diff --git a/doc/man3/ASN1_STRING_length.pod b/doc/man3/ASN1_STRING_length.pod index 909a3af1ca..8354cea8bd 100644 --- a/doc/man3/ASN1_STRING_length.pod +++ b/doc/man3/ASN1_STRING_length.pod @@ -28,11 +28,11 @@ ASN1_STRING_to_UTF8 - ASN1_STRING utility functions These functions allow an B structure to be manipulated. -ASN1_STRING_length() returns the length of the content of I. +ASN1_STRING_length() returns the length of the content of I. I B be NULL. ASN1_STRING_get0_data() returns an internal pointer to the data of I. Since this is an internal pointer it should B be freed or -modified in any way. +modified in any way. I B be NULL. ASN1_STRING_data() is similar to ASN1_STRING_get0_data() except the returned value is not constant. This function is deprecated: diff --git a/doc/man3/BIO_get_ex_new_index.pod b/doc/man3/BIO_get_ex_new_index.pod index f26b573350..95bdc79389 100644 --- a/doc/man3/BIO_get_ex_new_index.pod +++ b/doc/man3/BIO_get_ex_new_index.pod @@ -89,10 +89,10 @@ TYPE_get_ex_new_index() is a macro that calls CRYPTO_get_ex_new_index() with the correct B value. TYPE_set_ex_data() is a function that calls CRYPTO_set_ex_data() with -an offset into the opaque exdata part of the TYPE object. +an offset into the opaque exdata part of the TYPE object. I B be NULL. TYPE_get_ex_data() is a function that calls CRYPTO_get_ex_data() with -an offset into the opaque exdata part of the TYPE object. +an offset into the opaque exdata part of the TYPE object. I B be NULL. For compatibility with previous releases, the exdata index of zero is reserved for "application data." There are two convenience functions for diff --git a/doc/man3/BIO_new.pod b/doc/man3/BIO_new.pod index 282da275ee..8c4c5bcc83 100644 --- a/doc/man3/BIO_new.pod +++ b/doc/man3/BIO_new.pod @@ -20,7 +20,7 @@ BIO_new_ex, BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all The BIO_new_ex() function returns a new BIO using method B associated with the library context I (see OSSL_LIB_CTX(3)). The library context may be -NULL to indicate the default library context. +NULL to indicate the default library context. I B be NULL. The BIO_new() is the same as BIO_new_ex() except the default library context is always used. diff --git a/doc/man3/BN_bn2bin.pod b/doc/man3/BN_bn2bin.pod index 4578e4acfa..595b9d041f 100644 --- a/doc/man3/BN_bn2bin.pod +++ b/doc/man3/BN_bn2bin.pod @@ -43,7 +43,7 @@ BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn - format conversions BN_bn2bin() converts the absolute value of B into big-endian form and stores it at B. B must point to BN_num_bytes(B) bytes of -memory. +memory. B and B B be NULL. BN_bn2binpad() also converts the absolute value of B into big-endian form and stores it at B. B indicates the length of the output buffer @@ -59,7 +59,7 @@ C<) + 1>>), an error is returned. BN_bin2bn() converts the positive integer in big-endian form of length B at B into a B and places it in B. If B is -NULL, a new B is created. +NULL, a new B is created. B B be NULL. BN_signed_bin2bn() converts the integer in big-endian signed 2's complement form of length B at B into a B and places it in B. If diff --git a/doc/man3/ERR_error_string.pod b/doc/man3/ERR_error_string.pod index 42b192178a..31a0698878 100644 --- a/doc/man3/ERR_error_string.pod +++ b/doc/man3/ERR_error_string.pod @@ -32,7 +32,7 @@ of the buffer; use ERR_error_string_n() instead. ERR_error_string_n() is a variant of ERR_error_string() that writes at most I characters (including the terminating 0) and truncates the string if necessary. -For ERR_error_string_n(), I may not be B. +For ERR_error_string_n(), I B be NULL. The string will have the following format: diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 49625c3134..ddad2f8f88 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -266,7 +266,7 @@ If I is NULL the default implementation of digest I is used. Sets up digest context I to use a digest I. I is typically supplied by a function such as EVP_sha1(), or a -value explicitly fetched with EVP_MD_fetch(). +value explicitly fetched with EVP_MD_fetch(). I B be NULL. The parameters B are set on the context after initialisation. @@ -302,7 +302,7 @@ B bytes will be written unless the digest implementation allows changing the digest size and it is set to a larger value by the application. After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate() can be made, but EVP_DigestInit_ex2() can be called to -initialize a new digest operation. +initialize a new digest operation. I B be NULL. =item EVP_DigestFinalXOF() @@ -761,6 +761,10 @@ digest name passed on the command line. } mdctx = EVP_MD_CTX_new(); + if (mdctx == NULL) { + printf("Message digest create failed.\n"); + exit(1); + } if (!EVP_DigestInit_ex2(mdctx, md, NULL)) { printf("Message digest initialization failed.\n"); EVP_MD_CTX_free(mdctx); diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod index a286c75cc4..68baac639f 100644 --- a/doc/man3/EVP_DigestSignInit.pod +++ b/doc/man3/EVP_DigestSignInit.pod @@ -118,7 +118,7 @@ be used for the signing and digest algorithm implementations. I may be NULL. EVP_DigestSignUpdate() hashes I bytes of data at I into the signature context I. This function can be called several times on the -same I to include additional data. +same I to include additional data. I B be NULL. Unless I is NULL EVP_DigestSignFinal() signs the data in I and places the signature in I. diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index fe63051d4d..734d71b56c 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -352,8 +352,8 @@ can be set in the context's current state. =item EVP_EncryptInit_ex2() -Sets up cipher context I for encryption with cipher I. I is -typically supplied by calling EVP_CIPHER_fetch(). I may also be set +Sets up cipher context I for encryption with cipher I. I B be NULL. +I is typically supplied by calling EVP_CIPHER_fetch(). I may also be set using legacy functions such as EVP_aes_256_cbc(), but this is not recommended for new applications. I is the symmetric key to use and I is the IV to use (if necessary), the actual number of bytes used for the key and IV depends @@ -378,7 +378,7 @@ I. The pointers I and I may point to the same location, in which case the encryption will be done in-place. However, in-place encryption is guaranteed to work only if the encryption context (I) has processed data in multiples of the block size. If the context contains an incomplete data block -from previous operations, in-place encryption will fail. +from previous operations, in-place encryption will fail. I B be NULL. If I and I point to different locations, the two buffers must be disjoint, otherwise the operation might fail or the outcome might be undefined. @@ -418,7 +418,7 @@ final block is not correctly formatted. The parameters and restrictions are identical to the encryption operations except that if padding is enabled the decrypted data buffer I passed to EVP_DecryptUpdate() should have sufficient room for (I + cipher_block_size) bytes unless the cipher block -size is 1 in which case I bytes is sufficient. +size is 1 in which case I bytes is sufficient. I B be NULL. =item EVP_CipherInit_ex2(), EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex() @@ -513,7 +513,7 @@ EVP_DecryptInit_ex2() or EVP_CipherInit_ex2(). By default encryption operations are padded using standard block padding and the padding is checked and removed when decrypting. If the I parameter is zero then no padding is performed, the total amount of data encrypted or decrypted must then -be a multiple of the block size or an error will occur. +be a multiple of the block size or an error will occur. I B be NULL. =item EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length() @@ -570,6 +570,7 @@ context (see L) will be considered. Return the name of the passed cipher or context. For fetched ciphers with multiple names, only one of them is returned. See also EVP_CIPHER_names_do_all(). +I B be NULL. =item EVP_CIPHER_names_do_all() diff --git a/doc/man3/MD5.pod b/doc/man3/MD5.pod index 99bf821160..e56eafc16f 100644 --- a/doc/man3/MD5.pod +++ b/doc/man3/MD5.pod @@ -70,7 +70,7 @@ MD2_Final() places the message digest in B, which must have space for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the B. MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and -MD5_Final() are analogous using an B and B structure. +MD5_Final() are analogous using an B and B structure. The parameter B be NULL. Applications should use the higher level functions L diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod index 180456b2de..9d85d4438a 100644 --- a/doc/man3/PEM_read_bio_PrivateKey.pod +++ b/doc/man3/PEM_read_bio_PrivateKey.pod @@ -320,7 +320,7 @@ structure. The PEM functions have many common arguments. The I BIO parameter (if present) specifies the BIO to read from -or write to. +or write to. The I BIO parameter B be NULL. The I FILE parameter (if present) specifies the FILE pointer to read from or write to. diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod index 3b7bf53637..d6adf689dc 100644 --- a/doc/man3/RAND_bytes.pod +++ b/doc/man3/RAND_bytes.pod @@ -26,7 +26,7 @@ see L: =head1 DESCRIPTION RAND_bytes() generates B random bytes using a cryptographically -secure pseudo random generator (CSPRNG) and stores them in B. +secure pseudo random generator (CSPRNG) and stores them in B. B B be NULL. RAND_priv_bytes() has the same semantics as RAND_bytes(). It is intended to be used for generating values that should remain private. If using the diff --git a/doc/man3/SSL_CTX_load_verify_locations.pod b/doc/man3/SSL_CTX_load_verify_locations.pod index b0dc8babd2..7e3b2771f2 100644 --- a/doc/man3/SSL_CTX_load_verify_locations.pod +++ b/doc/man3/SSL_CTX_load_verify_locations.pod @@ -31,7 +31,7 @@ SSL_CTX_load_verify_locations(), SSL_CTX_load_verify_dir(), SSL_CTX_load_verify_file(), SSL_CTX_load_verify_store() specifies the locations for B, at which CA certificates for verification purposes are located. The certificates available via B, B and -B are trusted. +B are trusted. B B be NULL Details of the certificate verification and chain checking process are described in L. @@ -47,6 +47,7 @@ The default CA certificates file is called F in the default OpenSSL directory. Alternatively the B environment variable can be defined to override this location. +B B be NULL. SSL_CTX_set_default_verify_dir() is similar to SSL_CTX_set_default_verify_paths() except that just the default directory is diff --git a/doc/man3/SSL_CTX_set_cert_store.pod b/doc/man3/SSL_CTX_set_cert_store.pod index 246f413136..ec58d32747 100644 --- a/doc/man3/SSL_CTX_set_cert_store.pod +++ b/doc/man3/SSL_CTX_set_cert_store.pod @@ -25,7 +25,7 @@ of B to/with B. The B's reference count is incremented. If another X509_STORE object is currently set in B, it will be X509_STORE_free()ed. SSL_CTX_get_cert_store() returns a pointer to the current certificate -verification storage. +verification storage. B B be NULL. =head1 NOTES diff --git a/doc/man3/SSL_CTX_set_cipher_list.pod b/doc/man3/SSL_CTX_set_cipher_list.pod index e5ac025688..1df33ba11d 100644 --- a/doc/man3/SSL_CTX_set_cipher_list.pod +++ b/doc/man3/SSL_CTX_set_cipher_list.pod @@ -29,7 +29,7 @@ SSL_CTX_set_cipher_list() sets the list of available ciphers (TLSv1.2 and below) for B using the control string B. The format of the string is described in L. The list of ciphers is inherited by all B objects created from B. This function does not impact TLSv1.3 -ciphersuites. Use SSL_CTX_set_ciphersuites() to configure those. +ciphersuites. Use SSL_CTX_set_ciphersuites() to configure those. B B be NULL. SSL_set_cipher_list() sets the list of ciphers (TLSv1.2 and below) only for B. diff --git a/doc/man3/SSL_CTX_set_info_callback.pod b/doc/man3/SSL_CTX_set_info_callback.pod index 99f59b063c..3159c0294a 100644 --- a/doc/man3/SSL_CTX_set_info_callback.pod +++ b/doc/man3/SSL_CTX_set_info_callback.pod @@ -33,7 +33,7 @@ When B is NULL, no callback function is used. SSL_set_info_callback() sets the B function, that can be used to obtain state information for B during connection setup and use. When B is NULL, the callback setting currently valid for -B is used. +B is used. B B be NULL. SSL_CTX_get_info_callback() returns a pointer to the currently set information callback function for B. diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index 28b5d680f5..e64ab6925a 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -24,6 +24,7 @@ SSL_get_secure_renegotiation_support - manipulate SSL options =head1 DESCRIPTION SSL_CTX_set_options() adds the options set via bit-mask in B to B. +B B be NULL. Options already set before are not cleared! SSL_set_options() adds the options set via bit-mask in B to B. diff --git a/doc/man3/SSL_CTX_set_verify.pod b/doc/man3/SSL_CTX_set_verify.pod index 1ae533b71e..58774796cd 100644 --- a/doc/man3/SSL_CTX_set_verify.pod +++ b/doc/man3/SSL_CTX_set_verify.pod @@ -32,7 +32,7 @@ SSL_CTX_set_post_handshake_auth SSL_CTX_set_verify() sets the verification flags for B to be B and specifies the B function to be used. If no callback function -shall be specified, the NULL pointer can be used for B. +shall be specified, the NULL pointer can be used for B. B B be NULL. SSL_set_verify() sets the verification flags for B to be B and specifies the B function to be used. If no callback function diff --git a/doc/man3/SSL_CTX_use_certificate.pod b/doc/man3/SSL_CTX_use_certificate.pod index dd6f831b86..2a9227c2ae 100644 --- a/doc/man3/SSL_CTX_use_certificate.pod +++ b/doc/man3/SSL_CTX_use_certificate.pod @@ -88,7 +88,7 @@ certificate), followed by intermediate CA certificates if applicable, and ending at the highest level (root) CA. SSL_use_certificate_chain_file() is similar except it loads the certificate chain into B. -SSL_CTX_use_PrivateKey() adds B as private key to B. +SSL_CTX_use_PrivateKey() adds B as private key to B. B B be NULL. SSL_CTX_use_RSAPrivateKey() adds the private key B of type RSA to B. SSL_use_PrivateKey() adds B as private key to B; SSL_use_RSAPrivateKey() adds B as private key of type RSA to B. @@ -126,7 +126,7 @@ from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. SSL_CTX_use_RSAPrivateKey_file() adds the first private RSA key found in B to B. SSL_use_PrivateKey_file() adds the first private key found in B to B; SSL_use_RSAPrivateKey_file() adds the first private -RSA key found to B. +RSA key found to B. B B be NULL. SSL_CTX_check_private_key() checks the consistency of a private key with the corresponding certificate loaded into B. If more than one diff --git a/doc/man3/SSL_connect.pod b/doc/man3/SSL_connect.pod index 4e9bd9ca07..f0bd04bb34 100644 --- a/doc/man3/SSL_connect.pod +++ b/doc/man3/SSL_connect.pod @@ -14,7 +14,7 @@ SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server SSL_connect() initiates the TLS/SSL handshake with a server. The communication channel must already have been set and assigned to the B by setting an -underlying B. +underlying B. B B be NULL. =head1 NOTES diff --git a/doc/man3/SSL_get_current_cipher.pod b/doc/man3/SSL_get_current_cipher.pod index 2527819e1b..7add794ca8 100644 --- a/doc/man3/SSL_get_current_cipher.pod +++ b/doc/man3/SSL_get_current_cipher.pod @@ -22,7 +22,7 @@ SSL_get_pending_cipher - get SSL_CIPHER of a connection SSL_get_current_cipher() returns a pointer to an SSL_CIPHER object containing the description of the actually used cipher of a connection established with -the B object. +the B object. B B be NULL. See L for more details. SSL_get_cipher_name() obtains the diff --git a/doc/man3/SSL_get_verify_result.pod b/doc/man3/SSL_get_verify_result.pod index 08c46c0576..ca76945886 100644 --- a/doc/man3/SSL_get_verify_result.pod +++ b/doc/man3/SSL_get_verify_result.pod @@ -13,7 +13,7 @@ SSL_get_verify_result - get result of peer certificate verification =head1 DESCRIPTION SSL_get_verify_result() returns the result of the verification of the -X509 certificate presented by the peer, if any. +X509 certificate presented by the peer, if any. I B be NULL. =head1 NOTES diff --git a/doc/man3/SSL_in_init.pod b/doc/man3/SSL_in_init.pod index 315d870284..02725d83bc 100644 --- a/doc/man3/SSL_in_init.pod +++ b/doc/man3/SSL_in_init.pod @@ -37,6 +37,8 @@ fully protected application data can be transferred or 0 otherwise. Note that in some circumstances (such as when early data is being transferred) SSL_in_init(), SSL_in_before() and SSL_is_init_finished() can all return 0. +B B be NULL. + SSL_in_connect_init() returns 1 if B is acting as a client and SSL_in_init() would return 1, or 0 otherwise. diff --git a/doc/man3/SSL_shutdown.pod b/doc/man3/SSL_shutdown.pod index a9894b717a..6b3b8d74f2 100644 --- a/doc/man3/SSL_shutdown.pod +++ b/doc/man3/SSL_shutdown.pod @@ -21,7 +21,7 @@ SSL_shutdown, SSL_shutdown_ex - shut down a TLS/SSL or QUIC connection =head1 DESCRIPTION -SSL_shutdown() shuts down an active connection represented by an SSL object. +SSL_shutdown() shuts down an active connection represented by an SSL object. I B be NULL. SSL_shutdown_ex() is an extended version of SSL_shutdown(). If non-NULL, I must point to a B structure and I must be set to diff --git a/doc/man3/SSL_want.pod b/doc/man3/SSL_want.pod index b397fc0521..1eddeeba4d 100644 --- a/doc/man3/SSL_want.pod +++ b/doc/man3/SSL_want.pod @@ -22,7 +22,7 @@ SSL_want_client_hello_cb - obtain state information TLS/SSL I/O operation =head1 DESCRIPTION -SSL_want() returns state information for the SSL object B. +SSL_want() returns state information for the SSL object B. B B be NULL. The other SSL_want_*() calls are shortcuts for the possible states returned by SSL_want(). diff --git a/doc/man3/X509_STORE_CTX_get_error.pod b/doc/man3/X509_STORE_CTX_get_error.pod index 1ecea80004..f1f5ce1eb7 100644 --- a/doc/man3/X509_STORE_CTX_get_error.pod +++ b/doc/man3/X509_STORE_CTX_get_error.pod @@ -31,19 +31,20 @@ These functions are typically called after certificate or chain verification using L or L has indicated an error or in a verification callback to determine the nature of an error. -X509_STORE_CTX_get_error() returns the error code of I. +X509_STORE_CTX_get_error() returns the error code of I. I B be NULL. See the L section for a full description of all error codes. It may return a code != X509_V_OK even if X509_verify_cert() did not indicate an error, likely because a verification callback function has waived the error. X509_STORE_CTX_set_error() sets the error code of I to I. For example it might be used in a verification callback to set an error based on additional -checks. +checks. I B be NULL. X509_STORE_CTX_get_error_depth() returns the I of the error. This is a nonnegative integer representing where in the certificate chain the error occurred. If it is zero it occurred in the end entity certificate, one if it is the certificate which signed the end entity certificate and so on. +I B be NULL. X509_STORE_CTX_set_error_depth() sets the error I. This can be used in combination with X509_STORE_CTX_set_error() to set the diff --git a/doc/man3/X509_STORE_add_cert.pod b/doc/man3/X509_STORE_add_cert.pod index 9cfe891c23..7b57e04721 100644 --- a/doc/man3/X509_STORE_add_cert.pod +++ b/doc/man3/X509_STORE_add_cert.pod @@ -88,7 +88,7 @@ X509_STORE_set_depth(), X509_STORE_set_flags(), X509_STORE_set_purpose(), X509_STORE_set_trust(), and X509_STORE_set1_param() set the default values for the corresponding values used in certificate chain validation. Their behavior is documented in the corresponding B manual -pages, e.g., L. +pages, e.g., L. The B B be NULL. X509_STORE_add_lookup() finds or creates a L with the L I and adds it to the B diff --git a/doc/man3/X509_get0_notBefore.pod b/doc/man3/X509_get0_notBefore.pod index a259b1d0b8..628ad7bc0c 100644 --- a/doc/man3/X509_get0_notBefore.pod +++ b/doc/man3/X509_get0_notBefore.pod @@ -39,7 +39,7 @@ X509_CRL_set1_nextUpdate - get or set certificate or CRL dates X509_get0_notBefore() and X509_get0_notAfter() return the B and B fields of certificate I respectively. The value returned is an internal pointer which must not be freed up after -the call. +the call. I B be NULL. X509_getm_notBefore() and X509_getm_notAfter() are similar to X509_get0_notBefore() and X509_get0_notAfter() except they return diff --git a/doc/man3/X509_get_subject_name.pod b/doc/man3/X509_get_subject_name.pod index 54a61e195a..6a10878d33 100644 --- a/doc/man3/X509_get_subject_name.pod +++ b/doc/man3/X509_get_subject_name.pod @@ -54,7 +54,7 @@ X509_NAME_hash() returns a hash value of name I or 0 on failure, using the default library context and default property query. X509_get_subject_name() returns the subject name of certificate I. The -returned value is an internal pointer which B be freed. +returned value is an internal pointer which B be freed. I B be NULL. X509_set_subject_name() sets the issuer name of certificate I to I. The I parameter is copied internally and should be freed