/openssl/doc/man3/ |
H A D | EVP_PKEY_decapsulate.pod | 22 context I<ctx> for a decapsulation operation and then sets the I<params> 24 Note that I<ctx> usually is produced using L<EVP_PKEY_CTX_new_from_pkey(3)>, 28 EVP_PKEY_decapsulate_init() but also passes an I<authpub> authentication public 32 operation using I<ctx>. The data to be decapsulated is specified using the 33 I<wrapped> and I<wrappedlen> parameters. 34 If I<unwrapped> is NULL then the maximum size of the output secret buffer 35 is written to I<*unwrappedlen>. If I<unwrapped> is not NULL and the 36 call is successful then the decapsulated secret data is written to I<unwrapped> 37 and the amount of data written to I<*unwrappedlen>.
|
H A D | ASN1_generate_nconf.pod | 19 I<str> contains the string to encode. I<nconf> or I<cnf> contains 21 will be read from. I<nconf> will typically come from a config 22 file whereas I<cnf> is obtained from an B<X509V3_CTX> structure, 24 functions. I<cnf> or I<nconf> can be set to NULL if no additional 29 The actual data encoded is determined by the string I<str> and 35 =item [I<modifier>,]I<type>[:I<value>] 41 I<value> and I<modifier> are explained below. 64 Encodes an ASN1 B<INTEGER> type. The I<value> string represents 93 used to specify the format of I<value>. 97 Encodes an ASN1 B<BIT STRING>. I<value> represents the contents [all …]
|
H A D | EVP_PKEY_new.pod | 85 EVP_PKEY_up_ref() increments the reference count of I<key>. 87 EVP_PKEY_dup() duplicates the I<key>. The I<key> must not be ENGINE based or 91 count is zero, frees it up. If I<key> is NULL, nothing is done. 95 the library context I<libctx> and the property query string I<propq>. The 107 B<EVP_PKEY> structure is associated with the engine I<e>. The I<type> argument 119 EVP_PKEY_new_raw_private_key_ex() except that I<key> points to the raw 134 private key data. The size of the I<priv> buffer should be in I<*len> on entry 135 to the function, and on exit I<*len> is updated with the number of bytes 136 actually written. If the buffer I<priv> is NULL then I<*len> is populated with 144 public key data. The size of the I<pub> buffer should be in I<*len> on entry [all …]
|
H A D | EVP_PKEY_derive.pod | 22 EVP_PKEY_derive_init() initializes a public key algorithm context I<ctx> for 29 sets the passed parameters I<params> on the context before returning. 32 be a public key. The I<validate_peer> will validate the public key if this value 36 I<validate_peer> set to 1. 38 EVP_PKEY_derive() derives a shared secret using I<ctx>. 39 If I<key> is NULL then the maximum size of the output buffer is written to the 40 I<keylen> parameter. If I<key> is not NULL then before the call the I<keylen> 41 parameter should contain the length of the I<key> buffer, if the call is 42 successful the shared secret is written to I<key> and the amount of data 43 written to I<keylen>.
|
H A D | X509_ACERT_get0_holder_baseCertId.pod | 53 I<name>, X509_ACERT_set0_holder_baseCertId() sets the identity based on the 54 issuer and serial number of a certificate detailed in I<isss> and 56 information I<dinfo>. Although RFC 5755 section 4.2.2 recommends that only 58 attribute certificate I<x>, setting multiple methods at the same time is 63 attribute certificate I<x> can be retrieved with 77 digest information of the object. The type of I<digest> information is given 78 by I<digestedObjectType> and can be one of: 96 I<digestAlgorithm> indicates the algorithm used to compute I<digest>. 100 All I<set0>/I<set1> routines return 1 for success and 0 for failure. 101 All I<get0> functions return a pointer to the object's inner structure. These
|
H A D | OSSL_CMP_ITAV_set0.pod | 39 OSSL_CMP_ITAV_set0() sets the I<itav> with an infoType of I<type> and an 40 infoValue of I<value>. This function uses the pointers I<type> and I<value> 44 I<itav>. 47 the I<itav> as generic B<ASN1_TYPE> pointer. 49 OSSL_CMP_ITAV_push0_stack_item() pushes I<itav> to the stack pointed to 50 by I<*itav_sk_p>. It creates a new stack if I<*itav_sk_p> points to NULL. 56 OSSL_CMP_ITAV_get0_certProfile() on success assigns to I<*out> 58 list of certificate profile names contained in the infoValue field of I<itav>. 60 It is an error if the infoType of I<itav> is not B<certProfile>.
|
H A D | EVP_PKEY_verify_recover.pod | 25 I<ctx> for signing using the algorithm given when the context was created 32 I<params> on the context before returning. 35 but works with an explicitly fetched B<EVP_SIGNATURE> I<algo>. 36 A context I<ctx> without a pre-loaded key cannot be used with this function. 43 using I<ctx>. The signature is specified using the I<sig> and 44 I<siglen> parameters. If I<rout> is NULL then the maximum size of the output 45 buffer is written to the I<routlen> parameter. If I<rout> is not NULL then 46 before the call the I<routlen> parameter should contain the length of the 47 I<rout> buffer, if the call is successful recovered data is written to 48 I<rout> and the amount of data written to I<routlen>.
|
H A D | EVP_PKEY_get_group_name.pod | 16 EVP_PKEY_get_group_name() fills in the group name of the I<pkey> into 17 I<gname>, up to at most I<gname_sz> bytes including the ending NUL byte 18 and assigns I<*gname_len> the actual length of the name not including 19 the NUL byte, if I<pkey>'s key type supports it. 20 I<gname> as well as I<gname_len> may individually be NULL, and won't be
|
H A D | PKCS12_add_cert.pod | 27 in I<pbags>. 34 safeBags. If I<key_nid> is not -1 then the key is encrypted with the supplied 35 algorithm, using I<pass> as the passphrase and I<iter> as the iteration count. If 36 I<iter> is zero then a default value for iteration count of 2048 is used. 39 context I<ctx> and property query I<propq> to be used to select algorithm 43 the supplied I<nid_type> containing the supplied value as an ASN1 octet string. 48 If a certificate contains an I<alias> or a I<keyid> then this will be
|
H A D | SSL_get_event_timeout.pod | 19 All arguments are required; I<tv> and I<is_infinite> must be non-NULL. 29 I<*tv> are set to 0 and I<*is_infinite> is set to 0. 34 (relative to the time at which SSL_get_event_timeout() was called). I<*tv> is 36 and I<*is_infinite> is set to 0. 41 value of I<*tv> is unspecified and I<*is_infinite> is set to 1. 64 If the call to SSL_get_event_timeout() fails, the values of I<*tv> and 65 I<*is_infinite> may still be changed and their values become unspecified.
|
H A D | SSL_CTX_set_msg_callback.pod | 38 can be used to set argument I<arg> to the callback function, which is 52 =item I<write_p> 57 =item I<version> 65 =item I<content_type> 74 =item I<buf>, I<len> 80 =item I<ssl> 84 =item I<arg> 109 Due to automatic protocol version negotiation, I<version> is not 112 I<version> will be B<SSL3_VERSION>. 176 In versions previous to OpenSSL 3.0 I<cb> was called with 0 as I<version> for [all …]
|
H A D | OSSL_PROVIDER.pod | 79 that is to be used for looking for providers in the specified I<libctx>. 84 that is to be used for looking for providers in the specified I<libctx>. 97 entry point, C<OSSL_provider_init>. The I<name> can be a path 106 loaded and initialized or if I<retain_fallbacks> is nonzero. 107 If the provider loads successfully and I<retain_fallbacks> is zero, the 125 I<cb> for each one, with the current provider in I<provider> and the 145 OSSL_PROVIDER_query_operation() calls the provider's I<query_operation> 147 array of I<OSSL_ALGORITHM> for the given I<operation_id> terminated by an all 160 returned in the I<out> parameter from the provider's init function. See 170 supported by the provider specified in I<prov> with the capability name [all …]
|
H A D | RAND_set_DRBG_type.pod | 21 used within the library context I<ctx>. A generator of name I<drbg> 22 with properties I<propq> will be fetched. It will be instantiated with 23 either I<cipher> or I<digest> as its underlying cryptographic algorithm. 28 within the library context I<ctx>. The seed source of name I<seed> 29 with properties I<propq> will be fetched and used to seed the primary
|
H A D | OSSL_CALLBACK.pod | 24 OpenSSL libraries, along with a generic pointer to data I<arg>. As far as 25 the function receiving the pointer to the function pointer and I<arg> is 26 concerned, the data that I<arg> points at is opaque, and the pointer should 35 is expected to pass back, and pass that as I<params>, as well as the opaque 36 data pointer it received, as I<arg>. 42 store the pass phrase needs to be given with I<pass>, and its size with 43 I<pass_size>. The length of the prompted pass phrase will be given back in 44 I<*pass_len>. 46 Additional parameters can be passed with the L<OSSL_PARAM(3)> array I<params>,
|
H A D | SSL_set_session_secret_cb.pod | 23 (I<session_secret_cb>), and an optional argument (I<arg>) to be passed to that 31 data pointed to by I<*secret>. The size of the secret buffer is initially 32 available in I<*secret_len> and may be updated by the callback (but must not be 36 the I<peer_ciphers> stack. Optionally the callback may select the preferred 37 ciphersuite by setting it in I<*cipher>. 39 On the client side the I<peer_ciphers> stack will always be NULL. The callback 40 may specify the preferred cipher in I<*cipher> and this will be associated with 44 The callback is also supplied with an additional argument in I<arg> which is the
|
H A D | X509_digest.pod | 43 X509_digest_sig() calculates a digest of the given certificate I<cert> 50 Unless I<md_used> is NULL, the hash algorithm used is provided 51 in I<*md_used> and must be freed by the caller (if it is not NULL). 52 Unless I<md_is_fallback> is NULL, 53 the I<*md_is_fallback> is set to 1 if the hash algorithm used is a fallback, 57 key in the specified X509 I<data> object. 60 of their entire I<data> objects. 62 The I<type> parameter specifies the digest to 63 be used, such as EVP_sha1(). The I<md> is a pointer to the buffer where the 65 B<EVP_MAX_MD_SIZE> is suggested. The I<len> parameter, if not NULL, points
|
/openssl/doc/man1/ |
H A D | openssl-ca.pod.in | 37 [B<-md> I<arg>] 39 [B<-keyfile> I<filename>|I<uri>] 63 [B<-sigopt> I<nm>:I<v>] 64 [B<-vfyopt> I<nm>:I<v>] 117 =item B<-name> I<section>, B<-section> I<section> 169 =item B<-keyfile> I<filename>|I<uri> 179 =item B<-sigopt> I<nm>:I<v> 185 =item B<-vfyopt> I<nm>:I<v> 232 =item B<-startdate> I<date>, B<-not_before> I<date> 240 =item B<-enddate> I<date>, B<-not_after> I<date> [all …]
|
H A D | openssl-s_time.pod.in | 12 [B<-connect> I<host>:I<port>] 13 [B<-www> I<page>] 14 [B<-cert> I<filename>] 15 [B<-key> I<filename>] 18 [B<-verify> I<depth>] 19 [B<-time> I<seconds>] 26 [B<-cipher> I<cipherlist>] 27 [B<-ciphersuites> I<val>] 29 [B<-cafile> I<file>] 50 =item B<-connect> I<host>:I<port> [all …]
|
H A D | openssl-ts.pod.in | 18 [B<-I<digest>>] 22 [B<-in> I<request.tsq>] 35 [B<-inkey> I<filename>|I<uri>] 36 [B<-I<digest>>] 53 [B<-untrusted> I<files>|I<uris>] 54 [B<-CAfile> I<file>] 55 [B<-CApath> I<dir>] 56 [B<-CAstore> I<uri>] 238 =item B<-inkey> I<filename>|I<uri> 339 =item B<-untrusted> I<files>|I<uris> [all …]
|
H A D | openssl-engine.pod.in | 19 [B<-pre> I<command>] ... 20 [B<-post> I<command>] ... 21 [I<engine> ...] 28 of the specified I<engine>s. 59 =item B<-pre> I<command> 61 =item B<-post> I<command> 66 The I<command> is of the form I<cmd>:I<val> where I<cmd> is the command, 67 and I<val> is the value for the command.
|
/openssl/doc/man7/ |
H A D | EVP_PKEY-DH.pod | 19 The B<DH> key type uses PKCS#3 format which saves I<p> and I<g>, but not the 20 I<q> value. 37 with known values for I<p>, I<q> and I<g>. 47 For protocols that only transfer I<p> and I<g> the value of I<q> can also be 77 based on the size of I<p>. 138 I<seed>, I<pcounter> and I<gindex> or I<hindex> may need to be stored for 140 For B<DHX> the I<seed> and I<pcounter> can be stored in ASN1 data 141 (but the I<gindex> or I<hindex> cannot be stored). It is recommended to use a 152 test the I<p> value for being a prime (and a safe prime if I<q> is missing) 157 I<FFC Full Public-Key Validation>. [all …]
|
H A D | provider-keymgmt.pod | 239 I<genctx>. The I<template> is assumed to be a key object constructed 246 I<params> in the key object generation context I<genctx>. 253 I<params> in the key object generation context I<genctx>. 265 generation context I<genctx> 268 I<reference> object with a size of I<reference_sz> bytes, that only the 325 I<keydata> is valid. The I<checktype> parameter controls what type of check is 336 I<selection> in I<keydata1> and I<keydata2> match. It is assumed that 337 the caller has ensured that I<keydata1> and I<keydata2> are both owned 343 I<keydata> with values taken from the L<OSSL_PARAM(3)> array I<params>. 347 I<param_cb> with that array as well as the given I<cbarg>. [all …]
|
H A D | provider-mac.pod | 101 the I<mctx> parameter. 107 I<mctx> parameter and return the duplicate copy. 112 side mac context in the I<mctx> parameter. The I<params> are set before setting 113 the MAC I<key> of I<keylen> bytes. 125 to I<*outl>, which should not exceed I<outsize> bytes. 135 provider algorithm and stores them in I<params>. 138 provider side mac context I<mctx> to I<params>. 140 Passing NULL for I<params> should return true. 144 in I<params>. 145 Passing NULL for I<params> should return true. [all …]
|
/openssl/doc/internal/man3/ |
H A D | evp_pkey_export_to_provider.pod | 24 evp_pkey_export_to_provider() exports the "origin" key contained in I<pk> 26 with I<*keymgmt> or with an implicit fetch using I<libctx> (NULL means the 27 default context), the name of the legacy type of I<pk>, and the I<propquery> 30 If I<keymgmt> isn't NULL but I<*keymgmt> is, and the "origin" was successfully 31 exported, then I<*keymgmt> is assigned the implicitly fetched B<EVP_KEYMGMT>. 33 evp_pkey_copy_downgraded() makes a copy of I<src> in legacy form into I<*dest>, 52 allocated. It also either sets I<*keymgmt> to the B<EVP_KEYMGMT> associated
|
H A D | ossl_DER_w_bn.pod | 26 I<pkt>. 28 ossl_DER_w_boolean() writes the primitive BOOLEAN using the value I<b>. 33 the value I<v>. 41 from I<data> with a length of I<data_n>. 44 32 bit value in I<value>. 49 mean that the buffer held by the I<pkt> is too small, but may also 51 I<tag> value being too large for the implementation.
|