Loading doc/crypto/PKCS12_create.pod +0 −18 Original line number Diff line number Diff line Loading @@ -46,24 +46,6 @@ export grade software which could use signing only keys of arbitrary size but had restrictions on the permissible sizes of keys which could be used for encryption. =head1 NEW FUNCTIONALITY IN OPENSSL 0.9.8 Some additional functionality was added to PKCS12_create() in OpenSSL 0.9.8. These extensions are detailed below. If a certificate contains an B<alias> or B<keyid> then this will be used for the corresponding B<friendlyName> or B<localKeyID> in the PKCS12 structure. Either B<pkey>, B<cert> or both can be B<NULL> to indicate that no key or certficate is required. In previous versions both hasves to be present or a fatal error is returned. B<nid_key> or B<nid_cert> can be set to -1 indicating that no encryption should be used. B<mac_iter> can be set to -1 and the MAC will then be omitted entirely. =head1 SEE ALSO L<d2i_PKCS12(3)|d2i_PKCS12(3)> Loading doc/crypto/crypto.pod +16 −0 Original line number Diff line number Diff line Loading @@ -62,6 +62,22 @@ L<txt_db(3)|txt_db(3)> =back =head1 NOTES Some of the newer functions follow a naming convention using the numbers B<0> and B<1>. For example the functions: int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); The B<0> version uses the supplied structure pointer directly in the parent and it will be freed up when the parent is freed. In the above example B<crl> would be freed but B<rev> would not. The B<1> function uses a copy of the supplied structure pointer (or in some cases increases its link count) in the parent and so both (B<x> and B<obj> above) should be freed up. =head1 SEE ALSO L<openssl(1)|openssl(1)>, L<ssl(3)|ssl(3)> Loading doc/crypto/d2i_DHparams.pod +7 −7 Original line number Diff line number Diff line Loading @@ -2,7 +2,7 @@ =head1 NAME d2i_DHparams, i2d_DHparams - ... d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions. =head1 SYNOPSIS Loading @@ -13,18 +13,18 @@ d2i_DHparams, i2d_DHparams - ... =head1 DESCRIPTION ... These functions decode and encode PKCS#3 DH parameters using the DHparameter structure described in PKCS#3. =head1 RETURN VALUES ... Othewise these behave in a similar way to d2i_X509() and i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page. =head1 SEE ALSO ... L<d2i_X509(3)|d2i_X509(3)> =head1 HISTORY ... TBA =cut doc/crypto/d2i_RSAPublicKey.pod +33 −6 Original line number Diff line number Diff line Loading @@ -2,7 +2,9 @@ =head1 NAME d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Netscape_RSA, d2i_Netscape_RSA - ... d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, d2i_RSA_PUBKEY, i2d_RSA_PUBKEY, i2d_Netscape_RSA, d2i_Netscape_RSA - RSA public and private key encoding functions. =head1 SYNOPSIS Loading @@ -12,6 +14,10 @@ d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Ne int i2d_RSAPublicKey(RSA *a, unsigned char **pp); RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length); int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp); RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); int i2d_RSAPrivateKey(RSA *a, unsigned char **pp); Loading @@ -22,18 +28,39 @@ d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Ne =head1 DESCRIPTION ... d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey structure. d2i_RSA_PUKEY() and i2d_RSA_PUKEY() decode and encode an RSA public key using a SubjectPublicKeyInfo (certificate public key) structure. d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey structure. d2i_Netscape_RSA(), i2d_Netscape_RSA() decode and encode an RSA private key in NET format. The usage of all of these functions is similar to the d2i_X509() and i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page. =head1 NOTES The B<RSA> structure passed to the private key encoding functions should have all the PKCS#1 private key components present. =head1 RETURN VALUES The data encoded by the private key functions is unencrypted and therefore offers no private key security. ... The NET format functions are present to provide compatibility with certain very old software. This format has some severe security weaknesses and should be avoided if possible. =head1 SEE ALSO ... L<d2i_X509(3)|d2i_X509(3)> =head1 HISTORY ... TBA =cut Loading
doc/crypto/PKCS12_create.pod +0 −18 Original line number Diff line number Diff line Loading @@ -46,24 +46,6 @@ export grade software which could use signing only keys of arbitrary size but had restrictions on the permissible sizes of keys which could be used for encryption. =head1 NEW FUNCTIONALITY IN OPENSSL 0.9.8 Some additional functionality was added to PKCS12_create() in OpenSSL 0.9.8. These extensions are detailed below. If a certificate contains an B<alias> or B<keyid> then this will be used for the corresponding B<friendlyName> or B<localKeyID> in the PKCS12 structure. Either B<pkey>, B<cert> or both can be B<NULL> to indicate that no key or certficate is required. In previous versions both hasves to be present or a fatal error is returned. B<nid_key> or B<nid_cert> can be set to -1 indicating that no encryption should be used. B<mac_iter> can be set to -1 and the MAC will then be omitted entirely. =head1 SEE ALSO L<d2i_PKCS12(3)|d2i_PKCS12(3)> Loading
doc/crypto/crypto.pod +16 −0 Original line number Diff line number Diff line Loading @@ -62,6 +62,22 @@ L<txt_db(3)|txt_db(3)> =back =head1 NOTES Some of the newer functions follow a naming convention using the numbers B<0> and B<1>. For example the functions: int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); The B<0> version uses the supplied structure pointer directly in the parent and it will be freed up when the parent is freed. In the above example B<crl> would be freed but B<rev> would not. The B<1> function uses a copy of the supplied structure pointer (or in some cases increases its link count) in the parent and so both (B<x> and B<obj> above) should be freed up. =head1 SEE ALSO L<openssl(1)|openssl(1)>, L<ssl(3)|ssl(3)> Loading
doc/crypto/d2i_DHparams.pod +7 −7 Original line number Diff line number Diff line Loading @@ -2,7 +2,7 @@ =head1 NAME d2i_DHparams, i2d_DHparams - ... d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions. =head1 SYNOPSIS Loading @@ -13,18 +13,18 @@ d2i_DHparams, i2d_DHparams - ... =head1 DESCRIPTION ... These functions decode and encode PKCS#3 DH parameters using the DHparameter structure described in PKCS#3. =head1 RETURN VALUES ... Othewise these behave in a similar way to d2i_X509() and i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page. =head1 SEE ALSO ... L<d2i_X509(3)|d2i_X509(3)> =head1 HISTORY ... TBA =cut
doc/crypto/d2i_RSAPublicKey.pod +33 −6 Original line number Diff line number Diff line Loading @@ -2,7 +2,9 @@ =head1 NAME d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Netscape_RSA, d2i_Netscape_RSA - ... d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, d2i_RSA_PUBKEY, i2d_RSA_PUBKEY, i2d_Netscape_RSA, d2i_Netscape_RSA - RSA public and private key encoding functions. =head1 SYNOPSIS Loading @@ -12,6 +14,10 @@ d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Ne int i2d_RSAPublicKey(RSA *a, unsigned char **pp); RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length); int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp); RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); int i2d_RSAPrivateKey(RSA *a, unsigned char **pp); Loading @@ -22,18 +28,39 @@ d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Ne =head1 DESCRIPTION ... d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey structure. d2i_RSA_PUKEY() and i2d_RSA_PUKEY() decode and encode an RSA public key using a SubjectPublicKeyInfo (certificate public key) structure. d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey structure. d2i_Netscape_RSA(), i2d_Netscape_RSA() decode and encode an RSA private key in NET format. The usage of all of these functions is similar to the d2i_X509() and i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page. =head1 NOTES The B<RSA> structure passed to the private key encoding functions should have all the PKCS#1 private key components present. =head1 RETURN VALUES The data encoded by the private key functions is unencrypted and therefore offers no private key security. ... The NET format functions are present to provide compatibility with certain very old software. This format has some severe security weaknesses and should be avoided if possible. =head1 SEE ALSO ... L<d2i_X509(3)|d2i_X509(3)> =head1 HISTORY ... TBA =cut
