| /openssl/doc/man3/ |
| H A D | OSSL_CRMF_MSG_get0_tmpl.pod | 46 OSSL_CRMF_MSG_get0_tmpl() retrieves the certificate template of I<crm>.
49 given certificate template I<tmpl>.
52 given certificate template I<tmpl>.
55 given certificate template I<tmpl>.
58 given certificate template I<tmpl>.
61 of the given certificate template I<tmpl>, or NULL if not present.
64 of the given CertId I<cid>.
67 of the given CertId I<cid>, which must be of ASN.1 type GEN_DIRNAME.
70 encryptedValue I<ecert>, using the private key I<pkey>, library context
71 I<libctx> and property query string I<propq> (see L<OSSL_LIB_CTX(3)>).
[all …]
|
| H A D | EVP_PKEY_CTX_new.pod | 29 the I<pkey> key type and ENGINE I<e>.
32 using the key type specified by I<id> and ENGINE I<e>.
36 key type specified by I<name> and the property query I<propquery>. None
43 algorithm specified by I<pkey> and the property query I<propquery>. None of the
55 EVP_PKEY_CTX_free() frees up the context I<ctx>.
56 If I<ctx> is NULL, nothing is done.
58 EVP_PKEY_is_a() checks if the key type associated with I<ctx> is I<keytype>.
73 interchangeably. There are algorithms where the I<key type> and the
74 I<algorithm> of the operations that use the keys are not the same,
83 This is the I<id> used with EVP_PKEY_CTX_new_id().
[all …]
|
| H A D | BN_rand.pod | 40 number of I<bits> in length and security strength at least I<strength> bits
42 I<ctx>. The function stores the generated data in I<rnd>. The parameter I<ctx>
44 If I<bits> is less than zero, or too small to
45 accommodate the requirements specified by the I<top> and I<bottom>
47 The I<top> parameters specifies
53 numbers will always have 2*I<bits> length.
54 If I<bottom> is B<BN_RAND_BOTTOM_ODD>, the number will be odd; if it
56 If I<bits> is 1 then I<top> cannot also be B<BN_RAND_TOP_TWO>.
62 number I<rnd>, of security strength at least I<strength> bits,
63 in the range 0 E<lt>= I<rnd> E<lt> I<range> using the random number
[all …]
|
| H A D | DES_random_key.pod | 139 I<DES_cblock>s.
142 decrypts a single 8-byte I<DES_cblock> in I<electronic code book>
144 I<input>, into the output data, pointed to by the I<output> argument.
145 If the I<encrypt> argument is nonzero (DES_ENCRYPT), the I<input>
148 I<DES_set_key>. If I<encrypt> is zero (DES_DECRYPT), the I<input> (now
154 the input with I<ks1>, decrypting with the key schedule I<ks2>, and
157 I<ks2> and I<ks3> are the same, it is equivalent to just encryption
174 I<outw> to 'whiten' the encryption. I<inw> and I<outw> are secret
236 I<output>.
256 DES_enc_write() writes I<len> bytes to file descriptor I<fd> from
[all …]
|
| H A D | CMS_add0_cert.pod | 23 CMS_add0_cert() and CMS_add1_cert() add certificate I<cert> to I<cms>
27 As the 0 implies, CMS_add0_cert() adds I<cert> internally to I<cms>
29 In contrast, the caller of CMS_add1_cert() must free I<cert>.
30 I<cms> must be of type signed data or (authenticated) enveloped data.
35 CMS_get1_certs() returns all certificates in I<cms>.
37 CMS_add0_crl() and CMS_add1_crl() add CRL I<crl> to I<cms>.
38 I<cms> must be of type signed data or (authenticated) enveloped data.
44 CMS_get1_crls() returns all CRLs in I<cms>.
51 For signed data, certificates and CRLs are added to the I<certificates> and
52 I<crls> fields of SignedData structure.
[all …]
|
| H A D | X509_LOOKUP.pod | 77 I<method>.
97 The arguments of the control command are passed via I<argc> and I<argl>,
98 its return value via I<*ret>. The library context I<libctx> and property
107 uses NULL for the library context I<libctx> and property query I<propq>.
117 uses NULL for the library context I<libctx> and property query I<propq>.
132 uses NULL for the library context I<libctx> and property query I<propq>.
136 B<X509_STORE>. The library context I<libctx> and property query I<propq> are used
142 uses NULL for the library context I<libctx> and property query I<propq>.
154 object is stored in I<ret>.
170 The filename is passed in I<argc>, and the type in I<argl>.
[all …]
|
| H A D | PKCS7_sign.pod | 21 I<signcert> is the certificate to sign with, I<pkey> is the corresponding
22 private key. I<certs> is an optional set of extra certificates to include
24 The library context I<libctx> and property query I<propq> are used when
27 The data to be signed is read from BIO I<data>.
29 I<flags> is an optional set of flags.
85 The I<certs>, I<signcert> and I<pkey> parameters can all be
91 If I<signcert> and I<pkey> are NULL then a certificates only
94 In versions of OpenSSL before 1.0.0 the I<signcert> and I<pkey> parameters must
98 NULL for the library context I<libctx> and the property query I<propq>.
118 The B<PKCS7_PARTIAL> flag, and the ability for I<certs>, I<signcert>,
[all …]
|
| H A D | RSA_generate_key.pod | 38 B<RSA> structure provided in I<rsa>.
42 the I<primes> parameter.
47 modulus will be I<primes>, and the public exponent will be I<e>. Key sizes
52 I<primes> depends on modulus bit length:
59 progress of the key generation. If I<cb> is not NULL, it
77 suitable for the key, I<BN_GENCB_call(cb, 2, n)> is called.
81 When a random p has been found with p-1 relatively prime to I<e>,
82 it is called as I<BN_GENCB_call(cb, 3, 0)>.
87 with I<BN_GENCB_call(cb, 3, i)> where I<i> indicates the i-th prime.
91 EVP_RSA_gen() returns an I<EVP_PKEY> or NULL on failure.
[all …]
|
| H A D | EVP_PKEY_encapsulate.pod | 22 context I<ctx> for an encapsulation operation and then sets the I<params>
32 operation using I<ctx>.
33 The symmetric secret generated in I<genkey> can be used as key material.
34 The ciphertext in I<wrappedkey> is its encapsulated form, which can be sent
37 If I<wrappedkey> is NULL then the maximum size of the output buffer
38 is written to the I<*wrappedkeylen> parameter unless I<wrappedkeylen> is NULL
40 unless I<genkeylen> is NULL.
41 If I<wrappedkey> is not NULL and the call is successful then the
42 internally generated key is written to I<genkey> and its size is written to
43 I<*genkeylen>. The encapsulated version of the generated key is written to
[all …]
|
| H A D | EVP_KEYEXCH_free.pod | 35 I<algorithm> from any provider offering it, within the criteria given
36 by the I<properties>.
49 EVP_KEYEXCH_get0_provider() returns the provider that I<exchange> was
52 EVP_KEYEXCH_is_a() checks if I<exchange> is an implementation of an
53 algorithm that's identifiable with I<name>.
56 implementation for the given I<exchange>. Note that the I<exchange> may have
59 by the I<exchange> object and should not be freed by the caller.
62 calls I<fn> with each name and I<data>.
66 the I<keyexch> implementation.
71 I<data> as arguments.
[all …]
|
| H A D | OSSL_PARAM_BLD.pod | 49 arrays. The B<I<TYPE>> names are as per L<OSSL_PARAM_int(3)>.
59 I<bld> into an allocated OSSL_PARAM array.
83 that holds the specified BIGNUM I<bn>.
84 When the I<bn> is zero or positive, its OSSL_PARAM type becomes
93 that holds the specified BIGNUM I<bn>.
96 When the I<bn> is zero or positive, its OSSL_PARAM type becomes
105 object that references the UTF8 string specified by I<buf>.
117 object that references the UTF8 string specified by I<buf>.
120 The string I<buf> points to is stored by reference and must remain in
124 object that references the octet string specified by I<buf>.
[all …]
|
| H A D | CMS_EncryptedData_encrypt.pod | 27 with a type B<NID_pkcs7_encrypted>. I<in> is a BIO containing the data to
28 encrypt using I<cipher> and the encryption key I<key> of size I<keylen> bytes.
29 The library context I<libctx> and the property query I<propq> are used when
30 retrieving algorithms from providers. I<flags> is a set of optional flags.
32 The I<flags> field supports the options B<CMS_DETACHED>, B<CMS_STREAM> and
36 The algorithm passed in the I<cipher> parameter must support ASN1 encoding of
42 but uses default values of NULL for the library context I<libctx> and the
43 property query I<propq>.
|
| H A D | EVP_RAND.pod | 100 a library context I<libctx> and a set of I<properties>.
122 EVP_RAND_CTX_free() frees up the context I<ctx>. If I<ctx> is NULL, nothing
126 I<ctx>.
141 additional input I<addin> of length I<addin_len>. The bytes
147 Entropy I<ent> of length I<ent_len> bytes can be supplied as can additional
148 input I<addin> of length I<addin_len> bytes. In the FIPS provider, both are
155 EVP_RAND_nonce() creates a nonce in I<out> of maximum length I<outlen>
168 I<rand>.
182 context, given a context I<ctx>.
236 of the given I<rand>.
[all …]
|
| H A D | PKCS12_add_safe.pod | 30 =item * If I<safe_nid> is -1, a plain PKCS7 I<data> contentInfo is created.
32 =item * If I<safe_nid> is a valid PBE algorithm NID, a PKCS7 B<encryptedData>
33 contentInfo is created. The algorithm uses I<pass> as the passphrase and I<iter>
34 as the iteration count. If I<iter> is zero then a default value for iteration
37 =item * If I<safe_nid> is 0, a PKCS7 B<encryptedData> contentInfo is created using
43 context I<ctx> and property query I<propq> to be used to select algorithm
47 PKCS7 contentInfos. The I<safes> are enclosed first within a PKCS7 contentInfo
48 of type I<p7_nid>. Currently the only supported type is B<NID_pkcs7_data>.
51 library context I<ctx> and property query I<propq> to be used to select
|
| H A D | EVP_MAC.pod | 95 a library context I<libctx> and a set of I<properties>.
124 I<ctx>.
129 of I<data> with length I<datalen>
130 using the MAC algorithm I<name> and the key I<key> with length I<keylen>.
132 string I<propq>. It takes parameters I<subalg> and further I<params>,
142 via the I<key> and I<params> arguments. The MAC I<key> has a length of
159 If I<out> is NULL or I<outsize> is too small, then no computation
162 dynamically, simply call with I<out> being NULL and I<outl>
167 the result in the memory pointed at by I<out> of size I<outsize>.
170 I<mac>.
[all …]
|
| H A D | SSL_CTX_set_tlsext_ticket_key_cb.pod | 30 session tickets for the ssl context I<sslctx>. Session tickets, defined in
51 Before the callback function is started I<ctx> and I<hctx> have been
59 I<iv>, and set the cipher context I<ctx> and the hash context I<hctx>.
61 The I<name> is 16 characters long and is used as a key identifier.
67 I<ctx> should use the initialisation vector I<iv>. The cipher context can be
73 with I<enc> set to 0 indicating that the I<cb> function should retrieve a set
74 of parameters. In this case I<name> and I<iv> have already been parsed out of
93 This indicates that the I<ctx> and I<hctx> have been set and the session can
101 This indicates that the I<ctx> and I<hctx> have been set and the session can
122 Before this callback function is started I<hctx> will have been
[all …]
|
| /openssl/doc/internal/man3/ |
| H A D | ossl_algorithm_do_all.pod | 19 library context I<libctx>, an operation identity I<operation_id> and a
20 provider I<provider>.
21 I<libctx> may be NULL to signify that the default library context should
23 I<operation_id> may be zero to signify that all kinds of operations
25 I<provider> may be NULL to signify that all loaded providers will be
28 For each implementation found, the function I<fn> is called with the
29 I<provider> for the implementation, the algorithm descriptor I<algo>,
30 the flag I<no_store> indicating whether the algorithm descriptor may
31 be remembered or not, and the caller I<data> that was passed to
|
| H A D | evp_md_get_number.pod | 40 Returns the internal dynamic number assigned to I<cipher>.
49 Keturns the internal dynamic number assigned to I<kdf>.
53 Returns the internal dynamic number assigned to I<kem>.
57 Returns the internal dynamic number assigned to the I<exchange>.
61 Returns the internal dynamic number assigned to the I<keymgmt>.
65 Returns the internal dynamic number assigned to I<mac>.
69 Returns the internal dynamic number assigned to the I<md>. This is
74 Returns the internal dynamic number assigned to I<rand>.
78 Returns the internal dynamic number assigned to I<signature>.
82 Returns the internal dynamic number assigned to the given I<decoder>.
[all …]
|
| H A D | ossl_cmp_msg_protect.pod | 21 ossl_cmp_calc_protection() calculates the protection for the given I<msg>
23 using the credentials, library context, and property criteria in the I<ctx>.
24 Unless I<msg->header->protectionAlg> is B<PasswordBasedMAC>,
25 its value is completed according to I<ctx->pkey> and I<ctx->digest>,
28 ossl_cmp_msg_protect() (re-)protects the given message I<msg> using an algorithm
29 depending on the available context information given in the I<ctx>.
34 ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in I<msg>.
36 ctx->cert and then its chain ctx->chain. If this chain is not present in I<ctx>
39 I<ctx->extraCertsOut>) are added. Note that it will NOT add the root certificate
46 The I<ctx> parameter of ossl_cmp_msg_add_extraCerts()
[all …]
|
| /openssl/doc/man7/ |
| H A D | x509.pod | 33 B<X509_>I<XXX>, B<d2i_X509_>I<XXX>, and B<i2d_X509_>I<XXX> functions
36 B<X509_CRL_>I<XXX>, B<d2i_X509_CRL_>I<XXX>, and B<i2d_X509_CRL_>I<XXX>
39 B<X509_REQ_>I<XXX>, B<d2i_X509_REQ_>I<XXX>, and B<i2d_X509_REQ_>I<XXX>
42 B<X509_NAME_>I<XXX> functions handle certificate names.
44 B<X509_ATTRIBUTE_>I<XXX> functions handle certificate attributes.
46 B<X509_EXTENSION_>I<XXX> functions handle certificate extensions.
|
| H A D | EVP_PKEY-FFC.pod | 17 and private keys I<pub> and I<priv> as well as the three main domain parameters
18 I<p>, I<q> and I<g>.
23 This means that optional FFC domain parameter values for I<seed>, I<pcounter>
24 and I<gindex> may need to be stored for validation purposes.
25 For B<DH> the I<seed> and I<pcounter> can be stored in ASN1 data
76 of I<p>, I<q> and canonical I<g>.
82 I<g>.
96 generation of I<g>. Its value is the first integer larger than one that
109 I<validate-pq> and I<validate-g> are both set to 1 to check that p,q and g are
163 associated with the given Key Generation I<ctx>.
[all …]
|
| H A D | provider-digest.pod | 108 the I<dctx> parameter.
126 by I<in>.
133 I<*outl>.
140 I<inl> bytes at I<in> should be digested and the result should be stored at
141 I<out>. The length of the digest should be stored in I<*outl> which should not
142 exceed I<outsz> bytes.
150 and stores them in I<params>.
153 provider side digest context I<dctx> to I<params>.
158 the given provider side digest context I<dctx> and stores them in I<params>.
232 given provider side digest context I<dctx> to I<params>.
[all …]
|
| H A D | provider-asym_cipher.pod | 116 cipher context in the I<ctx> parameter.
134 The data to be encrypted is pointed to by the I<in> parameter which is I<inlen>
137 pointed to by the I<out> parameter and it should not exceed I<outsize> bytes in
141 written to I<*outlen>.
157 The data to be decrypted is pointed to by the I<in> parameter which is I<inlen>
160 pointed to by the I<out> parameter and it should not exceed I<outsize> bytes in
164 written to I<*outlen>.
174 I<params>.
175 Passing NULL for I<params> should return true.
178 with the given provider side asymmetric cipher context I<ctx> to I<params>.
[all …]
|
| /openssl/test/recipes/04-test_pem_reading_data/ |
| H A D | cert-onecolumn.pem | 3 I
4 I
150 I
154 I
166 I
233 I
250 I
294 I
314 I
456 I
[all …]
|
| /openssl/doc/man1/ |
| H A D | openssl-verify.pod.in | 12 [B<-CRLfile> I<filename>|I<uri>]
16 [B<-trusted> I<filename>|I<uri>]
17 [B<-untrusted> I<filename>|I<uri>]
18 [B<-vfyopt> I<nm>:I<v>]
24 [I<certificate> ...]
39 =item B<-CRLfile> I<filename>|I<uri>
59 =item B<-trusted> I<filename>|I<uri>
67 =item B<-untrusted> I<filename>|I<uri>
73 =item B<-vfyopt> I<nm>:I<v>
99 =item I<certificate> ...
|
