Changeset 94404 in vbox for trunk/src/libs/openssl-3.0.2/doc/man7

Timestamp:

Mar 31, 2022 9:00:36 AM (3 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

150730

Message:

libs/openssl: Update to 3.0.2 and switch to it, bugref:10128

Location:

trunk/src/libs/openssl-3.0.2

Files:

• . (modified) (1 prop)
• doc/man7/EVP_KEYEXCH-DH.pod (modified) (3 diffs)
• doc/man7/EVP_KEYEXCH-ECDH.pod (modified) (3 diffs)
• doc/man7/EVP_MD-BLAKE2.pod (modified) (2 diffs)
• doc/man7/crypto.pod (modified) (5 diffs)
• doc/man7/provider-base.pod (modified) (1 diff)
• doc/man7/provider-keyexch.pod (modified) (2 diffs)

trunk/src/libs/openssl-3.0.2

@@ -13 +13 @@
 /vendor/openssl/1.1.1k:145841-145843
 /vendor/openssl/3.0.1:150323-150324
-/vendor/openssl/current:147554-150322
+/vendor/openssl/3.0.2:150728-150729
+/vendor/openssl/current:147554-150727

@@ -13 +13 @@
 /vendor/openssl/1.1.1k:145841-145843
 /vendor/openssl/3.0.1:150323-150324
-/vendor/openssl/current:147554-150322
+/vendor/openssl/3.0.2:150728-150729
+/vendor/openssl/current:147554-150727

trunk/src/libs/openssl-3.0.2/doc/man7/EVP_KEYEXCH-DH.pod

@@ -16 +16 @@
 =item "pad" (B<OSSL_EXCHANGE_PARAM_PAD>) <unsigned integer>
 
+Sets the padding mode for the associated key exchange ctx.
+Setting a value of 1 will turn padding on.
+Setting a value of 0 will turn padding off.
+If padding is off then the derived shared secret may be smaller than the
+largest possible secret size.
+If padding is on then the derived shared secret will have its first bytes
+filled with zeros where necessary to make the shared secret the same size as
+the largest possible secret size.
+The padding mode parameter is ignored (and padding implicitly enabled) when
+the KDF type is set to "X942KDF-ASN1" (B<OSSL_KDF_NAME_X942KDF_ASN1>).
+
+=item "kdf-type" (B<OSSL_EXCHANGE_PARAM_KDF_TYPE>) <UTF8 string>
+
+See L<provider-keyexch(7)/Common Key Exchange parameters>.
+
+=item "kdf-digest" (B<OSSL_EXCHANGE_PARAM_KDF_DIGEST>) <UTF8 string>
+
+See L<provider-keyexch(7)/Common Key Exchange parameters>.
+
+=item "kdf-digest-props" (B<OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS>) <UTF8 string>
+
+See L<provider-keyexch(7)/Common Key Exchange parameters>.
+
+=item "kdf-outlen" (B<OSSL_EXCHANGE_PARAM_KDF_OUTLEN>) <unsigned integer>
+
 See L<provider-keyexch(7)/Common Key Exchange parameters>.
 
 =item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet string>
 
-Sets the User Key Material to be used as part of the selected Key Derivation
-Function associated with the given key exchange ctx.
+See L<provider-keyexch(7)/Common Key Exchange parameters>.
 
-=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet string ptr>
+=item "cekalg" (B<OSSL_KDF_PARAM_CEK_ALG>) <octet string ptr>
 
-Gets a pointer to the User Key Material to be used as part of the selected
-Key Derivation Function associated with the given key exchange ctx. Providers
-usually do not need to support this gettable parameter as its sole purpose
-is to support functionality of the deprecated EVP_PKEY_CTX_get0_dh_kdf_ukm()
-function.
+See L<provider-kdf(7)/KDF Parameters>.
 
 =back
@@ -59 +79 @@
 To derive a shared secret on the host using the host's key and the peer's public
 key:
+
     /* It is assumed that the host_key and peer_pub_key are set up */
     void derive_secret(EVP_KEY *host_key, EVP_PKEY *peer_pub_key)
@@ -102 +123 @@
 =head1 COPYRIGHT
 
-Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use

trunk/src/libs/openssl-3.0.2/doc/man7/EVP_KEYEXCH-ECDH.pod

@@ -34 +34 @@
 =item "kdf-type" (B<OSSL_EXCHANGE_PARAM_KDF_TYPE>) <UTF8 string>
 
-Sets or gets the Key Derivation Function type to apply within the associated key
-exchange ctx.
+See L<provider-keyexch(7)/Common Key Exchange parameters>.
 
 =item "kdf-digest" (B<OSSL_EXCHANGE_PARAM_KDF_DIGEST>) <UTF8 string>
 
-Sets or gets the Digest algorithm to be used as part of the Key Derivation Function
-associated with the given key exchange ctx.
+See L<provider-keyexch(7)/Common Key Exchange parameters>.
 
 =item "kdf-digest-props" (B<OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS>) <UTF8 string>
 
-Sets properties to be used upon look up of the implementation for the selected
-Digest algorithm for the Key Derivation Function associated with the given key
-exchange ctx.
+See L<provider-keyexch(7)/Common Key Exchange parameters>.
 
 =item "kdf-outlen" (B<OSSL_EXCHANGE_PARAM_KDF_OUTLEN>) <unsigned integer>
 
-Sets or gets the desired size for the output of the chosen Key Derivation Function
-associated with the given key exchange ctx.
-The length of the "kdf-outlen" parameter should not exceed that of a B<size_t>.
+See L<provider-keyexch(7)/Common Key Exchange parameters>.
 
 =item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet string>
 
-Sets the User Key Material to be used as part of the selected Key Derivation
-Function associated with the given key exchange ctx.
-
-=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet string ptr>
-
-Gets a pointer to the User Key Material to be used as part of the selected
-Key Derivation Function associated with the given key exchange ctx. Providers
-usually do not need to support this gettable parameter as its sole purpose
-is to support functionality of the deprecated EVP_PKEY_CTX_get0_ecdh_kdf_ukm()
-function.
+See L<provider-keyexch(7)/Common Key Exchange parameters>.
 
 =back
@@ -89 +74 @@
         unsigned int pad = 1;
         OSSL_PARAM params[6];
-        EVP_PKET_CTX *dctx = EVP_PKEY_CTX_new_from_pkey(NULL, host_key, NULL);
+        EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_new_from_pkey(NULL, host_key, NULL);
 
         EVP_PKEY_derive_init(dctx);
@@ -123 +108 @@
 =head1 COPYRIGHT
 
-Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use

trunk/src/libs/openssl-3.0.2/doc/man7/EVP_MD-BLAKE2.pod

@@ -7 +7 @@
 =head1 DESCRIPTION
 
-Support for computing SHA2 digests through the B<EVP_MD> API.
+Support for computing BLAKE2 digests through the B<EVP_MD> API.
 
 =head2 Identities
@@ -37 +37 @@
 =head1 COPYRIGHT
 
-Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use

trunk/src/libs/openssl-3.0.2/doc/man7/crypto.pod

@@ -381 +381 @@
  #include <openssl/evp.h>
  #include <openssl/bio.h>
+ #include <openssl/err.h>
 
  int main(void)
@@ -391 +392 @@
      unsigned int len = 0;
      unsigned char *outdigest = NULL;
+     int ret = 1;
 
      /* Create a context for the digest operation */
@@ -431 +433 @@
      BIO_dump_fp(stdout, outdigest, len);
 
+     ret = 0;
+
   err:
      /* Clean up all the resources we allocated */
@@ -436 +440 @@
      EVP_MD_free(sha256);
      EVP_MD_CTX_free(ctx);
+     if (ret != 0)
+        ERR_print_errors_fp(stderr);
+     return ret;
  }
 
@@ -498 +505 @@
 =head1 COPYRIGHT
 
-Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use

trunk/src/libs/openssl-3.0.2/doc/man7/provider-base.pod

@@ -278 +278 @@
 to identify the object. It will treat as success the case where the composite
 signature algorithm already exists (even if registered against a different
-underlying signature or digest algorithm). It returns 1 on success or 0 on
-failure.
+underlying signature or digest algorithm). For I<digest_name>, NULL or an
+empty string is permissible for signature algorithms that do not need a digest
+to operate correctly. The function returns 1 on success or 0 on failure.
 This function is not thread safe.
 

trunk/src/libs/openssl-3.0.2/doc/man7/provider-keyexch.pod

@@ -171 +171 @@
 =over 4
 
-=item "pad" (B<OSSL_EXCHANGE_PARAM_PAD>) <unsigned integer>
-
-Sets the padding mode for the associated key exchange ctx.
-Setting a value of 1 will turn padding on.
-Setting a value of 0 will turn padding off.
-If padding is off then the derived shared secret may be smaller than the largest
-possible secret size.
-If padding is on then the derived shared secret will have its first bytes filled
-with 0s where necessary to make the shared secret the same size as the largest
-possible secret size.
+=item "kdf-type" (B<OSSL_EXCHANGE_PARAM_KDF_TYPE>) <UTF8 string>
+
+Sets or gets the Key Derivation Function type to apply within the associated key
+exchange ctx.
+
+=item "kdf-digest" (B<OSSL_EXCHANGE_PARAM_KDF_DIGEST>) <UTF8 string>
+
+Sets or gets the Digest algorithm to be used as part of the Key Derivation Function
+associated with the given key exchange ctx.
+
+=item "kdf-digest-props" (B<OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS>) <UTF8 string>
+
+Sets properties to be used upon look up of the implementation for the selected
+Digest algorithm for the Key Derivation Function associated with the given key
+exchange ctx.
+
+=item "kdf-outlen" (B<OSSL_EXCHANGE_PARAM_KDF_OUTLEN>) <unsigned integer>
+
+Sets or gets the desired size for the output of the chosen Key Derivation Function
+associated with the given key exchange ctx.
+The length of the "kdf-outlen" parameter should not exceed that of a B<size_t>.
+
+=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet string>
+
+Sets the User Key Material to be used as part of the selected Key Derivation
+Function associated with the given key exchange ctx.
+
+=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet string ptr>
+
+Gets a pointer to the User Key Material to be used as part of the selected
+Key Derivation Function associated with the given key exchange ctx. Providers
+usually do not need to support this gettable parameter as its sole purpose
+is to support functionality of the deprecated EVP_PKEY_CTX_get0_ecdh_kdf_ukm()
+and EVP_PKEY_CTX_get0_dh_kdf_ukm() functions.
 
 =back
@@ -206 +230 @@
 =head1 COPYRIGHT
 
-Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use

@@ -13 +13 @@
 /vendor/openssl/1.1.1k:145841-145843
 /vendor/openssl/3.0.1:150323-150324
-/vendor/openssl/current:147554-150322
+/vendor/openssl/3.0.2:150728-150729
+/vendor/openssl/current:147554-150727