
=item Z<>1
- The operation succeeded.
+The operation succeeded.
=back
diff --git a/doc/man3/SSL_CTX_config.pod b/doc/man3/SSL_CTX_config.pod
index 2dad9b6..2506dd5 100644
--- a/doc/man3/SSL_CTX_config.pod
+++ b/doc/man3/SSL_CTX_config.pod
@@ -41,15 +41,12 @@ If the file "config.cnf" contains the following:
[test_sect]
# list of confuration modules
-
ssl_conf = ssl_sect
[ssl_sect]
-
server = server_section
[server_section]
-
RSA.Certificate = server-rsa.pem
ECDSA.Certificate = server-ecdsa.pem
Ciphers = ALL:!RC4
@@ -57,8 +54,8 @@ If the file "config.cnf" contains the following:
An application could call:
if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) {
- fprintf(stderr, "Error processing config file\n");
- goto err;
+ fprintf(stderr, "Error processing config file\n");
+ goto err;
}
ctx = SSL_CTX_new(TLS_server_method());
diff --git a/doc/man3/SSL_CTX_dane_enable.pod b/doc/man3/SSL_CTX_dane_enable.pod
index cb71d3a..9415065 100644
--- a/doc/man3/SSL_CTX_dane_enable.pod
+++ b/doc/man3/SSL_CTX_dane_enable.pod
@@ -190,139 +190,137 @@ The actual name matched in the certificate (which might be a wildcard) is
retrieved, and must be copied by the application if it is to be retained beyond
the lifetime of the SSL connection.
- SSL_CTX *ctx;
- SSL *ssl;
- int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL;
- int num_usable = 0;
- const char *nexthop_domain = "example.com";
- const char *dane_tlsa_domain = "smtp.example.com";
- uint8_t usage, selector, mtype;
-
- if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL)
- /* handle error */
- if (SSL_CTX_dane_enable(ctx) <= 0)
- /* handle error */
-
- if ((ssl = SSL_new(ctx)) == NULL)
- /* handle error */
-
- if (SSL_dane_enable(ssl, dane_tlsa_domain) <= 0)
- /* handle error */
-
- /*
- * For many applications it is safe to skip DANE-EE(3) namechecks. Do not
- * disable the checks unless "unknown key share" attacks pose no risk for
- * your application.
- */
- SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS);
-
- if (!SSL_add1_host(ssl, nexthop_domain))
- /* handle error */
- SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
-
- for (... each TLSA record ...) {
- unsigned char *data;
- size_t len;
- int ret;
-
- /* set usage, selector, mtype, data, len */
-
- /*
- * Opportunistic DANE TLS clients support only DANE-TA(2) or DANE-EE(3).
- * They treat all other certificate usages, and in particular PKIX-TA(0)
- * and PKIX-EE(1), as unusable.
- */
- switch (usage) {
- default:
- case 0: /* PKIX-TA(0) */
- case 1: /* PKIX-EE(1) */
- continue;
- case 2: /* DANE-TA(2) */
- case 3: /* DANE-EE(3) */
- break;
- }
-
- ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len);
- /* free data as appropriate */
-
- if (ret < 0)
- /* handle SSL library internal error */
- else if (ret == 0)
- /* handle unusable TLSA record */
- else
- ++num_usable;
- }
-
- /*
- * At this point, the verification mode is still the default SSL_VERIFY_NONE.
- * Opportunistic DANE clients use unauthenticated TLS when all TLSA records
- * are unusable, so continue the handshake even if authentication fails.
- */
- if (num_usable == 0) {
- /* Log all records unusable? */
-
- /* Optionally set verify_cb to a suitable non-NULL callback. */
- SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb);
- } else {
- /* At least one usable record. We expect to verify the peer */
-
- /* Optionally set verify_cb to a suitable non-NULL callback. */
-
- /*
- * Below we elect to fail the handshake when peer verification fails.
- * Alternatively, use the permissive SSL_VERIFY_NONE verification mode,
- * complete the handshake, check the verification status, and if not
- * verified disconnect gracefully at the application layer, especially if
- * application protocol supports informing the server that authentication
- * failed.
- */
- SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb);
- }
-
- /*
- * Load any saved session for resumption, making sure that the previous
- * session applied the same security and authentication requirements that
- * would be expected of a fresh connection.
- */
-
- /* Perform SSL_connect() handshake and handle errors here */
-
- if (SSL_session_reused(ssl)) {
- if (SSL_get_verify_result(ssl) == X509_V_OK) {
- /*
- * Resumed session was originally verified, this connection is
- * authenticated.
- */
- } else {
- /*
- * Resumed session was not originally verified, this connection is not
- * authenticated.
- */
- }
- } else if (SSL_get_verify_result(ssl) == X509_V_OK) {
- const char *peername = SSL_get0_peername(ssl);
- EVP_PKEY *mspki = NULL;
-
- int depth = SSL_get0_dane_authority(ssl, NULL, &mspki);
- if (depth >= 0) {
- (void) SSL_get0_dane_tlsa(ssl, &usage, &selector, &mtype, NULL, NULL);
- printf("DANE TLSA %d %d %d %s at depth %d\n", usage, selector, mtype,
- (mspki != NULL) ? "TA public key verified certificate" :
- depth ? "matched TA certificate" : "matched EE certificate",
- depth);
- }
- if (peername != NULL) {
- /* Name checks were in scope and matched the peername */
- printf("Verified peername: %s\n", peername);
- }
- } else {
- /*
- * Not authenticated, presumably all TLSA rrs unusable, but possibly a
- * callback suppressed connection termination despite the presence of
- * usable TLSA RRs none of which matched. Do whatever is appropriate for
- * fresh unauthenticated connections.
- */
- }
+ SSL_CTX *ctx;
+ SSL *ssl;
+ int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL;
+ int num_usable = 0;
+ const char *nexthop_domain = "example.com";
+ const char *dane_tlsa_domain = "smtp.example.com";
+ uint8_t usage, selector, mtype;
+
+ if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL)
+ /* error */
+ if (SSL_CTX_dane_enable(ctx) <= 0)
+ /* error */
+ if ((ssl = SSL_new(ctx)) == NULL)
+ /* error */
+ if (SSL_dane_enable(ssl, dane_tlsa_domain) <= 0)
+ /* error */
+
+ /*
+ * For many applications it is safe to skip DANE-EE(3) namechecks. Do not
+ * disable the checks unless "unknown key share" attacks pose no risk for
+ * your application.
+ */
+ SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS);
+
+ if (!SSL_add1_host(ssl, nexthop_domain))
+ /* error */
+ SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+
+ for (... each TLSA record ...) {
+ unsigned char *data;
+ size_t len;
+ int ret;
+
+ /* set usage, selector, mtype, data, len */
+
+ /*
+ * Opportunistic DANE TLS clients support only DANE-TA(2) or DANE-EE(3).
+ * They treat all other certificate usages, and in particular PKIX-TA(0)
+ * and PKIX-EE(1), as unusable.
+ */
+ switch (usage) {
+ default:
+ case 0: /* PKIX-TA(0) */
+ case 1: /* PKIX-EE(1) */
+ continue;
+ case 2: /* DANE-TA(2) */
+ case 3: /* DANE-EE(3) */
+ break;
+ }
+
+ ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len);
+ /* free data as appropriate */
+
+ if (ret < 0)
+ /* handle SSL library internal error */
+ else if (ret == 0)
+ /* handle unusable TLSA record */
+ else
+ ++num_usable;
+ }
+
+ /*
+ * At this point, the verification mode is still the default SSL_VERIFY_NONE.
+ * Opportunistic DANE clients use unauthenticated TLS when all TLSA records
+ * are unusable, so continue the handshake even if authentication fails.
+ */
+ if (num_usable == 0) {
+ /* Log all records unusable? */
+
+ /* Optionally set verify_cb to a suitable non-NULL callback. */
+ SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb);
+ } else {
+ /* At least one usable record. We expect to verify the peer */
+
+ /* Optionally set verify_cb to a suitable non-NULL callback. */
+
+ /*
+ * Below we elect to fail the handshake when peer verification fails.
+ * Alternatively, use the permissive SSL_VERIFY_NONE verification mode,
+ * complete the handshake, check the verification status, and if not
+ * verified disconnect gracefully at the application layer, especially if
+ * application protocol supports informing the server that authentication
+ * failed.
+ */
+ SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb);
+ }
+
+ /*
+ * Load any saved session for resumption, making sure that the previous
+ * session applied the same security and authentication requirements that
+ * would be expected of a fresh connection.
+ */
+
+ /* Perform SSL_connect() handshake and handle errors here */
+
+ if (SSL_session_reused(ssl)) {
+ if (SSL_get_verify_result(ssl) == X509_V_OK) {
+ /*
+ * Resumed session was originally verified, this connection is
+ * authenticated.
+ */
+ } else {
+ /*
+ * Resumed session was not originally verified, this connection is not
+ * authenticated.
+ */
+ }
+ } else if (SSL_get_verify_result(ssl) == X509_V_OK) {
+ const char *peername = SSL_get0_peername(ssl);
+ EVP_PKEY *mspki = NULL;
+
+ int depth = SSL_get0_dane_authority(ssl, NULL, &mspki);
+ if (depth >= 0) {
+ (void) SSL_get0_dane_tlsa(ssl, &usage, &selector, &mtype, NULL, NULL);
+ printf("DANE TLSA %d %d %d %s at depth %d\n", usage, selector, mtype,
+ (mspki != NULL) ? "TA public key verified certificate" :
+ depth ? "matched TA certificate" : "matched EE certificate",
+ depth);
+ }
+ if (peername != NULL) {
+ /* Name checks were in scope and matched the peername */
+ printf("Verified peername: %s\n", peername);
+ }
+ } else {
+ /*
+ * Not authenticated, presumably all TLSA rrs unusable, but possibly a
+ * callback suppressed connection termination despite the presence of
+ * usable TLSA RRs none of which matched. Do whatever is appropriate for
+ * fresh unauthenticated connections.
+ */
+ }
=head1 NOTES
diff --git a/doc/man3/SSL_CTX_flush_sessions.pod b/doc/man3/SSL_CTX_flush_sessions.pod
index 429e717..8c0be74 100644
--- a/doc/man3/SSL_CTX_flush_sessions.pod
+++ b/doc/man3/SSL_CTX_flush_sessions.pod
@@ -24,7 +24,7 @@ If enabled, the internal session cache will collect all sessions established
up to the specified maximum number (see SSL_CTX_sess_set_cache_size()).
As sessions will not be reused ones they are expired, they should be
removed from the cache to save resources. This can either be done
- automatically whenever 255 new sessions were established (see
+automatically whenever 255 new sessions were established (see
L<SSL_CTX_set_session_cache_mode(3)>)
or manually by calling SSL_CTX_flush_sessions().
diff --git a/doc/man3/SSL_CTX_load_verify_locations.pod b/doc/man3/SSL_CTX_load_verify_locations.pod
index db1e7f0..a96aafe 100644
--- a/doc/man3/SSL_CTX_load_verify_locations.pod
+++ b/doc/man3/SSL_CTX_load_verify_locations.pod
@@ -108,7 +108,7 @@ ca1.pem ca2.pem ca3.pem:
#!/bin/sh
rm CAfile.pem
for i in ca1.pem ca2.pem ca3.pem ; do
- openssl x509 -in $i -text >> CAfile.pem
+ openssl x509 -in $i -text >> CAfile.pem
done
Prepare the directory /some/where/certs containing several CA certificates
diff --git a/doc/man3/SSL_CTX_sess_set_get_cb.pod b/doc/man3/SSL_CTX_sess_set_get_cb.pod
index 65f1e4e..109ca6a 100644
--- a/doc/man3/SSL_CTX_sess_set_get_cb.pod
+++ b/doc/man3/SSL_CTX_sess_set_get_cb.pod
@@ -11,18 +11,20 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SS
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
int (*new_session_cb)(SSL *, SSL_SESSION *));
void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
- void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *));
+ void (*remove_session_cb)(SSL_CTX *ctx,
+ SSL_SESSION *));
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
- SSL_SESSION (*get_session_cb)(SSL *, const unsigned char *, int, int *));
-
- int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
- void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
- SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, const unsigned char *data, int len, int *copy);
-
- int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
- void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
- SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
- int len, int *copy);
+ SSL_SESSION (*get_session_cb)(SSL *,
+ const unsigned char *,
+ int, int *));
+
+ int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
+ SSL_SESSION *sess);
+ void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx,
+ SSL_SESSION *sess);
+ SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
+ const unsigned char *data,
+ int len, int *copy);
=head1 DESCRIPTION
diff --git a/doc/man3/SSL_CTX_set1_sigalgs.pod b/doc/man3/SSL_CTX_set1_sigalgs.pod
index 7795388..40c4211 100644
--- a/doc/man3/SSL_CTX_set1_sigalgs.pod
+++ b/doc/man3/SSL_CTX_set1_sigalgs.pod
@@ -86,14 +86,14 @@ The use of MD5 as a digest is strongly discouraged due to security weaknesses.
Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA
using an array:
- const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA};
+ const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA};
- SSL_CTX_set1_sigalgs(ctx, slist, 4);
+ SSL_CTX_set1_sigalgs(ctx, slist, 4);
Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA
using a string:
- SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256");
+ SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256");
=head1 RETURN VALUES
diff --git a/doc/man3/SSL_CTX_set_cert_cb.pod b/doc/man3/SSL_CTX_set_cert_cb.pod
index 87e1b78..d14b9eb 100644
--- a/doc/man3/SSL_CTX_set_cert_cb.pod
+++ b/doc/man3/SSL_CTX_set_cert_cb.pod
@@ -8,7 +8,8 @@ SSL_CTX_set_cert_cb, SSL_set_cert_cb - handle certificate callback function
#include <openssl/ssl.h>
- void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), void *arg);
+ void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg),
+ void *arg);
void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg);
int (*cert_cb)(SSL *ssl, void *arg);
diff --git a/doc/man3/SSL_CTX_set_cert_verify_callback.pod b/doc/man3/SSL_CTX_set_cert_verify_callback.pod
index 99021ae..3bf5583 100644
--- a/doc/man3/SSL_CTX_set_cert_verify_callback.pod
+++ b/doc/man3/SSL_CTX_set_cert_verify_callback.pod
@@ -8,7 +8,9 @@ SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure
#include <openssl/ssl.h>
- void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *, void *), void *arg);
+ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
+ int (*callback)(X509_STORE_CTX *, void *),
+ void *arg);
=head1 DESCRIPTION
diff --git a/doc/man3/SSL_CTX_set_client_CA_list.pod b/doc/man3/SSL_CTX_set_client_CA_list.pod
index 4192ab7..76fd65e 100644
--- a/doc/man3/SSL_CTX_set_client_CA_list.pod
+++ b/doc/man3/SSL_CTX_set_client_CA_list.pod
@@ -82,7 +82,7 @@ The operation succeeded.
Scan all certificates in B<CAfile> and list them as acceptable CAs:
- SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
+ SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
=head1 SEE ALSO
diff --git a/doc/man3/SSL_CTX_set_client_cert_cb.pod b/doc/man3/SSL_CTX_set_client_cert_cb.pod
index 982b6f9..0902dac 100644
--- a/doc/man3/SSL_CTX_set_client_cert_cb.pod
+++ b/doc/man3/SSL_CTX_set_client_cert_cb.pod
@@ -8,8 +8,11 @@ SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certifica
#include <openssl/ssl.h>
- void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
- int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+ void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+ int (*client_cert_cb)(SSL *ssl, X509 **x509,
+ EVP_PKEY **pkey));
+ int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509,
+ EVP_PKEY **pkey);
int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
=head1 DESCRIPTION
diff --git a/doc/man3/SSL_CTX_set_default_passwd_cb.pod b/doc/man3/SSL_CTX_set_default_passwd_cb.pod
index 82d322b..c7bdc9b 100644
--- a/doc/man3/SSL_CTX_set_default_passwd_cb.pod
+++ b/doc/man3/SSL_CTX_set_default_passwd_cb.pod
@@ -85,9 +85,9 @@ truncated.
int my_cb(char *buf, int size, int rwflag, void *u)
{
- strncpy(buf, (char *)u, size);
- buf[size - 1] = '\0';
- return strlen(buf);
+ strncpy(buf, (char *)u, size);
+ buf[size - 1] = '\0';
+ return strlen(buf);
}
=head1 HISTORY
diff --git a/doc/man3/SSL_CTX_set_generate_session_id.pod b/doc/man3/SSL_CTX_set_generate_session_id.pod
index 1b1171f..2bee351 100644
--- a/doc/man3/SSL_CTX_set_generate_session_id.pod
+++ b/doc/man3/SSL_CTX_set_generate_session_id.pod
@@ -91,28 +91,27 @@ server id given, and will fill the rest with pseudo random bytes:
#define MAX_SESSION_ID_ATTEMPTS 10
static int generate_session_id(const SSL *ssl, unsigned char *id,
- unsigned int *id_len)
+ unsigned int *id_len)
{
- unsigned int count = 0;
- do {
- RAND_pseudo_bytes(id, *id_len);
- /*
- * Prefix the session_id with the required prefix. NB: If our
- * prefix is too long, clip it - but there will be worse effects
- * anyway, eg. the server could only possibly create 1 session
- * ID (ie. the prefix!) so all future session negotiations will
- * fail due to conflicts.
- */
- memcpy(id, session_id_prefix,
- (strlen(session_id_prefix) < *id_len) ?
- strlen(session_id_prefix) : *id_len);
- }
- while (SSL_has_matching_session_id(ssl, id, *id_len) &&
- (++count < MAX_SESSION_ID_ATTEMPTS));
- if (count >= MAX_SESSION_ID_ATTEMPTS)
- return 0;
- return 1;
- }
+ unsigned int count = 0;
+
+ do {
+ RAND_pseudo_bytes(id, *id_len);
+ /*
+ * Prefix the session_id with the required prefix. NB: If our
+ * prefix is too long, clip it - but there will be worse effects
+ * anyway, eg. the server could only possibly create 1 session
+ * ID (ie. the prefix!) so all future session negotiations will
+ * fail due to conflicts.
+ */
+ memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ?
+ strlen(session_id_prefix) : *id_len);
+ } while (SSL_has_matching_session_id(ssl, id, *id_len)
+ && ++count < MAX_SESSION_ID_ATTEMPTS);
+ if (count >= MAX_SESSION_ID_ATTEMPTS)
+ return 0;
+ return 1;
+ }
=head1 RETURN VALUES
diff --git a/doc/man3/SSL_CTX_set_info_callback.pod b/doc/man3/SSL_CTX_set_info_callback.pod
index 6c14f3a..f4d9128 100644
--- a/doc/man3/SSL_CTX_set_info_callback.pod
+++ b/doc/man3/SSL_CTX_set_info_callback.pod
@@ -110,40 +110,34 @@ The following example callback function prints state strings, information
about alerts being handled and error messages to the B<bio_err> BIO.
void apps_ssl_info_callback(SSL *s, int where, int ret)
- {
- const char *str;
- int w;
-
- w = where & ~SSL_ST_MASK;
-
- if (w & SSL_ST_CONNECT) str = "SSL_connect";
- else if (w & SSL_ST_ACCEPT) str = "SSL_accept";
- else str = "undefined";
-
- if (where & SSL_CB_LOOP)
- {
- BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
- }
- else if (where & SSL_CB_ALERT)
- {
- str = (where & SSL_CB_READ) ? "read" : "write";
- BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n",
- str,
- SSL_alert_type_string_long(ret),
- SSL_alert_desc_string_long(ret));
- }
- else if (where & SSL_CB_EXIT)
- {
- if (ret == 0)
- BIO_printf(bio_err, "%s:failed in %s\n",
- str, SSL_state_string_long(s));
- else if (ret < 0)
- {
- BIO_printf(bio_err, "%s:error in %s\n",
- str, SSL_state_string_long(s));
- }
- }
- }
+ {
+ const char *str;
+ int w = where & ~SSL_ST_MASK;
+
+ if (w & SSL_ST_CONNECT)
+ str = "SSL_connect";
+ else if (w & SSL_ST_ACCEPT)
+ str = "SSL_accept";
+ else
+ str = "undefined";
+
+ if (where & SSL_CB_LOOP) {
+ BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
+ } else if (where & SSL_CB_ALERT) {
+ str = (where & SSL_CB_READ) ? "read" : "write";
+ BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str,
+ SSL_alert_type_string_long(ret),
+ SSL_alert_desc_string_long(ret));
+ } else if (where & SSL_CB_EXIT) {
+ if (ret == 0) {
+ BIO_printf(bio_err, "%s:failed in %s\n",
+ str, SSL_state_string_long(s));
+ } else if (ret < 0) {
+ BIO_printf(bio_err, "%s:error in %s\n",
+ str, SSL_state_string_long(s));
+ }
+ }
+ }
=head1 SEE ALSO
diff --git a/doc/man3/SSL_CTX_set_min_proto_version.pod b/doc/man3/SSL_CTX_set_min_proto_version.pod
index 5996d48..a22c3f5 100644
--- a/doc/man3/SSL_CTX_set_min_proto_version.pod
+++ b/doc/man3/SSL_CTX_set_min_proto_version.pod
@@ -12,6 +12,7 @@ and maximum supported protocol version
int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
+
int SSL_set_min_proto_version(SSL *ssl, int version);
int SSL_set_max_proto_version(SSL *ssl, int version);
diff --git a/doc/man3/SSL_CTX_set_msg_callback.pod b/doc/man3/SSL_CTX_set_msg_callback.pod
index b3e8a4f..6c360c6 100644
--- a/doc/man3/SSL_CTX_set_msg_callback.pod
+++ b/doc/man3/SSL_CTX_set_msg_callback.pod
@@ -12,10 +12,16 @@ SSL_set_msg_callback_arg
#include <openssl/ssl.h>
- void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+ void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
+ void (*cb)(int write_p, int version,
+ int content_type, const void *buf,
+ size_t len, SSL *ssl, void *arg));
void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
- void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+ void SSL_set_msg_callback(SSL *ssl,
+ void (*cb)(int write_p, int version,
+ int content_type, const void *buf,
+ size_t len, SSL *ssl, void *arg));
void SSL_set_msg_callback_arg(SSL *ssl, void *arg);
=head1 DESCRIPTION
diff --git a/doc/man3/SSL_CTX_set_psk_client_callback.pod b/doc/man3/SSL_CTX_set_psk_client_callback.pod
index a417508..e7080eb 100644
--- a/doc/man3/SSL_CTX_set_psk_client_callback.pod
+++ b/doc/man3/SSL_CTX_set_psk_client_callback.pod
@@ -9,13 +9,13 @@ SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback - set PSK client ca
#include <openssl/ssl.h>
void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
- unsigned int (*callback)(SSL *ssl, const char *hint,
- char *identity, unsigned int max_identity_len,
- unsigned char *psk, unsigned int max_psk_len));
+ unsigned int (*callback)(SSL *ssl, const char *hint,
+ char *identity, unsigned int max_identity_len,
+ unsigned char *psk, unsigned int max_psk_len));
void SSL_set_psk_client_callback(SSL *ssl,
- unsigned int (*callback)(SSL *ssl, const char *hint,
- char *identity, unsigned int max_identity_len,
- unsigned char *psk, unsigned int max_psk_len));
+ unsigned int (*callback)(SSL *ssl, const char *hint,
+ char *identity, unsigned int max_identity_len,
+ unsigned char *psk, unsigned int max_psk_len));
=head1 DESCRIPTION
diff --git a/doc/man3/SSL_CTX_set_security_level.pod b/doc/man3/SSL_CTX_set_security_level.pod
index 3613306..48a5240 100644
--- a/doc/man3/SSL_CTX_set_security_level.pod
+++ b/doc/man3/SSL_CTX_set_security_level.pod
@@ -15,15 +15,20 @@ SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level,
int SSL_get_security_level(const SSL *s);
void SSL_CTX_set_security_callback(SSL_CTX *ctx,
- int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid,
- void *other, void *ex));
-
- void SSL_set_security_callback(SSL *s,
- int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid,
- void *other, void *ex));
-
- int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex);
- int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex);
+ int (*cb)(SSL *s, SSL_CTX *ctx, int op,
+ int bits, int nid,
+ void *other, void *ex));
+
+ void SSL_set_security_callback(SSL *s, int (*cb)(SSL *s, SSL_CTX *ctx, int op,
+ int bits, int nid,
+ void *other, void *ex));
+
+ int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op,
+ int bits, int nid, void *other,
+ void *ex);
+ int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op,
+ int bits, int nid, void *other,
+ void *ex);
void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
void SSL_set0_security_ex_data(SSL *s, void *ex);
diff --git a/doc/man3/SSL_CTX_set_tlsext_status_cb.pod b/doc/man3/SSL_CTX_set_tlsext_status_cb.pod
index c12ff0e..d6c04ec 100644
--- a/doc/man3/SSL_CTX_set_tlsext_status_cb.pod
+++ b/doc/man3/SSL_CTX_set_tlsext_status_cb.pod
@@ -18,10 +18,8 @@ SSL_set_tlsext_status_ocsp_resp
#include <openssl/tls1.h>
- long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx,
- int (*callback)(SSL *, void *));
- long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx,
- int (**callback)(SSL *, void *));
+ long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, int (*callback)(SSL *, void *));
+ long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx, int (**callback)(SSL *, void *));
long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);
long SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg);
diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
index 3c0761d..3cf0717 100644
--- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
+++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
@@ -9,9 +9,9 @@ SSL_CTX_set_tlsext_ticket_key_cb - set a callback for session ticket processing
#include <openssl/tls1.h>
long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx,
- int (*cb)(SSL *s, unsigned char key_name[16],
- unsigned char iv[EVP_MAX_IV_LENGTH],
- EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc));
+ int (*cb)(SSL *s, unsigned char key_name[16],
+ unsigned char iv[EVP_MAX_IV_LENGTH],
+ EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc));
=head1 DESCRIPTION
@@ -124,51 +124,56 @@ enable an attacker to obtain the session keys.
=head1 EXAMPLES
Reference Implementation:
- SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb);
- ....
-
- static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
- {
- if (enc) { /* create new session */
- if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) )
- return -1; /* insufficient random */
-
- key = currentkey(); /* something that you need to implement */
- if ( key == NULL ) {
- /* current key doesn't exist or isn't valid */
- key = createkey(); /* something that you need to implement.
- * createkey needs to initialise, a name,
- * an aes_key, a hmac_key and optionally
- * an expire time. */
- if ( key == NULL ) /* key couldn't be created */
- return 0;
- }
- memcpy(key_name, key->name, 16);
-
- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
- HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
-
- return 1;
-
- } else { /* retrieve session */
- key = findkey(name);
-
- if (key == NULL || key->expire < now() )
- return 0;
-
- HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv );
-
- if (key->expire < ( now() - RENEW_TIME ) )
- /* return 2 - this session will get a new ticket even though the current is still valid */
- return 2;
-
- return 1;
-
- }
- }
-
+ SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb);
+ ...
+
+ static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16],
+ unsigned char *iv, EVP_CIPHER_CTX *ctx,
+ HMAC_CTX *hctx, int enc)
+ {
+ if (enc) { /* create new session */
+ if (RAND_bytes(iv, EVP_MAX_IV_LENGTH))
+ return -1; /* insufficient random */
+
+ key = currentkey(); /* something that you need to implement */
+ if (key == NULL) {
+ /* current key doesn't exist or isn't valid */
+ key = createkey(); /*
+ * Something that you need to implement.
+ * createkey needs to initialise a name,
+ * an aes_key, a hmac_key and optionally
+ * an expire time.
+ */
+ if (key == NULL) /* key couldn't be created */
+ return 0;
+ }
+ memcpy(key_name, key->name, 16);
+
+ EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
+ HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
+
+ return 1;
+
+ } else { /* retrieve session */
+ key = findkey(name);
+
+ if (key == NULL || key->expire < now())
+ return 0;
+
+ HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
+ EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
+
+ if (key->expire < now() - RENEW_TIME) {
+ /*
+ * return 2 - This session will get a new ticket even though the
+ * current one is still valid.
+ */
+ return 2;
+ }
+ return 1;
+ }
+ }
=head1 RETURN VALUES
diff --git a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod
index ee62d85..76c61f8 100644
--- a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod
+++ b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod
@@ -9,11 +9,13 @@ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_se
#include <openssl/ssl.h>
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
- DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
+ DH *(*tmp_dh_callback)(SSL *ssl, int is_export,
+ int keylength));
long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
void SSL_set_tmp_dh_callback(SSL *ctx,
- DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
+ DH *(*tmp_dh_callback)(SSL *ssl, int is_export,
+ int keylength));
long SSL_set_tmp_dh(SSL *ssl, DH *dh)
=head1 DESCRIPTION
@@ -84,31 +86,26 @@ supply at least 2048-bit parameters in the callback.
Setup DH parameters with a key length of 2048 bits. (Error handling
partly left out.)
- Command-line parameter generation:
+Command-line parameter generation:
+
$ openssl dhparam -out dh_param_2048.pem 2048
- Code for setting up parameters during server initialization:
+Code for setting up parameters during server initialization:
- ...
SSL_CTX ctx = SSL_CTX_new();
- ...
-
- /* Set up ephemeral DH parameters. */
DH *dh_2048 = NULL;
- FILE *paramfile;
- paramfile = fopen("dh_param_2048.pem", "r");
+ FILE *paramfile = fopen("dh_param_2048.pem", "r");
+
if (paramfile) {
- dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
- fclose(paramfile);
+ dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+ fclose(paramfile);
} else {
- /* Error. */
- }
- if (dh_2048 == NULL) {
- /* Error. */
- }
- if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
- /* Error. */
+ /* Error. */
}
+ if (dh_2048 == NULL)
+ /* Error. */
+ if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1)
+ /* Error. */
...
=head1 RETURN VALUES
diff --git a/doc/man3/SSL_CTX_set_verify.pod b/doc/man3/SSL_CTX_set_verify.pod
index 7993498..9e634dd 100644
--- a/doc/man3/SSL_CTX_set_verify.pod
+++ b/doc/man3/SSL_CTX_set_verify.pod
@@ -12,6 +12,8 @@ SSL_verify_cb
#include <openssl/ssl.h>
+ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
+
void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback);
void SSL_set_verify(SSL *s, int mode, SSL_verify_cb verify_callback);
SSL_get_ex_data_X509_STORE_CTX_idx(void);
@@ -19,9 +21,6 @@ SSL_verify_cb
void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
void SSL_set_verify_depth(SSL *s, int depth);
-
- typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
-
=head1 DESCRIPTION
SSL_CTX_set_verify() sets the verification flags for B<ctx> to be B<mode> and
@@ -190,65 +189,63 @@ L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>).
int always_continue;
} mydata_t;
int mydata_index;
+
...
static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
{
- char buf[256];
- X509 *err_cert;
- int err, depth;
- SSL *ssl;
- mydata_t *mydata;
-
- err_cert = X509_STORE_CTX_get_current_cert(ctx);
- err = X509_STORE_CTX_get_error(ctx);
- depth = X509_STORE_CTX_get_error_depth(ctx);
-
- /*
- * Retrieve the pointer to the SSL of the connection currently treated
- * and the application specific data stored into the SSL object.
- */
- ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
- mydata = SSL_get_ex_data(ssl, mydata_index);
-
- X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
-
- /*
- * Catch a too long certificate chain. The depth limit set using
- * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
- * that whenever the "depth>verify_depth" condition is met, we
- * have violated the limit and want to log this error condition.
- * We must do it here, because the CHAIN_TOO_LONG error would not
- * be found explicitly; only errors introduced by cutting off the
- * additional certificates would be logged.
- */
- if (depth > mydata->verify_depth) {
- preverify_ok = 0;
- err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
- X509_STORE_CTX_set_error(ctx, err);
- }
- if (!preverify_ok) {
- printf("verify error:num=%d:%s:depth=%d:%s\n", err,
- X509_verify_cert_error_string(err), depth, buf);
- }
- else if (mydata->verbose_mode)
- {
- printf("depth=%d:%s\n", depth, buf);
- }
-
- /*
- * At this point, err contains the last verification error. We can use
- * it for something special
- */
- if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
- {
- X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256);
- printf("issuer= %s\n", buf);
- }
-
- if (mydata->always_continue)
- return 1;
- else
- return preverify_ok;
+ char buf[256];
+ X509 *err_cert;
+ int err, depth;
+ SSL *ssl;
+ mydata_t *mydata;
+
+ err_cert = X509_STORE_CTX_get_current_cert(ctx);
+ err = X509_STORE_CTX_get_error(ctx);
+ depth = X509_STORE_CTX_get_error_depth(ctx);
+
+ /*
+ * Retrieve the pointer to the SSL of the connection currently treated
+ * and the application specific data stored into the SSL object.
+ */
+ ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+ mydata = SSL_get_ex_data(ssl, mydata_index);
+
+ X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
+
+ /*
+ * Catch a too long certificate chain. The depth limit set using
+ * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
+ * that whenever the "depth>verify_depth" condition is met, we
+ * have violated the limit and want to log this error condition.
+ * We must do it here, because the CHAIN_TOO_LONG error would not
+ * be found explicitly; only errors introduced by cutting off the
+ * additional certificates would be logged.
+ */
+ if (depth > mydata->verify_depth) {
+ preverify_ok = 0;
+ err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+ X509_STORE_CTX_set_error(ctx, err);
+ }
+ if (!preverify_ok) {
+ printf("verify error:num=%d:%s:depth=%d:%s\n", err,
+ X509_verify_cert_error_string(err), depth, buf);
+ } else if (mydata->verbose_mode) {
+ printf("depth=%d:%s\n", depth, buf);
+ }
+
+ /*
+ * At this point, err contains the last verification error. We can use
+ * it for something special
+ */
+ if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) {
+ X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256);
+ printf("issuer= %s\n", buf);
+ }
+
+ if (mydata->always_continue)
+ return 1;
+ else
+ return preverify_ok;
}
...
@@ -258,7 +255,7 @@ L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>).
mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL);
...
- SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
+ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
verify_callback);
/*
@@ -276,12 +273,10 @@ L<SSL_get_ex_data_X509_STORE_CTX_idx(3)>).
...
SSL_accept(ssl); /* check of success left out for clarity */
- if (peer = SSL_get_peer_certificate(ssl))
- {
- if (SSL_get_verify_result(ssl) == X509_V_OK)
- {
- /* The client sent a certificate which verified OK */
- }
+ if (peer = SSL_get_peer_certificate(ssl)) {
+ if (SSL_get_verify_result(ssl) == X509_V_OK) {
+ /* The client sent a certificate which verified OK */
+ }
}
=head1 SEE ALSO
diff --git a/doc/man3/SSL_CTX_use_psk_identity_hint.pod b/doc/man3/SSL_CTX_use_psk_identity_hint.pod
index 753074a..c1ee5ed 100644
--- a/doc/man3/SSL_CTX_use_psk_identity_hint.pod
+++ b/doc/man3/SSL_CTX_use_psk_identity_hint.pod
@@ -14,11 +14,15 @@ identity hint to use
int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);
void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
- unsigned int (*callback)(SSL *ssl, const char *identity,
- unsigned char *psk, int max_psk_len));
+ unsigned int (*callback)(SSL *ssl,
+ const char *identity,
+ unsigned char *psk,
+ int max_psk_len));
void SSL_set_psk_server_callback(SSL *ssl,
- unsigned int (*callback)(SSL *ssl, const char *identity,
- unsigned char *psk, int max_psk_len));
+ unsigned int (*callback)(SSL *ssl,
+ const char *identity,
+ unsigned char *psk,
+ int max_psk_len));
=head1 DESCRIPTION
diff --git a/doc/man3/SSL_SESSION_get0_cipher.pod b/doc/man3/SSL_SESSION_get0_cipher.pod
index 550009d..3732c57 100644
--- a/doc/man3/SSL_SESSION_get0_cipher.pod
+++ b/doc/man3/SSL_SESSION_get0_cipher.pod
@@ -8,7 +8,7 @@ SSL_SESSION_get0_cipher - retrieve the SSL cipher associated with a session
#include <openssl/ssl.h>
- const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSSION *s);
+ const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s);
=head1 DESCRIPTION
diff --git a/doc/man3/SSL_SESSION_get0_hostname.pod b/doc/man3/SSL_SESSION_get0_hostname.pod
index 6f18544..4ed7e40 100644
--- a/doc/man3/SSL_SESSION_get0_hostname.pod
+++ b/doc/man3/SSL_SESSION_get0_hostname.pod
@@ -8,7 +8,7 @@ SSL_SESSION_get0_hostname - retrieve the SNI hostname associated with a session
#include <openssl/ssl.h>
- const char *SSL_SESSION_get0_hostname(const SSL_SESSSION *s);
+ const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
=head1 DESCRIPTION
diff --git a/doc/man3/SSL_get_client_random.pod b/doc/man3/SSL_get_client_random.pod
index 7012076..7f4e753 100644
--- a/doc/man3/SSL_get_client_random.pod
+++ b/doc/man3/SSL_get_client_random.pod
@@ -10,7 +10,8 @@ SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key - retri
size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen);
size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen);
- size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen);
+ size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
+ unsigned char *out, size_t outlen);
=head1 DESCRIPTION
diff --git a/doc/man3/SSL_get_psk_identity.pod b/doc/man3/SSL_get_psk_identity.pod
index d330eee..5cd406c 100644
--- a/doc/man3/SSL_get_psk_identity.pod
+++ b/doc/man3/SSL_get_psk_identity.pod
@@ -11,7 +11,6 @@ SSL_get_psk_identity, SSL_get_psk_identity_hint - get PSK client identity and hi
const char *SSL_get_psk_identity_hint(const SSL *ssl);
const char *SSL_get_psk_identity(const SSL *ssl);
-
=head1 DESCRIPTION
SSL_get_psk_identity_hint() is used to retrieve the PSK identity hint
diff --git a/doc/man3/SSL_load_client_CA_file.pod b/doc/man3/SSL_load_client_CA_file.pod
index 782329b..412b1a0 100644
--- a/doc/man3/SSL_load_client_CA_file.pod
+++ b/doc/man3/SSL_load_client_CA_file.pod
@@ -33,9 +33,9 @@ Load names of CAs from file and use it as a client CA list:
...
cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
if (cert_names != NULL)
- SSL_CTX_set_client_CA_list(ctx, cert_names);
+ SSL_CTX_set_client_CA_list(ctx, cert_names);
else
- error_handling();
+ /* error */
...
=head1 RETURN VALUES
diff --git a/doc/man3/SSL_set1_host.pod b/doc/man3/SSL_set1_host.pod
index 3339a0e..9e0210d 100644
--- a/doc/man3/SSL_set1_host.pod
+++ b/doc/man3/SSL_set1_host.pod
@@ -81,23 +81,20 @@ matched in the certificate (which might be a wildcard) is retrieved,
and must be copied by the application if it is to be retained beyond
the lifetime of the SSL connection.
- SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
- if (!SSL_set1_host(ssl, "smtp.example.com")) {
- /* handle error */
- }
- if (!SSL_add1_host(ssl, "example.com")) {
- /* handle error */
- }
-
- /* XXX: Perform SSL_connect() handshake and handle errors here */
-
- if (SSL_get_verify_result(ssl) == X509_V_OK) {
- const char *peername = SSL_get0_peername(ssl);
-
- if (peername != NULL) {
- /* Name checks were in scope and matched the peername */
- }
- }
+ SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+ if (!SSL_set1_host(ssl, "smtp.example.com"))
+ /* error */
+ if (!SSL_add1_host(ssl, "example.com"))
+ /* error */
+
+ /* XXX: Perform SSL_connect() handshake and handle errors here */
+
+ if (SSL_get_verify_result(ssl) == X509_V_OK) {
+ const char *peername = SSL_get0_peername(ssl);
+
+ if (peername != NULL)
+ /* Name checks were in scope and matched the peername */
+ }
=head1 SEE ALSO
diff --git a/doc/man3/UI_new.pod b/doc/man3/UI_new.pod
index 60a3fd6..469ea53 100644
--- a/doc/man3/UI_new.pod
+++ b/doc/man3/UI_new.pod
@@ -22,19 +22,21 @@ UI_get_method, UI_set_method, UI_OpenSSL, UI_null - user interface
void UI_free(UI *ui);
int UI_add_input_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize);
+ char *result_buf, int minsize, int maxsize);
int UI_dup_input_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize);
+ char *result_buf, int minsize, int maxsize);
int UI_add_verify_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize, const char *test_buf);
+ char *result_buf, int minsize, int maxsize,
+ const char *test_buf);
int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize, const char *test_buf);
+ char *result_buf, int minsize, int maxsize,
+ const char *test_buf);
int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
- const char *ok_chars, const char *cancel_chars,
- int flags, char *result_buf);
+ const char *ok_chars, const char *cancel_chars,
+ int flags, char *result_buf);
int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
- const char *ok_chars, const char *cancel_chars,
- int flags, char *result_buf);
+ const char *ok_chars, const char *cancel_chars,
+ int flags, char *result_buf);
int UI_add_info_string(UI *ui, const char *text);
int UI_dup_info_string(UI *ui, const char *text);
int UI_add_error_string(UI *ui, const char *text);
diff --git a/doc/man3/X509_LOOKUP_hash_dir.pod b/doc/man3/X509_LOOKUP_hash_dir.pod
index 5f8dfa9..83703e2 100644
--- a/doc/man3/X509_LOOKUP_hash_dir.pod
+++ b/doc/man3/X509_LOOKUP_hash_dir.pod
@@ -10,14 +10,14 @@ lookup methods
=head1 SYNOPSIS
- #include <openssl/x509_vfy.h>
+ #include <openssl/x509_vfy.h>
- X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
- X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+ X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
+ X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
- int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
- int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
- int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
+ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
=head1 DESCRIPTION
diff --git a/doc/man3/X509_NAME_ENTRY_get_object.pod b/doc/man3/X509_NAME_ENTRY_get_object.pod
index 72e0f7b..51d9385 100644
--- a/doc/man3/X509_NAME_ENTRY_get_object.pod
+++ b/doc/man3/X509_NAME_ENTRY_get_object.pod
@@ -11,15 +11,22 @@ X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions
#include <openssl/x509.h>
- ASN1_OBJECT * X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
- ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
+ ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
+ ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj);
- int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
-
- X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
- X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type, const unsigned char *bytes, int len);
- X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
+ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+ const unsigned char *bytes, int len);
+
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field,
+ int type, const unsigned char *bytes,
+ int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+ int type, const unsigned char *bytes,
+ int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+ const ASN1_OBJECT *obj, int type,
+ const unsigned char *bytes, int len);
=head1 DESCRIPTION
diff --git a/doc/man3/X509_NAME_add_entry_by_txt.pod b/doc/man3/X509_NAME_add_entry_by_txt.pod
index 27e5baf..b48f090 100644
--- a/doc/man3/X509_NAME_add_entry_by_txt.pod
+++ b/doc/man3/X509_NAME_add_entry_by_txt.pod
@@ -9,11 +9,14 @@ X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions
#include <openssl/x509.h>
- int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
+ int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
+ const unsigned char *bytes, int len, int loc, int set);
- int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len, int loc, int set);
+ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
+ const unsigned char *bytes, int len, int loc, int set);
- int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, const unsigned char *bytes, int len, int loc, int set);
+ int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+ const unsigned char *bytes, int len, int loc, int set);
int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, int set);
@@ -78,18 +81,19 @@ Create an B<X509_NAME> structure:
"C=UK, O=Disorganized Organization, CN=Joe Bloggs"
X509_NAME *nm;
+
nm = X509_NAME_new();
if (nm == NULL)
- /* Some error */
+ /* Some error */
if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC,
- "UK", -1, -1, 0))
- /* Error */
+ "UK", -1, -1, 0))
+ /* Error */
if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC,
- "Disorganized Organization", -1, -1, 0))
- /* Error */
+ "Disorganized Organization", -1, -1, 0))
+ /* Error */
if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC,
- "Joe Bloggs", -1, -1, 0))
- /* Error */
+ "Joe Bloggs", -1, -1, 0))
+ /* Error */
=head1 RETURN VALUES
diff --git a/doc/man3/X509_NAME_get_index_by_NID.pod b/doc/man3/X509_NAME_get_index_by_NID.pod
index 2d6713b..be68b26 100644
--- a/doc/man3/X509_NAME_get_index_by_NID.pod
+++ b/doc/man3/X509_NAME_get_index_by_NID.pod
@@ -75,25 +75,23 @@ Process all entries:
int i;
X509_NAME_ENTRY *e;
- for (i = 0; i < X509_NAME_entry_count(nm); i++)
- {
- e = X509_NAME_get_entry(nm, i);
- /* Do something with e */
- }
+ for (i = 0; i < X509_NAME_entry_count(nm); i++) {
+ e = X509_NAME_get_entry(nm, i);
+ /* Do something with e */
+ }
Process all commonName entries:
int lastpos = -1;
X509_NAME_ENTRY *e;
- for (;;)
- {
- lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
- if (lastpos == -1)
- break;
- e = X509_NAME_get_entry(nm, lastpos);
- /* Do something with e */
- }
+ for (;;) {
+ lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
+ if (lastpos == -1)
+ break;
+ e = X509_NAME_get_entry(nm, lastpos);
+ /* Do something with e */
+ }
=head1 RETURN VALUES
diff --git a/doc/man3/X509_NAME_print_ex.pod b/doc/man3/X509_NAME_print_ex.pod
index 3e9caa8..e59512d 100644
--- a/doc/man3/X509_NAME_print_ex.pod
+++ b/doc/man3/X509_NAME_print_ex.pod
@@ -11,7 +11,7 @@ X509_NAME_oneline - X509_NAME printing routines
int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags);
int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, unsigned long flags);
- char * X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
+ char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase);
=head1 DESCRIPTION
diff --git a/doc/man3/X509_STORE_CTX_get_error.pod b/doc/man3/X509_STORE_CTX_get_error.pod
index 105e051..f166b08 100644
--- a/doc/man3/X509_STORE_CTX_get_error.pod
+++ b/doc/man3/X509_STORE_CTX_get_error.pod
@@ -70,7 +70,7 @@ is B<not> successful the returned chain may be incomplete or invalid. The
returned chain persists after the B<ctx> structure is freed, when it is
no longer needed it should be free up using:
- sk_X509_pop_free(chain, X509_free);
+ sk_X509_pop_free(chain, X509_free);
X509_verify_cert_error_string() returns a human readable error string for
verification error B<n>.
diff --git a/doc/man3/X509_STORE_CTX_set_verify_cb.pod b/doc/man3/X509_STORE_CTX_set_verify_cb.pod
index 3be256d..5688ab7 100644
--- a/doc/man3/X509_STORE_CTX_set_verify_cb.pod
+++ b/doc/man3/X509_STORE_CTX_set_verify_cb.pod
@@ -100,93 +100,89 @@ X509_STORE_CTX_set_verify_cb() does not return a value.
Default callback operation:
- int verify_callback(int ok, X509_STORE_CTX *ctx)
- {
- return ok;
- }
+ int verify_callback(int ok, X509_STORE_CTX *ctx) {
+ return ok;
+ }
Simple example, suppose a certificate in the chain is expired and we wish
to continue after this error:
- int verify_callback(int ok, X509_STORE_CTX *ctx)
- {
- /* Tolerate certificate expiration */
- if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
- return 1;
- /* Otherwise don't override */
- return ok;
- }
+ int verify_callback(int ok, X509_STORE_CTX *ctx) {
+ /* Tolerate certificate expiration */
+ if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
+ return 1;
+ /* Otherwise don't override */
+ return ok;
+ }
More complex example, we don't wish to continue after B<any> certificate has
expired just one specific case:
int verify_callback(int ok, X509_STORE_CTX *ctx)
- {
- int err = X509_STORE_CTX_get_error(ctx);
- X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
- if (err == X509_V_ERR_CERT_HAS_EXPIRED)
- {
- if (check_is_acceptable_expired_cert(err_cert)
- return 1;
- }
- return ok;
- }
+ {
+ int err = X509_STORE_CTX_get_error(ctx);
+ X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
+
+ if (err == X509_V_ERR_CERT_HAS_EXPIRED) {
+ if (check_is_acceptable_expired_cert(err_cert)
+ return 1;
+ }
+ return ok;
+ }
Full featured logging callback. In this case the B<bio_err> is assumed to be
a global logging B<BIO>, an alternative would to store a BIO in B<ctx> using
B<ex_data>.
int verify_callback(int ok, X509_STORE_CTX *ctx)
- {
- X509 *err_cert;
- int err, depth;
-
- err_cert = X509_STORE_CTX_get_current_cert(ctx);
- err = X509_STORE_CTX_get_error(ctx);
- depth = X509_STORE_CTX_get_error_depth(ctx);
-
- BIO_printf(bio_err, "depth=%d ", depth);
- if (err_cert)
- {
- X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
- 0, XN_FLAG_ONELINE);
- BIO_puts(bio_err, "\n");
- }
- else
- BIO_puts(bio_err, "<no cert>\n");
- if (!ok)
- BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
- X509_verify_cert_error_string(err));
- switch (err)
- {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- BIO_puts(bio_err, "issuer= ");
- X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
- 0, XN_FLAG_ONELINE);
- BIO_puts(bio_err, "\n");
- break;
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- BIO_printf(bio_err, "notBefore=");
- ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));
- BIO_printf(bio_err, "\n");
- break;
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- BIO_printf(bio_err, "notAfter=");
- ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
- BIO_printf(bio_err, "\n");
- break;
- case X509_V_ERR_NO_EXPLICIT_POLICY:
- policies_print(bio_err, ctx);
- break;
- }
- if (err == X509_V_OK && ok == 2)
- /* print out policies */
-
- BIO_printf(bio_err, "verify return:%d\n", ok);
- return(ok);
- }
+ {
+ X509 *err_cert;
+ int err, depth;
+
+ err_cert = X509_STORE_CTX_get_current_cert(ctx);
+ err = X509_STORE_CTX_get_error(ctx);
+ depth = X509_STORE_CTX_get_error_depth(ctx);
+
+ BIO_printf(bio_err, "depth=%d ", depth);
+ if (err_cert) {
+ X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
+ 0, XN_FLAG_ONELINE);
+ BIO_puts(bio_err, "\n");
+ }
+ else
+ BIO_puts(bio_err, "<no cert>\n");
+ if (!ok)
+ BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
+ X509_verify_cert_error_string(err));
+ switch (err) {
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+ BIO_puts(bio_err, "issuer= ");
+ X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
+ 0, XN_FLAG_ONELINE);
+ BIO_puts(bio_err, "\n");
+ break;
+ case X509_V_ERR_CERT_NOT_YET_VALID:
+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+ BIO_printf(bio_err, "notBefore=");
+ ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));
+ BIO_printf(bio_err, "\n");
+ break;
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+ BIO_printf(bio_err, "notAfter=");
+ ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
+ BIO_printf(bio_err, "\n");
+ break;
+ case X509_V_ERR_NO_EXPLICIT_POLICY:
+ policies_print(bio_err, ctx);
+ break;
+ }
+ if (err == X509_V_OK && ok == 2)
+ /* print out policies */
+
+ BIO_printf(bio_err, "verify return:%d\n", ok);
+ return(ok);
+ }
=head1 SEE ALSO
diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
index d081d98..e8428e1 100644
--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
@@ -37,15 +37,15 @@ X509_VERIFY_PARAM_set1_ip_asc
time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
- ASN1_OBJECT *policy);
+ ASN1_OBJECT *policy);
int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
- STACK_OF(ASN1_OBJECT) *policies);
+ STACK_OF(ASN1_OBJECT) *policies);
void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param,
- int auth_level);
+ int auth_level);
int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param);
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
@@ -56,7 +56,7 @@ X509_VERIFY_PARAM_set1_ip_asc
unsigned int flags);
char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param);
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
- const char *email, size_t emaillen);
+ const char *email, size_t emaillen);
int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
const unsigned char *ip, size_t iplen);
int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);
@@ -310,11 +310,12 @@ CRLs from the CRL distribution points extension.
Enable CRL checking when performing certificate verification during SSL
connections associated with an B<SSL_CTX> structure B<ctx>:
- X509_VERIFY_PARAM *param;
- param = X509_VERIFY_PARAM_new();
- X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
- SSL_CTX_set1_param(ctx, param);
- X509_VERIFY_PARAM_free(param);
+ X509_VERIFY_PARAM *param;
+
+ param = X509_VERIFY_PARAM_new();
+ X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
+ SSL_CTX_set1_param(ctx, param);
+ X509_VERIFY_PARAM_free(param);
=head1 SEE ALSO
diff --git a/doc/man3/X509_check_ca.pod b/doc/man3/X509_check_ca.pod
index b79efb5..0954055 100644
--- a/doc/man3/X509_check_ca.pod
+++ b/doc/man3/X509_check_ca.pod
@@ -6,9 +6,9 @@ X509_check_ca - check if given certificate is CA certificate
=head1 SYNOPSIS
- #include <openssl/x509v3.h>
+ #include <openssl/x509v3.h>
- int X509_check_ca(X509 *cert);
+ int X509_check_ca(X509 *cert);
=head1 DESCRIPTION
diff --git a/doc/man3/X509_digest.pod b/doc/man3/X509_digest.pod
index 3c76c8f..ee39345 100644
--- a/doc/man3/X509_digest.pod
+++ b/doc/man3/X509_digest.pod
@@ -17,7 +17,7 @@ PKCS7_ISSUER_AND_SERIAL_digest
unsigned int *len);
int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
- unsigned int *len);
+ unsigned int *len);
int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
unsigned char *md, unsigned int *len);
diff --git a/doc/man3/X509_get_extension_flags.pod b/doc/man3/X509_get_extension_flags.pod
index c78e457..8742d47 100644
--- a/doc/man3/X509_get_extension_flags.pod
+++ b/doc/man3/X509_get_extension_flags.pod
@@ -13,16 +13,16 @@ X509_get_proxy_pathlen - retrieve certificate extension data
=head1 SYNOPSIS
- #include <openssl/x509v3.h>
-
- long X509_get_pathlen(X509 *x);
- uint32_t X509_get_extension_flags(X509 *x);
- uint32_t X509_get_key_usage(X509 *x);
- uint32_t X509_get_extended_key_usage(X509 *x);
- const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
- void X509_set_proxy_flag(X509 *x);
- void X509_set_proxy_pathlen(int l);
- long X509_get_proxy_pathlen(X509 *x);
+ #include <openssl/x509v3.h>
+
+ long X509_get_pathlen(X509 *x);
+ uint32_t X509_get_extension_flags(X509 *x);
+ uint32_t X509_get_key_usage(X509 *x);
+ uint32_t X509_get_extended_key_usage(X509 *x);
+ const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
+ void X509_set_proxy_flag(X509 *x);
+ void X509_set_proxy_pathlen(int l);
+ long X509_get_proxy_pathlen(X509 *x);
=head1 DESCRIPTION
diff --git a/doc/man3/X509_get_subject_name.pod b/doc/man3/X509_get_subject_name.pod
index ce36bbf..2107c1d 100644
--- a/doc/man3/X509_get_subject_name.pod
+++ b/doc/man3/X509_get_subject_name.pod
@@ -37,7 +37,7 @@ X509_get_subject_name() and X509_set_subject_name() except the get and
set the issuer name of B<x>.
Similarly X509_REQ_get_subject_name(), X509_REQ_set_subject_name(),
- X509_CRL_get_issuer() and X509_CRL_set_issuer_name() get or set the subject
+X509_CRL_get_issuer() and X509_CRL_set_issuer_name() get or set the subject
or issuer names of certificate requests of CRLs respectively.
=head1 RETURN VALUES
diff --git a/doc/man3/X509v3_get_ext_by_NID.pod b/doc/man3/X509v3_get_ext_by_NID.pod
index 032f71c..81c938e 100644
--- a/doc/man3/X509v3_get_ext_by_NID.pod
+++ b/doc/man3/X509v3_get_ext_by_NID.pod
@@ -50,7 +50,7 @@ X509_REVOKED_add_ext - extension stack utility functions
X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos);
int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
- int lastpos);
+ int lastpos);
int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos);
X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
diff --git a/doc/man3/d2i_PKCS8PrivateKey_bio.pod b/doc/man3/d2i_PKCS8PrivateKey_bio.pod
index 164d93f..03aa218 100644
--- a/doc/man3/d2i_PKCS8PrivateKey_bio.pod
+++ b/doc/man3/d2i_PKCS8PrivateKey_bio.pod
@@ -14,20 +14,20 @@ i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private
EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
+ char *kstr, int klen,
+ pem_password_cb *cb, void *u);
int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
+ char *kstr, int klen,
+ pem_password_cb *cb, void *u);
int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
+ char *kstr, int klen,
+ pem_password_cb *cb, void *u);
int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
+ char *kstr, int klen,
+ pem_password_cb *cb, void *u);
=head1 DESCRIPTION
diff --git a/doc/man3/d2i_SSL_SESSION.pod b/doc/man3/d2i_SSL_SESSION.pod
index d300ff2..68ed302 100644
--- a/doc/man3/d2i_SSL_SESSION.pod
+++ b/doc/man3/d2i_SSL_SESSION.pod
@@ -8,7 +8,8 @@ d2i_SSL_SESSION, i2d_SSL_SESSION - convert SSL_SESSION object from/to ASN1 repre
#include <openssl/ssl.h>
- SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length);
+ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
+ long length);
int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
=head1 DESCRIPTION
diff --git a/doc/man3/o2i_SCT_LIST.pod b/doc/man3/o2i_SCT_LIST.pod
index f0f3df3..2898938 100644
--- a/doc/man3/o2i_SCT_LIST.pod
+++ b/doc/man3/o2i_SCT_LIST.pod
@@ -9,7 +9,8 @@ decode and encode Signed Certificate Timestamp lists in TLS wire format
#include <openssl/ct.h>
- STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, size_t len);
+ STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+ size_t len);
int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len);
int i2o_SCT(const SCT *sct, unsigned char **out);
More information about the openssl-commits
mailing list