Index: crypto/openssl/CHANGES =================================================================== --- crypto/openssl/CHANGES (revision 279126) +++ crypto/openssl/CHANGES (working copy) @@ -2,6 +2,171 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8zc and 0.9.8zd [8 Jan 2015] + + *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS + message can cause a segmentation fault in OpenSSL due to a NULL pointer + dereference. This could lead to a Denial Of Service attack. Thanks to + Markus Stenberg of Cisco Systems, Inc. for reporting this issue. + (CVE-2014-3571) + [Steve Henson] + + *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is + built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl + method would be set to NULL which could later result in a NULL pointer + dereference. Thanks to Frank Schmirler for reporting this issue. + (CVE-2014-3569) + [Kurt Roeckx] + + *) Abort handshake if server key exchange message is omitted for ephemeral + ECDH ciphersuites. + + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for + reporting this issue. + (CVE-2014-3572) + [Steve Henson] + + *) Remove non-export ephemeral RSA code on client and server. This code + violated the TLS standard by allowing the use of temporary RSA keys in + non-export ciphersuites and could be used by a server to effectively + downgrade the RSA key length used to a value smaller than the server + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at + INRIA or reporting this issue. + (CVE-2015-0204) + [Steve Henson] + + *) Fix various certificate fingerprint issues. + + By using non-DER or invalid encodings outside the signed portion of a + certificate the fingerprint can be changed without breaking the signature. + Although no details of the signed portion of the certificate can be changed + this can cause problems with some applications: e.g. those using the + certificate fingerprint for blacklists. + + 1. Reject signatures with non zero unused bits. + + If the BIT STRING containing the signature has non zero unused bits reject + the signature. All current signature algorithms require zero unused bits. + + 2. Check certificate algorithm consistency. + + Check the AlgorithmIdentifier inside TBS matches the one in the + certificate signature. NB: this will result in signature failure + errors for some broken certificates. + + Thanks to Konrad Kraszewski from Google for reporting this issue. + + 3. Check DSA/ECDSA signatures use DER. + + Reencode DSA/ECDSA signatures and compare with the original received + signature. Return an error if there is a mismatch. + + This will reject various cases including garbage after signature + (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS + program for discovering this case) and use of BER or invalid ASN.1 INTEGERs + (negative or with leading zeroes). + + Further analysis was conducted and fixes were developed by Stephen Henson + of the OpenSSL core team. + + (CVE-2014-8275) + [Steve Henson] + + *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect + results on some platforms, including x86_64. This bug occurs at random + with a very low probability, and is not known to be exploitable in any + way, though its exact impact is difficult to determine. Thanks to Pieter + Wuille (Blockstream) who reported this issue and also suggested an initial + fix. Further analysis was conducted by the OpenSSL development team and + Adam Langley of Google. The final fix was developed by Andy Polyakov of + the OpenSSL core team. + (CVE-2014-3570) + [Andy Polyakov] + + Changes between 0.9.8zb and 0.9.8zc [15 Oct 2014] + + *) Session Ticket Memory Leak. + + When an OpenSSL SSL/TLS/DTLS server receives a session ticket the + integrity of that ticket is first verified. In the event of a session + ticket integrity check failing, OpenSSL will fail to free memory + causing a memory leak. By sending a large number of invalid session + tickets an attacker could exploit this issue in a Denial Of Service + attack. + (CVE-2014-3567) + [Steve Henson] + + *) Build option no-ssl3 is incomplete. + + When OpenSSL is configured with "no-ssl3" as a build option, servers + could accept and complete a SSL 3.0 handshake, and clients could be + configured to send them. + (CVE-2014-3568) + [Akamai and the OpenSSL team] + + *) Add support for TLS_FALLBACK_SCSV. + Client applications doing fallback retries should call + SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV). + (CVE-2014-3566) + [Adam Langley, Bodo Moeller] + + *) Add additional DigestInfo checks. + + Reencode DigestInto in DER and check against the original when + verifying RSA signature: this will reject any improperly encoded + DigestInfo structures. + + Note: this is a precautionary measure and no attacks are currently known. + + [Steve Henson] + + Changes between 0.9.8za and 0.9.8zb [6 Aug 2014] + + *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject + to a denial of service attack. A malicious server can crash the client + with a null pointer dereference (read) by specifying an anonymous (EC)DH + ciphersuite and sending carefully crafted handshake messages. + + Thanks to Felix Gröbert (Google) for discovering and researching this + issue. + (CVE-2014-3510) + [Emilia Käsper] + + *) By sending carefully crafted DTLS packets an attacker could cause openssl + to leak memory. This can be exploited through a Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3507) + [Adam Langley] + + *) An attacker can force openssl to consume large amounts of memory whilst + processing DTLS handshake messages. This can be exploited through a + Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3506) + [Adam Langley] + + *) An attacker can force an error condition which causes openssl to crash + whilst processing DTLS packets due to memory being freed twice. This + can be exploited through a Denial of Service attack. + Thanks to Adam Langley and Wan-Teh Chang for discovering and researching + this issue. + (CVE-2014-3505) + [Adam Langley] + + *) A flaw in OBJ_obj2txt may cause pretty printing functions such as + X509_name_oneline, X509_name_print_ex et al. to leak some information + from the stack. Applications may be affected if they echo pretty printing + output to the attacker. + + Thanks to Ivan Fratric (Google) for discovering this issue. + (CVE-2014-3508) + [Emilia Käsper, and Steve Henson] + + *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) + for corner cases. (Certain input points at infinity could lead to + bogus results, with non-infinity inputs mapped to infinity too.) + [Bodo Moeller] + Changes between 0.9.8y and 0.9.8za [5 Jun 2014] *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted Index: crypto/openssl/FAQ =================================================================== --- crypto/openssl/FAQ (revision 279126) +++ crypto/openssl/FAQ (working copy) @@ -113,11 +113,6 @@ that came with the version of OpenSSL you are usin documentation is included in each OpenSSL distribution under the docs directory. -For information on parts of libcrypto that are not yet documented, you -might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's -predecessor, at . Much -of this still applies to OpenSSL. - There is some documentation about certificate extensions and PKCS#12 in doc/openssl.txt Index: crypto/openssl/Makefile =================================================================== --- crypto/openssl/Makefile (revision 279126) +++ crypto/openssl/Makefile (working copy) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.8za +VERSION=0.9.8zd MAJOR=0 MINOR=9.8 SHLIB_VERSION_NUMBER=0.9.8 Index: crypto/openssl/NEWS =================================================================== --- crypto/openssl/NEWS (revision 279126) +++ crypto/openssl/NEWS (working copy) @@ -5,6 +5,38 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8zc and OpenSSL 0.9.8zd [8 Jan 2015] + + o Fix for CVE-2014-3571 + o Fix for CVE-2014-3569 + o Fix for CVE-2014-3572 + o Fix for CVE-2015-0204 + o Fix for CVE-2014-8275 + o Fix for CVE-2014-3570 + + Major changes between OpenSSL 0.9.8zb and OpenSSL 0.9.8zc [15 Oct 2014]: + + o Fix for CVE-2014-3513 + o Fix for CVE-2014-3567 + o Mitigation for CVE-2014-3566 (SSL protocol vulnerability) + o Fix for CVE-2014-3568 + + Major changes between OpenSSL 0.9.8za and OpenSSL 0.9.8zb [6 Aug 2014]: + + o Fix for CVE-2014-3510 + o Fix for CVE-2014-3507 + o Fix for CVE-2014-3506 + o Fix for CVE-2014-3505 + o Fix for CVE-2014-3508 + + Known issues in OpenSSL 0.9.8za: + + o Compilation failure of s3_pkt.c on some platforms due to missing + include. Fixed in 0.9.8zb-dev. + o FIPS capable link failure with missing symbol BN_consttime_swap. + Fixed in 0.9.8zb-dev. Workaround is to compile with no-ec: the EC + algorithms are not FIPS approved in OpenSSL 0.9.8 anyway. + Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]: o Fix for CVE-2014-0224 Index: crypto/openssl/README =================================================================== --- crypto/openssl/README (revision 279126) +++ crypto/openssl/README (working copy) @@ -1,5 +1,5 @@ - OpenSSL 0.9.8za 5 Jun 2014 + OpenSSL 0.9.8zd 8 Jan 2015 Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Index: crypto/openssl/apps/apps.c =================================================================== --- crypto/openssl/apps/apps.c (revision 279126) +++ crypto/openssl/apps/apps.c (working copy) @@ -362,6 +362,8 @@ int chopup_args(ARGS *arg, char *buf, int *argc, c { arg->count=20; arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count); + if (arg->data == NULL) + return 0; } for (i=0; icount; i++) arg->data[i]=NULL; @@ -1429,6 +1431,8 @@ char *make_config_name() len=strlen(t)+strlen(OPENSSL_CONF)+2; p=OPENSSL_malloc(len); + if (p == NULL) + return NULL; BUF_strlcpy(p,t,len); #ifndef OPENSSL_SYS_VMS BUF_strlcat(p,"/",len); Index: crypto/openssl/apps/ca.c =================================================================== --- crypto/openssl/apps/ca.c (revision 279126) +++ crypto/openssl/apps/ca.c (working copy) @@ -1582,6 +1582,7 @@ static int certify(X509 **xret, char *infile, EVP_ { ok=0; BIO_printf(bio_err,"Signature verification problems....\n"); + ERR_print_errors(bio_err); goto err; } if (i == 0) @@ -1588,6 +1589,7 @@ static int certify(X509 **xret, char *infile, EVP_ { ok=0; BIO_printf(bio_err,"Signature did not match the certificate request\n"); + ERR_print_errors(bio_err); goto err; } else @@ -2751,6 +2753,9 @@ char *make_revocation_str(int rev_type, char *rev_ revtm = X509_gmtime_adj(NULL, 0); + if (!revtm) + return NULL; + i = revtm->length + 1; if (reason) i += strlen(reason) + 1; Index: crypto/openssl/apps/crl2p7.c =================================================================== --- crypto/openssl/apps/crl2p7.c (revision 279126) +++ crypto/openssl/apps/crl2p7.c (working copy) @@ -142,7 +142,13 @@ int MAIN(int argc, char **argv) { if (--argc < 1) goto bad; if(!certflst) certflst = sk_new_null(); - sk_push(certflst,*(++argv)); + if (!certflst) + goto end; + if (!sk_push(certflst,*(++argv))) + { + sk_free(certflst); + goto end; + } } else { Index: crypto/openssl/apps/ocsp.c =================================================================== --- crypto/openssl/apps/ocsp.c (revision 279126) +++ crypto/openssl/apps/ocsp.c (working copy) @@ -1344,7 +1344,7 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_RE } resp = query_responder(err, cbio, path, req, req_timeout); if (!resp) - BIO_printf(bio_err, "Error querying OCSP responsder\n"); + BIO_printf(bio_err, "Error querying OCSP responder\n"); end: if (ctx) SSL_CTX_free(ctx); Index: crypto/openssl/apps/s_server.c =================================================================== --- crypto/openssl/apps/s_server.c (revision 279126) +++ crypto/openssl/apps/s_server.c (working copy) @@ -583,7 +583,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, i if (servername) { - if (strcmp(servername,p->servername)) + if (strcasecmp(servername,p->servername)) return p->extension_error; if (ctx2) { @@ -1095,6 +1095,14 @@ bad: sv_usage(); goto end; } +#ifndef OPENSSL_NO_DTLS1 + if (www && socket_type == SOCK_DGRAM) + { + BIO_printf(bio_err, + "Can't use -HTTP, -www or -WWW with DTLS\n"); + goto end; + } +#endif SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); @@ -1922,8 +1930,10 @@ again: #ifdef CHARSET_EBCDIC ascii2ebcdic(buf,buf,i); #endif - write(fileno(stdout),buf, - (unsigned int)i); + if (write(fileno(stdout),buf, + (unsigned int)i) != i) + goto err; + if (SSL_pending(con)) goto again; break; case SSL_ERROR_WANT_WRITE: Index: crypto/openssl/apps/speed.c =================================================================== --- crypto/openssl/apps/speed.c (revision 279126) +++ crypto/openssl/apps/speed.c (working copy) @@ -2767,7 +2767,11 @@ static int do_multi(int multi) fds=malloc(multi*sizeof *fds); for(n=0 ; n < multi ; ++n) { - pipe(fd); + if (pipe(fd) == -1) + { + fprintf(stderr, "pipe failure\n"); + exit(1); + } fflush(stdout); fflush(stderr); if(fork()) @@ -2779,7 +2783,11 @@ static int do_multi(int multi) { close(fd[0]); close(1); - dup(fd[1]); + if (dup(fd[1]) == -1) + { + fprintf(stderr, "dup failed\n"); + exit(1); + } close(fd[1]); mr=1; usertime=0; Index: crypto/openssl/crypto/LPdir_vms.c =================================================================== --- crypto/openssl/crypto/LPdir_vms.c (revision 279126) +++ crypto/openssl/crypto/LPdir_vms.c (working copy) @@ -1,4 +1,3 @@ -/* $LP: LPlib/source/LPdir_vms.c,v 1.20 2004/08/26 13:36:05 _cvs_levitte Exp $ */ /* * Copyright (c) 2004, Richard Levitte * All rights reserved. @@ -82,6 +81,12 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const c size_t filespeclen = strlen(directory); char *filespec = NULL; + if (filespeclen == 0) + { + errno = ENOENT; + return 0; + } + /* MUST be a VMS directory specification! Let's estimate if it is. */ if (directory[filespeclen-1] != ']' && directory[filespeclen-1] != '>' Index: crypto/openssl/crypto/LPdir_win.c =================================================================== --- crypto/openssl/crypto/LPdir_win.c (revision 279126) +++ crypto/openssl/crypto/LPdir_win.c (working copy) @@ -1,4 +1,3 @@ -/* $LP: LPlib/source/LPdir_win.c,v 1.10 2004/08/26 13:36:05 _cvs_levitte Exp $ */ /* * Copyright (c) 2004, Richard Levitte * All rights reserved. @@ -65,6 +64,16 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const c errno = 0; if (*ctx == NULL) { + const char *extdir = directory; + char *extdirbuf = NULL; + size_t dirlen = strlen (directory); + + if (dirlen == 0) + { + errno = ENOENT; + return 0; + } + *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX)); if (*ctx == NULL) { @@ -73,15 +82,35 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const c } memset(*ctx, '\0', sizeof(LP_DIR_CTX)); + if (directory[dirlen-1] != '*') + { + extdirbuf = (char *)malloc(dirlen + 3); + if (extdirbuf == NULL) + { + free(*ctx); + *ctx = NULL; + errno = ENOMEM; + return 0; + } + if (directory[dirlen-1] != '/' && directory[dirlen-1] != '\\') + extdir = strcat(strcpy (extdirbuf,directory),"/*"); + else + extdir = strcat(strcpy (extdirbuf,directory),"*"); + } + if (sizeof(TCHAR) != sizeof(char)) { TCHAR *wdir = NULL; /* len_0 denotes string length *with* trailing 0 */ - size_t index = 0,len_0 = strlen(directory) + 1; + size_t index = 0,len_0 = strlen(extdir) + 1; - wdir = (TCHAR *)malloc(len_0 * sizeof(TCHAR)); + wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR)); if (wdir == NULL) { + if (extdirbuf != NULL) + { + free (extdirbuf); + } free(*ctx); *ctx = NULL; errno = ENOMEM; @@ -89,10 +118,10 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const c } #ifdef LP_MULTIBYTE_AVAILABLE - if (!MultiByteToWideChar(CP_ACP, 0, directory, len_0, (WCHAR *)wdir, len_0)) + if (!MultiByteToWideChar(CP_ACP, 0, extdir, len_0, (WCHAR *)wdir, len_0)) #endif for (index = 0; index < len_0; index++) - wdir[index] = (TCHAR)directory[index]; + wdir[index] = (TCHAR)extdir[index]; (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx); @@ -99,7 +128,13 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const c free(wdir); } else - (*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx); + { + (*ctx)->handle = FindFirstFile((TCHAR *)extdir, &(*ctx)->ctx); + } + if (extdirbuf != NULL) + { + free (extdirbuf); + } if ((*ctx)->handle == INVALID_HANDLE_VALUE) { @@ -116,7 +151,6 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const c return 0; } } - if (sizeof(TCHAR) != sizeof(char)) { TCHAR *wdir = (*ctx)->ctx.cFileName; Index: crypto/openssl/crypto/Makefile =================================================================== --- crypto/openssl/crypto/Makefile (revision 279126) +++ crypto/openssl/crypto/Makefile (working copy) @@ -30,6 +30,7 @@ AFLAGS=$(ASFLAGS) LIBS= GENERAL=Makefile README crypto-lib.com install.com +TEST=constant_time_test.c LIB= $(TOP)/libcrypto.a SHARED_LIB= libcrypto$(SHLIB_EXT) @@ -40,7 +41,8 @@ SRC= $(LIBSRC) EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \ ossl_typ.h -HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER) +HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \ + constant_time_locl.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) Index: crypto/openssl/crypto/asn1/asn1_lib.c =================================================================== --- crypto/openssl/crypto/asn1/asn1_lib.c (revision 279126) +++ crypto/openssl/crypto/asn1/asn1_lib.c (working copy) @@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char **pp, long *pclass=xclass; if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; + if (inf && !(ret & V_ASN1_CONSTRUCTED)) + goto err; + #if 0 fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", (int)p,*plength,omax,(int)*pp,(int)(p+ *plength), Index: crypto/openssl/crypto/asn1/asn_mime.c =================================================================== --- crypto/openssl/crypto/asn1/asn_mime.c (revision 279126) +++ crypto/openssl/crypto/asn1/asn_mime.c (working copy) @@ -595,6 +595,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO * int len, state, save_state = 0; headers = sk_MIME_HEADER_new(mime_hdr_cmp); + if (!headers) + return NULL; while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { /* If whitespace at line start then continuation line */ if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; Index: crypto/openssl/crypto/asn1/asn_pack.c =================================================================== --- crypto/openssl/crypto/asn1/asn_pack.c (revision 279126) +++ crypto/openssl/crypto/asn1/asn_pack.c (working copy) @@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_vo if (!(octmp->length = i2d(obj, NULL))) { ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); - return NULL; + goto err; } if (!(p = OPENSSL_malloc (octmp->length))) { ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } octmp->data = p; i2d (obj, &p); return octmp; + err: + if (!oct || !*oct) + { + ASN1_STRING_free(octmp); + if (oct) + *oct = NULL; + } + return NULL; } #endif Index: crypto/openssl/crypto/asn1/evp_asn1.c =================================================================== --- crypto/openssl/crypto/asn1/evp_asn1.c (revision 279126) +++ crypto/openssl/crypto/asn1/evp_asn1.c (working copy) @@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsign ASN1_STRING *os; if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0); - if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0); + if (!M_ASN1_OCTET_STRING_set(os,data,len)) + { + M_ASN1_OCTET_STRING_free(os); + return 0; + } ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os); return(1); } Index: crypto/openssl/crypto/asn1/t_x509.c =================================================================== --- crypto/openssl/crypto/asn1/t_x509.c (revision 279126) +++ crypto/openssl/crypto/asn1/t_x509.c (working copy) @@ -465,6 +465,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int l=80-2-obase; b=X509_NAME_oneline(name,NULL,0); + if (!b) + return 0; if (!*b) { OPENSSL_free(b); Index: crypto/openssl/crypto/asn1/tasn_enc.c =================================================================== --- crypto/openssl/crypto/asn1/tasn_enc.c (revision 279126) +++ crypto/openssl/crypto/asn1/tasn_enc.c (working copy) @@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) * { derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst)); + if (!derlst) + return 0; tmpdat = OPENSSL_malloc(skcontlen); - if (!derlst || !tmpdat) + if (!tmpdat) + { + OPENSSL_free(derlst); return 0; + } } } /* If not sorting just output each item */ Index: crypto/openssl/crypto/bio/bio_lib.c =================================================================== --- crypto/openssl/crypto/bio/bio_lib.c (revision 279126) +++ crypto/openssl/crypto/bio/bio_lib.c (working copy) @@ -132,8 +132,8 @@ int BIO_free(BIO *a) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); - if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); - a->method->destroy(a); + if ((a->method != NULL) && (a->method->destroy != NULL)) + a->method->destroy(a); OPENSSL_free(a); return(1); } Index: crypto/openssl/crypto/bn/asm/x86_64-gcc.c =================================================================== --- crypto/openssl/crypto/bn/asm/x86_64-gcc.c (revision 279126) +++ crypto/openssl/crypto/bn/asm/x86_64-gcc.c (working copy) @@ -185,7 +185,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULON if (n <= 0) return 0; - asm ( + asm volatile ( " subq %2,%2 \n" ".align 16 \n" "1: movq (%4,%2,8),%0 \n" @@ -196,7 +196,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULON " sbbq %0,%0 \n" : "=&a"(ret),"+c"(n),"=&r"(i) : "r"(rp),"r"(ap),"r"(bp) - : "cc" + : "cc", "memory" ); return ret&1; @@ -208,7 +208,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULON if (n <= 0) return 0; - asm ( + asm volatile ( " subq %2,%2 \n" ".align 16 \n" "1: movq (%4,%2,8),%0 \n" @@ -219,7 +219,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULON " sbbq %0,%0 \n" : "=&a"(ret),"+c"(n),"=&r"(i) : "r"(rp),"r"(ap),"r"(bp) - : "cc" + : "cc", "memory" ); return ret&1; Index: crypto/openssl/crypto/bn/bn_exp.c =================================================================== --- crypto/openssl/crypto/bn/bn_exp.c (revision 279126) +++ crypto/openssl/crypto/bn/bn_exp.c (working copy) @@ -767,7 +767,14 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, c bits = BN_num_bits(p); if (bits == 0) { - ret = BN_one(rr); + /* x**0 mod 1 is still zero. */ + if (BN_is_one(m)) + { + ret = 1; + BN_zero(rr); + } + else + ret = BN_one(rr); return ret; } if (a == 0) Index: crypto/openssl/crypto/bn/bn_gf2m.c =================================================================== --- crypto/openssl/crypto/bn/bn_gf2m.c (revision 279126) +++ crypto/openssl/crypto/bn/bn_gf2m.c (working copy) @@ -1095,3 +1095,54 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNU return 1; } +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); + + assert(a != b); + assert((condition & (condition - 1)) == 0); + assert(sizeof(BN_ULONG) >= sizeof(int)); + + condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + + t = (a->top^b->top) & condition; + a->top ^= t; + b->top ^= t; + +#define BN_CONSTTIME_SWAP(ind) \ + do { \ + t = (a->d[ind] ^ b->d[ind]) & condition; \ + a->d[ind] ^= t; \ + b->d[ind] ^= t; \ + } while (0) + + + switch (nwords) { + default: + for (i = 10; i < nwords; i++) + BN_CONSTTIME_SWAP(i); + /* Fallthrough */ + case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ + case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ + case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ + case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ + case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ + case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ + case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ + case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ + case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ + case 1: BN_CONSTTIME_SWAP(0); + } +#undef BN_CONSTTIME_SWAP +} Index: crypto/openssl/crypto/bn/bn_lib.c =================================================================== --- crypto/openssl/crypto/bn/bn_lib.c (revision 279126) +++ crypto/openssl/crypto/bn/bn_lib.c (working copy) @@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM * BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); return(NULL); } +#ifdef PURIFY + /* Valgrind complains in BN_consttime_swap because we process the whole + * array even if it's not initialised yet. This doesn't matter in that + * function - what's important is constant time operation (we're not + * actually going to use the data) + */ + memset(a, 0, sizeof(BN_ULONG)*words); +#endif + #if 1 B=b->d; /* Check if the previous number needs to be copied */ @@ -824,55 +833,3 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ } return bn_cmp_words(a,b,cl); } - -/* - * Constant-time conditional swap of a and b. - * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. - * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, - * and that no more than nwords are used by either a or b. - * a and b cannot be the same number - */ -void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) - { - BN_ULONG t; - int i; - - bn_wcheck_size(a, nwords); - bn_wcheck_size(b, nwords); - - assert(a != b); - assert((condition & (condition - 1)) == 0); - assert(sizeof(BN_ULONG) >= sizeof(int)); - - condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; - - t = (a->top^b->top) & condition; - a->top ^= t; - b->top ^= t; - -#define BN_CONSTTIME_SWAP(ind) \ - do { \ - t = (a->d[ind] ^ b->d[ind]) & condition; \ - a->d[ind] ^= t; \ - b->d[ind] ^= t; \ - } while (0) - - - switch (nwords) { - default: - for (i = 10; i < nwords; i++) - BN_CONSTTIME_SWAP(i); - /* Fallthrough */ - case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ - case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ - case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ - case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ - case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ - case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ - case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ - case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ - case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ - case 1: BN_CONSTTIME_SWAP(0); - } -#undef BN_CONSTTIME_SWAP -} Index: crypto/openssl/crypto/bn/bn_sqr.c =================================================================== --- crypto/openssl/crypto/bn/bn_sqr.c (revision 279126) +++ crypto/openssl/crypto/bn/bn_sqr.c (working copy) @@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx if (al <= 0) { r->top=0; + r->neg = 0; return 1; } Index: crypto/openssl/crypto/bn/exptest.c =================================================================== --- crypto/openssl/crypto/bn/exptest.c (revision 279126) +++ crypto/openssl/crypto/bn/exptest.c (working copy) @@ -71,6 +71,48 @@ static const char rnd_seed[] = "string to make the random number generator think it has entropy"; +/* + * Disabled for FIPS capable builds because they use the FIPS BIGNUM library + * which will fail this test. + */ +#ifndef OPENSSL_FIPS +/* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. */ +static int test_exp_mod_zero() { + BIGNUM a, p, m; + BIGNUM r; + BN_CTX *ctx = BN_CTX_new(); + int ret = 1; + + BN_init(&m); + BN_one(&m); + + BN_init(&a); + BN_one(&a); + + BN_init(&p); + BN_zero(&p); + + BN_init(&r); + BN_mod_exp(&r, &a, &p, &m, ctx); + BN_CTX_free(ctx); + + if (BN_is_zero(&r)) + ret = 0; + else + { + printf("1**0 mod 1 = "); + BN_print_fp(stdout, &r); + printf(", should be 0\n"); + } + + BN_free(&r); + BN_free(&a); + BN_free(&p); + BN_free(&m); + + return ret; +} +#endif int main(int argc, char *argv[]) { BN_CTX *ctx; @@ -190,7 +232,13 @@ int main(int argc, char *argv[]) ERR_remove_state(0); CRYPTO_mem_leaks(out); BIO_free(out); - printf(" done\n"); + printf("\n"); +#ifndef OPENSSL_FIPS + if (test_exp_mod_zero() != 0) + goto err; +#endif + printf("done\n"); + EXIT(0); err: ERR_load_crypto_strings(); Index: crypto/openssl/crypto/conf/conf_api.c =================================================================== --- crypto/openssl/crypto/conf/conf_api.c (revision 279126) +++ crypto/openssl/crypto/conf/conf_api.c (working copy) @@ -294,7 +294,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const ch v->value=(char *)sk; vv=(CONF_VALUE *)lh_insert(conf->data,v); - assert(vv == NULL); + OPENSSL_assert(vv == NULL); ok=1; err: if (!ok) Index: crypto/openssl/crypto/conf/conf_def.c =================================================================== --- crypto/openssl/crypto/conf/conf_def.c (revision 279126) +++ crypto/openssl/crypto/conf/conf_def.c (working copy) @@ -324,7 +324,7 @@ again: p=eat_ws(conf, end); if (*p != ']') { - if (*p != '\0') + if (*p != '\0' && ss != p) { ss=p; goto again; Index: crypto/openssl/crypto/constant_time_locl.h =================================================================== --- crypto/openssl/crypto/constant_time_locl.h (revision 0) +++ crypto/openssl/crypto/constant_time_locl.h (working copy) @@ -0,0 +1,206 @@ +/* crypto/constant_time_locl.h */ +/* + * Utilities for constant-time cryptography. + * + * Author: Emilia Kasper (emilia@openssl.org) + * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley + * (Google). + * ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_CONSTANT_TIME_LOCL_H +#define HEADER_CONSTANT_TIME_LOCL_H + +#include "e_os.h" /* For 'inline' */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * The boolean methods return a bitmask of all ones (0xff...f) for true + * and 0 for false. This is useful for choosing a value based on the result + * of a conditional in constant time. For example, + * + * if (a < b) { + * c = a; + * } else { + * c = b; + * } + * + * can be written as + * + * unsigned int lt = constant_time_lt(a, b); + * c = constant_time_select(lt, a, b); + */ + +/* + * Returns the given value with the MSB copied to all the other + * bits. Uses the fact that arithmetic shift shifts-in the sign bit. + * However, this is not ensured by the C standard so you may need to + * replace this with something else on odd CPUs. + */ +static inline unsigned int constant_time_msb(unsigned int a); + +/* + * Returns 0xff..f if a < b and 0 otherwise. + */ +static inline unsigned int constant_time_lt(unsigned int a, unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b); + +/* + * Returns 0xff..f if a >= b and 0 otherwise. + */ +static inline unsigned int constant_time_ge(unsigned int a, unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b); + +/* + * Returns 0xff..f if a == 0 and 0 otherwise. + */ +static inline unsigned int constant_time_is_zero(unsigned int a); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_is_zero_8(unsigned int a); + + +/* + * Returns 0xff..f if a == b and 0 otherwise. + */ +static inline unsigned int constant_time_eq(unsigned int a, unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b); +/* Signed integers. */ +static inline unsigned int constant_time_eq_int(int a, int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_eq_int_8(int a, int b); + + +/* + * Returns (mask & a) | (~mask & b). + * + * When |mask| is all 1s or all 0s (as returned by the methods above), + * the select methods return either |a| (if |mask| is nonzero) or |b| + * (if |mask| is zero). + */ +static inline unsigned int constant_time_select(unsigned int mask, + unsigned int a, unsigned int b); +/* Convenience method for unsigned chars. */ +static inline unsigned char constant_time_select_8(unsigned char mask, + unsigned char a, unsigned char b); +/* Convenience method for signed integers. */ +static inline int constant_time_select_int(unsigned int mask, int a, int b); + +static inline unsigned int constant_time_msb(unsigned int a) + { + return 0-(a >> (sizeof(a) * 8 - 1)); + } + +static inline unsigned int constant_time_lt(unsigned int a, unsigned int b) + { + return constant_time_msb(a^((a^b)|((a-b)^b))); + } + +static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b) + { + return (unsigned char)(constant_time_lt(a, b)); + } + +static inline unsigned int constant_time_ge(unsigned int a, unsigned int b) + { + return ~constant_time_lt(a, b); + } + +static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b) + { + return (unsigned char)(constant_time_ge(a, b)); + } + +static inline unsigned int constant_time_is_zero(unsigned int a) + { + return constant_time_msb(~a & (a - 1)); + } + +static inline unsigned char constant_time_is_zero_8(unsigned int a) + { + return (unsigned char)(constant_time_is_zero(a)); + } + +static inline unsigned int constant_time_eq(unsigned int a, unsigned int b) + { + return constant_time_is_zero(a ^ b); + } + +static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b) + { + return (unsigned char)(constant_time_eq(a, b)); + } + +static inline unsigned int constant_time_eq_int(int a, int b) + { + return constant_time_eq((unsigned)(a), (unsigned)(b)); + } + +static inline unsigned char constant_time_eq_int_8(int a, int b) + { + return constant_time_eq_8((unsigned)(a), (unsigned)(b)); + } + +static inline unsigned int constant_time_select(unsigned int mask, + unsigned int a, unsigned int b) + { + return (mask & a) | (~mask & b); + } + +static inline unsigned char constant_time_select_8(unsigned char mask, + unsigned char a, unsigned char b) + { + return (unsigned char)(constant_time_select(mask, a, b)); + } + +static inline int constant_time_select_int(unsigned int mask, int a, int b) + { + return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b))); + } + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_CONSTANT_TIME_LOCL_H */ Index: crypto/openssl/crypto/constant_time_test.c =================================================================== --- crypto/openssl/crypto/constant_time_test.c (revision 0) +++ crypto/openssl/crypto/constant_time_test.c (working copy) @@ -0,0 +1,330 @@ +/* crypto/constant_time_test.c */ +/* + * Utilities for constant-time cryptography. + * + * Author: Emilia Kasper (emilia@openssl.org) + * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley + * (Google). + * ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "../crypto/constant_time_locl.h" + +#include +#include +#include + +static const unsigned int CONSTTIME_TRUE = (unsigned)(~0); +static const unsigned int CONSTTIME_FALSE = 0; +static const unsigned char CONSTTIME_TRUE_8 = 0xff; +static const unsigned char CONSTTIME_FALSE_8 = 0; + +static int test_binary_op(unsigned int (*op)(unsigned int a, unsigned int b), + const char* op_name, unsigned int a, unsigned int b, int is_true) + { + unsigned c = op(a, b); + if (is_true && c != CONSTTIME_TRUE) + { + fprintf(stderr, "Test failed for %s(%du, %du): expected %du " + "(TRUE), got %du\n", op_name, a, b, CONSTTIME_TRUE, c); + return 1; + } + else if (!is_true && c != CONSTTIME_FALSE) + { + fprintf(stderr, "Test failed for %s(%du, %du): expected %du " + "(FALSE), got %du\n", op_name, a, b, CONSTTIME_FALSE, + c); + return 1; + } + return 0; + } + +static int test_binary_op_8(unsigned char (*op)(unsigned int a, unsigned int b), + const char* op_name, unsigned int a, unsigned int b, int is_true) + { + unsigned char c = op(a, b); + if (is_true && c != CONSTTIME_TRUE_8) + { + fprintf(stderr, "Test failed for %s(%du, %du): expected %u " + "(TRUE), got %u\n", op_name, a, b, CONSTTIME_TRUE_8, c); + return 1; + } + else if (!is_true && c != CONSTTIME_FALSE_8) + { + fprintf(stderr, "Test failed for %s(%du, %du): expected %u " + "(FALSE), got %u\n", op_name, a, b, CONSTTIME_FALSE_8, + c); + return 1; + } + return 0; + } + +static int test_is_zero(unsigned int a) + { + unsigned int c = constant_time_is_zero(a); + if (a == 0 && c != CONSTTIME_TRUE) + { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %du (TRUE), got %du\n", a, CONSTTIME_TRUE, c); + return 1; + } + else if (a != 0 && c != CONSTTIME_FALSE) + { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %du (FALSE), got %du\n", a, CONSTTIME_FALSE, + c); + return 1; + } + return 0; + } + +static int test_is_zero_8(unsigned int a) + { + unsigned char c = constant_time_is_zero_8(a); + if (a == 0 && c != CONSTTIME_TRUE_8) + { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %u (TRUE), got %u\n", a, CONSTTIME_TRUE_8, c); + return 1; + } + else if (a != 0 && c != CONSTTIME_FALSE) + { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %u (FALSE), got %u\n", a, CONSTTIME_FALSE_8, + c); + return 1; + } + return 0; + } + +static int test_select(unsigned int a, unsigned int b) + { + unsigned int selected = constant_time_select(CONSTTIME_TRUE, a, b); + if (selected != a) + { + fprintf(stderr, "Test failed for constant_time_select(%du, %du," + "%du): expected %du(first value), got %du\n", + CONSTTIME_TRUE, a, b, a, selected); + return 1; + } + selected = constant_time_select(CONSTTIME_FALSE, a, b); + if (selected != b) + { + fprintf(stderr, "Test failed for constant_time_select(%du, %du," + "%du): expected %du(second value), got %du\n", + CONSTTIME_FALSE, a, b, b, selected); + return 1; + } + return 0; + } + +static int test_select_8(unsigned char a, unsigned char b) + { + unsigned char selected = constant_time_select_8(CONSTTIME_TRUE_8, a, b); + if (selected != a) + { + fprintf(stderr, "Test failed for constant_time_select(%u, %u," + "%u): expected %u(first value), got %u\n", + CONSTTIME_TRUE, a, b, a, selected); + return 1; + } + selected = constant_time_select_8(CONSTTIME_FALSE_8, a, b); + if (selected != b) + { + fprintf(stderr, "Test failed for constant_time_select(%u, %u," + "%u): expected %u(second value), got %u\n", + CONSTTIME_FALSE, a, b, b, selected); + return 1; + } + return 0; + } + +static int test_select_int(int a, int b) + { + int selected = constant_time_select_int(CONSTTIME_TRUE, a, b); + if (selected != a) + { + fprintf(stderr, "Test failed for constant_time_select(%du, %d," + "%d): expected %d(first value), got %d\n", + CONSTTIME_TRUE, a, b, a, selected); + return 1; + } + selected = constant_time_select_int(CONSTTIME_FALSE, a, b); + if (selected != b) + { + fprintf(stderr, "Test failed for constant_time_select(%du, %d," + "%d): expected %d(second value), got %d\n", + CONSTTIME_FALSE, a, b, b, selected); + return 1; + } + return 0; + } + +static int test_eq_int(int a, int b) + { + unsigned int equal = constant_time_eq_int(a, b); + if (a == b && equal != CONSTTIME_TRUE) + { + fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): " + "expected %du(TRUE), got %du\n", + a, b, CONSTTIME_TRUE, equal); + return 1; + } + else if (a != b && equal != CONSTTIME_FALSE) + { + fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): " + "expected %du(FALSE), got %du\n", + a, b, CONSTTIME_FALSE, equal); + return 1; + } + return 0; + } + +static int test_eq_int_8(int a, int b) + { + unsigned char equal = constant_time_eq_int_8(a, b); + if (a == b && equal != CONSTTIME_TRUE_8) + { + fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): " + "expected %u(TRUE), got %u\n", + a, b, CONSTTIME_TRUE_8, equal); + return 1; + } + else if (a != b && equal != CONSTTIME_FALSE_8) + { + fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): " + "expected %u(FALSE), got %u\n", + a, b, CONSTTIME_FALSE_8, equal); + return 1; + } + return 0; + } + +static unsigned int test_values[] = {0, 1, 1024, 12345, 32000, UINT_MAX/2-1, + UINT_MAX/2, UINT_MAX/2+1, UINT_MAX-1, + UINT_MAX}; + +static unsigned char test_values_8[] = {0, 1, 2, 20, 32, 127, 128, 129, 255}; + +static int signed_test_values[] = {0, 1, -1, 1024, -1024, 12345, -12345, + 32000, -32000, INT_MAX, INT_MIN, INT_MAX-1, + INT_MIN+1}; + + +int main(int argc, char *argv[]) + { + unsigned int a, b, i, j; + int c, d; + unsigned char e, f; + int num_failed = 0, num_all = 0; + fprintf(stdout, "Testing constant time operations...\n"); + + for (i = 0; i < sizeof(test_values)/sizeof(int); ++i) + { + a = test_values[i]; + num_failed += test_is_zero(a); + num_failed += test_is_zero_8(a); + num_all += 2; + for (j = 0; j < sizeof(test_values)/sizeof(int); ++j) + { + b = test_values[j]; + num_failed += test_binary_op(&constant_time_lt, + "constant_time_lt", a, b, a < b); + num_failed += test_binary_op_8(&constant_time_lt_8, + "constant_time_lt_8", a, b, a < b); + num_failed += test_binary_op(&constant_time_lt, + "constant_time_lt_8", b, a, b < a); + num_failed += test_binary_op_8(&constant_time_lt_8, + "constant_time_lt_8", b, a, b < a); + num_failed += test_binary_op(&constant_time_ge, + "constant_time_ge", a, b, a >= b); + num_failed += test_binary_op_8(&constant_time_ge_8, + "constant_time_ge_8", a, b, a >= b); + num_failed += test_binary_op(&constant_time_ge, + "constant_time_ge", b, a, b >= a); + num_failed += test_binary_op_8(&constant_time_ge_8, + "constant_time_ge_8", b, a, b >= a); + num_failed += test_binary_op(&constant_time_eq, + "constant_time_eq", a, b, a == b); + num_failed += test_binary_op_8(&constant_time_eq_8, + "constant_time_eq_8", a, b, a == b); + num_failed += test_binary_op(&constant_time_eq, + "constant_time_eq", b, a, b == a); + num_failed += test_binary_op_8(&constant_time_eq_8, + "constant_time_eq_8", b, a, b == a); + num_failed += test_select(a, b); + num_all += 13; + } + } + + for (i = 0; i < sizeof(signed_test_values)/sizeof(int); ++i) + { + c = signed_test_values[i]; + for (j = 0; j < sizeof(signed_test_values)/sizeof(int); ++j) + { + d = signed_test_values[j]; + num_failed += test_select_int(c, d); + num_failed += test_eq_int(c, d); + num_failed += test_eq_int_8(c, d); + num_all += 3; + } + } + + for (i = 0; i < sizeof(test_values_8); ++i) + { + e = test_values_8[i]; + for (j = 0; j < sizeof(test_values_8); ++j) + { + f = test_values_8[j]; + num_failed += test_select_8(e, f); + num_all += 1; + } + } + + if (!num_failed) + { + fprintf(stdout, "ok (ran %d tests)\n", num_all); + return EXIT_SUCCESS; + } + else + { + fprintf(stdout, "%d of %d tests failed!\n", num_failed, num_all); + return EXIT_FAILURE; + } + } Index: crypto/openssl/crypto/ec/ec_key.c =================================================================== --- crypto/openssl/crypto/ec/ec_key.c (revision 279126) +++ crypto/openssl/crypto/ec/ec_key.c (working copy) @@ -64,7 +64,6 @@ #include #include "ec_lcl.h" #include -#include EC_KEY *EC_KEY_new(void) { Index: crypto/openssl/crypto/ec/ec_lib.c =================================================================== --- crypto/openssl/crypto/ec/ec_lib.c (revision 279126) +++ crypto/openssl/crypto/ec/ec_lib.c (working copy) @@ -1010,7 +1010,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT * int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) { - if (group->meth->dbl == 0) + if (group->meth->invert == 0) { ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; Index: crypto/openssl/crypto/ec/ecp_smpl.c =================================================================== --- crypto/openssl/crypto/ec/ecp_smpl.c (revision 279126) +++ crypto/openssl/crypto/ec/ecp_smpl.c (working copy) @@ -1540,9 +1540,8 @@ int ec_GFp_simple_make_affine(const EC_GROUP *grou int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) { BN_CTX *new_ctx = NULL; - BIGNUM *tmp0, *tmp1; - size_t pow2 = 0; - BIGNUM **heap = NULL; + BIGNUM *tmp, *tmp_Z; + BIGNUM **prod_Z = NULL; size_t i; int ret = 0; @@ -1557,124 +1556,104 @@ int ec_GFp_simple_points_make_affine(const EC_GROU } BN_CTX_start(ctx); - tmp0 = BN_CTX_get(ctx); - tmp1 = BN_CTX_get(ctx); - if (tmp0 == NULL || tmp1 == NULL) goto err; + tmp = BN_CTX_get(ctx); + tmp_Z = BN_CTX_get(ctx); + if (tmp == NULL || tmp_Z == NULL) goto err; - /* Before converting the individual points, compute inverses of all Z values. - * Modular inversion is rather slow, but luckily we can do with a single - * explicit inversion, plus about 3 multiplications per input value. - */ + prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); + if (prod_Z == NULL) goto err; + for (i = 0; i < num; i++) + { + prod_Z[i] = BN_new(); + if (prod_Z[i] == NULL) goto err; + } - pow2 = 1; - while (num > pow2) - pow2 <<= 1; - /* Now pow2 is the smallest power of 2 satifsying pow2 >= num. - * We need twice that. */ - pow2 <<= 1; + /* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z, + * skipping any zero-valued inputs (pretend that they're 1). */ - heap = OPENSSL_malloc(pow2 * sizeof heap[0]); - if (heap == NULL) goto err; - - /* The array is used as a binary tree, exactly as in heapsort: - * - * heap[1] - * heap[2] heap[3] - * heap[4] heap[5] heap[6] heap[7] - * heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15] - * - * We put the Z's in the last line; - * then we set each other node to the product of its two child-nodes (where - * empty or 0 entries are treated as ones); - * then we invert heap[1]; - * then we invert each other node by replacing it by the product of its - * parent (after inversion) and its sibling (before inversion). - */ - heap[0] = NULL; - for (i = pow2/2 - 1; i > 0; i--) - heap[i] = NULL; - for (i = 0; i < num; i++) - heap[pow2/2 + i] = &points[i]->Z; - for (i = pow2/2 + num; i < pow2; i++) - heap[i] = NULL; - - /* set each node to the product of its children */ - for (i = pow2/2 - 1; i > 0; i--) + if (!BN_is_zero(&points[0]->Z)) { - heap[i] = BN_new(); - if (heap[i] == NULL) goto err; - - if (heap[2*i] != NULL) + if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err; + } + else + { + if (group->meth->field_set_to_one != 0) { - if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1])) - { - if (!BN_copy(heap[i], heap[2*i])) goto err; - } - else - { - if (BN_is_zero(heap[2*i])) - { - if (!BN_copy(heap[i], heap[2*i + 1])) goto err; - } - else - { - if (!group->meth->field_mul(group, heap[i], - heap[2*i], heap[2*i + 1], ctx)) goto err; - } - } + if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err; } + else + { + if (!BN_one(prod_Z[0])) goto err; + } } - /* invert heap[1] */ - if (!BN_is_zero(heap[1])) + for (i = 1; i < num; i++) { - if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx)) + if (!BN_is_zero(&points[i]->Z)) { - ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); - goto err; + if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err; } + else + { + if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err; + } } + + /* Now use a single explicit inversion to replace every + * non-zero points[i]->Z by its inverse. */ + + if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) + { + ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); + goto err; + } if (group->meth->field_encode != 0) { - /* in the Montgomery case, we just turned R*H (representing H) + /* In the Montgomery case, we just turned R*H (representing H) * into 1/(R*H), but we need R*(1/H) (representing 1/H); - * i.e. we have need to multiply by the Montgomery factor twice */ - if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; - if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; + * i.e. we need to multiply by the Montgomery factor twice. */ + if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; + if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; } - /* set other heap[i]'s to their inverses */ - for (i = 2; i < pow2/2 + num; i += 2) + for (i = num - 1; i > 0; --i) { - /* i is even */ - if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1])) + /* Loop invariant: tmp is the product of the inverses of + * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */ + if (!BN_is_zero(&points[i]->Z)) { - if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err; - if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err; - if (!BN_copy(heap[i], tmp0)) goto err; - if (!BN_copy(heap[i + 1], tmp1)) goto err; + /* Set tmp_Z to the inverse of points[i]->Z (as product + * of Z inverses 0 .. i, Z values 0 .. i - 1). */ + if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err; + /* Update tmp to satisfy the loop invariant for i - 1. */ + if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err; + /* Replace points[i]->Z by its inverse. */ + if (!BN_copy(&points[i]->Z, tmp_Z)) goto err; } - else - { - if (!BN_copy(heap[i], heap[i/2])) goto err; - } } - /* we have replaced all non-zero Z's by their inverses, now fix up all the points */ + if (!BN_is_zero(&points[0]->Z)) + { + /* Replace points[0]->Z by its inverse. */ + if (!BN_copy(&points[0]->Z, tmp)) goto err; + } + + /* Finally, fix up the X and Y coordinates for all points. */ + for (i = 0; i < num; i++) { EC_POINT *p = points[i]; - + if (!BN_is_zero(&p->Z)) { /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */ - if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err; - if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err; + if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err; + if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err; - if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err; - if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err; - + if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err; + if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err; + if (group->meth->field_set_to_one != 0) { if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err; @@ -1688,20 +1667,19 @@ int ec_GFp_simple_points_make_affine(const EC_GROU } ret = 1; - + err: BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); - if (heap != NULL) + if (prod_Z != NULL) { - /* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */ - for (i = pow2/2 - 1; i > 0; i--) + for (i = 0; i < num; i++) { - if (heap[i] != NULL) - BN_clear_free(heap[i]); + if (prod_Z[i] == NULL) break; + BN_clear_free(prod_Z[i]); } - OPENSSL_free(heap); + OPENSSL_free(prod_Z); } return ret; } Index: crypto/openssl/crypto/ecdsa/Makefile =================================================================== --- crypto/openssl/crypto/ecdsa/Makefile (revision 279126) +++ crypto/openssl/crypto/ecdsa/Makefile (working copy) @@ -128,11 +128,12 @@ ecs_sign.o: ../../include/openssl/safestack.h ../. ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ecs_sign.o: ecs_locl.h ecs_sign.c -ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ecs_vrf.o: ../../e_os.h ../../include/openssl/asn1.h +ecs_vrf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ecs_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ecs_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h ecs_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h ecs_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ecs_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h @@ -140,4 +141,4 @@ ecs_vrf.o: ../../include/openssl/ossl_typ.h ../../ ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ecs_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_vrf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ecs_vrf.o: ecs_locl.h ecs_vrf.c +ecs_vrf.o: ../cryptlib.h ecs_locl.h ecs_vrf.c Index: crypto/openssl/crypto/idea/ideatest.c =================================================================== --- crypto/openssl/crypto/idea/ideatest.c (revision 279126) +++ crypto/openssl/crypto/idea/ideatest.c (working copy) @@ -199,10 +199,10 @@ static int cfb64_test(unsigned char *cfb_cipher) } memcpy(cfb_tmp,cfb_iv,8); n=0; - idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks, + idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)13,&eks, cfb_tmp,&n,IDEA_DECRYPT); - idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]), - (long)CFB_TEST_SIZE-17,&dks, + idea_cfb64_encrypt(&(cfb_buf1[13]),&(cfb_buf2[13]), + (long)CFB_TEST_SIZE-13,&eks, cfb_tmp,&n,IDEA_DECRYPT); if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0) { Index: crypto/openssl/crypto/md32_common.h =================================================================== --- crypto/openssl/crypto/md32_common.h (revision 279126) +++ crypto/openssl/crypto/md32_common.h (working copy) @@ -225,8 +225,7 @@ #define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ l|=(((unsigned long)(*((c)++)))<<16), \ l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++))) ), \ - l) + l|=(((unsigned long)(*((c)++))) ) ) #endif #ifndef HOST_l2c #define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ @@ -262,8 +261,7 @@ #define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ l|=(((unsigned long)(*((c)++)))<< 8), \ l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<<24), \ - l) + l|=(((unsigned long)(*((c)++)))<<24) ) #endif #ifndef HOST_l2c #define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ Index: crypto/openssl/crypto/ocsp/ocsp_ht.c =================================================================== --- crypto/openssl/crypto/ocsp/ocsp_ht.c (revision 279126) +++ crypto/openssl/crypto/ocsp/ocsp_ht.c (working copy) @@ -464,6 +464,9 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path ctx = OCSP_sendreq_new(b, path, req, -1); + if (!ctx) + return NULL; + do { rv = OCSP_sendreq_nbio(&resp, ctx); Index: crypto/openssl/crypto/ocsp/ocsp_lib.c =================================================================== --- crypto/openssl/crypto/ocsp/ocsp_lib.c (revision 279126) +++ crypto/openssl/crypto/ocsp/ocsp_lib.c (working copy) @@ -220,8 +220,19 @@ int OCSP_parse_url(char *url, char **phost, char * if (!*ppath) goto mem_err; + p = host; + if(host[0] == '[') + { + /* ipv6 literal */ + host++; + p = strchr(host, ']'); + if(!p) goto parse_err; + *p = '\0'; + p++; + } + /* Look for optional ':' for port number */ - if ((p = strchr(host, ':'))) + if ((p = strchr(p, ':'))) { *p = 0; port = p + 1; Index: crypto/openssl/crypto/opensslv.h =================================================================== --- crypto/openssl/crypto/opensslv.h (revision 279126) +++ crypto/openssl/crypto/opensslv.h (working copy) @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x009081afL +#define OPENSSL_VERSION_NUMBER 0x009081dfL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za-fips 5 Jun 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zd-fips 8 Jan 2015" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za-freebsd 5 Jun 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zd-freebsd 8 Jan 2015" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT Index: crypto/openssl/crypto/pkcs7/Makefile =================================================================== --- crypto/openssl/crypto/pkcs7/Makefile (revision 279126) +++ crypto/openssl/crypto/pkcs7/Makefile (working copy) @@ -39,20 +39,6 @@ test: all: lib -testapps: enc dec sign verify - -enc: enc.o lib - $(CC) $(CFLAGS) -o enc enc.o $(PEX_LIBS) $(LIB) $(EX_LIBS) - -dec: dec.o lib - $(CC) $(CFLAGS) -o dec dec.o $(PEX_LIBS) $(LIB) $(EX_LIBS) - -sign: sign.o lib - $(CC) $(CFLAGS) -o sign sign.o $(PEX_LIBS) $(LIB) $(EX_LIBS) - -verify: verify.o example.o lib - $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS) - lib: $(LIBOBJ) $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. Index: crypto/openssl/crypto/pkcs7/bio_ber.c =================================================================== --- crypto/openssl/crypto/pkcs7/bio_ber.c (revision 279126) +++ crypto/openssl/crypto/pkcs7/bio_ber.c (working copy) @@ -1,466 +0,0 @@ -/* crypto/evp/bio_ber.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include "cryptlib.h" -#include -#include - -static int ber_write(BIO *h,char *buf,int num); -static int ber_read(BIO *h,char *buf,int size); -/*static int ber_puts(BIO *h,char *str); */ -/*static int ber_gets(BIO *h,char *str,int size); */ -static long ber_ctrl(BIO *h,int cmd,long arg1,char *arg2); -static int ber_new(BIO *h); -static int ber_free(BIO *data); -static long ber_callback_ctrl(BIO *h,int cmd,void *(*fp)()); -#define BER_BUF_SIZE (32) - -/* This is used to hold the state of the BER objects being read. */ -typedef struct ber_struct - { - int tag; - int class; - long length; - int inf; - int num_left; - int depth; - } BER_CTX; - -typedef struct bio_ber_struct - { - int tag; - int class; - long length; - int inf; - - /* most of the following are used when doing non-blocking IO */ - /* reading */ - long num_left; /* number of bytes still to read/write in block */ - int depth; /* used with indefinite encoding. */ - int finished; /* No more read data */ - - /* writting */ - char *w_addr; - int w_offset; - int w_left; - - int buf_len; - int buf_off; - unsigned char buf[BER_BUF_SIZE]; - } BIO_BER_CTX; - -static BIO_METHOD methods_ber= - { - BIO_TYPE_CIPHER,"cipher", - ber_write, - ber_read, - NULL, /* ber_puts, */ - NULL, /* ber_gets, */ - ber_ctrl, - ber_new, - ber_free, - ber_callback_ctrl, - }; - -BIO_METHOD *BIO_f_ber(void) - { - return(&methods_ber); - } - -static int ber_new(BIO *bi) - { - BIO_BER_CTX *ctx; - - ctx=(BIO_BER_CTX *)OPENSSL_malloc(sizeof(BIO_BER_CTX)); - if (ctx == NULL) return(0); - - memset((char *)ctx,0,sizeof(BIO_BER_CTX)); - - bi->init=0; - bi->ptr=(char *)ctx; - bi->flags=0; - return(1); - } - -static int ber_free(BIO *a) - { - BIO_BER_CTX *b; - - if (a == NULL) return(0); - b=(BIO_BER_CTX *)a->ptr; - OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX)); - OPENSSL_free(a->ptr); - a->ptr=NULL; - a->init=0; - a->flags=0; - return(1); - } - -int bio_ber_get_header(BIO *bio, BIO_BER_CTX *ctx) - { - char buf[64]; - int i,j,n; - int ret; - unsigned char *p; - unsigned long length - int tag; - int class; - long max; - - BIO_clear_retry_flags(b); - - /* Pack the buffer down if there is a hole at the front */ - if (ctx->buf_off != 0) - { - p=ctx->buf; - j=ctx->buf_off; - n=ctx->buf_len-j; - for (i=0; ibuf_len-j; - ctx->buf_off=0; - } - - /* If there is more room, read some more data */ - i=BER_BUF_SIZE-ctx->buf_len; - if (i) - { - i=BIO_read(bio->next_bio,&(ctx->buf[ctx->buf_len]),i); - if (i <= 0) - { - BIO_copy_next_retry(b); - return(i); - } - else - ctx->buf_len+=i; - } - - max=ctx->buf_len; - p=ctx->buf; - ret=ASN1_get_object(&p,&length,&tag,&class,max); - - if (ret & 0x80) - { - if ((ctx->buf_len < BER_BUF_SIZE) && - (ERR_GET_REASON(ERR_peek_error()) == ASN1_R_TOO_LONG)) - { - ERR_clear_error(); /* clear the error */ - BIO_set_retry_read(b); - } - return(-1); - } - - /* We have no error, we have a header, so make use of it */ - - if ((ctx->tag >= 0) && (ctx->tag != tag)) - { - BIOerr(BIO_F_BIO_BER_GET_HEADER,BIO_R_TAG_MISMATCH); - sprintf(buf,"tag=%d, got %d",ctx->tag,tag); - ERR_add_error_data(1,buf); - return(-1); - } - if (ret & 0x01) - if (ret & V_ASN1_CONSTRUCTED) - } - -static int ber_read(BIO *b, char *out, int outl) - { - int ret=0,i,n; - BIO_BER_CTX *ctx; - - BIO_clear_retry_flags(b); - - if (out == NULL) return(0); - ctx=(BIO_BER_CTX *)b->ptr; - - if ((ctx == NULL) || (b->next_bio == NULL)) return(0); - - if (ctx->finished) return(0); - -again: - /* First see if we are half way through reading a block */ - if (ctx->num_left > 0) - { - if (ctx->num_left < outl) - n=ctx->num_left; - else - n=outl; - i=BIO_read(b->next_bio,out,n); - if (i <= 0) - { - BIO_copy_next_retry(b); - return(i); - } - ctx->num_left-=i; - outl-=i; - ret+=i; - if (ctx->num_left <= 0) - { - ctx->depth--; - if (ctx->depth <= 0) - ctx->finished=1; - } - if (outl <= 0) - return(ret); - else - goto again; - } - else /* we need to read another BER header */ - { - } - } - -static int ber_write(BIO *b, char *in, int inl) - { - int ret=0,n,i; - BIO_ENC_CTX *ctx; - - ctx=(BIO_ENC_CTX *)b->ptr; - ret=inl; - - BIO_clear_retry_flags(b); - n=ctx->buf_len-ctx->buf_off; - while (n > 0) - { - i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); - if (i <= 0) - { - BIO_copy_next_retry(b); - return(i); - } - ctx->buf_off+=i; - n-=i; - } - /* at this point all pending data has been written */ - - if ((in == NULL) || (inl <= 0)) return(0); - - ctx->buf_off=0; - while (inl > 0) - { - n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl; - EVP_CipherUpdate(&(ctx->cipher), - (unsigned char *)ctx->buf,&ctx->buf_len, - (unsigned char *)in,n); - inl-=n; - in+=n; - - ctx->buf_off=0; - n=ctx->buf_len; - while (n > 0) - { - i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); - if (i <= 0) - { - BIO_copy_next_retry(b); - return(i); - } - n-=i; - ctx->buf_off+=i; - } - ctx->buf_len=0; - ctx->buf_off=0; - } - BIO_copy_next_retry(b); - return(ret); - } - -static long ber_ctrl(BIO *b, int cmd, long num, char *ptr) - { - BIO *dbio; - BIO_ENC_CTX *ctx,*dctx; - long ret=1; - int i; - - ctx=(BIO_ENC_CTX *)b->ptr; - - switch (cmd) - { - case BIO_CTRL_RESET: - ctx->ok=1; - ctx->finished=0; - EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL, - ctx->cipher.berrypt); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_CTRL_EOF: /* More to read */ - if (ctx->cont <= 0) - ret=1; - else - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_CTRL_WPENDING: - ret=ctx->buf_len-ctx->buf_off; - if (ret <= 0) - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_CTRL_PENDING: /* More to read in buffer */ - ret=ctx->buf_len-ctx->buf_off; - if (ret <= 0) - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_CTRL_FLUSH: - /* do a final write */ -again: - while (ctx->buf_len != ctx->buf_off) - { - i=ber_write(b,NULL,0); - if (i < 0) - { - ret=i; - break; - } - } - - if (!ctx->finished) - { - ctx->finished=1; - ctx->buf_off=0; - ret=EVP_CipherFinal_ex(&(ctx->cipher), - (unsigned char *)ctx->buf, - &(ctx->buf_len)); - ctx->ok=(int)ret; - if (ret <= 0) break; - - /* push out the bytes */ - goto again; - } - - /* Finally flush the underlying BIO */ - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_C_GET_CIPHER_STATUS: - ret=(long)ctx->ok; - break; - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - BIO_copy_next_retry(b); - break; - - case BIO_CTRL_DUP: - dbio=(BIO *)ptr; - dctx=(BIO_ENC_CTX *)dbio->ptr; - memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher)); - dbio->init=1; - break; - default: - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - } - return(ret); - } - -static long ber_callback_ctrl(BIO *b, int cmd, void *(*fp)()) - { - long ret=1; - - if (b->next_bio == NULL) return(0); - switch (cmd) - { - default: - ret=BIO_callback_ctrl(b->next_bio,cmd,fp); - break; - } - return(ret); - } - -/* -void BIO_set_cipher_ctx(b,c) -BIO *b; -EVP_CIPHER_ctx *c; - { - if (b == NULL) return; - - if ((b->callback != NULL) && - (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0)) - return; - - b->init=1; - ctx=(BIO_ENC_CTX *)b->ptr; - memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX)); - - if (b->callback != NULL) - b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); - } -*/ - -void BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *k, unsigned char *i, - int e) - { - BIO_ENC_CTX *ctx; - - if (b == NULL) return; - - if ((b->callback != NULL) && - (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0)) - return; - - b->init=1; - ctx=(BIO_ENC_CTX *)b->ptr; - EVP_CipherInit_ex(&(ctx->cipher),c,NULL,k,i,e); - - if (b->callback != NULL) - b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); - } - Index: crypto/openssl/crypto/pkcs7/dec.c =================================================================== --- crypto/openssl/crypto/pkcs7/dec.c (revision 279126) +++ crypto/openssl/crypto/pkcs7/dec.c (working copy) @@ -1,248 +0,0 @@ -/* crypto/pkcs7/verify.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -#include -#include -#include -#include -#include -#include -#include -#include - -int verify_callback(int ok, X509_STORE_CTX *ctx); - -BIO *bio_err=NULL; - -int main(argc,argv) -int argc; -char *argv[]; - { - char *keyfile=NULL; - BIO *in; - EVP_PKEY *pkey; - X509 *x509; - PKCS7 *p7; - PKCS7_SIGNER_INFO *si; - X509_STORE_CTX cert_ctx; - X509_STORE *cert_store=NULL; - BIO *data,*detached=NULL,*p7bio=NULL; - char buf[1024*4]; - unsigned char *pp; - int i,printit=0; - STACK_OF(PKCS7_SIGNER_INFO) *sk; - - OpenSSL_add_all_algorithms(); - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); - - data=BIO_new(BIO_s_file()); - pp=NULL; - while (argc > 1) - { - argc--; - argv++; - if (strcmp(argv[0],"-p") == 0) - { - printit=1; - } - else if ((strcmp(argv[0],"-k") == 0) && (argc >= 2)) { - keyfile = argv[1]; - argc-=1; - argv+=1; - } else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2)) - { - detached=BIO_new(BIO_s_file()); - if (!BIO_read_filename(detached,argv[1])) - goto err; - argc-=1; - argv+=1; - } - else break; - } - - if (!BIO_read_filename(data,argv[0])) goto err; - - if(!keyfile) { - fprintf(stderr, "No private key file specified\n"); - goto err; - } - - if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err; - if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err; - BIO_reset(in); - if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) - goto err; - BIO_free(in); - - if (pp == NULL) - BIO_set_fp(data,stdin,BIO_NOCLOSE); - - - /* Load the PKCS7 object from a file */ - if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err; - - - - /* This stuff is being setup for certificate verification. - * When using SSL, it could be replaced with a - * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */ - cert_store=X509_STORE_new(); - X509_STORE_set_default_paths(cert_store); - X509_STORE_load_locations(cert_store,NULL,"../../certs"); - X509_STORE_set_verify_cb_func(cert_store,verify_callback); - - ERR_clear_error(); - - /* We need to process the data */ - /* We cannot support detached encryption */ - p7bio=PKCS7_dataDecode(p7,pkey,detached,x509); - - if (p7bio == NULL) - { - printf("problems decoding\n"); - goto err; - } - - /* We now have to 'read' from p7bio to calculate digests etc. */ - for (;;) - { - i=BIO_read(p7bio,buf,sizeof(buf)); - /* print it? */ - if (i <= 0) break; - fwrite(buf,1, i, stdout); - } - - /* We can now verify signatures */ - sk=PKCS7_get_signer_info(p7); - if (sk == NULL) - { - fprintf(stderr, "there are no signatures on this data\n"); - } - else - { - /* Ok, first we need to, for each subject entry, - * see if we can verify */ - ERR_clear_error(); - for (i=0; ierror) - { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); - BIO_printf(bio_err,"issuer= %s\n",buf); - break; - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - BIO_printf(bio_err,"notBefore="); - ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); - BIO_printf(bio_err,"\n"); - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - BIO_printf(bio_err,"notAfter="); - ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); - BIO_printf(bio_err,"\n"); - break; - } - BIO_printf(bio_err,"verify return:%d\n",ok); - return(ok); - } Index: crypto/openssl/crypto/pkcs7/des.pem =================================================================== --- crypto/openssl/crypto/pkcs7/des.pem (revision 279126) +++ crypto/openssl/crypto/pkcs7/des.pem (working copy) @@ -1,15 +0,0 @@ - -MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG -A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD -ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ -/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw -AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI -QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU -UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G -CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N -WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA -oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL -lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8 -5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA= - Index: crypto/openssl/crypto/pkcs7/doc =================================================================== --- crypto/openssl/crypto/pkcs7/doc (revision 279126) +++ crypto/openssl/crypto/pkcs7/doc (working copy) @@ -1,24 +0,0 @@ -int PKCS7_set_content_type(PKCS7 *p7, int type); -Call to set the type of PKCS7 object we are working on - -int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, - EVP_MD *dgst); -Use this to setup a signer info -There will also be functions to add signed and unsigned attributes. - -int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); -Add a signer info to the content. - -int PKCS7_add_certificae(PKCS7 *p7, X509 *x509); -int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); - ----- - -p7=PKCS7_new(); -PKCS7_set_content_type(p7,NID_pkcs7_signed); - -signer=PKCS7_SINGNER_INFO_new(); -PKCS7_SIGNER_INFO_set(signer,x509,pkey,EVP_md5()); -PKCS7_add_signer(py,signer); - -we are now setup. Index: crypto/openssl/crypto/pkcs7/enc.c =================================================================== --- crypto/openssl/crypto/pkcs7/enc.c (revision 279126) +++ crypto/openssl/crypto/pkcs7/enc.c (working copy) @@ -1,174 +0,0 @@ -/* crypto/pkcs7/enc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -#include -#include -#include -#include -#include -#include - -int main(argc,argv) -int argc; -char *argv[]; - { - X509 *x509; - PKCS7 *p7; - BIO *in; - BIO *data,*p7bio; - char buf[1024*4]; - int i; - int nodetach=1; - char *keyfile = NULL; - const EVP_CIPHER *cipher=NULL; - STACK_OF(X509) *recips=NULL; - - OpenSSL_add_all_algorithms(); - - data=BIO_new(BIO_s_file()); - while(argc > 1) - { - if (strcmp(argv[1],"-nd") == 0) - { - nodetach=1; - argv++; argc--; - } - else if ((strcmp(argv[1],"-c") == 0) && (argc >= 2)) { - if(!(cipher = EVP_get_cipherbyname(argv[2]))) { - fprintf(stderr, "Unknown cipher %s\n", argv[2]); - goto err; - } - argc-=2; - argv+=2; - } else if ((strcmp(argv[1],"-k") == 0) && (argc >= 2)) { - keyfile = argv[2]; - argc-=2; - argv+=2; - if (!(in=BIO_new_file(keyfile,"r"))) goto err; - if (!(x509=PEM_read_bio_X509(in,NULL,NULL,NULL))) - goto err; - if(!recips) recips = sk_X509_new_null(); - sk_X509_push(recips, x509); - BIO_free(in); - } else break; - } - - if(!recips) { - fprintf(stderr, "No recipients\n"); - goto err; - } - - if (!BIO_read_filename(data,argv[1])) goto err; - - p7=PKCS7_new(); -#if 0 - BIO_reset(in); - if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err; - BIO_free(in); - PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped); - - if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err; - /* we may want to add more */ - PKCS7_add_certificate(p7,x509); -#else - PKCS7_set_type(p7,NID_pkcs7_enveloped); -#endif - if(!cipher) { -#ifndef OPENSSL_NO_DES - cipher = EVP_des_ede3_cbc(); -#else - fprintf(stderr, "No cipher selected\n"); - goto err; -#endif - } - - if (!PKCS7_set_cipher(p7,cipher)) goto err; - for(i = 0; i < sk_X509_num(recips); i++) { - if (!PKCS7_add_recipient(p7,sk_X509_value(recips, i))) goto err; - } - sk_X509_pop_free(recips, X509_free); - - /* Set the content of the signed to 'data' */ - /* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */ - - /* could be used, but not in this version :-) - if (!nodetach) PKCS7_set_detached(p7,1); - */ - - if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err; - - for (;;) - { - i=BIO_read(data,buf,sizeof(buf)); - if (i <= 0) break; - BIO_write(p7bio,buf,i); - } - BIO_flush(p7bio); - - if (!PKCS7_dataFinal(p7,p7bio)) goto err; - BIO_free(p7bio); - - PEM_write_PKCS7(stdout,p7); - PKCS7_free(p7); - - exit(0); -err: - ERR_load_crypto_strings(); - ERR_print_errors_fp(stderr); - exit(1); - } - Index: crypto/openssl/crypto/pkcs7/es1.pem =================================================================== --- crypto/openssl/crypto/pkcs7/es1.pem (revision 279126) +++ crypto/openssl/crypto/pkcs7/es1.pem (working copy) @@ -1,66 +0,0 @@ ------BEGIN PKCS7----- -MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG -A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD -ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqGSIb3DQEBAQUABEDWak0y/5XZJhQJeCLo -KECcHXkTEbjzYkYNHIinbiPmRK4QbNfs9z2mA3z/c2ykQ4eAqFR2jyNrUMN/+I5XEiv6MIHw -AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI -QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU -UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G -CSqGSIb3DQEBAQUABEAWg9+KgtCjc77Jdj1Ve4wGgHjVHbbSYEA1ZqKFDoi15vSr9hfpHmC4 -ycZzcRo16JkTfolefiHZzmyjVz94vSN6MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA -oAQI7X4Tk4mcbV6ggASBsHl1mCaJ3RhXWlNPCgCRU53d7M5x6TDZRkvwdtdvW96m1lupT03F -XtonkBqk7oMkH7kGfs5/REQOPjx0QE2Ixmgt1W3szum82EZwA7pZNppcraK7W/odw/7bYZO+ -II3HPmRklE2N9qiu1LPaPUsnYogkO6SennyeL5tZ382vBweL/8pnG0qsbT1OBb65v+llnsjT -pa1T/p+fIx/iJJGE6K9fYFokC6gXLQ6ozXRdOu5oBDB8mPCYYvAqKycidM/MrGGUkpEtS4f0 -lS31PwQi5YTim8Ig3/TOwVpPX32i46FTuEIEIMHkD/OvpfwCCzXUHHJnKnKUAUvIsSY3vGBs -8ezpUDfBBBj9LHDy32hZ2tQilkDefP5VM2LLdrWgamYEgfiyITQvn08Ul5lQOQxbFKBheFq5 -otCCN4MR+w5eq12xQu6y+f9z0159ag2ru87D0lLtUtXXtCELbO1nUkT2sJ0k/iDs9TOXr6Cx -go1XKYho83hlkXYiCteVizdAbgVGNsNRD4wtIdajsorET/LuJECgp11YeL9w1dlDB0HLEZfi -XCsUphH4jGagba3hDeUSibnjSiJlN0ukfuQurBBbI2UkBAujiEAubKPn7C1FZJRSw6CPPX5t -KEpmcqT1JNk6LO8Js6/1sCmmBh1VGCy1+EuTI9J1p7Dagf4nQ8cHitoCRpHuKZlFHnZyv7tw -Rn/KOhHaYP2VzAh40gQIvKMAAWh9oFsEEIMwIoOmLwLH5wf+8QdbDhoECH8HwZt9a12dBAjL -r4j2zlvtfgQIt7nmEM3wz1EECKlc3EIy1irCBBCAKINcermK3A+jI6ISN2RzBFA3dsh/xwMu -l61aWMBBZzEz/SF92k6n35KZhCC0d6fIVC/1WMv0fnCwQ8oEDynSre216VEFiYKBaQLJe5o/ -mTAxC7Ht3goXnuc+i1FItOkLrgRI/wyvTICEn2WsNZiMADnGaee2bqPnUopo+VMGexJEtCPk -l0ZNlDJGquPDkpUwaEtecVZzCNyVPYyyF4J/l8rmGDhDdYUIC8IKBEg/ip/E0BuubBLWVbv+ -HRl4QrnGpyCyeXRXXK603QP3sT1Zbbm1v5pI/loOhVHi724LmtXHSyp5qv9MDcxE1PoX10LY -gBRtlwwESPeCF8bK5jk4xIQMhK5NMHj1Y1KQWTZ9NGITBL4hjRq2qp4Qk5GIpGgOVPopAuCo -TIyPikpqBRNtLSPRSsDs6QPUPzWBh6JgxwRQblnDKKUkxUcnJiD4i9QtGa/ZabMn4KxtNOBL -5JSh1nJkaLXCZY070131WWPAByLcd5TiXq8x84pmzV5NNk4tiMpoXhJNsx8e4rskQQlKd6ME -SCe2eYDHKcKPX3WJbUzhrJSQ92/aWnI2iUY8WQ+kSNyiZ2QUjyuUg9Z66g/0d2STlvPOBHT/ -y5ODP2CwbcWX4QmCbUc9TT66fQRIrRVuwvtOfnUueyGgYhJ3HpAJfVaB/7kap5bj7Fi/azW4 -9JDfd1bC/W9h0Kyk7RO2gxvE0hIHc26mZJHTm9MNP5D328MnM2MdBEjKjQBtgrp+lFIii7MP -nGHFTKUkG4WAIZJCf/CsT+p6/SW0qG71Me/YcSw5STB24j+a+HgMV8RVIeUlkP4z0IWWrSoB -Gh4d/Z0EUMCVHs/HZ/bWgiyhtHpvuVAzidm8D81p1LJ5BQX5/5f/m+q5+fS/npL27dTEbNqs -LSB6ij3MZAi7LwHWpTn9zWnDajCMEj9vlaV7mcKtHK5iBEg85agFi1h3MvicqLtoFe5hVv9T -tG0j6CRkjkixPzivltlrf44KHv14gLM0XJxCGyq7vd3l8QYr3+9at0zNnX/yqTiBnsnE5dUE -SIgrYuz87M2gi/ER9PcDoTtONH3+CkcqVy03q/Sj8cVWD/b1KgEhqnNOfc8Ak9PctyR/ItcR -8Me5XVn1GJKkQJk4O29fxvgNoAQIrIESvUWGshAEQByXiFoFTDUByjTlgjcy77H1lrH+y3P/ -wAInJjJAut9kCNyGJV0PA4kdPB5USWltuO6t8gk4Pd2YBMl09zqUWkAEUCjFrtZ3mapjcGZI -uQTASKR5LSjXoWxTT5gae/+64MerF/oCEeO3ehRTpjnPrsiRDo0rWIQTaj9+Nro8Z2xtWstw -RnfoAHIxV1lEamPwjsceBEi2SD9hiifFeO5ECiVoaE1FdXUXhU+jwYAMx6jHWO9hMkYzS9pM -Y3IyWR5ybtOjiQgkUdvRJPUPGf5DVVMPnymGX25aDh5PYpIESPbsM9akCpOOVuscywcUswmU -o7dXvlB48WWCfg/al3BQKAZbn5ZXtWNwpUZkrEdHsrxAVv3rxRcdkT3Z1fzUbIuYkLJN200o -WgRIJvn6RO8KEj7/HOg2sYuuM8nz1kR0TSgwX7/0y/7JfjBa0JIlP7o75sNJscE8oyoIMzuy -Dvn6/U9g3BCDXn83A/s+ke60qn9gBFC6NAeLOlXal1YVWYhMQNOqCyUfAjiXBTawaysQb1Mk -YgeNlF8xuEFcUQWIP+vNG7FJ5JPMaMRL4YEoaQ3sVFhYOERJR1cSb+8xt4QCYtBKQgRIUOmJ -CHW5o1hXJWJiTkZK2qWFcEMzTINSj5EpYFySr8aVBjkRnI7vxegRT/+XZZXoYedQ3UNsnGI3 -DdkWii5VzX0PNF6C60pfBEiVpausYuX7Wjb3Lfm8cBj7GgN69i6Pm2gxtobVcmpo2nS4D714 -ePyhlX9n8kJ6QAcqWMRj22smDPrHVGNTizfzHBh5zNllK9gESJizILOWI327og3ZWp+qUht5 -kNDJCzMK7Z09UAy+h+vq0VTQuEo3FgLzVdqkJujjSL4Nx97lXg51AovrEn3nd4evydwcjKLX -1wRIo72NaeWuUEQ+rt1SlCsOJ7k1ioJSqhrPOfvwcaFcb4beVet1JWiy4yvowTjLDGbUje2s -xjrlVt4BJWI/uA6jbQsrxSe89ADZBAi5YAlR4qszeAQIXD3VSBVKbRUECNTtyvw9vvqXBAhb -IZNn4H4cxgQI+XW7GkfL+ekECCCCg2reMyGDBAh1PYqkg3lw3gQQkNlggEPU+BH8eh7Gm7n7 -7AQIjC5EWbkil5cEEKcpuqwTWww/X89KnQAg8TcECJPomqHvrlZFBBiRSuIiHpmN+PaujXpv -qZV2VhjkB2j09GEECOIdv8AVOJgKBAjlHgIqAD9jZQQIXHbs44+wogcEIGGqTACRJxrhMcMG -X8drNjksIPt+snxTXUBIkTVpZWoABAh6unXPTyIr8QQgBF8xKoX27MWk7iTNmkSNZggZXa2a -DWCGHSYLngbSOHIECD9XmO6VsvTgBAjfqB70CEW4WwQIVIBkbCocznUEEHB/zFXy/sR4OYHe -UfbNPnIEEDWBB/NTCLMGE+o8BfyujcAECFik7GQnnF9VBBAhLXExQeWAofZNc6NtN7qZBCC1 -gVIS3ruTwKltmcrgx3heT3M8ZJhCfWa+6KzchnmKygQQ+1NL5sSzR4m/fdrqxHFyUAQYCT2x -PamQr3wK3h0lyZER+4H0zPM86AhFBBC3CkmvL2vjflMfujnzPBVpBBge9rMbI5+0q9DLrTiT -5F3AIgXLpD8PQWAECHkHVo6RomV3BAgMbi8E271UeAQIqtS8wnI3XngECG3TWmOMb3/iBEha -y+mvCS6I3n3JfL8e1B5P4qX9/czJRaERLuKpGNjLiL4A+zxN0LZ0UHd0qfmJjwOTxAx3iJAC -lGXX4nB9ATYPUT5EU+o1Y4sECN01pP6vWNIdBDAsiE0Ts8/9ltJlqX2B3AoOM4qOt9EaCjXf -lB+aEmrhtjUwuZ6GqS5Ke7P6XnakTk4ECCLIMatNdootAAAAAAAAAAAAAA== ------END PKCS7----- Index: crypto/openssl/crypto/pkcs7/example.c =================================================================== --- crypto/openssl/crypto/pkcs7/example.c (revision 279126) +++ crypto/openssl/crypto/pkcs7/example.c (working copy) @@ -1,329 +0,0 @@ -#include -#include -#include -#include -#include -#include - -int add_signed_time(PKCS7_SIGNER_INFO *si) - { - ASN1_UTCTIME *sign_time; - - /* The last parameter is the amount to add/subtract from the current - * time (in seconds) */ - sign_time=X509_gmtime_adj(NULL,0); - PKCS7_add_signed_attribute(si,NID_pkcs9_signingTime, - V_ASN1_UTCTIME,(char *)sign_time); - return(1); - } - -ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si) - { - ASN1_TYPE *so; - - so=PKCS7_get_signed_attribute(si,NID_pkcs9_signingTime); - if (so->type == V_ASN1_UTCTIME) - return so->value.utctime; - return NULL; - } - -static int signed_string_nid= -1; - -void add_signed_string(PKCS7_SIGNER_INFO *si, char *str) - { - ASN1_OCTET_STRING *os; - - /* To a an object of OID 1.2.3.4.5, which is an octet string */ - if (signed_string_nid == -1) - signed_string_nid= - OBJ_create("1.2.3.4.5","OID_example","Our example OID"); - os=ASN1_OCTET_STRING_new(); - ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str)); - /* When we add, we do not free */ - PKCS7_add_signed_attribute(si,signed_string_nid, - V_ASN1_OCTET_STRING,(char *)os); - } - -int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len) - { - ASN1_TYPE *so; - ASN1_OCTET_STRING *os; - int i; - - if (signed_string_nid == -1) - signed_string_nid= - OBJ_create("1.2.3.4.5","OID_example","Our example OID"); - /* To retrieve */ - so=PKCS7_get_signed_attribute(si,signed_string_nid); - if (so != NULL) - { - if (so->type == V_ASN1_OCTET_STRING) - { - os=so->value.octet_string; - i=os->length; - if ((i+1) > len) - i=len-1; - memcpy(buf,os->data,i); - return(i); - } - } - return(0); - } - -static int signed_seq2string_nid= -1; -/* ########################################### */ -int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2) - { - /* To add an object of OID 1.9.999, which is a sequence containing - * 2 octet strings */ - unsigned char *p; - ASN1_OCTET_STRING *os1,*os2; - ASN1_STRING *seq; - unsigned char *data; - int i,total; - - if (signed_seq2string_nid == -1) - signed_seq2string_nid= - OBJ_create("1.9.9999","OID_example","Our example OID"); - - os1=ASN1_OCTET_STRING_new(); - os2=ASN1_OCTET_STRING_new(); - ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1)); - ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1)); - i =i2d_ASN1_OCTET_STRING(os1,NULL); - i+=i2d_ASN1_OCTET_STRING(os2,NULL); - total=ASN1_object_size(1,i,V_ASN1_SEQUENCE); - - data=malloc(total); - p=data; - ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); - i2d_ASN1_OCTET_STRING(os1,&p); - i2d_ASN1_OCTET_STRING(os2,&p); - - seq=ASN1_STRING_new(); - ASN1_STRING_set(seq,data,total); - free(data); - ASN1_OCTET_STRING_free(os1); - ASN1_OCTET_STRING_free(os2); - - PKCS7_add_signed_attribute(si,signed_seq2string_nid, - V_ASN1_SEQUENCE,(char *)seq); - return(1); - } - -/* For this case, I will malloc the return strings */ -int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2) - { - ASN1_TYPE *so; - - if (signed_seq2string_nid == -1) - signed_seq2string_nid= - OBJ_create("1.9.9999","OID_example","Our example OID"); - /* To retrieve */ - so=PKCS7_get_signed_attribute(si,signed_seq2string_nid); - if (so && (so->type == V_ASN1_SEQUENCE)) - { - ASN1_const_CTX c; - ASN1_STRING *s; - long length; - ASN1_OCTET_STRING *os1,*os2; - - s=so->value.sequence; - c.p=ASN1_STRING_data(s); - c.max=c.p+ASN1_STRING_length(s); - if (!asn1_GetSequence(&c,&length)) goto err; - /* Length is the length of the seqence */ - - c.q=c.p; - if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) - goto err; - c.slen-=(c.p-c.q); - - c.q=c.p; - if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) - goto err; - c.slen-=(c.p-c.q); - - if (!asn1_const_Finish(&c)) goto err; - *str1=malloc(os1->length+1); - *str2=malloc(os2->length+1); - memcpy(*str1,os1->data,os1->length); - memcpy(*str2,os2->data,os2->length); - (*str1)[os1->length]='\0'; - (*str2)[os2->length]='\0'; - ASN1_OCTET_STRING_free(os1); - ASN1_OCTET_STRING_free(os2); - return(1); - } -err: - return(0); - } - - -/* ####################################### - * THE OTHER WAY TO DO THINGS - * ####################################### - */ -X509_ATTRIBUTE *create_time(void) - { - ASN1_UTCTIME *sign_time; - X509_ATTRIBUTE *ret; - - /* The last parameter is the amount to add/subtract from the current - * time (in seconds) */ - sign_time=X509_gmtime_adj(NULL,0); - ret=X509_ATTRIBUTE_create(NID_pkcs9_signingTime, - V_ASN1_UTCTIME,(char *)sign_time); - return(ret); - } - -ASN1_UTCTIME *sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk) - { - ASN1_TYPE *so; - PKCS7_SIGNER_INFO si; - - si.auth_attr=sk; - so=PKCS7_get_signed_attribute(&si,NID_pkcs9_signingTime); - if (so->type == V_ASN1_UTCTIME) - return so->value.utctime; - return NULL; - } - -X509_ATTRIBUTE *create_string(char *str) - { - ASN1_OCTET_STRING *os; - X509_ATTRIBUTE *ret; - - /* To a an object of OID 1.2.3.4.5, which is an octet string */ - if (signed_string_nid == -1) - signed_string_nid= - OBJ_create("1.2.3.4.5","OID_example","Our example OID"); - os=ASN1_OCTET_STRING_new(); - ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str)); - /* When we add, we do not free */ - ret=X509_ATTRIBUTE_create(signed_string_nid, - V_ASN1_OCTET_STRING,(char *)os); - return(ret); - } - -int sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len) - { - ASN1_TYPE *so; - ASN1_OCTET_STRING *os; - int i; - PKCS7_SIGNER_INFO si; - - si.auth_attr=sk; - - if (signed_string_nid == -1) - signed_string_nid= - OBJ_create("1.2.3.4.5","OID_example","Our example OID"); - /* To retrieve */ - so=PKCS7_get_signed_attribute(&si,signed_string_nid); - if (so != NULL) - { - if (so->type == V_ASN1_OCTET_STRING) - { - os=so->value.octet_string; - i=os->length; - if ((i+1) > len) - i=len-1; - memcpy(buf,os->data,i); - return(i); - } - } - return(0); - } - -X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2) - { - /* To add an object of OID 1.9.999, which is a sequence containing - * 2 octet strings */ - unsigned char *p; - ASN1_OCTET_STRING *os1,*os2; - ASN1_STRING *seq; - X509_ATTRIBUTE *ret; - unsigned char *data; - int i,total; - - if (signed_seq2string_nid == -1) - signed_seq2string_nid= - OBJ_create("1.9.9999","OID_example","Our example OID"); - - os1=ASN1_OCTET_STRING_new(); - os2=ASN1_OCTET_STRING_new(); - ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1)); - ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1)); - i =i2d_ASN1_OCTET_STRING(os1,NULL); - i+=i2d_ASN1_OCTET_STRING(os2,NULL); - total=ASN1_object_size(1,i,V_ASN1_SEQUENCE); - - data=malloc(total); - p=data; - ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); - i2d_ASN1_OCTET_STRING(os1,&p); - i2d_ASN1_OCTET_STRING(os2,&p); - - seq=ASN1_STRING_new(); - ASN1_STRING_set(seq,data,total); - free(data); - ASN1_OCTET_STRING_free(os1); - ASN1_OCTET_STRING_free(os2); - - ret=X509_ATTRIBUTE_create(signed_seq2string_nid, - V_ASN1_SEQUENCE,(char *)seq); - return(ret); - } - -/* For this case, I will malloc the return strings */ -int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2) - { - ASN1_TYPE *so; - PKCS7_SIGNER_INFO si; - - if (signed_seq2string_nid == -1) - signed_seq2string_nid= - OBJ_create("1.9.9999","OID_example","Our example OID"); - - si.auth_attr=sk; - /* To retrieve */ - so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid); - if (so->type == V_ASN1_SEQUENCE) - { - ASN1_const_CTX c; - ASN1_STRING *s; - long length; - ASN1_OCTET_STRING *os1,*os2; - - s=so->value.sequence; - c.p=ASN1_STRING_data(s); - c.max=c.p+ASN1_STRING_length(s); - if (!asn1_GetSequence(&c,&length)) goto err; - /* Length is the length of the seqence */ - - c.q=c.p; - if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) - goto err; - c.slen-=(c.p-c.q); - - c.q=c.p; - if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) - goto err; - c.slen-=(c.p-c.q); - - if (!asn1_const_Finish(&c)) goto err; - *str1=malloc(os1->length+1); - *str2=malloc(os2->length+1); - memcpy(*str1,os1->data,os1->length); - memcpy(*str2,os2->data,os2->length); - (*str1)[os1->length]='\0'; - (*str2)[os2->length]='\0'; - ASN1_OCTET_STRING_free(os1); - ASN1_OCTET_STRING_free(os2); - return(1); - } -err: - return(0); - } - - Index: crypto/openssl/crypto/pkcs7/example.h =================================================================== --- crypto/openssl/crypto/pkcs7/example.h (revision 279126) +++ crypto/openssl/crypto/pkcs7/example.h (working copy) @@ -1,57 +0,0 @@ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -int add_signed_time(PKCS7_SIGNER_INFO *si); -ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si); -int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2); Index: crypto/openssl/crypto/pkcs7/info.pem =================================================================== --- crypto/openssl/crypto/pkcs7/info.pem (revision 279126) +++ crypto/openssl/crypto/pkcs7/info.pem (working copy) @@ -1,57 +0,0 @@ -issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA -subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com -serial :047D - -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1149 (0x47d) - Signature Algorithm: md5withRSAEncryption - Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA - Validity - Not Before: May 13 05:40:58 1998 GMT - Not After : May 12 05:40:58 2000 GMT - Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Modulus: - 00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81: - 73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc: - 89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29: - fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f: - e7:e7:0c:4d:0b - Exponent: 65537 (0x10001) - X509v3 extensions: - Netscape Comment: - Generated with SSLeay - Signature Algorithm: md5withRSAEncryption - 52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55: - f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97: - d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b: - 50:74:ad:92:cb:4e:90:e5:fa:7d - ------BEGIN CERTIFICATE----- -MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV -MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE -ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E -IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw -NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK -UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0 -aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG -9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf -lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB -hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA -UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8 -4A3ZItobUHStkstOkOX6fQ== ------END CERTIFICATE----- - ------BEGIN RSA PRIVATE KEY----- -MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9 -mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG -fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/ -zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29 -p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b -bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk -IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG ------END RSA PRIVATE KEY----- Index: crypto/openssl/crypto/pkcs7/infokey.pem =================================================================== --- crypto/openssl/crypto/pkcs7/infokey.pem (revision 279126) +++ crypto/openssl/crypto/pkcs7/infokey.pem (working copy) @@ -1,9 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9 -mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG -fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/ -zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29 -p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b -bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk -IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG ------END RSA PRIVATE KEY----- Index: crypto/openssl/crypto/pkcs7/p7/a1 =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream Index: crypto/openssl/crypto/pkcs7/p7/a2 =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream Index: crypto/openssl/crypto/pkcs7/p7/cert.p7c =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream Index: crypto/openssl/crypto/pkcs7/p7/smime.p7m =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream Index: crypto/openssl/crypto/pkcs7/p7/smime.p7s =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream Index: crypto/openssl/crypto/pkcs7/server.pem =================================================================== --- crypto/openssl/crypto/pkcs7/server.pem (revision 279126) +++ crypto/openssl/crypto/pkcs7/server.pem (working copy) @@ -1,24 +0,0 @@ -issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) -subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit) ------BEGIN CERTIFICATE----- -MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV -BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD -VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5 -MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG -A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl -cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP -Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2// -Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW -mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i -xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH -irObpESxAZLySCmPPg== ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD -TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu -OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj -gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz -rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b -PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA -vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU= ------END RSA PRIVATE KEY----- Index: crypto/openssl/crypto/pkcs7/sign.c =================================================================== --- crypto/openssl/crypto/pkcs7/sign.c (revision 279126) +++ crypto/openssl/crypto/pkcs7/sign.c (working copy) @@ -1,154 +0,0 @@ -/* crypto/pkcs7/sign.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -#include -#include -#include -#include -#include -#include - -int main(argc,argv) -int argc; -char *argv[]; - { - X509 *x509; - EVP_PKEY *pkey; - PKCS7 *p7; - PKCS7_SIGNER_INFO *si; - BIO *in; - BIO *data,*p7bio; - char buf[1024*4]; - int i; - int nodetach=0; - -#ifndef OPENSSL_NO_MD2 - EVP_add_digest(EVP_md2()); -#endif -#ifndef OPENSSL_NO_MD5 - EVP_add_digest(EVP_md5()); -#endif -#ifndef OPENSSL_NO_SHA1 - EVP_add_digest(EVP_sha1()); -#endif -#ifndef OPENSSL_NO_MDC2 - EVP_add_digest(EVP_mdc2()); -#endif - - data=BIO_new(BIO_s_file()); -again: - if (argc > 1) - { - if (strcmp(argv[1],"-nd") == 0) - { - nodetach=1; - argv++; argc--; - goto again; - } - if (!BIO_read_filename(data,argv[1])) - goto err; - } - else - BIO_set_fp(data,stdin,BIO_NOCLOSE); - - if ((in=BIO_new_file("server.pem","r")) == NULL) goto err; - if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err; - BIO_reset(in); - if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) goto err; - BIO_free(in); - - p7=PKCS7_new(); - PKCS7_set_type(p7,NID_pkcs7_signed); - - si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1()); - if (si == NULL) goto err; - - /* If you do this then you get signing time automatically added */ - PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, - OBJ_nid2obj(NID_pkcs7_data)); - - /* we may want to add more */ - PKCS7_add_certificate(p7,x509); - - /* Set the content of the signed to 'data' */ - PKCS7_content_new(p7,NID_pkcs7_data); - - if (!nodetach) - PKCS7_set_detached(p7,1); - - if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err; - - for (;;) - { - i=BIO_read(data,buf,sizeof(buf)); - if (i <= 0) break; - BIO_write(p7bio,buf,i); - } - - if (!PKCS7_dataFinal(p7,p7bio)) goto err; - BIO_free(p7bio); - - PEM_write_PKCS7(stdout,p7); - PKCS7_free(p7); - - exit(0); -err: - ERR_load_crypto_strings(); - ERR_print_errors_fp(stderr); - exit(1); - } - Index: crypto/openssl/crypto/pkcs7/t/3des.pem =================================================================== --- crypto/openssl/crypto/pkcs7/t/3des.pem (revision 279126) +++ crypto/openssl/crypto/pkcs7/t/3des.pem (working copy) @@ -1,16 +0,0 @@ ------BEGIN PKCS7----- -MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG -A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD -ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ -/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw -AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI -QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU -UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G -CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N -WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA -oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL -lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8 -5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA= ------END PKCS7----- - Index: crypto/openssl/crypto/pkcs7/t/3dess.pem =================================================================== --- crypto/openssl/crypto/pkcs7/t/3dess.pem (revision 279126) +++ crypto/openssl/crypto/pkcs7/t/3dess.pem (working copy) @@ -1,32 +0,0 @@ ------BEGIN PKCS7----- -MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC -BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR -BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv -ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE -AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow -gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu -ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG -A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m -dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh -hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg -hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP -igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds -syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG -A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD -ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB -kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l -MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB -TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB -BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf -mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s -8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx -ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP -BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ -REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB -AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B -CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG -SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv -BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA -9CWR6g== ------END PKCS7----- Index: crypto/openssl/crypto/pkcs7/t/c.pem =================================================================== --- crypto/openssl/crypto/pkcs7/t/c.pem (revision 279126) +++ crypto/openssl/crypto/pkcs7/t/c.pem (working copy) @@ -1,48 +0,0 @@ -issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA -subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com -serial :047D - -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1149 (0x47d) - Signature Algorithm: md5withRSAEncryption - Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA - Validity - Not Before: May 13 05:40:58 1998 GMT - Not After : May 12 05:40:58 2000 GMT - Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Modulus: - 00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81: - 73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc: - 89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29: - fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f: - e7:e7:0c:4d:0b - Exponent: 65537 (0x10001) - X509v3 extensions: - Netscape Comment: - Generated with SSLeay - Signature Algorithm: md5withRSAEncryption - 52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55: - f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97: - d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b: - 50:74:ad:92:cb:4e:90:e5:fa:7d - ------BEGIN CERTIFICATE----- -MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV -MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE -ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E -IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw -NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK -UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0 -aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG -9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf -lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB -hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA -UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8 -4A3ZItobUHStkstOkOX6fQ== ------END CERTIFICATE----- - Index: crypto/openssl/crypto/pkcs7/t/ff =================================================================== --- crypto/openssl/crypto/pkcs7/t/ff (revision 279126) +++ crypto/openssl/crypto/pkcs7/t/ff (working copy) @@ -1,32 +0,0 @@ ------BEGIN PKCS7----- -MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC -BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR -BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv -ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE -AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow -gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu -ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG -A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m -dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh -hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg -hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP -igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds -syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG -A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD -ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB -kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l -MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB -TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB -BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf -mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s -8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx -ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP -BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ -REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB -AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B -CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG -SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv -BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA -9CWR6g== ------END PKCS7----- Index: crypto/openssl/crypto/pkcs7/t/msie-e =================================================================== --- crypto/openssl/crypto/pkcs7/t/msie-e (revision 279126) +++ crypto/openssl/crypto/pkcs7/t/msie-e (working copy) @@ -1,20 +0,0 @@ - -MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV -BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k -aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABECMzu8y -wQ/qZbO8cAGMRBF+mPruv3+Dvb9aWNZ2k8njUgqF6mcdhVB2MkGcsG3memRXJBixvMYWVkU3qK4Z -VuKsMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE -BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU -UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG -SIb3DQEBAQUABEBcWwYFHJbJGhiztt7lzue3Lc9CH5WAbyR+2BZ3uv+JxZfRs1PuaWPOwRa0Vgs3 -YwSJoRfxQj2Gk0wFqG1qt6d1MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQI8vRlP/Nx -2iSggASCAZhR5srxyspy7DfomRJ9ff8eMCtaNwEoEx7G25PZRonC57hBvGoScLtEPU3Wp9FEbPN7 -oJESeC+AqMTyTLNy8aQsyC5s53E9UkoIvg62ekYZBbXZqXsrxx4PhiiX3NH8GVh42phB0Chjw0nK -HZeRDmxGY3Cmk+J+l0uVKxbNIfJIKOguLBnhqmnKH/PrnzDt591u0ULy2aTLqRm+4/1Yat/QPb6J -eoKGwNPBbS9ogBdrCNCp9ZFg3Xar2AtQHzyTQIfYeH3SRQUpKmRm5U5o9p5emgEdT+ZfJm/J4tSH -OmbgAFsbHQakA4MBZ4J5qfDJhOA2g5lWk1hIeu5Dn/AaLRZd0yz3oY0Ieo/erPWx/bCqtBzYbMe9 -qSFTedKlbc9EGe3opOTdBZVzK8KH3w3zsy5luxKdOUG59YYb5F1IZiWGiDyuo/HuacX+griu5LeD -bEzOtZnko+TZXvWIko30fD79j3T4MRRhWXbgj2HKza+4vJ0mzcC/1+GPsJjAEAA/JgIEDU4w6/DI -/HQHhLAO3G+9xKD7MvmrzkoAAAAAAAAAAAAA - - Index: crypto/openssl/crypto/pkcs7/t/msie-e.pem =================================================================== --- crypto/openssl/crypto/pkcs7/t/msie-e.pem (revision 279126) +++ crypto/openssl/crypto/pkcs7/t/msie-e.pem (working copy) @@ -1,22 +0,0 @@ ------BEGIN PKCS7----- -MIAGCSqGSIb3DQEHA6CAMIIDkAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ -bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT -aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ -uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQIzO7zLBD+pls7xwAYxEEX6Y+u6/f4O9 -v1pY1naTyeNSCoXqZx2FUHYyQZywbeZ6ZFckGLG8xhZWRTeorhlW4qwwgfACAQAw -gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH -EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT -GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW -QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQFxbBgUclskaGLO23uXO57ctz0If -lYBvJH7YFne6/4nFl9GzU+5pY87BFrRWCzdjBImhF/FCPYaTTAWobWq3p3UwggHD -BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECPL0ZT/zcdokgIIBmFHmyvHK -ynLsN+iZEn19/x4wK1o3ASgTHsbbk9lGicLnuEG8ahJwu0Q9Tdan0URs83ugkRJ4 -L4CoxPJMs3LxpCzILmzncT1SSgi+DrZ6RhkFtdmpeyvHHg+GKJfc0fwZWHjamEHQ -KGPDScodl5EObEZjcKaT4n6XS5UrFs0h8kgo6C4sGeGqacof8+ufMO3n3W7RQvLZ -pMupGb7j/Vhq39A9vol6gobA08FtL2iAF2sI0Kn1kWDddqvYC1AfPJNAh9h4fdJF -BSkqZGblTmj2nl6aAR1P5l8mb8ni1Ic6ZuAAWxsdBqQDgwFngnmp8MmE4DaDmVaT -WEh67kOf8BotFl3TLPehjQh6j96s9bH9sKq0HNhsx72pIVN50qVtz0QZ7eik5N0F -lXMrwoffDfOzLmW7Ep05Qbn1hhvkXUhmJYaIPK6j8e5pxf6CuK7kt4NsTM61meSj -5Nle9YiSjfR8Pv2PdPgxFGFZduCPYcrNr7i8nSbNwL/X4Y+wmMAQAD8mAgQNTjDr -8Mj8dAeEsA7cb73EoPsy+avOSgAAAAA= ------END PKCS7----- Index: crypto/openssl/crypto/pkcs7/t/msie-enc-01 =================================================================== --- crypto/openssl/crypto/pkcs7/t/msie-enc-01 (revision 279126) +++ crypto/openssl/crypto/pkcs7/t/msie-enc-01 (working copy) @@ -1,62 +0,0 @@ - -MIAGCSqGSIb3DQEHA6CAMIACAQAxgfMwgfACAQAwgZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYD -VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0 -IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMT -EkRFTU8gWkVSTyBWQUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQKvMaW8xh6oF/X+CJivz -IZV7yHxlp4O3NHQtWG0A8MOZB+CtKlU7/6g5e/a9Du/TOqxRMqtYRp63pa2Q/mM4IYMwgAYJ -KoZIhvcNAQcBMBoGCCqGSIb3DQMCMA4CAgCgBAifz6RvzOPYlKCABIGwxtGA/FLBBRs1wbBP -gDCbSG0yCwjJNsFg89/k6xuXo8c5YTwsw8+XlIVq03navpew6XxxzY090rD2OJ0t6HA6GqrI -pd8WiSh/Atqn0yfLFmkLqgIAPRfzxUxqUocxLpQsLIFp2YNUGE+yps+UZmIjw/WHfdqrcWTm -STSvKuy3UkIJZCkGDBpTvqk4BFaHh4oTXEpgpNY+GKxjf9TDN9GQPqQZR7sgQki4t2g4/Saq -Kl4EMISgluk6swdND0tiHY7v5d6YR29ePCl2/STJ98eJpWkEEC22GNNvOy7ru/Rv2He4MgQg -optd7sk9MMd9xhJppg7CcH/yDx//HrtgpOcWmn6VxpgECFqon4uXkQtIBIH4PaNclFn7/hLx -Pw2VmBGaC0SYF3U1jyN96EBxdjqy8Aa6ByMXYDW5BcfqniD5mYXfw+b81lh1kutxaPaV4YJ9 -ZlRUW752N7VHo/fG0/fukoe5W9a8kIhgLpygllb/GP4oSF4wM6n1/OgRzZj2IWFiobKO4d/t -Mnh+C+PoEVAuFZcxQwi9GqvsK5OoIjVwNx0XcVSOl1TTYS9SwC7ugMBCab73JiruC24pL78Y -M+NaIpIQ3On4DokJA2ZHtjBjZIxF4tKA144RvFN6pBd6TVE5XM6KD/Vh9bjSmujtEAfdQ3Te -dvKJsbZuu0stErbvWcRy11I328l557EECAJT7d44OJ3rBBBj6bnnx6dDU2SRqp2CEoQaBAhK -RBuyhNxkygQIOY9/NhwqAJAECOvX0Zd0DqgoBAjobPpMHhVV3gQQWLU2vEoZ51BwzxdzCmxO -wwQI4oKfudaNqoAESKzBNAqv5kGumHOlMKsRfrs7jZCcSaOuEj97pYx08FLEgF23cav39MOQ -NUEM1dNU+EYslL4o3RoSHRjUgPU+2t9c0prS9A/bPARIEOP94PynaTNxwHi3VTK7SzuQmgzA -4n942E9joSiqsQPlsKAb3sPUaLC3SuUxSjNBgfpvD0bmrA/5h+WZoYXvIogFpwjkSmnFBEie -0lh5Ov1aRrvCw5/j3Q/W/4ZtN5U+aeVBJMtA8n0Mxd5kPxHbNVh4oGprZ6wEegV8ht3voyZa -mZ5Cyxc8ffMYnM/JJI6/oEYEUEMyyiS5FnYyvxKzfMtyn2lZ2st9nZGNNgMc9N62r5HgNbdD -FHuRdKKzV+8kQfuMc3mOPpK1t9TFY+QgrxiB5p6S7VooI97YtP3PbfknszCEBEh4PdXYbbaR -3AacN3Q5kYYmWsq3WW6xgrg0mmEGosGvwSQxBBuiXZrxScCa4ivEq05UZwyShePvKduOvnUE -2zDO6IXFLZxhTZAESEm9/FovLgGAiJ7iMGmYvsISLJScwG4n+wrSaQNQXizs9N3ykys54wBN -d/+BQ4F7pncHhDQ2Dyt5MekB8Y8iNOocUTFCu524vQRIaWCXmXP3vU7D21dp0XnAMzRQJ565 -JV3aHRoY7XDa4LePa7PP9ywyafOE5yCW7ndqx3J+2JhTDvSFsW8/q3H3iyeFhykuJVS6BFDK -6CmKbnyyjOfE2iLGJmTFa905V2KrVDCmlEu/xyGMs80yTyZC+ySzM83FMVvLEQmSzcTNUZVp -DfA1kNXbXkPouBXXT6g8r8JCRljaKKABmgRIlMheOJQRUUU4cgvhMreXPayhq5Ao4VMSCkA5 -hYRCBczm4Di/MMohF0SxIsdRY6gY9CPnrBXAsY6h1RbR7Tw0iQZmeXi52DCiBEj0by+SYMAa -9z0CReIzl8JLL6EVIFz8kFxlkGWjr4dnOzhhPOq/mCpp0WxbavDfdhE87MdXJZBnLwoT62QG -955HlAoEQBOGJbcESCgd5XSirZ9Y3AbCfuKOqoMBvEUGn+w/pMaqnGvnr5FZhuBDKrhRXqtx -QsxA//drGUxsrZOuSL/0+fbvo7n2h1Z8Ny86jOvVZAQIAjw2l1Yc5RAESNc9i3I8pKEOVQf/ -UBczJ0NR9aTEF80dRg2lpXwD0ho4N0AvSiVbgxC7cPZHQwIqvq9LHRUs/4n+Vu3SVYU3cAxo -lUTiCGUSlARIF+TD57SI5+RI+MNtnD9rs4E1ml51YoHGWFj3UPriDmY0FKEwIgqtMXMY3fZ9 -Kq8d83bjDzxwbDX7WwR7KbSeJWT42pCz7kM+BEjjPsOnZHuusXT3x2rrsBnYtYsbt98mSFiS -KzTtFmXfkOBbCQdit1P76QnYJ1aXMGs6zP6GypQTadK/zYWvlm38QkVwueaJ0woESKW2pqKA -70h2UMDHOrpepU1lj0YMzmotDHSTU3L909VvUMNg9uqfrQ6mSkb9j5Tl8oF2otOw5EzA1Yda -KPmgsv62RWLYl80wXQRQwG0e/mgG75jp9lOhJdVXqcYbQpS9viwVaVkwH+69mu/bQI4gjoEs -UYX6O71Re2z+cYhcm9UrK+DXuSFBXQOIlAFxKMW4B0apd6fU84FsZLMESOorXE5OE0A2B2ji -J8QI0Exk4hUvWrMNJfUZwFyS7E05xV9ORuX1xmsKqkT4tVR5Nqln4vhvAY860VBoloz0CDkd -8seSBEjeMgRI9FvpYuflIeHg9urkwp6N+1f0DrJJhJY9ZQ0HTQhziJmIfvbEjNqCl7hEC28+ -F8I5tuViLgfSwcFFCvnS6WFoN4X6QdFdqMCbBEjdlI1c+IQGA/IuTDMJYCuQ/v+8BG5ZeWVH -icPZmXfRat9eFK1dGKAJef6+Tf9HPuDjSpDyffrifsp7Dc34lmm7GN1+ON3ZMtwEUNm6epb8 -1RKWjoI7jIKUV/M2p/0eeGSqs4b06KF/VR6dBwsJVL5DpnTsp3MV4j/CAOlRdSPZ5++tsKbM -aplk+ceqQtpEFz1MYTtVV4+rlrWaBEA1okJyNZ5/tNOwM7B+XfOZ0xw+uyVi9v4byTZM2Qds -J+d3YGYLAugTGHISLqQEerD8/gGK+/SL06b2gNedXPHtBAiBKX+Mdy3wFQQIqE9gVgvrFNUE -CKKoTFoMGqnPBAjDPgLCklNfrwQI3Ek1vSq68w8ECBodu2FOZJVkBAgzwjfSr2N9WQQQTCoQ -KkAbrS9tnjXn1I3+ZwQIrPx3eINo/YUECIeYWCFskxlYBAiDUdvZXwD3vgQIkEyZbbZWbUUE -CH4+odl1Isk3BBj68fkqJ0fKJRWVLWuW/O3VE4BOPKwFlaIECFseVTdDUho8BAj+cOKvV2WA -hgQgaXr+wwq+ItblG0Qxz8IVUXX6PV2mIdHwz4SCCvnCsaIECJhBYxdfLI/XBCDswamPn9MR -yXi2HVQBineV+GtWVkIoZ2dCLFB9mQRMoAQI0nUR5a5AOJoECA+AunKlAlx8BAi5RtFeF4g1 -FQQIz/ie+16LlQcECOmNuVg5DXjMBAjH2nkfpXZgWwQIVdLuO/+kuHAECO/5rEHmyI9vBBD4 -16BU4Rd3YerDQnHtrwOQBCCkho1XxK5Maz8KLCNi20wvcGt8wsIXlj2h5q9ITBq7IgQQvKVY -4OfJ7bKbItP2dylwQgQYPIGxwkkbRXNraONYvN19G8UdF35rFOuIBAjf0sKz/618ZQQIxObr -xJkRe0sECIC+ssnjEb2NBBBI+XM4OntVWGsRV9Td3sFgBAinGwIroo8O0gQQMGAwgc9PaLaG -gBCiwSTrYQQIVHjfCQgOtygEUIoraFoANfhZgIShpOd/RRxFU4/7xZR5tMdGoYz/g0thR0lM -+Hi88FtFD4mAh/Oat4Ri8B7bv04aokjN2UHz6nPbHHjZ8zIqpbYTCy043GNZBAhOqjyB2JbD -NwQoR23XCYD9x6E20ChHJRXmaHwyMdYXKl5CUxypl7ois+sy2D7jDukS3wQIsTyyPgJi0GsA -AAAAAAAAAAAA - Index: crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem =================================================================== --- crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem (revision 279126) +++ crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem (working copy) @@ -1,66 +0,0 @@ ------BEGIN PKCS7----- -MIAGCSqGSIb3DQEHA6CAMIILyAIBADGB8zCB8AIBADCBmTCBkjELMAkGA1UEBhMC -QVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYD -VQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB -TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBAgIEbjANBgkq -hkiG9w0BAQEFAARAq8xpbzGHqgX9f4ImK/MhlXvIfGWng7c0dC1YbQDww5kH4K0q -VTv/qDl79r0O79M6rFEyq1hGnrelrZD+YzghgzCCCssGCSqGSIb3DQEHATAaBggq -hkiG9w0DAjAOAgIAoAQIn8+kb8zj2JSAggqgxtGA/FLBBRs1wbBPgDCbSG0yCwjJ -NsFg89/k6xuXo8c5YTwsw8+XlIVq03navpew6XxxzY090rD2OJ0t6HA6GqrIpd8W -iSh/Atqn0yfLFmkLqgIAPRfzxUxqUocxLpQsLIFp2YNUGE+yps+UZmIjw/WHfdqr -cWTmSTSvKuy3UkIJZCkGDBpTvqk4BFaHh4oTXEpgpNY+GKxjf9TDN9GQPqQZR7sg -Qki4t2g4/SaqKl6EoJbpOrMHTQ9LYh2O7+XemEdvXjwpdv0kyffHiaVpBBAtthjT -bzsu67v0b9h3uDKim13uyT0wx33GEmmmDsJwf/IPH/8eu2Ck5xaafpXGmFqon4uX -kQtIPaNclFn7/hLxPw2VmBGaC0SYF3U1jyN96EBxdjqy8Aa6ByMXYDW5BcfqniD5 -mYXfw+b81lh1kutxaPaV4YJ9ZlRUW752N7VHo/fG0/fukoe5W9a8kIhgLpygllb/ -GP4oSF4wM6n1/OgRzZj2IWFiobKO4d/tMnh+C+PoEVAuFZcxQwi9GqvsK5OoIjVw -Nx0XcVSOl1TTYS9SwC7ugMBCab73JiruC24pL78YM+NaIpIQ3On4DokJA2ZHtjBj -ZIxF4tKA144RvFN6pBd6TVE5XM6KD/Vh9bjSmujtEAfdQ3TedvKJsbZuu0stErbv -WcRy11I328l557ECU+3eODid62PpuefHp0NTZJGqnYIShBpKRBuyhNxkyjmPfzYc -KgCQ69fRl3QOqCjobPpMHhVV3li1NrxKGedQcM8XcwpsTsPigp+51o2qgKzBNAqv -5kGumHOlMKsRfrs7jZCcSaOuEj97pYx08FLEgF23cav39MOQNUEM1dNU+EYslL4o -3RoSHRjUgPU+2t9c0prS9A/bPBDj/eD8p2kzccB4t1Uyu0s7kJoMwOJ/eNhPY6Eo -qrED5bCgG97D1Giwt0rlMUozQYH6bw9G5qwP+YflmaGF7yKIBacI5EppxZ7SWHk6 -/VpGu8LDn+PdD9b/hm03lT5p5UEky0DyfQzF3mQ/Eds1WHigamtnrAR6BXyG3e+j -JlqZnkLLFzx98xicz8kkjr+gRkMyyiS5FnYyvxKzfMtyn2lZ2st9nZGNNgMc9N62 -r5HgNbdDFHuRdKKzV+8kQfuMc3mOPpK1t9TFY+QgrxiB5p6S7VooI97YtP3Pbfkn -szCEeD3V2G22kdwGnDd0OZGGJlrKt1lusYK4NJphBqLBr8EkMQQbol2a8UnAmuIr -xKtOVGcMkoXj7ynbjr51BNswzuiFxS2cYU2QSb38Wi8uAYCInuIwaZi+whIslJzA -bif7CtJpA1BeLOz03fKTKznjAE13/4FDgXumdweENDYPK3kx6QHxjyI06hxRMUK7 -nbi9aWCXmXP3vU7D21dp0XnAMzRQJ565JV3aHRoY7XDa4LePa7PP9ywyafOE5yCW -7ndqx3J+2JhTDvSFsW8/q3H3iyeFhykuJVS6yugpim58soznxNoixiZkxWvdOVdi -q1QwppRLv8chjLPNMk8mQvskszPNxTFbyxEJks3EzVGVaQ3wNZDV215D6LgV10+o -PK/CQkZY2iigAZqUyF44lBFRRThyC+Eyt5c9rKGrkCjhUxIKQDmFhEIFzObgOL8w -yiEXRLEix1FjqBj0I+esFcCxjqHVFtHtPDSJBmZ5eLnYMKL0by+SYMAa9z0CReIz -l8JLL6EVIFz8kFxlkGWjr4dnOzhhPOq/mCpp0WxbavDfdhE87MdXJZBnLwoT62QG -955HlAoEQBOGJbcoHeV0oq2fWNwGwn7ijqqDAbxFBp/sP6TGqpxr56+RWYbgQyq4 -UV6rcULMQP/3axlMbK2Trki/9Pn276O59odWfDcvOozr1WQCPDaXVhzlENc9i3I8 -pKEOVQf/UBczJ0NR9aTEF80dRg2lpXwD0ho4N0AvSiVbgxC7cPZHQwIqvq9LHRUs -/4n+Vu3SVYU3cAxolUTiCGUSlBfkw+e0iOfkSPjDbZw/a7OBNZpedWKBxlhY91D6 -4g5mNBShMCIKrTFzGN32fSqvHfN24w88cGw1+1sEeym0niVk+NqQs+5DPuM+w6dk -e66xdPfHauuwGdi1ixu33yZIWJIrNO0WZd+Q4FsJB2K3U/vpCdgnVpcwazrM/obK -lBNp0r/Nha+WbfxCRXC55onTCqW2pqKA70h2UMDHOrpepU1lj0YMzmotDHSTU3L9 -09VvUMNg9uqfrQ6mSkb9j5Tl8oF2otOw5EzA1YdaKPmgsv62RWLYl80wXcBtHv5o -Bu+Y6fZToSXVV6nGG0KUvb4sFWlZMB/uvZrv20COII6BLFGF+ju9UXts/nGIXJvV -Kyvg17khQV0DiJQBcSjFuAdGqXen1POBbGSz6itcTk4TQDYHaOInxAjQTGTiFS9a -sw0l9RnAXJLsTTnFX05G5fXGawqqRPi1VHk2qWfi+G8BjzrRUGiWjPQIOR3yx5IE -SN4y9FvpYuflIeHg9urkwp6N+1f0DrJJhJY9ZQ0HTQhziJmIfvbEjNqCl7hEC28+ -F8I5tuViLgfSwcFFCvnS6WFoN4X6QdFdqMCb3ZSNXPiEBgPyLkwzCWArkP7/vARu -WXllR4nD2Zl30WrfXhStXRigCXn+vk3/Rz7g40qQ8n364n7Kew3N+JZpuxjdfjjd -2TLc2bp6lvzVEpaOgjuMgpRX8zan/R54ZKqzhvTooX9VHp0HCwlUvkOmdOyncxXi -P8IA6VF1I9nn762wpsxqmWT5x6pC2kQXPUxhO1VXj6uWtZo1okJyNZ5/tNOwM7B+ -XfOZ0xw+uyVi9v4byTZM2QdsJ+d3YGYLAugTGHISLqQEerD8/gGK+/SL06b2gNed -XPHtgSl/jHct8BWoT2BWC+sU1aKoTFoMGqnPwz4CwpJTX6/cSTW9KrrzDxodu2FO -ZJVkM8I30q9jfVlMKhAqQButL22eNefUjf5nrPx3eINo/YWHmFghbJMZWINR29lf -APe+kEyZbbZWbUV+PqHZdSLJN/rx+SonR8olFZUta5b87dUTgE48rAWVolseVTdD -Uho8/nDir1dlgIZpev7DCr4i1uUbRDHPwhVRdfo9XaYh0fDPhIIK+cKxophBYxdf -LI/X7MGpj5/TEcl4th1UAYp3lfhrVlZCKGdnQixQfZkETKDSdRHlrkA4mg+AunKl -Alx8uUbRXheINRXP+J77XouVB+mNuVg5DXjMx9p5H6V2YFtV0u47/6S4cO/5rEHm -yI9v+NegVOEXd2Hqw0Jx7a8DkKSGjVfErkxrPwosI2LbTC9wa3zCwheWPaHmr0hM -GrsivKVY4OfJ7bKbItP2dylwQjyBscJJG0Vza2jjWLzdfRvFHRd+axTriN/SwrP/ -rXxlxObrxJkRe0uAvrLJ4xG9jUj5czg6e1VYaxFX1N3ewWCnGwIroo8O0jBgMIHP -T2i2hoAQosEk62FUeN8JCA63KIoraFoANfhZgIShpOd/RRxFU4/7xZR5tMdGoYz/ -g0thR0lM+Hi88FtFD4mAh/Oat4Ri8B7bv04aokjN2UHz6nPbHHjZ8zIqpbYTCy04 -3GNZTqo8gdiWwzdHbdcJgP3HoTbQKEclFeZofDIx1hcqXkJTHKmXuiKz6zLYPuMO -6RLfsTyyPgJi0GsAAAAA ------END PKCS7----- Index: crypto/openssl/crypto/pkcs7/t/msie-enc-02 =================================================================== --- crypto/openssl/crypto/pkcs7/t/msie-enc-02 (revision 279126) +++ crypto/openssl/crypto/pkcs7/t/msie-enc-02 (working copy) @@ -1,90 +0,0 @@ - -MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV -BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k -aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABEACr4tn -kSzvo3aIlHfJLGbfokNCV6FjdDP1vQhL+kdXONqcFCEf9ReETCvaHslIr/Wepc5j2hjZselzgqLn -rM1ZMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE -BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU -UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG -SIb3DQEBAQUABEBanBxKOvUoRn3DiFY55lly2TPu2Cv+dI/GLrzW6qvnUMZPWGPGaUlPyWLMZrXJ -xGXZUiRJKTBwDu91fnodUEK9MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQImxKZEDWP -EuOggASCBACBi1bX/qc3geqFyfRpX7JyIo/g4CDr62GlwvassAGlIO8zJ5Z/UDIIooeV6QS4D4OW -PymKd0WXhwcJI0yBcJTWEoxND27LM7CWFJpA07AoxVCRHTOPgm794NynLecNUOqVTFyS4CRuLhVG -PAk0nFZG/RE2yMtx4rAkSiVgOexES7wq/xWuoDSSmuTMNQOTbKfkEKqdFLkM/d62gD2wnaph7vKk -PPK82wdZP8rF3nUUC5c4ahbNoa8g+5B3tIF/Jz3ZZK3vGLU0IWO+i7W451dna13MglDDjXOeikNl -XLsQdAVo0nsjfGu+f66besJojPzysNA+IEZl6gNWUetl9lim4SqrxubUExdS2rmXnXXmEuEW/HC7 -dlTAeYq5Clqx5id6slhC2C2oegMww3XH9yxHw6OqzvXY6pVPEScEtBMQLgaKFQT+m2SRtbTVFG7c -QcnUODyVB1IbpQTF1DHeeOX1W/HfpWZym8dzkti6SCyeumHmqO406xDiIMVKtHOqM86nEHuAMZsr -cLy+ey6TEJvR6S4N8QRzng8JJDZDTJXQN6q84aEudsnOrw2KyOVwPpI6ey4qBsHUgQ8kAFy5lsQa -WV45h6exgUwbBcKLgPZGFj+OdD2RKJsTb83/UqbJS5Q/lGXhzBlnaYucyJxEprRxbntmcnOEPFJe -+tRDUwOTd7qlJljdhIJL+uDcooL9Ahgo6Cwep6tduekv2cSEohJeTE8Dvy34YRhMbLvnFNdmnpNy -rNZDYVVxxaKoyd2AfB8NPFZh1VdAYfI3R1QAQ2kXEef5NNIfVQfMzD9akJn4RP+Kv32Qaxm4FrnK -xmwRyGJShavIBc2ax+F1r1+NZXuSBHn5vfoRTxOk0ST4dXsw74dnlYUMRaSu4qqUdM9jsXSyeX4Z -gQgkR2bkaYO6ezFgenFIa7QWVw8rXZAEZ5aibCxbnY1VE41PYIvhlLdbFJhH9gY22s+fFAuwnzyA -SRjC40A9aAEItRlaPStWSGiqlLRgNkBBwdpv2l2YPBd2QzHx6ek6XGrvRJuAC+Nh62rtQKwpNH54 -YAOHW55maBFW2SQ3TF+cZ6NbbqhCmHTyyR7mcSYc9sXSVDWEhYKQ1iyU870zhHWVpvglZizZetJC -ZFjYex3b1ngVdcgargOvpPq9urCKKi2mbkqv/EFpzSWGXkKSpfCG/XfMnEOtkNrB8S06vnk2JcJB -OBqJot+uuSH5hOg0vTpxX2DuONJSiWSWyfRE/lTfJJFXwhod7SXclUyXPeSyibcSic2hVAzDmwjD -31js/j2k02PI/agPhr3UQ8cMgcNAiaoCKbNaWfn6BGbCAbTchxzUlo2cSJiLlrX2IDZmfXbXmZCo -m1smWIG+BIIEALiuAxDb6dWLAYyVBoN9hYI4AiPeZAY9MtvQ6AV8o2/EFm6PvYGXy3Hei5830CH0 -PBeX7Kdd6ff1y33TW/l5qSkIL1ULTGR7okFfJePHDmq1dFt6/JOMptiQ8WSu7CsJQvZ9VTFXeYFc -ZqCPPZc1NrPegNK70Zf9QxWIbDAevJ5KLBf1c6j8pU2/6LnvDY6VjaTvYSgr7vTR8eVzH4Rm77W0 -iOHxg5VcODv6cGSVyuvbX8UAGo8Cmb58ERDtBDJBQXVpWKLNAuDJ9GX8n2zNkpjZLbPSkcmuhqGa -BJBE/BaCTkUQWlY9dIbRtEnxIU1mfbPPdx1Ppa8DqGDjSOsQdKcKYNNZtayEw++EIpmpdBNsKphC -fB8UEK2Wkk4ZVW+qyGoi/r0MFsvO1NmSOOZ0o/jy/YHmoeURHhPy97AO3eVTkEAa5CfJEJybmo56 -7CDw/FwoGAUCgsoz7rlxzMudr/IhHIH+APinncxXlHO2ecvHD9i8DaHGA8tVifgsUhqQoZieULut -eF94O5UAxOkv41UZssYTwN4nYrN1QkesZl3BX4ORS4EE30/PQ23ARf3WZptZrCJevGm2ZYzGeh8x -g17mCDfiLO+bff4qP/4mC96Pu4ia6j4to5BwKIJS/+DCuoD8WeSKF4pugXQkMUiHdQnNnVP9Sp2O -/4ly5mO8JzrQC59V2bnTNBqPhpno8kfJvK5TypPSVC+bTzern3rJ6UceB3srcn9zxKx9GdNydJQj -yWjv8ec3n3d1nuQwhz5Q053NBhIjwoGg3Go7LO6i78ZOlpF7dcoAO13NfHLyNjnyHCaiWtVRTct9 -rLf5vN00urSn8YJngHk1eTKK8nHGIcOg6YdYDOD2nE5XwRijKmieG8Xa3eKRzfbL06GrBQENle6J -mC131bp3cRVxpjq+o6RAbGoMm4yICsL4eTarCQrsyHmoPHqr91UHo91avyxU7knWmEhX27ybmsrs -8aeZwPHixL14TeyhruCqRVvkf1Ks7P+z8MPUboGNqQe2WLN8ktCGEr15O8MJR/em86G03Jfo4oaw -/DVUH5RwLT6acedOGuzMh/2r8BcmemhVQ8/cWvV4YJ0tOW4hzyVHC5hQf8sZ3LzxXLH6Ohnrbprh -xvrdbaSdChWZDDP0bCCbxEhkwuBkBeKZrMbwRTP+TPTPYLVTH/CmKLzKh/114tkGkyO3hHS4qExU -V39F2Sj4mylx+hD0+20D9pntpNi7htccGlOm6yNM69at/3+kLgJJyoIlaxLcCUYHNMifDt+T3p/t -5U4XmD53uUQ6M8dvj/udqPekNSUfse15yrd9pjOt5PcJuqW28q0sFHf9pHIgz3XZFMe5PD7ppw6r -S+C6Ir4PrYIEggQA7ZDVtiCm+BbtNNB/UJm79/OQ5mp5bTI0kPmDeycaWTa0Ojpum+c/dpG/iJOB -DICj7jHOXSHT7JlGyX6aSFJUltucAnZvwzhPDmdDaIDiKSk85GqgdDWVfGosSCX9Ph/T3WpIxnwf -WSDRtIHkWTjly+pe4yy5K6/XISy/L5Zh/fhiI5fjHjgzmlibs2ru4nVw6hBhUvlSSe2BEs5d9h/y -NH8Wy3qvb2D3jh7hkepFtZJGNTHp8ZUC7Ns2JIpQYObsaxdI65i3mMOu7fRwI+0/4ejsWhP6KCEi -LgwvLg0qM82ma6YB7qHAHboaczRVEffDcJUG4a5uycB0DoZFn+uEaEFyili20hCn4hVfsqUQk2PT -8Mo1tSl5e30xI1YJZrRgiJm9nHRX6fLizngP+ILJLPHZsPvlSVIfY+/v/FR8feKOjaGhyGF51BAx -aM2NIQ4jMP5/X+U5gQybi0E6u7rroDhaHsKmCMgXqszwXWCpedA/sEbeHpiTC59YlPPSlIOMc9vP -Ko/mQCfWy/9icUaIfKQldvkllUxxNkqu6AbIpHVscbAEzSPs5xbQXU8EZNNCDisFnnpY3nQ3eLnl -m89saTJxRb7NWHRMlmPv7qgD7uMIq3vdOGA7i5wT9MeoNIgK1/DsgH30s6RWjJy4YyyLmRTXPzbj -hbQVpEmiMRbEidIvUx2OjKVxVQIcgtLsa2lvHQ4XL1cpLr5GVtOgy0fMg5OCDUUDsvjgjgLQ3P2U -p2nVY5FM6/QpPc5DTLuuR9ekI2/c9Biz09RtcYDUQK2ajdo8h1IyKqHFoB7h48OXxXKKY94DY0TG -x6PonB/epj8orAw4QKmm5M0vXYwBOqRymCTHTqOJGObdLx1euFFyqguzHJOU2gAGZI0z9Lg1yRuF -yhdPZyuniIcmtLNxRZ1duYHErcAyX56qndmLXt7UVkATai/rIMuoJLfAsUnVuTUS5p7tJM754UZT -7lTcXvDJgOUNnBRaIcxC3pxvbrYDJ2iFJ72xkxUP2p74gucqg25XnCVmQuLg6zDDxF6CLuw9isxy -Xg4pkneMN//7fpp8GYl9nyZm2yqYYM+jcw0fcVc64L+X4w/gL3H2UMGgxIHSJp7HIG7VKHtXrNyj -dPXXPVUsMsAAimqOr0Lr2sZWirfuivLaPTqhbkvG5PF7K3gT80AOIcd/6EIHBy2hZ7ukfjHmdP4L -yQOhTQklaKzGHI0mypq0uFLWJOUlZnVrMiLP1xrWkpC8Ro9eo6mfjjQ45z8adC43a47klwTEzvod -3rNEFIGJJUEjAN3mbqie7IxoSJknBBJK0D9lZEQ8lZWlq7vuN8JdqPM6xh155jMVsPwjLK6Tzkj5 -BpRD9Tgm3u6HPQSCBADgkWEN75Mu9TGosXY0xm1k6K6sPv8L949CrLWo4r1I2LA072bTGvQP28Vs -hUA76jgcT1ocC++9PoktIK10YCq5w+FfMAQ04KeCXuAdmiY2iAT4Slea61PMCMta3mVGyLUZCLEm -P+I0UKR5mlO0fGEcjU9j8TmbjZqxNFqloLsU7oSi7Os0EtYHkdAVrExUyOc/ZDie6fBjdLTmLdCm -bE9JNwjlbXypdTZupGgLNhKGDIskUAAMwZYayI6YfSIMkNCeAYTnjOuGZZ1msCXGXsfMBR1sfUIj -9UeGjwD8gq+UVVHX/oeoH/m0eJ5ppqi3+nUlgc9DvpYsC/Fg0G2KuYb9B+VJ+a4GMzQSPREoFtQp -B9dtLkBb7Ha/hpGWTIdqzW0eAo5llyN8FNvl2Fu2IcLaNmWFO69gLjRKQopp0dvFOuwAVI6fvGDj -p1WigoNbFZl8N+iiWmzKOjoG2ZLbez1clZCms/JPJrXhEMMOxWpVzkQyN336VWHmGgMcjaKCGSeA -2nnESIGuiCXMrkHlGfabYIsKcHFCo2t13uXyZPf0zSPTkuD0Eh92wqC9pvA3gvrrCUfo9Mn3bs+e -KWKmDlpcs8mDn032oIg+zrQhIduMqXVn3evzeVM3B5MBOGMvg51/SXg7R+MC/463juQQEb9IVe/I -YGnO//oWm9lw/377Af/qH+FnN02obJw1FvesQIs9e5RHNQykKbO+vmVJQl1nd9DZWrHDNO7/80Yz -2hCm7Tws5nSRN2iFlyRaYJHr7ypxkU2rCak2r6ua7XDwu1qU2RT3+qPjT1RuxQ2oTlHyGkKPMZGC -Rc+CSWz5aeeCmHZVwdb3nC8YpfsujMiYqygLeuQ82pjKuR7DIKGmnfcOLdv5F+Ek2Wyy0D98iSgk -+aoQGYLhL9llU13pn21uRsDY5uGcXiIw1IETFlTdgENEv8futZuJsegrp7fmFXyNoNyFNyypeDrM -6ZqR4vKxFjg3tKKeVpkw/W4EAklzMxmNiazGNDBHsnYV3rwPlKa+HeeE2YxnsKwGLCNgRYUXTaJk -461vS160z3dvh/mLfdZ7MYCkmO3bNE3ELUDAw7YQkSuo9ujzdFKte9LC34sjg9fOex3ThAg5Y50n -wYm4zBmGM7yEqL8O6QgnM6tIDFS9XryDaLNzcGhMWqMvhzO6sC/AA2WfLgwS517Cp03IkJQWqG9q -w52+E+GAtpioJfczEhlv9BrhjttdugRSjJrG8SYVYE4zG3Aur5eNBoGaALIOHOtPw8+JovQmIWcF -oaJ/WQuglFrWtew51IK6F8RiHAOBVavZOuZcO7tV+5enVfreOd0rX8ZOy4hYmHhmF1hOrrWOn+Ee -E0SYKonXN01BM9xMBIIBSLCvNAppnGPTUGjwbMJRg1VJ2KMiBWH5oJp8tyfIAxMuWFdtaLYbRSOD -XbOAshPVK8JAY8DQDkzqaCTAkLTfSRAt9yY6SbUpMsRv7xa8nMZNJBJzJT9b/wNjgiOJgaGuJMkV -2g/DX2jfP3PrMM/Sbnz7edORXHj1Pa5XTT8nG5MS0FuZgvevdq3o/gVVAz+ZCKOH3ShMzZvfp01l -SX5gaJTflmU6cdNwtn2yZ6IScF7OrjUeA9iEoSVR9dQcA+4lB3RAG3LMwcnxXY35D7+PMJzHIZdF -cSnq+n03ACY2/E/T31iijRH29rvYHGI+mP/ieYs45iq4fTWo6i1HofeWLdP0fX7xW3XO0/hWYFiw -BxKu66whAbRhaib3XJNvetVs25ToYXyiDpjG+cd5rCMei8sGQwTBj9Zeh0URoeMW1inTP0JvCmMU -rZgAAAAAAAAAAAAA - Index: crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem =================================================================== --- crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem (revision 279126) +++ crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem (working copy) @@ -1,106 +0,0 @@ ------BEGIN PKCS7----- -MIAGCSqGSIb3DQEHA6CAMIITQAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ -bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT -aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ -uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQAKvi2eRLO+jdoiUd8ksZt+iQ0JXoWN0 -M/W9CEv6R1c42pwUIR/1F4RMK9oeyUiv9Z6lzmPaGNmx6XOCoueszVkwgfACAQAw -gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH -EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT -GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW -QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQFqcHEo69ShGfcOIVjnmWXLZM+7Y -K/50j8YuvNbqq+dQxk9YY8ZpSU/JYsxmtcnEZdlSJEkpMHAO73V+eh1QQr0wghFz -BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECJsSmRA1jxLjgIIRSIGLVtf+ -pzeB6oXJ9GlfsnIij+DgIOvrYaXC9qywAaUg7zMnln9QMgiih5XpBLgPg5Y/KYp3 -RZeHBwkjTIFwlNYSjE0PbsszsJYUmkDTsCjFUJEdM4+Cbv3g3Kct5w1Q6pVMXJLg -JG4uFUY8CTScVkb9ETbIy3HisCRKJWA57ERLvCr/Fa6gNJKa5Mw1A5Nsp+QQqp0U -uQz93raAPbCdqmHu8qQ88rzbB1k/ysXedRQLlzhqFs2hryD7kHe0gX8nPdlkre8Y -tTQhY76LtbjnV2drXcyCUMONc56KQ2VcuxB0BWjSeyN8a75/rpt6wmiM/PKw0D4g -RmXqA1ZR62X2WKbhKqvG5tQTF1LauZeddeYS4Rb8cLt2VMB5irkKWrHmJ3qyWELY -Lah6AzDDdcf3LEfDo6rO9djqlU8RJwS0ExAuBooVBP6bZJG1tNUUbtxBydQ4PJUH -UhulBMXUMd545fVb8d+lZnKbx3OS2LpILJ66Yeao7jTrEOIgxUq0c6ozzqcQe4Ax -mytwvL57LpMQm9HpLg3xBHOeDwkkNkNMldA3qrzhoS52yc6vDYrI5XA+kjp7LioG -wdSBDyQAXLmWxBpZXjmHp7GBTBsFwouA9kYWP450PZEomxNvzf9SpslLlD+UZeHM -GWdpi5zInESmtHFue2Zyc4Q8Ul761ENTA5N3uqUmWN2Egkv64Nyigv0CGCjoLB6n -q1256S/ZxISiEl5MTwO/LfhhGExsu+cU12aek3Ks1kNhVXHFoqjJ3YB8Hw08VmHV -V0Bh8jdHVABDaRcR5/k00h9VB8zMP1qQmfhE/4q/fZBrGbgWucrGbBHIYlKFq8gF -zZrH4XWvX41le5IEefm9+hFPE6TRJPh1ezDvh2eVhQxFpK7iqpR0z2OxdLJ5fhmB -CCRHZuRpg7p7MWB6cUhrtBZXDytdkARnlqJsLFudjVUTjU9gi+GUt1sUmEf2Bjba -z58UC7CfPIBJGMLjQD1oAQi1GVo9K1ZIaKqUtGA2QEHB2m/aXZg8F3ZDMfHp6Tpc -au9Em4AL42Hrau1ArCk0fnhgA4dbnmZoEVbZJDdMX5xno1tuqEKYdPLJHuZxJhz2 -xdJUNYSFgpDWLJTzvTOEdZWm+CVmLNl60kJkWNh7HdvWeBV1yBquA6+k+r26sIoq -LaZuSq/8QWnNJYZeQpKl8Ib9d8ycQ62Q2sHxLTq+eTYlwkE4Gomi3665IfmE6DS9 -OnFfYO440lKJZJbJ9ET+VN8kkVfCGh3tJdyVTJc95LKJtxKJzaFUDMObCMPfWOz+ -PaTTY8j9qA+GvdRDxwyBw0CJqgIps1pZ+foEZsIBtNyHHNSWjZxImIuWtfYgNmZ9 -dteZkKibWyZYgb64rgMQ2+nViwGMlQaDfYWCOAIj3mQGPTLb0OgFfKNvxBZuj72B -l8tx3oufN9Ah9DwXl+ynXen39ct901v5eakpCC9VC0xke6JBXyXjxw5qtXRbevyT -jKbYkPFkruwrCUL2fVUxV3mBXGagjz2XNTaz3oDSu9GX/UMViGwwHryeSiwX9XOo -/KVNv+i57w2OlY2k72EoK+700fHlcx+EZu+1tIjh8YOVXDg7+nBklcrr21/FABqP -Apm+fBEQ7QQyQUF1aViizQLgyfRl/J9szZKY2S2z0pHJroahmgSQRPwWgk5FEFpW -PXSG0bRJ8SFNZn2zz3cdT6WvA6hg40jrEHSnCmDTWbWshMPvhCKZqXQTbCqYQnwf -FBCtlpJOGVVvqshqIv69DBbLztTZkjjmdKP48v2B5qHlER4T8vewDt3lU5BAGuQn -yRCcm5qOeuwg8PxcKBgFAoLKM+65cczLna/yIRyB/gD4p53MV5RztnnLxw/YvA2h -xgPLVYn4LFIakKGYnlC7rXhfeDuVAMTpL+NVGbLGE8DeJ2KzdUJHrGZdwV+DkUuB -BN9Pz0NtwEX91mabWawiXrxptmWMxnofMYNe5gg34izvm33+Kj/+Jgvej7uImuo+ -LaOQcCiCUv/gwrqA/FnkiheKboF0JDFIh3UJzZ1T/Uqdjv+JcuZjvCc60AufVdm5 -0zQaj4aZ6PJHybyuU8qT0lQvm083q596yelHHgd7K3J/c8SsfRnTcnSUI8lo7/Hn -N593dZ7kMIc+UNOdzQYSI8KBoNxqOyzuou/GTpaRe3XKADtdzXxy8jY58hwmolrV -UU3Lfay3+bzdNLq0p/GCZ4B5NXkyivJxxiHDoOmHWAzg9pxOV8EYoyponhvF2t3i -kc32y9OhqwUBDZXuiZgtd9W6d3EVcaY6vqOkQGxqDJuMiArC+Hk2qwkK7Mh5qDx6 -q/dVB6PdWr8sVO5J1phIV9u8m5rK7PGnmcDx4sS9eE3soa7gqkVb5H9SrOz/s/DD -1G6BjakHtlizfJLQhhK9eTvDCUf3pvOhtNyX6OKGsPw1VB+UcC0+mnHnThrszIf9 -q/AXJnpoVUPP3Fr1eGCdLTluIc8lRwuYUH/LGdy88Vyx+joZ626a4cb63W2knQoV -mQwz9Gwgm8RIZMLgZAXimazG8EUz/kz0z2C1Ux/wpii8yof9deLZBpMjt4R0uKhM -VFd/Rdko+JspcfoQ9PttA/aZ7aTYu4bXHBpTpusjTOvWrf9/pC4CScqCJWsS3AlG -BzTInw7fk96f7eVOF5g+d7lEOjPHb4/7naj3pDUlH7Htecq3faYzreT3CbqltvKt -LBR3/aRyIM912RTHuTw+6acOq0vguiK+D62C7ZDVtiCm+BbtNNB/UJm79/OQ5mp5 -bTI0kPmDeycaWTa0Ojpum+c/dpG/iJOBDICj7jHOXSHT7JlGyX6aSFJUltucAnZv -wzhPDmdDaIDiKSk85GqgdDWVfGosSCX9Ph/T3WpIxnwfWSDRtIHkWTjly+pe4yy5 -K6/XISy/L5Zh/fhiI5fjHjgzmlibs2ru4nVw6hBhUvlSSe2BEs5d9h/yNH8Wy3qv -b2D3jh7hkepFtZJGNTHp8ZUC7Ns2JIpQYObsaxdI65i3mMOu7fRwI+0/4ejsWhP6 -KCEiLgwvLg0qM82ma6YB7qHAHboaczRVEffDcJUG4a5uycB0DoZFn+uEaEFyili2 -0hCn4hVfsqUQk2PT8Mo1tSl5e30xI1YJZrRgiJm9nHRX6fLizngP+ILJLPHZsPvl -SVIfY+/v/FR8feKOjaGhyGF51BAxaM2NIQ4jMP5/X+U5gQybi0E6u7rroDhaHsKm -CMgXqszwXWCpedA/sEbeHpiTC59YlPPSlIOMc9vPKo/mQCfWy/9icUaIfKQldvkl -lUxxNkqu6AbIpHVscbAEzSPs5xbQXU8EZNNCDisFnnpY3nQ3eLnlm89saTJxRb7N -WHRMlmPv7qgD7uMIq3vdOGA7i5wT9MeoNIgK1/DsgH30s6RWjJy4YyyLmRTXPzbj -hbQVpEmiMRbEidIvUx2OjKVxVQIcgtLsa2lvHQ4XL1cpLr5GVtOgy0fMg5OCDUUD -svjgjgLQ3P2Up2nVY5FM6/QpPc5DTLuuR9ekI2/c9Biz09RtcYDUQK2ajdo8h1Iy -KqHFoB7h48OXxXKKY94DY0TGx6PonB/epj8orAw4QKmm5M0vXYwBOqRymCTHTqOJ -GObdLx1euFFyqguzHJOU2gAGZI0z9Lg1yRuFyhdPZyuniIcmtLNxRZ1duYHErcAy -X56qndmLXt7UVkATai/rIMuoJLfAsUnVuTUS5p7tJM754UZT7lTcXvDJgOUNnBRa -IcxC3pxvbrYDJ2iFJ72xkxUP2p74gucqg25XnCVmQuLg6zDDxF6CLuw9isxyXg4p -kneMN//7fpp8GYl9nyZm2yqYYM+jcw0fcVc64L+X4w/gL3H2UMGgxIHSJp7HIG7V -KHtXrNyjdPXXPVUsMsAAimqOr0Lr2sZWirfuivLaPTqhbkvG5PF7K3gT80AOIcd/ -6EIHBy2hZ7ukfjHmdP4LyQOhTQklaKzGHI0mypq0uFLWJOUlZnVrMiLP1xrWkpC8 -Ro9eo6mfjjQ45z8adC43a47klwTEzvod3rNEFIGJJUEjAN3mbqie7IxoSJknBBJK -0D9lZEQ8lZWlq7vuN8JdqPM6xh155jMVsPwjLK6Tzkj5BpRD9Tgm3u6HPeCRYQ3v -ky71MaixdjTGbWTorqw+/wv3j0KstajivUjYsDTvZtMa9A/bxWyFQDvqOBxPWhwL -770+iS0grXRgKrnD4V8wBDTgp4Je4B2aJjaIBPhKV5rrU8wIy1reZUbItRkIsSY/ -4jRQpHmaU7R8YRyNT2PxOZuNmrE0WqWguxTuhKLs6zQS1geR0BWsTFTI5z9kOJ7p -8GN0tOYt0KZsT0k3COVtfKl1Nm6kaAs2EoYMiyRQAAzBlhrIjph9IgyQ0J4BhOeM -64ZlnWawJcZex8wFHWx9QiP1R4aPAPyCr5RVUdf+h6gf+bR4nmmmqLf6dSWBz0O+ -liwL8WDQbYq5hv0H5Un5rgYzNBI9ESgW1CkH120uQFvsdr+GkZZMh2rNbR4CjmWX -I3wU2+XYW7Yhwto2ZYU7r2AuNEpCimnR28U67ABUjp+8YOOnVaKCg1sVmXw36KJa -bMo6OgbZktt7PVyVkKaz8k8mteEQww7FalXORDI3ffpVYeYaAxyNooIZJ4DaecRI -ga6IJcyuQeUZ9ptgiwpwcUKja3Xe5fJk9/TNI9OS4PQSH3bCoL2m8DeC+usJR+j0 -yfduz54pYqYOWlyzyYOfTfagiD7OtCEh24ypdWfd6/N5UzcHkwE4Yy+DnX9JeDtH -4wL/jreO5BARv0hV78hgac7/+hab2XD/fvsB/+of4Wc3TahsnDUW96xAiz17lEc1 -DKQps76+ZUlCXWd30NlascM07v/zRjPaEKbtPCzmdJE3aIWXJFpgkevvKnGRTasJ -qTavq5rtcPC7WpTZFPf6o+NPVG7FDahOUfIaQo8xkYJFz4JJbPlp54KYdlXB1vec -Lxil+y6MyJirKAt65DzamMq5HsMgoaad9w4t2/kX4STZbLLQP3yJKCT5qhAZguEv -2WVTXemfbW5GwNjm4ZxeIjDUgRMWVN2AQ0S/x+61m4mx6Cunt+YVfI2g3IU3LKl4 -OszpmpHi8rEWODe0op5WmTD9bgQCSXMzGY2JrMY0MEeydhXevA+Upr4d54TZjGew -rAYsI2BFhRdNomTjrW9LXrTPd2+H+Yt91nsxgKSY7ds0TcQtQMDDthCRK6j26PN0 -Uq170sLfiyOD1857HdOECDljnSfBibjMGYYzvISovw7pCCczq0gMVL1evINos3Nw -aExaoy+HM7qwL8ADZZ8uDBLnXsKnTciQlBaob2rDnb4T4YC2mKgl9zMSGW/0GuGO -2126BFKMmsbxJhVgTjMbcC6vl40GgZoAsg4c60/Dz4mi9CYhZwWhon9ZC6CUWta1 -7DnUgroXxGIcA4FVq9k65lw7u1X7l6dV+t453Stfxk7LiFiYeGYXWE6utY6f4R4T -RJgqidc3TUEz3EywrzQKaZxj01Bo8GzCUYNVSdijIgVh+aCafLcnyAMTLlhXbWi2 -G0Ujg12zgLIT1SvCQGPA0A5M6mgkwJC030kQLfcmOkm1KTLEb+8WvJzGTSQScyU/ -W/8DY4IjiYGhriTJFdoPw19o3z9z6zDP0m58+3nTkVx49T2uV00/JxuTEtBbmYL3 -r3at6P4FVQM/mQijh90oTM2b36dNZUl+YGiU35ZlOnHTcLZ9smeiEnBezq41HgPY -hKElUfXUHAPuJQd0QBtyzMHJ8V2N+Q+/jzCcxyGXRXEp6vp9NwAmNvxP099Yoo0R -9va72BxiPpj/4nmLOOYquH01qOotR6H3li3T9H1+8Vt1ztP4VmBYsAcSruusIQG0 -YWom91yTb3rVbNuU6GF8og6YxvnHeawjHovLBkMEwY/WXodFEaHjFtYp0z9Cbwpj -FK2YAAAAAA== ------END PKCS7----- Index: crypto/openssl/crypto/pkcs7/t/msie-s-a-e =================================================================== --- crypto/openssl/crypto/pkcs7/t/msie-s-a-e (revision 279126) +++ crypto/openssl/crypto/pkcs7/t/msie-s-a-e (working copy) @@ -1,91 +0,0 @@ - -MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV -BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k -aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABECjscaS -G0U299fqiEAgTqTFQBp8Ai6zzjl557cVb3k6z4QZ7CbqBjSXAjLbh5e7S5Hd/FrFcDnxl1Ka06ha -VHGPMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE -BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU -UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG -SIb3DQEBAQUABECsyHXZ1xaiv0UQRvOmVYsaF38AL2XX75wxbCsz5/wOg7g3RP4aicZxaR4sBog0 -f2G1o9om/hu+A0rIYF/L4/GUMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQIsozQrnwj -cc2ggASCBAAQz/LPoJe/+iYWeTwSebz6Q9UeKZzQ2UWm7GLtEM3s3c9SCvpmkwIRdEhLjWaBJMyI -DiL7t1I1vMf9inB8LXgAcIEYkpNScjS8ERA9Ebb7ieNKSBg7w7B8ATHFxLSlDADqRgoZrB1Ctfgf -ximp3EgxTgnhtyQhZxXW7kBQyFRwumplrJXOp7albP7IothrOKncw30IJT1fwPxWNMItI9juXF0U -CbWVSjPzGBo4+XNXMvUO6MplOQEz/ywEQ9E8OZAQex1Zw9qq5ppsXB2pMsYV5sLJGikukMYKquiz -3YK+tN6J8ahLcDUs+VGwqvZi17gpBTlbEP+ZmXJpnO63t1yTEB0V5AZcRKWUOhzlCBM5YUagqNoY -cpsmSvOK6bYzkUKOrzWpDCAtGZ/Dvul5dTZZmxs2WpM+iyeHXMxO3huy8K1brPTqt1f1sHhuq1jD -1eXedaCjIgUW9qV18vNAQCof/Yb6T/1fxztf/jD7pPLQJ+7LJkKCAEHGcaizpoKqhYcttaEhLq1G -O+Ohqf7yFegMdTJ3wwP324w5ZYSU5fLo2Z34/Edf6EGvXyTIqVfAmEBALd6JGVdN5GlYYTxrL+eO -P80Z4ao4YKoxwEmRp5bmQsQ8B29QhOFKmC6eiG5B96qLMtp7Zmu1grDNxTd6OXShWVwYARD0/B1P -Sy0PAfk9Gb4fAkO9fZJDQYZ7s0mM5iOPEeSR7820TolOb+KfRabLA9d714jsc2jEykKlpP66Bh4j -aCsyqJ0uUQcE8SnzrKAqGwgWiCGQpiTa+HBiP6eRlRGOKQj5Y06vcNx6Ija4cGe6+yCN8HV8tCY0 -okZK98NQCl5t79R/ZB2c3NvBJH+/g3ulU48ikT3tVmDxE3mOZofZyGFEM99P+YCMScLDxTl3hzGy -0YkI8U855P7qOAbcFfh2T5n+LSELwLhbkymEfZT917GWTfmypBWMvJx0WHeDhKwQYPdzbKgWETnc -yeKasaCW+oLdhBwrd6Ws2r4MA8cwiYXDLbwYmCxJA8VF++8kubF2HJOjSyMBS+QT2PSV/0D9UWoi -Vfk7R4OvWBJVvq7nV+lXS0O5igjExxlmx1OaBfg7+Cr/MbK4zVNrKSJn82NnKKt6LC6RaTmvFYay -0sDFxQ7Xo+Th6tDNKmKWJt6Kegfjc+qTWJTKb3kL+UI8vS0zTLy1+M/rZ4ekos/JiS5rYIcAswvg -58kBgp/0rc6upBeWjBaK5O0aLAeBQfLulo1axWX04OSVKmYeoAltyR6UO9ME3acurQyg7Ta24yqO -whi/PrIaEiO7dsWvFtzsshVzBLic02NlAkPkMUzliPYnZHWQglDAVxL5K2qhvK1OFCkQpIgBsBDM -6KYRL/mkBIIEALIl927rIkaN37/BQIcxLcSa05YfC0Hl3mxWESt1A0D4lA37A9S8EbYmDfAYlMc0 -3HhZGdZEtawfpJFyDHzNZceNWBch6nxeNZCY4YFdsbzuGS0RKpwNA9S/czOJ4p9ymBCxuhGepI3U -PKbC8C749Www1/wMdAot1n+K7M/PBGR8hWmaH5SS7U3yMwAB1fq2NDjx4ur+Um+MclSdN01MDXzG -EO+eAo1pdAY8479234l8dB2YVAhZ1ZlJ4KmbqMKJrGJXnQUEYS6/cTDRjsUocsoW7uGg1ci2GiHa -qjlkfpBfie3SdhFW/K8hwAH0HALs56oFN66wUkP/AaJAPfIUNhR6RpHKzZ9zCC42oB2mNawQRMnF -ETBl1s/SwMxLKRp7jAfKs4NZxSY6I9z/2dTpzS3tsHMjxVDuxkolvRNWBILEMeL1CBvip2HhmoUw -/Sz5NDgyzk1aQLV6DQNJ2RZLMZDRCtSwZSBu6lhhSgTJGazP0+NbqXXC5aQTrqrFIcWyDXz+ADle -kszzYM/gSaQTCALTwfDDaU9Ek3xVgW+XBtExtJ3U+0AN3l0j86rUIdIvp6eWdxWQqv9LtpoorKMD -KfUc5PYV09Z1JgsT4X51Zzq+74l5dz7udIM7UNbdTpmRm9PDj3TUbGCvNR9hqOEGTLbkvb1ZR24a -h6uGRl2znB25IpDAGRhNRb9is/pO2tvHwHTDMOjrgvZG/pNvXgSUxz0pRjUjXIcqBe2X2gcQfeal -r8gY76o83WEGL6ODryV9vTQVHt52+izgpYoBZaVlpgqbZl54c+OE0Zxf9RwXwDbcYu5Ku5E0MPL0 -qUjc0y2+Y6E4P5bAWaZGMGT+ORkyVUzcaWmM/+XlO7PER5wrWlCIMZCX1L/nvioY0q0CKqALn7DJ -QU+qenbwrb6uwS7uNZY6V86s0aDYpU7yRyqxC5SbuyNJb02gdxUCgpIscFaMUjMVRml4M4BIjX/b -U+HgHoVMUm8SnN9gRcT2izPrgOGVcMTJjfenzoCKoCPo9RjgGMctgB4DvKamErNU7OrilIfuoqzE -PNSeP9SPw/zkDmNvMebM499We9CVnsHUWqF00/ZJWoua77+0f1bLS/tmci1JBvIcMo/4SJvgH+KF -o0gijP9gqAPd5iCOnpnJlHUqRIym42SmyKEDuzdSwXKjAR6j7uXda39JyMJr8gGzEsu0jYRkAmj1 -YdiqwKXUcLMkcj1AKeU/PxTUVw0YKsv/rowrPYww3xQUWqNivrXB7GCHE3BzsYNdHsmziaGIXQbA -+EBHdkuKrM8BcC+fxhF/l/KUxngsD1E75IcUv8zFDF+sk4CBYHqks9S4JYlcubuizqsILbdGzIMN -Z7w34k0XT+sEggQAyzr8MHeIJGsT+AYnZr08PeTbyr01JEoT7lPYT6PzX4F63QKKDl+mB+PwLMzY -CXrxZcUmuay6/MV8w/f5T6vQXdoSw5puWodBYwVReYh1IaEN+jiTapm9YBVmcIsJPO6abHowknSV -OWSvST0AtAX57fFOTckm+facfBK9s9T1lUUgF44Bh5e8f9qKqfOV44nqdCOEyUm0Dao497ieN4Eg -XBLNvOZY9+irMiXjp0lcyFvhrJOczfyCr9EiiaiH1TfSzKGKsf2W84iKn/JH6x2eOo7xjwJ40BQD -c6S1cUNEuqBhP6by0FioOXYOKVyifpxk84Eb+F/4CNdTJTvCPwsiegdfsX/Q53DvKVtXp9Ycam5J -TmKRHXK/bMHF4ONv3p/O/kn/BqRx+fbbP2eMX8Z1F/ltHKfp6B+06HljUwQLBJs9XtCfqH5Zgdz9 -gad5WZF5ykFArmHDgeFlgggvbZ7z9vqnjN/TH68TxJzauYQ5vLHQ6wGXik4/4uq7/TqNmhxlQEM4 -zVkwsn203bUmKLyz+yl1zItDpn5zy1uXfGo99rBdUzdbdE9LmEFPMaFsaHd4a8oDaUroD7FgCbeD -JJVld3ac6F8+3QbExPs48OrgA1kI3/UwXr52ldjiYzTLfAGR9BjqNFTw45FUHuMf8TEM5hcHx56w -95eKAqraDk28o9k+M2UKpcmrdlWoWzdqVVFeWGpM8x9Y9Nt0lf/4VUQgrXjqTkUCQkJyqTeTeGgH -rn3QBk2XAgpxZhaJs3InW0BkAlBmK99cMinUiJeFt5a4p5wPeXrVuh6V9m7Mpl9hzpogg++EZqah -fzzNnDgxOZfW342DX052PdgXo0NnkhCk005LvFt6M2mRn0fLgNVfyUZZoOp8cO5ZWbhXXlrhrgUt -j2zKPK6Q94Zj4kdXHBGpAkrB8ZQ4EGGODE0Dqusm8WPXzB+9236IMHPU7lFbyjBrFNI7O4jg+qRI -Ipi+7tX0FsilqEbmjG+OPwhZXrdqUqyF+rjKQuSRq7lOeDB4c6S2dq4OOny01i5HCbbyc9UvSHRm -hOhGqUlzHyHLo3W7j+26V/MhkDXJ+Tx+qfylv4pbliwTteJJj+CZwzjv29qb6lxYi+38Bw10ERap -m8UCRFBecVN7xXlcIfyeAl666Vi7EBJZv3EdFNrx1nlLwM65nYya7uj6L7IwJWotIUx8E0XH0/cU -xS/dG8bxf9L/8652h5gq3LI+wTNGuEX0DMuz7BGQG+NtgabrZ6SsKGthGa7eULTpz0McWTLRU0y/ -/tkckpm5pDnXSFbIMskwwjECz82UZBSPpigdN/Pjg5d+0yWu7s3VJxw4ENWPPpzZ+j7sOXmdvn9P -O1tQd60EO+3awASCBAAZQvWV3/yJ6FxPttbP+qeURpJoPEZfpN2UYZmd8HqtR0YbaOZ6Rln9nvpd -K9fylXdw9z2xeCbjDWUttJB4VqZxGJM8eCTC1VDVyAOsQ5n7SY55dMkQbU+o4Z/4J5m8+wz50BBI -LfruL1eZ6/CF6CdvxVRiJ10sXc0Tn2sVMXqkw7Adp1GYoCI9c6VFSFK74+n+y7LVFQ5HBnbQyKJc -dvdLOXwZOPaFHC5UNXRmOpcwdPqyXUe+xIsOMYbzdlAnI9eGDNeRDktUa/Rh0CbZCxjmJzoZEYOE -ZjsYZlEfp1Kb61t8z4m28hGLEg88T1Ihmxa2HeUWes1RpmgIOP+/2Lb3smj/l/fpSu4gabFgyCAV -H5HdCYMScUv8SVu55+tpeO8ELoHHQUXV4rr084O4budzhgNSOPyLGDl5sfDUXiyusPCxS4JVO/KY -6V2Qrtg/q2wtmXpEkZnGT+Qi3WDzwt4W81alztnYMP17oGLmxX71KV9OEiMZjI4WaaGt+OOINLtR -qefioZ1NI2L1s5M0tybwTsyU9WERM+3pUwXIfJVsbMZRlNaO2OogcHbaR4UWvhOj+3CTG1sThiYQ -MxMnp1Rpqx3nhyzqLO3TRrkYvxnA3cdPBn9EeqpgBMg7X3hCiMV3Fl5cj/WOMhtHYgY7BgeCXo46 -EFVZ4+WroGZ46xGiRDiIblo8bzLd7QCxvukzxy3mUDgsZQ8pds4N28weSUhBk5MAPbfBpRvXUVJx -MhKqXucQU1Md1qSGLbuuIQuz9pAGp1JFUx/vEkCgm74daSoVWCZuB+1ZE4f48clvrBj51xMNf8CP -EFE7vySzVb6X2H1i5X3Z+Y3DdIcWw4Y2FClfcJk4Mwq8Cq2GALGFEge9YSEE9YmyuU6OFeU0ICon -iXAgZ72SM8fBwJPruLFbdsNYKW+oAfmPisXSWMcZmdSbfk0GYv+vKtu3eegSbWw1UsCVtZOh9E5Z -uQ83l59CBqO9sV/SFU3WrrJ0qNWxrmXu9nJn5Qf5iCRoFGYNHYHkIG5FS6N00GEDZxGkxmro2d++ -Adj5LVHc/b1cYWmrux+jEqI8ZK8cyTB0XMbBA/HYbx9NXazr7znP4/Mlv3pZToEcYt+lgLHAArtU -AdhybhbLIwNMq0gr6EwtDklBa3ns4Wx/rJU8H7LGs6gV8uqeaSketv+nz+sQhfctxZ1rx+5qzXfy -FOQVpO23KDQunBi1Bl9k61Di4q9JWcyADBXPHXJzp7mL8Fk7zdvMAEfuED1phdRm6GgDYoYUs4yQ -IrhSjFlWyk7hT8475xk3BIv++obvWSAv/3+pF6A6U2RXDChVmnG0JnPa9wYYtdzBmLfZKBjX+DjD -yEMsuhPsCzuN4R6tBIIBWCVRKmKwdkatmpsQBgDw48u0/Arffl5/DRlS9ee+QffFecUitDdCK+kt -X5L2fGYrL5g6SltncMIeV1ptx4nuSjC/O944q1KYtqvQiPFWJqEXIRMNbbYOC47sjLza0tEFrimN -wxcrWGSzsy5R9beFQ1aHPcMrDWfCoviNRk2qPtxuKIC5Qk2ZuOmJLjCiLwUGEb0/1Mpzv3MqQa7d -mRayXg3DZWJPajxNZv6eS357ElMvwGQmqafb2mlQJwWLsg9m9PG7uqEoyrqSc6MiuY+icLEFib9j -OfRQrx70rTSKUfTr4MtP0aZZAefjCrpVIyTekhFDOk0Nmx057eonlyGgmGpl5/Uo+t1J1Z11Ya/l -bNbfmebRISJeTVW0I8FhseAZMI1GSwp/ludJxSLYOgyRkh+GX134MexNo7O9F1SxLCfWaSG9Fc3s -5ify04ua9/t8SGrYZPm/l3MkAAAAAAAAAAAAAA== - - Index: crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem =================================================================== --- crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem (revision 279126) +++ crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem (working copy) @@ -1,106 +0,0 @@ ------BEGIN PKCS7----- -MIAGCSqGSIb3DQEHA6CAMIITUAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ -bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT -aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ -uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQKOxxpIbRTb31+qIQCBOpMVAGnwCLrPO -OXnntxVveTrPhBnsJuoGNJcCMtuHl7tLkd38WsVwOfGXUprTqFpUcY8wgfACAQAw -gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH -EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT -GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW -QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQKzIddnXFqK/RRBG86ZVixoXfwAv -ZdfvnDFsKzPn/A6DuDdE/hqJxnFpHiwGiDR/YbWj2ib+G74DSshgX8vj8ZQwghGD -BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECLKM0K58I3HNgIIRWBDP8s+g -l7/6JhZ5PBJ5vPpD1R4pnNDZRabsYu0Qzezdz1IK+maTAhF0SEuNZoEkzIgOIvu3 -UjW8x/2KcHwteABwgRiSk1JyNLwRED0RtvuJ40pIGDvDsHwBMcXEtKUMAOpGChms -HUK1+B/GKancSDFOCeG3JCFnFdbuQFDIVHC6amWslc6ntqVs/sii2Gs4qdzDfQgl -PV/A/FY0wi0j2O5cXRQJtZVKM/MYGjj5c1cy9Q7oymU5ATP/LARD0Tw5kBB7HVnD -2qrmmmxcHakyxhXmwskaKS6Qxgqq6LPdgr603onxqEtwNSz5UbCq9mLXuCkFOVsQ -/5mZcmmc7re3XJMQHRXkBlxEpZQ6HOUIEzlhRqCo2hhymyZK84rptjORQo6vNakM -IC0Zn8O+6Xl1NlmbGzZakz6LJ4dczE7eG7LwrVus9Oq3V/WweG6rWMPV5d51oKMi -BRb2pXXy80BAKh/9hvpP/V/HO1/+MPuk8tAn7ssmQoIAQcZxqLOmgqqFhy21oSEu -rUY746Gp/vIV6Ax1MnfDA/fbjDllhJTl8ujZnfj8R1/oQa9fJMipV8CYQEAt3okZ -V03kaVhhPGsv544/zRnhqjhgqjHASZGnluZCxDwHb1CE4UqYLp6IbkH3qosy2ntm -a7WCsM3FN3o5dKFZXBgBEPT8HU9LLQ8B+T0Zvh8CQ719kkNBhnuzSYzmI48R5JHv -zbROiU5v4p9FpssD13vXiOxzaMTKQqWk/roGHiNoKzKonS5RBwTxKfOsoCobCBaI -IZCmJNr4cGI/p5GVEY4pCPljTq9w3HoiNrhwZ7r7II3wdXy0JjSiRkr3w1AKXm3v -1H9kHZzc28Ekf7+De6VTjyKRPe1WYPETeY5mh9nIYUQz30/5gIxJwsPFOXeHMbLR -iQjxTznk/uo4BtwV+HZPmf4tIQvAuFuTKYR9lP3XsZZN+bKkFYy8nHRYd4OErBBg -93NsqBYROdzJ4pqxoJb6gt2EHCt3pazavgwDxzCJhcMtvBiYLEkDxUX77yS5sXYc -k6NLIwFL5BPY9JX/QP1RaiJV+TtHg69YElW+rudX6VdLQ7mKCMTHGWbHU5oF+Dv4 -Kv8xsrjNU2spImfzY2coq3osLpFpOa8VhrLSwMXFDtej5OHq0M0qYpYm3op6B+Nz -6pNYlMpveQv5Qjy9LTNMvLX4z+tnh6Siz8mJLmtghwCzC+DnyQGCn/Stzq6kF5aM -Fork7RosB4FB8u6WjVrFZfTg5JUqZh6gCW3JHpQ70wTdpy6tDKDtNrbjKo7CGL8+ -shoSI7t2xa8W3OyyFXMEuJzTY2UCQ+QxTOWI9idkdZCCUMBXEvkraqG8rU4UKRCk -iAGwEMzophEv+aSyJfdu6yJGjd+/wUCHMS3EmtOWHwtB5d5sVhErdQNA+JQN+wPU -vBG2Jg3wGJTHNNx4WRnWRLWsH6SRcgx8zWXHjVgXIep8XjWQmOGBXbG87hktESqc -DQPUv3MzieKfcpgQsboRnqSN1DymwvAu+PVsMNf8DHQKLdZ/iuzPzwRkfIVpmh+U -ku1N8jMAAdX6tjQ48eLq/lJvjHJUnTdNTA18xhDvngKNaXQGPOO/dt+JfHQdmFQI -WdWZSeCpm6jCiaxiV50FBGEuv3Ew0Y7FKHLKFu7hoNXIthoh2qo5ZH6QX4nt0nYR -VvyvIcAB9BwC7OeqBTeusFJD/wGiQD3yFDYUekaRys2fcwguNqAdpjWsEETJxREw -ZdbP0sDMSykae4wHyrODWcUmOiPc/9nU6c0t7bBzI8VQ7sZKJb0TVgSCxDHi9Qgb -4qdh4ZqFMP0s+TQ4Ms5NWkC1eg0DSdkWSzGQ0QrUsGUgbupYYUoEyRmsz9PjW6l1 -wuWkE66qxSHFsg18/gA5XpLM82DP4EmkEwgC08Hww2lPRJN8VYFvlwbRMbSd1PtA -Dd5dI/Oq1CHSL6enlncVkKr/S7aaKKyjAyn1HOT2FdPWdSYLE+F+dWc6vu+JeXc+ -7nSDO1DW3U6ZkZvTw4901GxgrzUfYajhBky25L29WUduGoerhkZds5wduSKQwBkY -TUW/YrP6Ttrbx8B0wzDo64L2Rv6Tb14ElMc9KUY1I1yHKgXtl9oHEH3mpa/IGO+q -PN1hBi+jg68lfb00FR7edvos4KWKAWWlZaYKm2ZeeHPjhNGcX/UcF8A23GLuSruR -NDDy9KlI3NMtvmOhOD+WwFmmRjBk/jkZMlVM3GlpjP/l5TuzxEecK1pQiDGQl9S/ -574qGNKtAiqgC5+wyUFPqnp28K2+rsEu7jWWOlfOrNGg2KVO8kcqsQuUm7sjSW9N -oHcVAoKSLHBWjFIzFUZpeDOASI1/21Ph4B6FTFJvEpzfYEXE9osz64DhlXDEyY33 -p86AiqAj6PUY4BjHLYAeA7ymphKzVOzq4pSH7qKsxDzUnj/Uj8P85A5jbzHmzOPf -VnvQlZ7B1FqhdNP2SVqLmu+/tH9Wy0v7ZnItSQbyHDKP+Eib4B/ihaNIIoz/YKgD -3eYgjp6ZyZR1KkSMpuNkpsihA7s3UsFyowEeo+7l3Wt/ScjCa/IBsxLLtI2EZAJo -9WHYqsCl1HCzJHI9QCnlPz8U1FcNGCrL/66MKz2MMN8UFFqjYr61wexghxNwc7GD -XR7Js4mhiF0GwPhAR3ZLiqzPAXAvn8YRf5fylMZ4LA9RO+SHFL/MxQxfrJOAgWB6 -pLPUuCWJXLm7os6rCC23RsyDDWe8N+JNF0/ryzr8MHeIJGsT+AYnZr08PeTbyr01 -JEoT7lPYT6PzX4F63QKKDl+mB+PwLMzYCXrxZcUmuay6/MV8w/f5T6vQXdoSw5pu -WodBYwVReYh1IaEN+jiTapm9YBVmcIsJPO6abHowknSVOWSvST0AtAX57fFOTckm -+facfBK9s9T1lUUgF44Bh5e8f9qKqfOV44nqdCOEyUm0Dao497ieN4EgXBLNvOZY -9+irMiXjp0lcyFvhrJOczfyCr9EiiaiH1TfSzKGKsf2W84iKn/JH6x2eOo7xjwJ4 -0BQDc6S1cUNEuqBhP6by0FioOXYOKVyifpxk84Eb+F/4CNdTJTvCPwsiegdfsX/Q -53DvKVtXp9Ycam5JTmKRHXK/bMHF4ONv3p/O/kn/BqRx+fbbP2eMX8Z1F/ltHKfp -6B+06HljUwQLBJs9XtCfqH5Zgdz9gad5WZF5ykFArmHDgeFlgggvbZ7z9vqnjN/T -H68TxJzauYQ5vLHQ6wGXik4/4uq7/TqNmhxlQEM4zVkwsn203bUmKLyz+yl1zItD -pn5zy1uXfGo99rBdUzdbdE9LmEFPMaFsaHd4a8oDaUroD7FgCbeDJJVld3ac6F8+ -3QbExPs48OrgA1kI3/UwXr52ldjiYzTLfAGR9BjqNFTw45FUHuMf8TEM5hcHx56w -95eKAqraDk28o9k+M2UKpcmrdlWoWzdqVVFeWGpM8x9Y9Nt0lf/4VUQgrXjqTkUC -QkJyqTeTeGgHrn3QBk2XAgpxZhaJs3InW0BkAlBmK99cMinUiJeFt5a4p5wPeXrV -uh6V9m7Mpl9hzpogg++EZqahfzzNnDgxOZfW342DX052PdgXo0NnkhCk005LvFt6 -M2mRn0fLgNVfyUZZoOp8cO5ZWbhXXlrhrgUtj2zKPK6Q94Zj4kdXHBGpAkrB8ZQ4 -EGGODE0Dqusm8WPXzB+9236IMHPU7lFbyjBrFNI7O4jg+qRIIpi+7tX0FsilqEbm -jG+OPwhZXrdqUqyF+rjKQuSRq7lOeDB4c6S2dq4OOny01i5HCbbyc9UvSHRmhOhG -qUlzHyHLo3W7j+26V/MhkDXJ+Tx+qfylv4pbliwTteJJj+CZwzjv29qb6lxYi+38 -Bw10ERapm8UCRFBecVN7xXlcIfyeAl666Vi7EBJZv3EdFNrx1nlLwM65nYya7uj6 -L7IwJWotIUx8E0XH0/cUxS/dG8bxf9L/8652h5gq3LI+wTNGuEX0DMuz7BGQG+Nt -gabrZ6SsKGthGa7eULTpz0McWTLRU0y//tkckpm5pDnXSFbIMskwwjECz82UZBSP -pigdN/Pjg5d+0yWu7s3VJxw4ENWPPpzZ+j7sOXmdvn9PO1tQd60EO+3awBlC9ZXf -/InoXE+21s/6p5RGkmg8Rl+k3ZRhmZ3weq1HRhto5npGWf2e+l0r1/KVd3D3PbF4 -JuMNZS20kHhWpnEYkzx4JMLVUNXIA6xDmftJjnl0yRBtT6jhn/gnmbz7DPnQEEgt -+u4vV5nr8IXoJ2/FVGInXSxdzROfaxUxeqTDsB2nUZigIj1zpUVIUrvj6f7LstUV -DkcGdtDIolx290s5fBk49oUcLlQ1dGY6lzB0+rJdR77Eiw4xhvN2UCcj14YM15EO -S1Rr9GHQJtkLGOYnOhkRg4RmOxhmUR+nUpvrW3zPibbyEYsSDzxPUiGbFrYd5RZ6 -zVGmaAg4/7/YtveyaP+X9+lK7iBpsWDIIBUfkd0JgxJxS/xJW7nn62l47wQugcdB -RdXiuvTzg7hu53OGA1I4/IsYOXmx8NReLK6w8LFLglU78pjpXZCu2D+rbC2ZekSR -mcZP5CLdYPPC3hbzVqXO2dgw/XugYubFfvUpX04SIxmMjhZpoa3444g0u1Gp5+Kh -nU0jYvWzkzS3JvBOzJT1YREz7elTBch8lWxsxlGU1o7Y6iBwdtpHhRa+E6P7cJMb -WxOGJhAzEyenVGmrHeeHLOos7dNGuRi/GcDdx08Gf0R6qmAEyDtfeEKIxXcWXlyP -9Y4yG0diBjsGB4JejjoQVVnj5augZnjrEaJEOIhuWjxvMt3tALG+6TPHLeZQOCxl -Dyl2zg3bzB5JSEGTkwA9t8GlG9dRUnEyEqpe5xBTUx3WpIYtu64hC7P2kAanUkVT -H+8SQKCbvh1pKhVYJm4H7VkTh/jxyW+sGPnXEw1/wI8QUTu/JLNVvpfYfWLlfdn5 -jcN0hxbDhjYUKV9wmTgzCrwKrYYAsYUSB71hIQT1ibK5To4V5TQgKieJcCBnvZIz -x8HAk+u4sVt2w1gpb6gB+Y+KxdJYxxmZ1Jt+TQZi/68q27d56BJtbDVSwJW1k6H0 -Tlm5DzeXn0IGo72xX9IVTdausnSo1bGuZe72cmflB/mIJGgUZg0dgeQgbkVLo3TQ -YQNnEaTGaujZ374B2PktUdz9vVxhaau7H6MSojxkrxzJMHRcxsED8dhvH01drOvv -Oc/j8yW/ellOgRxi36WAscACu1QB2HJuFssjA0yrSCvoTC0OSUFreezhbH+slTwf -ssazqBXy6p5pKR62/6fP6xCF9y3FnWvH7mrNd/IU5BWk7bcoNC6cGLUGX2TrUOLi -r0lZzIAMFc8dcnOnuYvwWTvN28wAR+4QPWmF1GboaANihhSzjJAiuFKMWVbKTuFP -zjvnGTcEi/76hu9ZIC//f6kXoDpTZFcMKFWacbQmc9r3Bhi13MGYt9koGNf4OMPI -Qyy6E+wLO43hHq0lUSpisHZGrZqbEAYA8OPLtPwK335efw0ZUvXnvkH3xXnFIrQ3 -QivpLV+S9nxmKy+YOkpbZ3DCHldabceJ7kowvzveOKtSmLar0IjxViahFyETDW22 -DguO7Iy82tLRBa4pjcMXK1hks7MuUfW3hUNWhz3DKw1nwqL4jUZNqj7cbiiAuUJN -mbjpiS4woi8FBhG9P9TKc79zKkGu3ZkWsl4Nw2ViT2o8TWb+nkt+exJTL8BkJqmn -29ppUCcFi7IPZvTxu7qhKMq6knOjIrmPonCxBYm/Yzn0UK8e9K00ilH06+DLT9Gm -WQHn4wq6VSMk3pIRQzpNDZsdOe3qJ5choJhqZef1KPrdSdWddWGv5WzW35nm0SEi -Xk1VtCPBYbHgGTCNRksKf5bnScUi2DoMkZIfhl9d+DHsTaOzvRdUsSwn1mkhvRXN -7OYn8tOLmvf7fEhq2GT5v5dzJAAAAAA= ------END PKCS7----- Index: crypto/openssl/crypto/pkcs7/t/nav-smime =================================================================== --- crypto/openssl/crypto/pkcs7/t/nav-smime (revision 279126) +++ crypto/openssl/crypto/pkcs7/t/nav-smime (working copy) @@ -1,157 +0,0 @@ -From angela@c2.net.au Thu May 14 13:32:27 1998 -X-UIDL: 83c94dd550e54329bf9571b72038b8c8 -Return-Path: angela@c2.net.au -Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id NAA27838 for ; Thu, 14 May 1998 13:32:26 +1000 (EST) -Message-ID: <355A6779.4B63E64C@cryptsoft.com> -Date: Thu, 14 May 1998 13:39:37 +1000 -From: Angela van Lent -X-Mailer: Mozilla 4.03 [en] (Win95; U) -MIME-Version: 1.0 -To: tjh@cryptsoft.com -Subject: signed -Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms9A58844C95949ECC78A1C54C" -Content-Length: 2604 -Status: OR - -This is a cryptographically signed message in MIME format. - ---------------ms9A58844C95949ECC78A1C54C -Content-Type: text/plain; charset=us-ascii -Content-Transfer-Encoding: 7bit - -signed body - ---------------ms9A58844C95949ECC78A1C54C -Content-Type: application/x-pkcs7-signature; name="smime.p7s" -Content-Transfer-Encoding: base64 -Content-Disposition: attachment; filename="smime.p7s" -Content-Description: S/MIME Cryptographic Signature - -MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC -BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR -BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv -ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE -AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow -gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu -ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG -A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m -dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh -hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg -hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP -igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds -syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG -A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD -ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB -kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l -MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB -TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB -BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf -mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s -8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx -ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP -BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ -REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB -AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B -CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG -SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv -BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA -9CWR6g== ---------------ms9A58844C95949ECC78A1C54C-- - - -From angela@c2.net.au Thu May 14 13:33:16 1998 -X-UIDL: 8f076c44ff7c5967fd5b00c4588a8731 -Return-Path: angela@c2.net.au -Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id NAA27847 for ; Thu, 14 May 1998 13:33:15 +1000 (EST) -Message-ID: <355A67AB.2AF38806@cryptsoft.com> -Date: Thu, 14 May 1998 13:40:27 +1000 -From: Angela van Lent -X-Mailer: Mozilla 4.03 [en] (Win95; U) -MIME-Version: 1.0 -To: tjh@cryptsoft.com -Subject: signed -Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------msD7863B84BD61E02C407F2F5E" -Content-Length: 2679 -Status: OR - -This is a cryptographically signed message in MIME format. - ---------------msD7863B84BD61E02C407F2F5E -Content-Type: text/plain; charset=us-ascii -Content-Transfer-Encoding: 7bit - -signed body 2 - ---------------msD7863B84BD61E02C407F2F5E -Content-Type: application/x-pkcs7-signature; name="smime.p7s" -Content-Transfer-Encoding: base64 -Content-Disposition: attachment; filename="smime.p7s" -Content-Description: S/MIME Cryptographic Signature - -MIIGVgYJKoZIhvcNAQcCoIIGRzCCBkMCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC -BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR -BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv -ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE -AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow -gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu -ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG -A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m -dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh -hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg -hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP -igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds -syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG -A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD -ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB -kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l -MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB -TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB -BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf -mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s -8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx -ggGzMIIBrwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP -BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ -REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB -AgIEfjAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcN -AQkFMQ8XDTk4MDUxNDAzNDAyN1owIwYJKoZIhvcNAQkEMRYEFOKcV8mNYJnM8rHQajcSEqJN -rwdDMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMAcGBSsO -AwIHMA0GCCqGSIb3DQMCAgFAMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABEADPE/N -coH+zTFuX5YpolupTKxKK8eEjc48TuADuO8bIHHDE/fEYaWunlwDuTlcFJl1ig0idffPB1qC -Zp8SSVVY ---------------msD7863B84BD61E02C407F2F5E-- - - -From angela@c2.net.au Thu May 14 14:05:32 1998 -X-UIDL: a7d629b4b9acacaee8b39371b860a32a -Return-Path: angela@c2.net.au -Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id OAA28033 for ; Thu, 14 May 1998 14:05:32 +1000 (EST) -Message-ID: <355A6F3B.AC385981@cryptsoft.com> -Date: Thu, 14 May 1998 14:12:43 +1000 -From: Angela van Lent -X-Mailer: Mozilla 4.03 [en] (Win95; U) -MIME-Version: 1.0 -To: tjh@cryptsoft.com -Subject: encrypted -Content-Type: application/x-pkcs7-mime; name="smime.p7m" -Content-Transfer-Encoding: base64 -Content-Disposition: attachment; filename="smime.p7m" -Content-Description: S/MIME Encrypted Message -Content-Length: 905 -Status: OR - -MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG -A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD -ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEA92N29Yk39RUY2tIVd -exGT2MFX3J6H8LB8aDRJjw7843ALgJ5zXpM5+f80QkAWwEN2A6Pl3VxiCeKLi435zXVyMIHw -AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI -QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU -UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0G -CSqGSIb3DQEBAQUABECR9IfyHtvnjFmZ8B2oUCEs1vxMsG0u1kxKE4RMPFyDqDCEARq7zXMg -nzSUI7Wgv5USSKDqcLRJeW+jvYURv/nJMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA -oAQIrLqrij2ZMpeggAQoibtn6reRZWuWk5Iv5IAhgitr8EYE4w4ySQ7EMB6mTlBoFpccUMWX -BwQgQn1UoWCvYAlhDzURdbui64Dc0rS2wtj+kE/InS6y25EEEPe4NUKaF8/UlE+lo3LtILQE -CL3uV8k7m0iqAAAAAAAAAAAAAA== - Index: crypto/openssl/crypto/pkcs7/t/s.pem =================================================================== --- crypto/openssl/crypto/pkcs7/t/s.pem (revision 279126) +++ crypto/openssl/crypto/pkcs7/t/s.pem (working copy) @@ -1,57 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9 -mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG -fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/ -zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29 -p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b -bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk -IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG ------END RSA PRIVATE KEY----- -issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA -subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com -serial :047D - -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1149 (0x47d) - Signature Algorithm: md5withRSAEncryption - Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA - Validity - Not Before: May 13 05:40:58 1998 GMT - Not After : May 12 05:40:58 2000 GMT - Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Modulus: - 00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81: - 73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc: - 89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29: - fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f: - e7:e7:0c:4d:0b - Exponent: 65537 (0x10001) - X509v3 extensions: - Netscape Comment: - Generated with SSLeay - Signature Algorithm: md5withRSAEncryption - 52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55: - f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97: - d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b: - 50:74:ad:92:cb:4e:90:e5:fa:7d - ------BEGIN CERTIFICATE----- -MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV -MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE -ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E -IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw -NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK -UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0 -aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG -9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf -lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB -hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA -UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8 -4A3ZItobUHStkstOkOX6fQ== ------END CERTIFICATE----- - Index: crypto/openssl/crypto/pkcs7/t/server.pem =================================================================== --- crypto/openssl/crypto/pkcs7/t/server.pem (revision 279126) +++ crypto/openssl/crypto/pkcs7/t/server.pem (working copy) @@ -1,57 +0,0 @@ -issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA -subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com -serial :047D - -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1149 (0x47d) - Signature Algorithm: md5withRSAEncryption - Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA - Validity - Not Before: May 13 05:40:58 1998 GMT - Not After : May 12 05:40:58 2000 GMT - Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Modulus: - 00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81: - 73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc: - 89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29: - fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f: - e7:e7:0c:4d:0b - Exponent: 65537 (0x10001) - X509v3 extensions: - Netscape Comment: - Generated with SSLeay - Signature Algorithm: md5withRSAEncryption - 52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55: - f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97: - d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b: - 50:74:ad:92:cb:4e:90:e5:fa:7d - ------BEGIN CERTIFICATE----- -MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV -MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE -ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E -IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw -NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK -UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0 -aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG -9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf -lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB -hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA -UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8 -4A3ZItobUHStkstOkOX6fQ== ------END CERTIFICATE----- - ------BEGIN RSA PRIVATE KEY----- -MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9 -mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG -fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/ -zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29 -p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b -bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk -IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG ------END RSA PRIVATE KEY----- Index: crypto/openssl/crypto/pkcs7/verify.c =================================================================== --- crypto/openssl/crypto/pkcs7/verify.c (revision 279126) +++ crypto/openssl/crypto/pkcs7/verify.c (working copy) @@ -1,263 +0,0 @@ -/* crypto/pkcs7/verify.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -#include -#include -#include -#include -#include -#include -#include -#include "example.h" - -int verify_callback(int ok, X509_STORE_CTX *ctx); - -BIO *bio_err=NULL; -BIO *bio_out=NULL; - -int main(argc,argv) -int argc; -char *argv[]; - { - PKCS7 *p7; - PKCS7_SIGNER_INFO *si; - X509_STORE_CTX cert_ctx; - X509_STORE *cert_store=NULL; - BIO *data,*detached=NULL,*p7bio=NULL; - char buf[1024*4]; - char *pp; - int i,printit=0; - STACK_OF(PKCS7_SIGNER_INFO) *sk; - - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); - bio_out=BIO_new_fp(stdout,BIO_NOCLOSE); -#ifndef OPENSSL_NO_MD2 - EVP_add_digest(EVP_md2()); -#endif -#ifndef OPENSSL_NO_MD5 - EVP_add_digest(EVP_md5()); -#endif -#ifndef OPENSSL_NO_SHA1 - EVP_add_digest(EVP_sha1()); -#endif -#ifndef OPENSSL_NO_MDC2 - EVP_add_digest(EVP_mdc2()); -#endif - - data=BIO_new(BIO_s_file()); - - pp=NULL; - while (argc > 1) - { - argc--; - argv++; - if (strcmp(argv[0],"-p") == 0) - { - printit=1; - } - else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2)) - { - detached=BIO_new(BIO_s_file()); - if (!BIO_read_filename(detached,argv[1])) - goto err; - argc--; - argv++; - } - else - { - pp=argv[0]; - if (!BIO_read_filename(data,argv[0])) - goto err; - } - } - - if (pp == NULL) - BIO_set_fp(data,stdin,BIO_NOCLOSE); - - - /* Load the PKCS7 object from a file */ - if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err; - - /* This stuff is being setup for certificate verification. - * When using SSL, it could be replaced with a - * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */ - cert_store=X509_STORE_new(); - X509_STORE_set_default_paths(cert_store); - X509_STORE_load_locations(cert_store,NULL,"../../certs"); - X509_STORE_set_verify_cb_func(cert_store,verify_callback); - - ERR_clear_error(); - - /* We need to process the data */ - if ((PKCS7_get_detached(p7) || detached)) - { - if (detached == NULL) - { - printf("no data to verify the signature on\n"); - exit(1); - } - else - p7bio=PKCS7_dataInit(p7,detached); - } - else - { - p7bio=PKCS7_dataInit(p7,NULL); - } - - /* We now have to 'read' from p7bio to calculate digests etc. */ - for (;;) - { - i=BIO_read(p7bio,buf,sizeof(buf)); - /* print it? */ - if (i <= 0) break; - } - - /* We can now verify signatures */ - sk=PKCS7_get_signer_info(p7); - if (sk == NULL) - { - printf("there are no signatures on this data\n"); - exit(1); - } - - /* Ok, first we need to, for each subject entry, see if we can verify */ - for (i=0; ierror) - { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); - BIO_printf(bio_err,"issuer= %s\n",buf); - break; - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - BIO_printf(bio_err,"notBefore="); - ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); - BIO_printf(bio_err,"\n"); - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - BIO_printf(bio_err,"notAfter="); - ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); - BIO_printf(bio_err,"\n"); - break; - } - BIO_printf(bio_err,"verify return:%d\n",ok); - return(ok); - } Index: crypto/openssl/crypto/rsa/Makefile =================================================================== --- crypto/openssl/crypto/rsa/Makefile (revision 279126) +++ crypto/openssl/crypto/rsa/Makefile (working copy) @@ -189,7 +189,7 @@ rsa_oaep.o: ../../include/openssl/opensslv.h ../.. rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_oaep.o: ../cryptlib.h rsa_oaep.c +rsa_oaep.o: ../constant_time_locl.h ../cryptlib.h rsa_oaep.c rsa_pk1.o: ../../e_os.h ../../include/openssl/asn1.h rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -198,7 +198,8 @@ rsa_pk1.o: ../../include/openssl/lhash.h ../../inc rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c +rsa_pk1.o: ../../include/openssl/symhacks.h ../constant_time_locl.h +rsa_pk1.o: ../cryptlib.h rsa_pk1.c rsa_pss.o: ../../e_os.h ../../include/openssl/asn1.h rsa_pss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h Index: crypto/openssl/crypto/rsa/rsa.h =================================================================== --- crypto/openssl/crypto/rsa/rsa.h (revision 279126) +++ crypto/openssl/crypto/rsa/rsa.h (working copy) @@ -479,6 +479,7 @@ void ERR_load_RSA_strings(void); #define RSA_R_OAEP_DECODING_ERROR 121 #define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142 #define RSA_R_PADDING_CHECK_FAILED 114 +#define RSA_R_PKCS_DECODING_ERROR 159 #define RSA_R_P_NOT_PRIME 128 #define RSA_R_Q_NOT_PRIME 129 #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 Index: crypto/openssl/crypto/rsa/rsa_eay.c =================================================================== --- crypto/openssl/crypto/rsa/rsa_eay.c (revision 279126) +++ crypto/openssl/crypto/rsa/rsa_eay.c (working copy) @@ -457,7 +457,7 @@ static int RSA_eay_private_encrypt(int flen, const if (padding == RSA_X931_PADDING) { BN_sub(f, rsa->n, ret); - if (BN_cmp(ret, f)) + if (BN_cmp(ret, f) > 0) res = f; else res = ret; Index: crypto/openssl/crypto/rsa/rsa_err.c =================================================================== --- crypto/openssl/crypto/rsa/rsa_err.c (revision 279126) +++ crypto/openssl/crypto/rsa/rsa_err.c (working copy) @@ -151,6 +151,7 @@ static ERR_STRING_DATA RSA_str_reasons[]= {ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, +{ERR_REASON(RSA_R_PKCS_DECODING_ERROR) ,"pkcs decoding error"}, {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, {ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"}, Index: crypto/openssl/crypto/rsa/rsa_oaep.c =================================================================== --- crypto/openssl/crypto/rsa/rsa_oaep.c (revision 279126) +++ crypto/openssl/crypto/rsa/rsa_oaep.c (working copy) @@ -18,6 +18,7 @@ * an equivalent notion. */ +#include "constant_time_locl.h" #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) #include @@ -92,51 +93,62 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to const unsigned char *from, int flen, int num, const unsigned char *param, int plen) { - int i, dblen, mlen = -1; - const unsigned char *maskeddb; - int lzero; - unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; - unsigned char *padded_from; - int bad = 0; + int i, dblen, mlen = -1, one_index = 0, msg_index; + unsigned int good, found_one_byte; + const unsigned char *maskedseed, *maskeddb; + /* |em| is the encoded message, zero-padded to exactly |num| bytes: + * em = Y || maskedSeed || maskedDB */ + unsigned char *db = NULL, *em = NULL, seed[EVP_MAX_MD_SIZE], + phash[EVP_MAX_MD_SIZE]; - if (--num < 2 * SHA_DIGEST_LENGTH + 1) - /* 'num' is the length of the modulus, i.e. does not depend on the - * particular ciphertext. */ + if (tlen <= 0 || flen <= 0) + return -1; + + /* + * |num| is the length of the modulus; |flen| is the length of the + * encoded message. Therefore, for any |from| that was obtained by + * decrypting a ciphertext, we must have |flen| <= |num|. Similarly, + * num < 2 * SHA_DIGEST_LENGTH + 2 must hold for the modulus + * irrespective of the ciphertext, see PKCS #1 v2.2, section 7.1.2. + * This does not leak any side-channel information. + */ + if (num < flen || num < 2 * SHA_DIGEST_LENGTH + 2) goto decoding_err; - lzero = num - flen; - if (lzero < 0) + dblen = num - SHA_DIGEST_LENGTH - 1; + db = OPENSSL_malloc(dblen); + em = OPENSSL_malloc(num); + if (db == NULL || em == NULL) { - /* signalling this error immediately after detection might allow - * for side-channel attacks (e.g. timing if 'plen' is huge - * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal - * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001), - * so we use a 'bad' flag */ - bad = 1; - lzero = 0; - flen = num; /* don't overflow the memcpy to padded_from */ - } - - dblen = num - SHA_DIGEST_LENGTH; - db = OPENSSL_malloc(dblen + num); - if (db == NULL) - { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); - return -1; + goto cleanup; } - /* Always do this zero-padding copy (even when lzero == 0) - * to avoid leaking timing info about the value of lzero. */ - padded_from = db + dblen; - memset(padded_from, 0, lzero); - memcpy(padded_from + lzero, from, flen); + /* + * Always do this zero-padding copy (even when num == flen) to avoid + * leaking that information. The copy still leaks some side-channel + * information, but it's impossible to have a fixed memory access + * pattern since we can't read out of the bounds of |from|. + * + * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. + */ + memset(em, 0, num); + memcpy(em + num - flen, from, flen); - maskeddb = padded_from + SHA_DIGEST_LENGTH; + /* + * The first byte must be zero, however we must not leak if this is + * true. See James H. Manger, "A Chosen Ciphertext Attack on RSA + * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001). + */ + good = constant_time_is_zero(em[0]); + maskedseed = em + 1; + maskeddb = em + 1 + SHA_DIGEST_LENGTH; + MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); for (i = 0; i < SHA_DIGEST_LENGTH; i++) - seed[i] ^= padded_from[i]; - + seed[i] ^= maskedseed[i]; + MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); for (i = 0; i < dblen; i++) db[i] ^= maskeddb[i]; @@ -143,38 +155,52 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); - if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) + good &= constant_time_is_zero(CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH)); + + found_one_byte = 0; + for (i = SHA_DIGEST_LENGTH; i < dblen; i++) + { + /* Padding consists of a number of 0-bytes, followed by a 1. */ + unsigned int equals1 = constant_time_eq(db[i], 1); + unsigned int equals0 = constant_time_is_zero(db[i]); + one_index = constant_time_select_int(~found_one_byte & equals1, + i, one_index); + found_one_byte |= equals1; + good &= (found_one_byte | equals0); + } + + good &= found_one_byte; + + /* + * At this point |good| is zero unless the plaintext was valid, + * so plaintext-awareness ensures timing side-channels are no longer a + * concern. + */ + if (!good) goto decoding_err; + + msg_index = one_index + 1; + mlen = dblen - msg_index; + + if (tlen < mlen) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); + mlen = -1; + } else { - for (i = SHA_DIGEST_LENGTH; i < dblen; i++) - if (db[i] != 0x00) - break; - if (i == dblen || db[i] != 0x01) - goto decoding_err; - else - { - /* everything looks OK */ - - mlen = dblen - ++i; - if (tlen < mlen) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); - mlen = -1; - } - else - memcpy(to, db + i, mlen); - } + memcpy(to, db + msg_index, mlen); + goto cleanup; } - OPENSSL_free(db); - return mlen; decoding_err: - /* to avoid chosen ciphertext attacks, the error message should not reveal - * which kind of decoding error happened */ + /* To avoid chosen ciphertext attacks, the error message should not reveal + * which kind of decoding error happened. */ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); +cleanup: if (db != NULL) OPENSSL_free(db); - return -1; + if (em != NULL) OPENSSL_free(em); + return mlen; } int PKCS1_MGF1(unsigned char *mask, long len, Index: crypto/openssl/crypto/rsa/rsa_pk1.c =================================================================== --- crypto/openssl/crypto/rsa/rsa_pk1.c (revision 279126) +++ crypto/openssl/crypto/rsa/rsa_pk1.c (working copy) @@ -56,6 +56,8 @@ * [including the GNU Public Licence.] */ +#include "constant_time_locl.h" + #include #include "cryptlib.h" #include @@ -181,44 +183,87 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, const unsigned char *from, int flen, int num) { - int i,j; - const unsigned char *p; + int i; + /* |em| is the encoded message, zero-padded to exactly |num| bytes */ + unsigned char *em = NULL; + unsigned int good, found_zero_byte; + int zero_index = 0, msg_index, mlen = -1; - p=from; - if ((num != (flen+1)) || (*(p++) != 02)) + if (tlen < 0 || flen < 0) + return -1; + + /* PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography + * Standard", section 7.2.2. */ + + if (flen > num) + goto err; + + if (num < 11) + goto err; + + em = OPENSSL_malloc(num); + if (em == NULL) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02); - return(-1); + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); + return -1; } -#ifdef PKCS1_CHECK - return(num-11); -#endif + memset(em, 0, num); + /* + * Always do this zero-padding copy (even when num == flen) to avoid + * leaking that information. The copy still leaks some side-channel + * information, but it's impossible to have a fixed memory access + * pattern since we can't read out of the bounds of |from|. + * + * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. + */ + memcpy(em + num - flen, from, flen); - /* scan over padding data */ - j=flen-1; /* one for type. */ - for (i=0; i tlen) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE); - return(-1); - } - memcpy(to,p,(unsigned int)j); - return(j); + memcpy(to, em + msg_index, mlen); + +err: + if (em != NULL) + OPENSSL_free(em); + if (mlen == -1) + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR); + return mlen; } - Index: crypto/openssl/crypto/rsa/rsa_sign.c =================================================================== --- crypto/openssl/crypto/rsa/rsa_sign.c (revision 279126) +++ crypto/openssl/crypto/rsa/rsa_sign.c (working copy) @@ -155,6 +155,25 @@ int RSA_sign(int type, const unsigned char *m, uns return(ret); } +/* + * Check DigestInfo structure does not contain extraneous data by reencoding + * using DER and checking encoding against original. + */ +static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo, int dinfolen) + { + unsigned char *der = NULL; + int derlen; + int ret = 0; + derlen = i2d_X509_SIG(sig, &der); + if (derlen <= 0) + return 0; + if (derlen == dinfolen && !memcmp(dinfo, der, derlen)) + ret = 1; + OPENSSL_cleanse(der, derlen); + OPENSSL_free(der); + return ret; + } + int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, RSA *rsa) { @@ -215,7 +234,7 @@ int RSA_verify(int dtype, const unsigned char *m, if (sig == NULL) goto err; /* Excess data can be used to create forgeries */ - if(p != s+i) + if(p != s+i || !rsa_check_digestinfo(sig, s, i)) { RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); goto err; Index: crypto/openssl/crypto/ui/ui_lib.c =================================================================== --- crypto/openssl/crypto/ui/ui_lib.c (revision 279126) +++ crypto/openssl/crypto/ui/ui_lib.c (working copy) @@ -897,9 +897,9 @@ int UI_set_result(UI *ui, UI_STRING *uis, const ch break; } } + } default: break; } - } return 0; } Index: crypto/openssl/demos/eay/Makefile =================================================================== --- crypto/openssl/demos/eay/Makefile (revision 279126) +++ crypto/openssl/demos/eay/Makefile (working copy) @@ -1,24 +0,0 @@ -CC=cc -CFLAGS= -g -I../../include -#LIBS= -L../.. -lcrypto -lssl -LIBS= -L../.. ../../libssl.a ../../libcrypto.a - -# the file conn.c requires a file "proxy.h" which I couldn't find... -#EXAMPLES=base64 conn loadrsa -EXAMPLES=base64 loadrsa - -all: $(EXAMPLES) - -base64: base64.o - $(CC) -o base64 base64.o $(LIBS) -# -# sorry... can't find "proxy.h" -#conn: conn.o -# $(CC) -o conn conn.o $(LIBS) - -loadrsa: loadrsa.o - $(CC) -o loadrsa loadrsa.o $(LIBS) - -clean: - rm -f $(EXAMPLES) *.o - Index: crypto/openssl/demos/eay/base64.c =================================================================== --- crypto/openssl/demos/eay/base64.c (revision 279126) +++ crypto/openssl/demos/eay/base64.c (working copy) @@ -1,49 +0,0 @@ -/* This is a simple example of using the base64 BIO to a memory BIO and then - * getting the data. - */ -#include -#include -#include - -main() - { - int i; - BIO *mbio,*b64bio,*bio; - char buf[512]; - char *p; - - mbio=BIO_new(BIO_s_mem()); - b64bio=BIO_new(BIO_f_base64()); - - bio=BIO_push(b64bio,mbio); - /* We now have bio pointing at b64->mem, the base64 bio encodes on - * write and decodes on read */ - - for (;;) - { - i=fread(buf,1,512,stdin); - if (i <= 0) break; - BIO_write(bio,buf,i); - } - /* We need to 'flush' things to push out the encoding of the - * last few bytes. There is special encoding if it is not a - * multiple of 3 - */ - BIO_flush(bio); - - printf("We have %d bytes available\n",BIO_pending(mbio)); - - /* We will now get a pointer to the data and the number of elements. */ - /* hmm... this one was not defined by a macro in bio.h, it will be for - * 0.9.1. The other option is too just read from the memory bio. - */ - i=(int)BIO_ctrl(mbio,BIO_CTRL_INFO,0,(char *)&p); - - printf("%d\n",i); - fwrite("---\n",1,4,stdout); - fwrite(p,1,i,stdout); - fwrite("---\n",1,4,stdout); - - /* This call will walk the chain freeing all the BIOs */ - BIO_free_all(bio); - } Index: crypto/openssl/demos/eay/conn.c =================================================================== --- crypto/openssl/demos/eay/conn.c (revision 279126) +++ crypto/openssl/demos/eay/conn.c (working copy) @@ -1,105 +0,0 @@ -/* NOCW */ -/* demos/eay/conn.c */ - -/* A minimal program to connect to a port using the sock4a protocol. - * - * cc -I../../include conn.c -L../.. -lcrypto - */ -#include -#include -#include -#include -/* #include "proxy.h" */ - -extern int errno; - -int main(argc,argv) -int argc; -char *argv[]; - { - PROXY *pxy; - char *host; - char buf[1024*10],*p; - BIO *bio; - int i,len,off,ret=1; - - if (argc <= 1) - host="localhost:4433"; - else - host=argv[1]; - - /* Lets get nice error messages */ - ERR_load_crypto_strings(); - - /* First, configure proxy settings */ - pxy=PROXY_new(); - PROXY_add_server(pxy,PROXY_PROTOCOL_SOCKS,"gromit:1080"); - - bio=BIO_new(BIO_s_socks4a_connect()); - - BIO_set_conn_hostname(bio,host); - BIO_set_proxies(bio,pxy); - BIO_set_socks_userid(bio,"eay"); - BIO_set_nbio(bio,1); - - p="GET / HTTP/1.0\r\n\r\n"; - len=strlen(p); - - off=0; - for (;;) - { - i=BIO_write(bio,&(p[off]),len); - if (i <= 0) - { - if (BIO_should_retry(bio)) - { - fprintf(stderr,"write DELAY\n"); - sleep(1); - continue; - } - else - { - goto err; - } - } - off+=i; - len-=i; - if (len <= 0) break; - } - - for (;;) - { - i=BIO_read(bio,buf,sizeof(buf)); - if (i == 0) break; - if (i < 0) - { - if (BIO_should_retry(bio)) - { - fprintf(stderr,"read DELAY\n"); - sleep(1); - continue; - } - goto err; - } - fwrite(buf,1,i,stdout); - } - - ret=1; - - if (0) - { -err: - if (ERR_peek_error() == 0) /* system call error */ - { - fprintf(stderr,"errno=%d ",errno); - perror("error"); - } - else - ERR_print_errors_fp(stderr); - } - BIO_free_all(bio); - if (pxy != NULL) PROXY_free(pxy); - exit(!ret); - return(ret); - } - Index: crypto/openssl/demos/eay/loadrsa.c =================================================================== --- crypto/openssl/demos/eay/loadrsa.c (revision 279126) +++ crypto/openssl/demos/eay/loadrsa.c (working copy) @@ -1,53 +0,0 @@ -#include -#include - -/* This is a simple program to generate an RSA private key. It then - * saves both the public and private key into a char array, then - * re-reads them. It saves them as DER encoded binary data. - */ - -void callback(stage,count,arg) -int stage,count; -char *arg; - { - FILE *out; - - out=(FILE *)arg; - fprintf(out,"%d",stage); - if (stage == 3) - fprintf(out,"\n"); - fflush(out); - } - -main() - { - RSA *rsa,*pub_rsa,*priv_rsa; - int len; - unsigned char buf[1024],*p; - - rsa=RSA_generate_key(512,RSA_F4,callback,(char *)stdout); - - p=buf; - - /* Save the public key into buffer, we know it will be big enough - * but we should really check how much space we need by calling the - * i2d functions with a NULL second parameter */ - len=i2d_RSAPublicKey(rsa,&p); - len+=i2d_RSAPrivateKey(rsa,&p); - - printf("The public and private key are now both in a char array\n"); - printf("and are taking up %d bytes\n",len); - - RSA_free(rsa); - - p=buf; - pub_rsa=d2i_RSAPublicKey(NULL,&p,(long)len); - len-=(p-buf); - priv_rsa=d2i_RSAPrivateKey(NULL,&p,(long)len); - - if ((pub_rsa == NULL) || (priv_rsa == NULL)) - ERR_print_errors_fp(stderr); - - RSA_free(pub_rsa); - RSA_free(priv_rsa); - } Index: crypto/openssl/demos/maurice/Makefile =================================================================== --- crypto/openssl/demos/maurice/Makefile (revision 279126) +++ crypto/openssl/demos/maurice/Makefile (working copy) @@ -1,59 +0,0 @@ -CC=cc -CFLAGS= -g -I../../include -Wall -LIBS= -L../.. -lcrypto -EXAMPLES=example1 example2 example3 example4 - -all: $(EXAMPLES) - -example1: example1.o loadkeys.o - $(CC) -o example1 example1.o loadkeys.o $(LIBS) - -example2: example2.o loadkeys.o - $(CC) -o example2 example2.o loadkeys.o $(LIBS) - -example3: example3.o - $(CC) -o example3 example3.o $(LIBS) - -example4: example4.o - $(CC) -o example4 example4.o $(LIBS) - -clean: - rm -f $(EXAMPLES) *.o - -test: all - @echo - @echo Example 1 Demonstrates the sealing and opening APIs - @echo Doing the encrypt side... - ./example1 t.t - @echo Doing the decrypt side... - ./example1 -d t.2 - diff t.2 README - rm -f t.t t.2 - @echo example1 is OK - - @echo - @echo Example2 Demonstrates rsa encryption and decryption - @echo and it should just print \"This the clear text\" - ./example2 - - @echo - @echo Example3 Demonstrates the use of symmetric block ciphers - @echo in this case it uses EVP_des_ede3_cbc - @echo i.e. triple DES in Cipher Block Chaining mode - @echo Doing the encrypt side... - ./example3 ThisIsThePassword t.t - @echo Doing the decrypt side... - ./example3 -d ThisIsThePassword t.2 - diff t.2 README - rm -f t.t t.2 - @echo example3 is OK - - @echo - @echo Example4 Demonstrates base64 encoding and decoding - @echo Doing the encrypt side... - ./example4 t.t - @echo Doing the decrypt side... - ./example4 -d t.2 - diff t.2 README - rm -f t.t t.2 - @echo example4 is OK Index: crypto/openssl/demos/maurice/README =================================================================== --- crypto/openssl/demos/maurice/README (revision 279126) +++ crypto/openssl/demos/maurice/README (working copy) @@ -1,34 +0,0 @@ -From Maurice Gittens --- - Example programs, demonstrating some basic SSLeay crypto library - operations, to help you not to make the same mistakes I did. - - The following files are present. - - loadkeys.c Demonstrates the loading and of public and - private keys. - - loadkeys.h The interface for loadkeys.c - - example1.c Demonstrates the sealing and opening API's - - example2.c Demonstrates rsa encryption and decryption - - example3.c Demonstrates the use of symmetric block ciphers - - example4.c Demonstrates base64 and decoding - - Makefile A makefile you probably will have to adjust for - your environment - - README this file - - - The programs were written by Maurice Gittens - with the necesary help from Eric Young - - You may do as you please with these programs, but please don't - pretend that you wrote them. - - To be complete: If you use these programs you acknowlegde that - you are aware that there is NO warranty of any kind associated - with these programs. I don't even claim that the programs work, - they are provided AS-IS. - - January 1997 - - Maurice - - Index: crypto/openssl/demos/maurice/cert.pem =================================================================== --- crypto/openssl/demos/maurice/cert.pem (revision 279126) +++ crypto/openssl/demos/maurice/cert.pem (working copy) @@ -1,77 +0,0 @@ -issuer :/C=NL/SP=Brabant/L=Eindhoven/O=Gittens Information Systems B.V./OU=Certification Services/CN=ca.gits.nl/Email=mgittens@gits.nl -subject:/C=NL/SP=Brabant/O=Gittens Information Systems B.V./OU=Certification Services/CN=caleb.gits.nl/Email=mgittens@gits.nl -serial :01 - -Certificate: - Data: - Version: 0 (0x0) - Serial Number: 1 (0x1) - Signature Algorithm: md5withRSAEncryption - Issuer: C=NL, SP=Brabant, L=Eindhoven, O=Gittens Information Systems B.V., OU=Certification Services, CN=ca.gits.nl/Email=mgittens@gits.nl - Validity - Not Before: Jan 5 13:21:16 1997 GMT - Not After : Jul 24 13:21:16 1997 GMT - Subject: C=NL, SP=Brabant, O=Gittens Information Systems B.V., OU=Certification Services, CN=caleb.gits.nl/Email=mgittens@gits.nl - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Modulus: - 00:dd:82:a0:fe:a9:8d:6a:02:7e:78:d6:33:75:9b: - 82:01:4b:12:80:ea:6b:9b:83:9e:e3:ae:dc:f3:d0: - 71:7c:4b:ea:03:57:b4:cc:ba:44:5b:b8:4b:49:d3: - f6:39:cc:3d:12:1f:da:58:26:27:bc:bc:ab:a4:6d: - 62:d1:91:5a:47:9f:80:40:c1:b9:fa:e3:1e:ef:52: - 78:46:26:43:65:1d:f2:6b:bf:ff:c0:81:66:14:cd: - 81:32:91:f1:f8:51:7d:0e:17:1f:27:fc:c7:51:fd: - 1c:73:41:e5:66:43:3c:67:a3:09:b9:5e:36:50:50: - b1:e8:42:bd:5c:c6:2b:ec:a9:2c:fe:6a:fe:40:26: - 64:9e:b9:bf:2d:1d:fb:d0:48:5b:82:2a:8e:ab:a4: - d5:7b:5f:26:84:8a:9a:69:5e:c1:71:e2:a9:59:4c: - 2a:76:f7:fd:f4:cf:3f:d3:ce:30:72:62:65:1c:e9: - e9:ee:d2:fc:44:00:1e:e0:80:57:e9:41:b3:f0:44: - e5:0f:77:3b:1a:1f:57:5e:94:1d:c3:a5:fa:af:41: - 8c:4c:30:6b:2b:00:84:52:0c:64:0c:a8:5b:17:16: - d1:1e:f8:ea:72:01:47:9a:b9:21:95:f9:71:ed:7c: - d2:93:54:0c:c5:9c:e8:e5:40:28:c5:a0:ca:b1:a9: - 20:f9 - Exponent: 65537 (0x10001) - Signature Algorithm: md5withRSAEncryption - 93:08:f9:e0:d4:c5:ca:95:de:4e:38:3b:28:87:e9:d3:b6:ce: - 4f:69:2e:c9:09:57:2f:fa:e2:50:9f:39:ec:f3:84:e8:3a:8f: - 9b:c3:06:62:90:49:93:6d:23:7a:2b:3d:7b:f9:46:32:18:d3: - 87:44:49:f7:29:2f:f3:58:97:70:c3:45:5b:90:52:1c:df:fb: - a8:a3:a1:29:53:a3:4c:ed:d2:51:d0:44:98:a4:14:6f:76:9d: - 0d:03:76:e5:d3:13:21:ce:a3:4d:2a:77:fe:ad:b3:47:6d:42: - b9:4a:0e:ff:61:f4:ec:62:b2:3b:00:9c:ac:16:a2:ec:19:c8: - c7:3d:d7:7d:97:cd:4d:1a:d2:00:07:4e:40:3d:b9:ba:1e:e2: - fe:81:28:57:b9:ad:2b:74:59:b0:9f:8b:a5:98:d3:75:06:67: - 4a:04:11:b2:ea:1a:8c:e0:d4:be:c8:0c:46:76:7f:5f:5a:7b: - 72:09:dd:b6:d3:6b:97:70:e8:7e:17:74:1c:f7:3a:5f:e3:fa: - c2:f7:95:bd:74:5e:44:4b:9b:bd:27:de:02:7f:87:1f:68:68: - 60:b9:f4:1d:2b:7b:ce:ef:b1:7f:3a:be:b9:66:60:54:6f:0c: - a0:dd:8c:03:a7:f1:9f:f8:0e:8d:bb:c6:ba:77:61:f7:8e:be: - 28:ba:d8:4f - ------BEGIN CERTIFICATE----- -MIIDzzCCArcCAQEwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAk5MMRAwDgYD -VQQIEwdCcmFiYW50MRIwEAYDVQQHEwlFaW5kaG92ZW4xKTAnBgNVBAoTIEdpdHRl -bnMgSW5mb3JtYXRpb24gU3lzdGVtcyBCLlYuMR8wHQYDVQQLExZDZXJ0aWZpY2F0 -aW9uIFNlcnZpY2VzMRMwEQYDVQQDEwpjYS5naXRzLm5sMR8wHQYJKoZIhvcNAQkB -FhBtZ2l0dGVuc0BnaXRzLm5sMB4XDTk3MDEwNTEzMjExNloXDTk3MDcyNDEzMjEx -NlowgaQxCzAJBgNVBAYTAk5MMRAwDgYDVQQIEwdCcmFiYW50MSkwJwYDVQQKEyBH -aXR0ZW5zIEluZm9ybWF0aW9uIFN5c3RlbXMgQi5WLjEfMB0GA1UECxMWQ2VydGlm -aWNhdGlvbiBTZXJ2aWNlczEWMBQGA1UEAxMNY2FsZWIuZ2l0cy5ubDEfMB0GCSqG -SIb3DQEJARYQbWdpdHRlbnNAZ2l0cy5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAN2CoP6pjWoCfnjWM3WbggFLEoDqa5uDnuOu3PPQcXxL6gNXtMy6 -RFu4S0nT9jnMPRIf2lgmJ7y8q6RtYtGRWkefgEDBufrjHu9SeEYmQ2Ud8mu//8CB -ZhTNgTKR8fhRfQ4XHyf8x1H9HHNB5WZDPGejCbleNlBQsehCvVzGK+ypLP5q/kAm -ZJ65vy0d+9BIW4Iqjquk1XtfJoSKmmlewXHiqVlMKnb3/fTPP9POMHJiZRzp6e7S -/EQAHuCAV+lBs/BE5Q93OxofV16UHcOl+q9BjEwwaysAhFIMZAyoWxcW0R746nIB -R5q5IZX5ce180pNUDMWc6OVAKMWgyrGpIPkCAwEAATANBgkqhkiG9w0BAQQFAAOC -AQEAkwj54NTFypXeTjg7KIfp07bOT2kuyQlXL/riUJ857POE6DqPm8MGYpBJk20j -eis9e/lGMhjTh0RJ9ykv81iXcMNFW5BSHN/7qKOhKVOjTO3SUdBEmKQUb3adDQN2 -5dMTIc6jTSp3/q2zR21CuUoO/2H07GKyOwCcrBai7BnIxz3XfZfNTRrSAAdOQD25 -uh7i/oEoV7mtK3RZsJ+LpZjTdQZnSgQRsuoajODUvsgMRnZ/X1p7cgndttNrl3Do -fhd0HPc6X+P6wveVvXReREubvSfeAn+HH2hoYLn0HSt7zu+xfzq+uWZgVG8MoN2M -A6fxn/gOjbvGundh946+KLrYTw== ------END CERTIFICATE----- - Index: crypto/openssl/demos/maurice/example1.c =================================================================== --- crypto/openssl/demos/maurice/example1.c (revision 279126) +++ crypto/openssl/demos/maurice/example1.c (working copy) @@ -1,198 +0,0 @@ -/* NOCW */ -/* - Please read the README file for condition of use, before - using this software. - - Maurice Gittens January 1997 -*/ - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include "loadkeys.h" - -#define PUBFILE "cert.pem" -#define PRIVFILE "privkey.pem" - -#define STDIN 0 -#define STDOUT 1 - -void main_encrypt(void); -void main_decrypt(void); - -static const char *usage = "Usage: example1 [-d]\n"; - -int main(int argc, char *argv[]) -{ - - ERR_load_crypto_strings(); - - if ((argc == 1)) - { - main_encrypt(); - } - else if ((argc == 2) && !strcmp(argv[1],"-d")) - { - main_decrypt(); - } - else - { - printf("%s",usage); - exit(1); - } - - return 0; -} - -void main_encrypt(void) -{ - unsigned int ebuflen; - EVP_CIPHER_CTX ectx; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char *ekey[1]; - int readlen; - int ekeylen, net_ekeylen; - EVP_PKEY *pubKey[1]; - char buf[512]; - char ebuf[512]; - - memset(iv, '\0', sizeof(iv)); - - pubKey[0] = ReadPublicKey(PUBFILE); - - if(!pubKey[0]) - { - fprintf(stderr,"Error: can't load public key"); - exit(1); - } - - ekey[0] = malloc(EVP_PKEY_size(pubKey[0])); - if (!ekey[0]) - { - EVP_PKEY_free(pubKey[0]); - perror("malloc"); - exit(1); - } - - EVP_SealInit(&ectx, - EVP_des_ede3_cbc(), - ekey, - &ekeylen, - iv, - pubKey, - 1); - - net_ekeylen = htonl(ekeylen); - write(STDOUT, (char*)&net_ekeylen, sizeof(net_ekeylen)); - write(STDOUT, ekey[0], ekeylen); - write(STDOUT, iv, sizeof(iv)); - - while(1) - { - readlen = read(STDIN, buf, sizeof(buf)); - - if (readlen <= 0) - { - if (readlen < 0) - perror("read"); - - break; - } - - EVP_SealUpdate(&ectx, ebuf, &ebuflen, buf, readlen); - - write(STDOUT, ebuf, ebuflen); - } - - EVP_SealFinal(&ectx, ebuf, &ebuflen); - - write(STDOUT, ebuf, ebuflen); - - EVP_PKEY_free(pubKey[0]); - free(ekey[0]); -} - -void main_decrypt(void) -{ - char buf[520]; - char ebuf[512]; - unsigned int buflen; - EVP_CIPHER_CTX ectx; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char *encryptKey; - unsigned int ekeylen; - EVP_PKEY *privateKey; - - memset(iv, '\0', sizeof(iv)); - - privateKey = ReadPrivateKey(PRIVFILE); - if (!privateKey) - { - fprintf(stderr, "Error: can't load private key"); - exit(1); - } - - read(STDIN, &ekeylen, sizeof(ekeylen)); - ekeylen = ntohl(ekeylen); - - if (ekeylen != EVP_PKEY_size(privateKey)) - { - EVP_PKEY_free(privateKey); - fprintf(stderr, "keylength mismatch"); - exit(1); - } - - encryptKey = malloc(sizeof(char) * ekeylen); - if (!encryptKey) - { - EVP_PKEY_free(privateKey); - perror("malloc"); - exit(1); - } - - read(STDIN, encryptKey, ekeylen); - read(STDIN, iv, sizeof(iv)); - EVP_OpenInit(&ectx, - EVP_des_ede3_cbc(), - encryptKey, - ekeylen, - iv, - privateKey); - - while(1) - { - int readlen = read(STDIN, ebuf, sizeof(ebuf)); - - if (readlen <= 0) - { - if (readlen < 0) - perror("read"); - - break; - } - - EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen); - write(STDOUT, buf, buflen); - } - - EVP_OpenFinal(&ectx, buf, &buflen); - - write(STDOUT, buf, buflen); - - EVP_PKEY_free(privateKey); - free(encryptKey); -} - - Index: crypto/openssl/demos/maurice/example2.c =================================================================== --- crypto/openssl/demos/maurice/example2.c (revision 279126) +++ crypto/openssl/demos/maurice/example2.c (working copy) @@ -1,75 +0,0 @@ -/* NOCW */ -/* - Please read the README file for condition of use, before - using this software. - - Maurice Gittens January 1997 -*/ - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include "loadkeys.h" - -#define PUBFILE "cert.pem" -#define PRIVFILE "privkey.pem" -#define STDIN 0 -#define STDOUT 1 - -int main() -{ - char *ct = "This the clear text"; - char *buf; - char *buf2; - EVP_PKEY *pubKey; - EVP_PKEY *privKey; - int len; - - ERR_load_crypto_strings(); - - privKey = ReadPrivateKey(PRIVFILE); - if (!privKey) - { - ERR_print_errors_fp (stderr); - exit (1); - } - - pubKey = ReadPublicKey(PUBFILE); - if(!pubKey) - { - EVP_PKEY_free(privKey); - fprintf(stderr,"Error: can't load public key"); - exit(1); - } - - /* No error checking */ - buf = malloc(EVP_PKEY_size(pubKey)); - buf2 = malloc(EVP_PKEY_size(pubKey)); - - len = RSA_public_encrypt(strlen(ct)+1, ct, buf, pubKey->pkey.rsa,RSA_PKCS1_PADDING); - - if (len != EVP_PKEY_size(pubKey)) - { - fprintf(stderr,"Error: ciphertext should match length of key\n"); - exit(1); - } - - RSA_private_decrypt(len, buf, buf2, privKey->pkey.rsa,RSA_PKCS1_PADDING); - - printf("%s\n", buf2); - - EVP_PKEY_free(privKey); - EVP_PKEY_free(pubKey); - free(buf); - free(buf2); - return 0; -} Index: crypto/openssl/demos/maurice/example3.c =================================================================== --- crypto/openssl/demos/maurice/example3.c (revision 279126) +++ crypto/openssl/demos/maurice/example3.c (working copy) @@ -1,87 +0,0 @@ -/* NOCW */ -/* - Please read the README file for condition of use, before - using this software. - - Maurice Gittens January 1997 - -*/ - -#include -#include -#include -#include -#include - -#define STDIN 0 -#define STDOUT 1 -#define BUFLEN 512 -#define INIT_VECTOR "12345678" -#define ENCRYPT 1 -#define DECRYPT 0 -#define ALG EVP_des_ede3_cbc() - -static const char *usage = "Usage: example3 [-d] password\n"; - -void do_cipher(char *,int); - -int main(int argc, char *argv[]) -{ - if ((argc == 2)) - { - do_cipher(argv[1],ENCRYPT); - } - else if ((argc == 3) && !strcmp(argv[1],"-d")) - { - do_cipher(argv[2],DECRYPT); - } - else - { - fprintf(stderr,"%s", usage); - exit(1); - } - - return 0; -} - -void do_cipher(char *pw, int operation) -{ - char buf[BUFLEN]; - char ebuf[BUFLEN + 8]; - unsigned int ebuflen; /* rc; */ - unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH]; - /* unsigned int ekeylen, net_ekeylen; */ - EVP_CIPHER_CTX ectx; - - memcpy(iv, INIT_VECTOR, sizeof(iv)); - - EVP_BytesToKey(ALG, EVP_md5(), "salu", pw, strlen(pw), 1, key, iv); - - EVP_CIPHER_CTX_init(&ectx); - EVP_CipherInit_ex(&ectx, ALG, NULL, key, iv, operation); - - while(1) - { - int readlen = read(STDIN, buf, sizeof(buf)); - - if (readlen <= 0) - { - if (!readlen) - break; - else - { - perror("read"); - exit(1); - } - } - - EVP_CipherUpdate(&ectx, ebuf, &ebuflen, buf, readlen); - - write(STDOUT, ebuf, ebuflen); - } - - EVP_CipherFinal_ex(&ectx, ebuf, &ebuflen); - EVP_CIPHER_CTX_cleanup(&ectx); - - write(STDOUT, ebuf, ebuflen); -} Index: crypto/openssl/demos/maurice/example4.c =================================================================== --- crypto/openssl/demos/maurice/example4.c (revision 279126) +++ crypto/openssl/demos/maurice/example4.c (working copy) @@ -1,123 +0,0 @@ -/* NOCW */ -/* - Please read the README file for condition of use, before - using this software. - - Maurice Gittens January 1997 - -*/ - -#include -#include -#include -#include -#include - -#define STDIN 0 -#define STDOUT 1 -#define BUFLEN 512 - -static const char *usage = "Usage: example4 [-d]\n"; - -void do_encode(void); -void do_decode(void); - -int main(int argc, char *argv[]) -{ - if ((argc == 1)) - { - do_encode(); - } - else if ((argc == 2) && !strcmp(argv[1],"-d")) - { - do_decode(); - } - else - { - fprintf(stderr,"%s", usage); - exit(1); - } - - return 0; -} - -void do_encode() -{ - char buf[BUFLEN]; - char ebuf[BUFLEN+24]; - unsigned int ebuflen; - EVP_ENCODE_CTX ectx; - - EVP_EncodeInit(&ectx); - - while(1) - { - int readlen = read(STDIN, buf, sizeof(buf)); - - if (readlen <= 0) - { - if (!readlen) - break; - else - { - perror("read"); - exit(1); - } - } - - EVP_EncodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen); - - write(STDOUT, ebuf, ebuflen); - } - - EVP_EncodeFinal(&ectx, ebuf, &ebuflen); - - write(STDOUT, ebuf, ebuflen); -} - -void do_decode() -{ - char buf[BUFLEN]; - char ebuf[BUFLEN+24]; - unsigned int ebuflen; - EVP_ENCODE_CTX ectx; - - EVP_DecodeInit(&ectx); - - while(1) - { - int readlen = read(STDIN, buf, sizeof(buf)); - int rc; - - if (readlen <= 0) - { - if (!readlen) - break; - else - { - perror("read"); - exit(1); - } - } - - rc = EVP_DecodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen); - if (rc <= 0) - { - if (!rc) - { - write(STDOUT, ebuf, ebuflen); - break; - } - - fprintf(stderr, "Error: decoding message\n"); - return; - } - - write(STDOUT, ebuf, ebuflen); - } - - EVP_DecodeFinal(&ectx, ebuf, &ebuflen); - - write(STDOUT, ebuf, ebuflen); -} - Index: crypto/openssl/demos/maurice/loadkeys.c =================================================================== --- crypto/openssl/demos/maurice/loadkeys.c (revision 279126) +++ crypto/openssl/demos/maurice/loadkeys.c (working copy) @@ -1,72 +0,0 @@ -/* NOCW */ -/* - Please read the README file for condition of use, before - using this software. - - Maurice Gittens January 1997 - -*/ - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -EVP_PKEY * ReadPublicKey(const char *certfile) -{ - FILE *fp = fopen (certfile, "r"); - X509 *x509; - EVP_PKEY *pkey; - - if (!fp) - return NULL; - - x509 = PEM_read_X509(fp, NULL, 0, NULL); - - if (x509 == NULL) - { - ERR_print_errors_fp (stderr); - return NULL; - } - - fclose (fp); - - pkey=X509_extract_key(x509); - - X509_free(x509); - - if (pkey == NULL) - ERR_print_errors_fp (stderr); - - return pkey; -} - -EVP_PKEY *ReadPrivateKey(const char *keyfile) -{ - FILE *fp = fopen(keyfile, "r"); - EVP_PKEY *pkey; - - if (!fp) - return NULL; - - pkey = PEM_read_PrivateKey(fp, NULL, 0, NULL); - - fclose (fp); - - if (pkey == NULL) - ERR_print_errors_fp (stderr); - - return pkey; -} - - Index: crypto/openssl/demos/maurice/loadkeys.h =================================================================== --- crypto/openssl/demos/maurice/loadkeys.h (revision 279126) +++ crypto/openssl/demos/maurice/loadkeys.h (working copy) @@ -1,19 +0,0 @@ -/* NOCW */ -/* - Please read the README file for condition of use, before - using this software. - - Maurice Gittens January 1997 - -*/ - -#ifndef LOADKEYS_H_SEEN -#define LOADKEYS_H_SEEN - -#include - -EVP_PKEY * ReadPublicKey(const char *certfile); -EVP_PKEY *ReadPrivateKey(const char *keyfile); - -#endif - Index: crypto/openssl/demos/maurice/privkey.pem =================================================================== --- crypto/openssl/demos/maurice/privkey.pem (revision 279126) +++ crypto/openssl/demos/maurice/privkey.pem (working copy) @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA3YKg/qmNagJ+eNYzdZuCAUsSgOprm4Oe467c89BxfEvqA1e0 -zLpEW7hLSdP2Ocw9Eh/aWCYnvLyrpG1i0ZFaR5+AQMG5+uMe71J4RiZDZR3ya7// -wIFmFM2BMpHx+FF9DhcfJ/zHUf0cc0HlZkM8Z6MJuV42UFCx6EK9XMYr7Kks/mr+ -QCZknrm/LR370EhbgiqOq6TVe18mhIqaaV7BceKpWUwqdvf99M8/084wcmJlHOnp -7tL8RAAe4IBX6UGz8ETlD3c7Gh9XXpQdw6X6r0GMTDBrKwCEUgxkDKhbFxbRHvjq -cgFHmrkhlflx7XzSk1QMxZzo5UAoxaDKsakg+QIDAQABAoIBAQC0hnh083PnuJ6g -Flob+B+stCUhYWtPc6ZzgphaMD+9ABV4oescipWZdooNYiyikBwZgFIvUvFBtTXh -rLBDgUVlZ81beUb7/EvC2aBh818rsotWW0Sw/ARY4d7wetcL/EWBzUA8E5vR6wlb -uZGelR9OiyYqp2h2bj1/v5yaVnuHxBeBj5clTHtPMXc+/70iUNBDMZ0ruZTdSwll -e0DH8pp/5USYewlrKtRIJT7elC8LFMqEz4OpNvfaR2OEY0FatYYmSvQPNwV8/Eor -XlNzRi9qD0uXbVexaAgQZ3/KZuAzUbOgwJZZXEAOGkZ/J1n08jljPXdU0o7bHhNl -7siHbuEBAoGBAP53IvvJkhnH8Akf6E6sXelZkPKHnwDwfywDAiIhXza9DB1DViRS -bZUB5gzcxmLGalex5+LcwZmsqFO5NXZ8SQeE9p0YT8yJsX4J1w9JzSvsWJBS2vyW -Kbt21oG6JAGrWSGMIfxKpuahtWLf4JpGjftti0qIVQ60GKEPc1/xE2PZAoGBAN7Y -nRPaUaqcIwbnH9kovOKwZ/PWREy1ecr3YXj65VYTnwSJHD0+CJa/DX8eB/G4AoNA -Y2LPbq0Xu3+7SaUsO45VkaZuJmNwheUQ4tmyd/YdnVZ0AHXx1tvpR7QeO0WjnlNK -mR+x00fetrff2Ypahs0wtU0Xf3F8ORgVB8jnxBIhAoGAcwf0PpI+g30Im3dbEsWE -poogpiJ81HXjZ0fs3PTtD9eh9FCOTlkcxHFZR5M980TyqbX4t2tH8WpFpaNh8a/5 -a3bF7PoiiLnuDKXyHC0mnKZ42rU53VkcgGwWSAqXYFHPNwUcD+rHTBbp4kqGQ/eF -E5XPk9/RY5YyVAyiAUr/kvECgYBvW1Ua75SxqbZDI8mhbZ79tGMt0NtubZz/1KCL -oOxrGAD1dkJ7Q/1svunSpMIZgvcWeV1wqfFHY72ZNZC2jiTwmkffH9nlBPyTm92Q -JYOWo/PUmMEGLyRL3gWrtxOtV/as7nEYCndmyZ8KwTxmy5fi/z0J2f0gS5AIPbIX -LeGnoQKBgQDapjz9K4HWR5AMxyga4eiLIrmADySP846uz3eZIvTJQZ+6TAamvnno -KbnU21cGq5HBBtxqQvGswLPGW9rZAgykHHJmYBUp0xv4+I4qHfXyD7QNmvq+Vxjj -V2tgIafEpaf2ZsfM7BZeZz8MzeGcDwyrHtIO1FQiYN5Qz9Hq68XmVA== ------END RSA PRIVATE KEY----- Index: crypto/openssl/doc/apps/asn1parse.pod =================================================================== --- crypto/openssl/doc/apps/asn1parse.pod (revision 279126) +++ crypto/openssl/doc/apps/asn1parse.pod (working copy) @@ -15,6 +15,8 @@ B B [B<-length number>] [B<-i>] [B<-oid filename>] +[B<-dump>] +[B<-dlimit num>] [B<-strparse offset>] [B<-genstr string>] [B<-genconf file>] @@ -64,6 +66,14 @@ indents the output according to the "depth" of the a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this file is described in the NOTES section below. +=item B<-dump> + +dump unknown data in hex format. + +=item B<-dlimit num> + +like B<-dump>, but only the first B bytes are output. + =item B<-strparse offset> parse the contents octets of the ASN.1 object starting at B. This Index: crypto/openssl/doc/apps/ca.pod =================================================================== --- crypto/openssl/doc/apps/ca.pod (revision 279126) +++ crypto/openssl/doc/apps/ca.pod (working copy) @@ -13,6 +13,8 @@ B B [B<-name section>] [B<-gencrl>] [B<-revoke file>] +[B<-status serial>] +[B<-updatedb>] [B<-crl_reason reason>] [B<-crl_hold instruction>] [B<-crl_compromise time>] @@ -26,6 +28,7 @@ B B [B<-md arg>] [B<-policy arg>] [B<-keyfile arg>] +[B<-keyform PEM|DER>] [B<-key arg>] [B<-passin arg>] [B<-cert file>] @@ -83,7 +86,7 @@ a single self signed certificate to be signed by t a file containing a single Netscape signed public key and challenge and additional field values to be signed by the CA. See the B -section for information on the required format. +section for information on the required input and output format. =item B<-infiles> @@ -94,7 +97,7 @@ are assumed to be the names of files containing ce the output file to output certificates to. The default is standard output. The certificate details will also be printed out to this -file. +file in PEM format (except that B<-spkac> outputs DER format). =item B<-outdir directory> @@ -110,6 +113,11 @@ the CA certificate file. the private key to sign requests with. +=item B<-keyform PEM|DER> + +the format of the data in the private key file. +The default is PEM. + =item B<-key password> the password used to encrypt the private key. Since on some @@ -265,6 +273,15 @@ the number of hours before the next CRL is due. a filename containing a certificate to revoke. +=item B<-status serial> + +displays the revocation status of the certificate with the specified +serial number and exits. + +=item B<-updatedb> + +Updates the database index to purge expired certificates. + =item B<-crl_reason reason> revocation reason, where B is one of: B, B, @@ -495,6 +512,10 @@ the SPKAC and also the required DN components as n If you need to include the same component twice then it can be preceded by a number and a '.'. +When processing SPKAC format, the output is DER if the B<-out> +flag is used, but PEM format if sending to stdout or the B<-outdir> +flag is used. + =head1 EXAMPLES Note: these examples assume that the B directory structure is Index: crypto/openssl/doc/apps/crl.pod =================================================================== --- crypto/openssl/doc/apps/crl.pod (revision 279126) +++ crypto/openssl/doc/apps/crl.pod (working copy) @@ -12,6 +12,7 @@ B B [B<-text>] [B<-in filename>] [B<-out filename>] +[B<-nameopt option>] [B<-noout>] [B<-hash>] [B<-issuer>] @@ -53,6 +54,11 @@ default. print out the CRL in text form. +=item B<-nameopt option> + +option which determines how the subject or issuer names are displayed. See +the description of B<-nameopt> in L. + =item B<-noout> don't output the encoded version of the CRL. Index: crypto/openssl/doc/apps/dhparam.pod =================================================================== --- crypto/openssl/doc/apps/dhparam.pod (revision 279126) +++ crypto/openssl/doc/apps/dhparam.pod (working copy) @@ -12,6 +12,7 @@ B [B<-in> I] [B<-out> I] [B<-dsaparam>] +[B<-check>] [B<-noout>] [B<-text>] [B<-C>] @@ -64,6 +65,10 @@ exchange more efficient. Beware that with such DS parameters, a fresh DH key should be created for each use to avoid small-subgroup attacks that may be possible otherwise. +=item B<-check> + +check if the parameters are valid primes and generator. + =item B<-2>, B<-5> The generator to use, either 2 or 5. 2 is the default. If present then the Index: crypto/openssl/doc/apps/dsa.pod =================================================================== --- crypto/openssl/doc/apps/dsa.pod (revision 279126) +++ crypto/openssl/doc/apps/dsa.pod (working copy) @@ -13,6 +13,12 @@ B B [B<-passin arg>] [B<-out filename>] [B<-passout arg>] +[B<-aes128>] +[B<-aes192>] +[B<-aes256>] +[B<-camellia128>] +[B<-camellia192>] +[B<-camellia256>] [B<-des>] [B<-des3>] [B<-idea>] @@ -74,10 +80,10 @@ filename. the output file password source. For more information about the format of B see the B section in L. -=item B<-des|-des3|-idea> +=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> -These options encrypt the private key with the DES, triple DES, or the -IDEA ciphers respectively before outputting it. A pass phrase is prompted for. +These options encrypt the private key with the specified +cipher before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This means that using the B utility to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by Index: crypto/openssl/doc/apps/ecparam.pod =================================================================== --- crypto/openssl/doc/apps/ecparam.pod (revision 279126) +++ crypto/openssl/doc/apps/ecparam.pod (working copy) @@ -16,7 +16,7 @@ B [B<-C>] [B<-check>] [B<-name arg>] -[B<-list_curve>] +[B<-list_curves>] [B<-conv_form arg>] [B<-param_enc arg>] [B<-no_seed>] Index: crypto/openssl/doc/apps/gendsa.pod =================================================================== --- crypto/openssl/doc/apps/gendsa.pod (revision 279126) +++ crypto/openssl/doc/apps/gendsa.pod (working copy) @@ -8,6 +8,12 @@ gendsa - generate a DSA private key from a set of B B [B<-out filename>] +[B<-aes128>] +[B<-aes192>] +[B<-aes256>] +[B<-camellia128>] +[B<-camellia192>] +[B<-camellia256>] [B<-des>] [B<-des3>] [B<-idea>] @@ -24,10 +30,10 @@ The B command generates a DSA private key =over 4 -=item B<-des|-des3|-idea> +=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> -These options encrypt the private key with the DES, triple DES, or the -IDEA ciphers respectively before outputting it. A pass phrase is prompted for. +These options encrypt the private key with specified +cipher before outputting it. A pass phrase is prompted for. If none of these options is specified no encryption is used. =item B<-rand file(s)> Index: crypto/openssl/doc/apps/genrsa.pod =================================================================== --- crypto/openssl/doc/apps/genrsa.pod (revision 279126) +++ crypto/openssl/doc/apps/genrsa.pod (working copy) @@ -9,6 +9,18 @@ genrsa - generate an RSA private key B B [B<-out filename>] [B<-passout arg>] +[B<-aes128>] +[B<-aes128>] +[B<-aes192>] +[B<-aes256>] +[B<-camellia128>] +[B<-camellia192>] +[B<-camellia256>] +[B<-aes192>] +[B<-aes256>] +[B<-camellia128>] +[B<-camellia192>] +[B<-camellia256>] [B<-des>] [B<-des3>] [B<-idea>] @@ -36,10 +48,10 @@ used. the output file password source. For more information about the format of B see the B section in L. -=item B<-des|-des3|-idea> +=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> -These options encrypt the private key with the DES, triple DES, or the -IDEA ciphers respectively before outputting it. If none of these options is +These options encrypt the private key with specified +cipher before outputting it. If none of these options is specified no encryption is used. If encryption is used a pass phrase is prompted for if it is not supplied via the B<-passout> argument. Index: crypto/openssl/doc/apps/rsa.pod =================================================================== --- crypto/openssl/doc/apps/rsa.pod (revision 279126) +++ crypto/openssl/doc/apps/rsa.pod (working copy) @@ -15,6 +15,12 @@ B B [B<-out filename>] [B<-passout arg>] [B<-sgckey>] +[B<-aes128>] +[B<-aes192>] +[B<-aes256>] +[B<-camellia128>] +[B<-camellia192>] +[B<-camellia256>] [B<-des>] [B<-des3>] [B<-idea>] @@ -80,10 +86,10 @@ see the B section in L +=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> -These options encrypt the private key with the DES, triple DES, or the -IDEA ciphers respectively before outputting it. A pass phrase is prompted for. +These options encrypt the private key with the specified +cipher before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This means that using the B utility to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by Index: crypto/openssl/doc/apps/s_client.pod =================================================================== --- crypto/openssl/doc/apps/s_client.pod (revision 279126) +++ crypto/openssl/doc/apps/s_client.pod (working copy) @@ -17,6 +17,22 @@ B B [B<-pass arg>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-attime timestamp>] +[B<-check_ss_sig>] +[B<-crl_check>] +[B<-crl_check_all>] +[B<-explicit_policy>] +[B<-ignore_critical>] +[B<-inhibit_any>] +[B<-inhibit_map>] +[B<-issuer_checks>] +[B<-policy arg>] +[B<-policy_check>] +[B<-policy_print>] +[B<-purpose purpose>] +[B<-use_deltas>] +[B<-verify_depth num>] +[B<-x509_strict>] [B<-reconnect>] [B<-pause>] [B<-showcerts>] @@ -38,6 +54,7 @@ B B [B<-bugs>] [B<-cipher cipherlist>] [B<-starttls protocol>] +[B<-xmpphost hostname>] [B<-engine id>] [B<-tlsextdebug>] [B<-no_ticket>] @@ -53,6 +70,11 @@ SSL servers. =head1 OPTIONS +In addition to the options below the B utility also supports the +common and client only options documented in the +in the L +manual page. + =over 4 =item B<-connect host:port> @@ -102,6 +124,15 @@ also used when building the client certificate cha A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. +=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>, +B, B<-ignore_critical>, B<-inhibit_any>, +B<-inhibit_map>, B<-issuer_checks>, B<-policy>, +B<-policy_check>, B<-policy_print>, B<-purpose>, +B<-use_deltas>, B<-verify_depth>, B<-x509_strict> + +Set various certificate chain valiadition options. See the +L|verify(1)> manual page for details. + =item B<-reconnect> reconnects to the same server 5 times using the same session ID, this can @@ -192,18 +223,22 @@ command for more information. send the protocol-specific message(s) to switch to TLS for communication. B is a keyword for the intended protocol. Currently, the only -supported keywords are "smtp", "pop3", "imap", and "ftp". +supported keywords are "smtp", "pop3", "imap", "ftp" and "xmpp". +=item B<-xmpphost hostname> + +This option, when used with "-starttls xmpp", specifies the host for the +"to" attribute of the stream element. +If this option is not specified, then the host specified with "-connect" +will be used. + =item B<-tlsextdebug> -print out a hex dump of any TLS extensions received from the server. Note: this -option is only available if extension support is explicitly enabled at compile -time +print out a hex dump of any TLS extensions received from the server. =item B<-no_ticket> -disable RFC4507bis session ticket support. Note: this option is only available -if extension support is explicitly enabled at compile time +disable RFC4507bis session ticket support. =item B<-sess_out filename> @@ -216,7 +251,7 @@ connection from this session. =item B<-engine id> -specifying an engine (by it's unique B string) will cause B +specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. @@ -278,8 +313,11 @@ Since the SSLv23 client hello cannot include compr these will only be supported if its use is disabled, for example by using the B<-no_sslv2> option. -TLS extensions are only supported in OpenSSL 0.9.8 if they are explictly -enabled at compile time using for example the B switch. +The B utility is a test tool and is designed to continue the +handshake after any certificate verification errors. As a result it will +accept any certificate chain (trusted or not) sent by the peer. None test +applications should B do this as it makes them vulnerable to a MITM +attack. =head1 BUGS @@ -288,9 +326,6 @@ the techniques used are rather old, the C source o hard to read and not a model of how things should be done. A typical SSL client program would be much simpler. -The B<-verify> option should really exit if the server verification -fails. - The B<-prexit> option is a bit of a hack. We should really report information whenever a session is renegotiated. Index: crypto/openssl/doc/apps/s_server.pod =================================================================== --- crypto/openssl/doc/apps/s_server.pod (revision 279126) +++ crypto/openssl/doc/apps/s_server.pod (working copy) @@ -35,6 +35,7 @@ B B [B<-CAfile filename>] [B<-nocert>] [B<-cipher cipherlist>] +[B<-serverpref>] [B<-quiet>] [B<-no_tmp_rsa>] [B<-ssl2>] @@ -144,6 +145,9 @@ the client. With the B<-verify> option a certifica client does not have to send one, with the B<-Verify> option the client must supply a certificate or an error occurs. +If the ciphersuite cannot request a client certificate (for example an +anonymous ciphersuite or PSK) this option has no effect. + =item B<-crl_check>, B<-crl_check_all> Check the peer certificate has not been revoked by its CA. @@ -215,6 +219,10 @@ also included in the server list is used. Because the preference order, the order of the server cipherlist irrelevant. See the B command for more information. +=item B<-serverpref> + +use the server's cipher preferences, rather than the client's preferences. + =item B<-tlsextdebug> print out a hex dump of any TLS extensions received from the server. Index: crypto/openssl/doc/apps/verify.pod =================================================================== --- crypto/openssl/doc/apps/verify.pod (revision 279126) +++ crypto/openssl/doc/apps/verify.pod (working copy) @@ -7,13 +7,27 @@ verify - Utility to verify certificates. =head1 SYNOPSIS B B +[B<-CAfile file>] [B<-CApath directory>] -[B<-CAfile file>] +[B<-attime timestamp>] +[B<-check_ss_sig>] +[B<-crl_check>] +[B<-crl_check_all>] +[B<-explicit_policy>] +[B<-help>] +[B<-ignore_critical>] +[B<-inhibit_any>] +[B<-inhibit_map>] +[B<-issuer_checks>] +[B<-policy arg>] +[B<-policy_check>] +[B<-policy_print>] [B<-purpose purpose>] [B<-untrusted file>] -[B<-help>] -[B<-issuer_checks>] +[B<-use_deltas>] [B<-verbose>] +[B<-verify_depth num>] +[B<-x509_strict>] [B<->] [certificates] @@ -26,6 +40,11 @@ The B command verifies certificate chains. =over 4 +=item B<-CAfile file> + +A file of trusted certificates. The file should contain multiple certificates +in PEM format concatenated together. + =item B<-CApath directory> A directory of trusted certificates. The certificates should have names @@ -34,56 +53,113 @@ form ("hash" is the hashed certificate subject nam of the B utility). Under Unix the B script will automatically create symbolic links to a directory of certificates. -=item B<-CAfile file> +=item B<-attime timestamp> -A file of trusted certificates. The file should contain multiple certificates -in PEM format concatenated together. +Perform validation checks using time specified by B and not +current system time. B is the number of seconds since +01.01.1970 (UNIX time). -=item B<-untrusted file> +=item B<-check_ss_sig> -A file of untrusted certificates. The file should contain multiple certificates +Verify the signature on the self-signed root CA. This is disabled by default +because it doesn't add any security. -=item B<-purpose purpose> +=item B<-crl_check> -the intended use for the certificate. Without this option no chain verification -will be done. Currently accepted uses are B, B, -B, B, B. See the B -section for more information. +Checks end entity certificate validity by attempting to look up a valid CRL. +If a valid CRL cannot be found an error occurs. +=item B<-crl_check_all> + +Checks the validity of B certificates in the chain by attempting +to look up valid CRLs. + +=item B<-explicit_policy> + +Set policy variable require-explicit-policy (see RFC5280). + =item B<-help> -prints out a usage message. +Print out a usage message. -=item B<-verbose> +=item B<-ignore_critical> -print extra information about the operations being performed. +Normally if an unhandled critical extension is present which is not +supported by OpenSSL the certificate is rejected (as required by RFC5280). +If this option is set critical extensions are ignored. +=item B<-inhibit_any> + +Set policy variable inhibit-any-policy (see RFC5280). + +=item B<-inhibit_map> + +Set policy variable inhibit-policy-mapping (see RFC5280). + =item B<-issuer_checks> -print out diagnostics relating to searches for the issuer certificate -of the current certificate. This shows why each candidate issuer -certificate was rejected. However the presence of rejection messages -does not itself imply that anything is wrong: during the normal -verify process several rejections may take place. +Print out diagnostics relating to searches for the issuer certificate of the +current certificate. This shows why each candidate issuer certificate was +rejected. The presence of rejection messages does not itself imply that +anything is wrong; during the normal verification process, several +rejections may take place. -=item B<-check_ss_sig> +=item B<-policy arg> -Verify the signature on the self-signed root CA. This is disabled by default -because it doesn't add any security. +Enable policy processing and add B to the user-initial-policy-set (see +RFC5280). The policy B can be an object name an OID in numeric form. +This argument can appear more than once. +=item B<-policy_check> + +Enables certificate policy processing. + +=item B<-policy_print> + +Print out diagnostics related to policy processing. + +=item B<-purpose purpose> + +The intended use for the certificate. If this option is not specified, +B will not consider certificate purpose during chain verification. +Currently accepted uses are B, B, B, +B, B. See the B section for more +information. + +=item B<-untrusted file> + +A file of untrusted certificates. The file should contain multiple certificates +in PEM format concatenated together. + +=item B<-use_deltas> + +Enable support for delta CRLs. + +=item B<-verbose> + +Print extra information about the operations being performed. + +=item B<-verify_depth num> + +Limit the maximum depth of the certificate chain to B certificates. + +=item B<-x509_strict> + +For strict X.509 compliance, disable non-compliant workarounds for broken +certificates. + =item B<-> -marks the last option. All arguments following this are assumed to be +Indicates the last option. All arguments following this are assumed to be certificate files. This is useful if the first certificate filename begins with a B<->. =item B -one or more certificates to verify. If no certificate filenames are included -then an attempt is made to read a certificate from standard input. They should -all be in PEM format. +One or more certificates to verify. If no certificates are given, B +will attempt to read a certificate from standard input. Certificates must be +in PEM format. - =back =head1 VERIFY OPERATION @@ -176,7 +252,7 @@ normally means the list of trusted certificates is =item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL> -the CRL of a certificate could not be found. Unused. +the CRL of a certificate could not be found. =item B<4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature> @@ -199,7 +275,7 @@ the signature of the certificate is invalid. =item B<8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure> -the signature of the certificate is invalid. Unused. +the signature of the certificate is invalid. =item B<9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid> @@ -211,11 +287,11 @@ the certificate has expired: that is the notAfter =item B<11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid> -the CRL is not yet valid. Unused. +the CRL is not yet valid. =item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired> -the CRL has expired. Unused. +the CRL has expired. =item B<13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field> @@ -227,11 +303,11 @@ the certificate notAfter field contains an invalid =item B<15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field> -the CRL lastUpdate field contains an invalid time. Unused. +the CRL lastUpdate field contains an invalid time. =item B<16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field> -the CRL nextUpdate field contains an invalid time. Unused. +the CRL nextUpdate field contains an invalid time. =item B<17 X509_V_ERR_OUT_OF_MEM: out of memory> @@ -263,7 +339,7 @@ the certificate chain length is greater than the s =item B<23 X509_V_ERR_CERT_REVOKED: certificate revoked> -the certificate has been revoked. Unused. +the certificate has been revoked. =item B<24 X509_V_ERR_INVALID_CA: invalid CA certificate> @@ -320,7 +396,7 @@ an application specific error. Unused. Although the issuer checks are a considerable improvement over the old technique they still suffer from limitations in the underlying X509_LOOKUP API. One consequence of this is that trusted certificates with matching subject name must either appear in a file (as specified by the -B<-CAfile> option) or a directory (as specified by B<-CApath>. If they occur in both then only +B<-CAfile> option) or a directory (as specified by B<-CApath>). If they occur in both then only the certificates in the file will be recognised. Previous versions of OpenSSL assume certificates with matching subject name are identical and Index: crypto/openssl/doc/apps/x509.pod =================================================================== --- crypto/openssl/doc/apps/x509.pod (revision 279126) +++ crypto/openssl/doc/apps/x509.pod (working copy) @@ -19,6 +19,7 @@ B B [B<-hash>] [B<-subject_hash>] [B<-issuer_hash>] +[B<-ocspid>] [B<-subject>] [B<-issuer>] [B<-nameopt option>] @@ -27,6 +28,7 @@ B B [B<-enddate>] [B<-purpose>] [B<-dates>] +[B<-checkend num>] [B<-modulus>] [B<-fingerprint>] [B<-alias>] @@ -40,6 +42,7 @@ B B [B<-days arg>] [B<-set_serial n>] [B<-signkey filename>] +[B<-passin arg>] [B<-x509toreq>] [B<-req>] [B<-CA filename>] @@ -47,6 +50,7 @@ B B [B<-CAcreateserial>] [B<-CAserial filename>] [B<-text>] +[B<-certopt option>] [B<-C>] [B<-md2|-md5|-sha1|-mdc2>] [B<-clrext>] @@ -153,6 +157,10 @@ name. outputs the "hash" of the certificate issuer name. +=item B<-ocspid> + +outputs the OCSP hash values for the subject name and public key. + =item B<-hash> synonym for "-subject_hash" for backward compatibility reasons. @@ -188,6 +196,11 @@ prints out the expiry date of the certificate, tha prints out the start and expiry dates of a certificate. +=item B<-checkend arg> + +checks if the certificate expires within the next B seconds and exits +non-zero if yes it will expire or zero if not. + =item B<-fingerprint> prints out the digest of the DER encoded version of the whole certificate @@ -293,6 +306,11 @@ If the input is a certificate request then a self is created using the supplied private key using the subject name in the request. +=item B<-passin arg> + +the key password source. For more information about the format of B +see the B section in L. + =item B<-clrext> delete any extensions from a certificate. This option is used when a @@ -446,7 +464,7 @@ using the format \UXXXX for 16 bits and \WXXXXXXXX Also if this option is off any UTF8Strings will be converted to their character form first. -=item B +=item B this option does not attempt to interpret multibyte characters in any way. That is their content octets are merely dumped as though one octet Index: crypto/openssl/doc/apps/x509v3_config.pod =================================================================== --- crypto/openssl/doc/apps/x509v3_config.pod (revision 279126) +++ crypto/openssl/doc/apps/x509v3_config.pod (working copy) @@ -52,7 +52,7 @@ use is defined by the extension code itself: check policies extension for an example. If an extension type is unsupported then the I extension syntax -must be used, see the L section for more details. +must be used, see the L section for more details. =head1 STANDARD EXTENSIONS @@ -174,11 +174,11 @@ The IP address used in the B options can be in The value of B should point to a section containing the distinguished name to use as a set of name value pairs. Multi values AVAs can be formed by -preceeding the name with a B<+> character. +preceding the name with a B<+> character. otherName can include arbitrary data associated with an OID: the value should be the OID followed by a semicolon and the content in standard -ASN1_generate_nconf() format. +L format. Examples: @@ -226,21 +226,82 @@ Example: =head2 CRL distribution points. -This is a multi-valued extension that supports all the literal options of -subject alternative name. Of the few software packages that currently interpret -this extension most only interpret the URI option. +This is a multi-valued extension whose options can be either in name:value pair +using the same form as subject alternative name or a single value representing +a section name containing all the distribution point fields. -Currently each option will set a new DistributionPoint with the fullName -field set to the given value. +For a name:value pair a new DistributionPoint with the fullName field set to +the given value both the cRLissuer and reasons fields are omitted in this case. -Other fields like cRLissuer and reasons cannot currently be set or displayed: -at this time no examples were available that used these fields. +In the single option case the section indicated contains values for each +field. In this section: -Examples: +If the name is "fullname" the value field should contain the full name +of the distribution point in the same format as subject alternative name. +If the name is "relativename" then the value field should contain a section +name whose contents represent a DN fragment to be placed in this field. + +The name "CRLIssuer" if present should contain a value for this field in +subject alternative name format. + +If the name is "reasons" the value field should consist of a comma +separated field containing the reasons. Valid reasons are: "keyCompromise", +"CACompromise", "affiliationChanged", "superseded", "cessationOfOperation", +"certificateHold", "privilegeWithdrawn" and "AACompromise". + + +Simple examples: + crlDistributionPoints=URI:http://myhost.com/myca.crl crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl +Full distribution point example: + + crlDistributionPoints=crldp1_section + + [crldp1_section] + + fullname=URI:http://myhost.com/myca.crl + CRLissuer=dirName:issuer_sect + reasons=keyCompromise, CACompromise + + [issuer_sect] + C=UK + O=Organisation + CN=Some Name + +=head2 Issuing Distribution Point + +This extension should only appear in CRLs. It is a multi valued extension +whose syntax is similar to the "section" pointed to by the CRL distribution +points extension with a few differences. + +The names "reasons" and "CRLissuer" are not recognized. + +The name "onlysomereasons" is accepted which sets this field. The value is +in the same format as the CRL distribution point "reasons" field. + +The names "onlyuser", "onlyCA", "onlyAA" and "indirectCRL" are also accepted +the values should be a boolean value (TRUE or FALSE) to indicate the value of +the corresponding field. + +Example: + + issuingDistributionPoint=critical, @idp_section + + [idp_section] + + fullname=URI:http://myhost.com/myca.crl + indirectCRL=TRUE + onlysomereasons=keyCompromise, CACompromise + + [issuer_sect] + C=UK + O=Organisation + CN=Some Name + + =head2 Certificate Policies. This is a I extension. All the fields of this extension can be set by @@ -330,6 +391,16 @@ Examples: nameConstraints=excluded;email:.com + +=head2 OCSP No Check + +The OCSP No Check extension is a string extension but its value is ignored. + +Example: + + noCheck = ignored + + =head1 DEPRECATED EXTENSIONS The following extensions are non standard, Netscape specific and largely @@ -370,7 +441,8 @@ the data is formatted correctly for the given exte There are two ways to encode arbitrary extensions. The first way is to use the word ASN1 followed by the extension content -using the same syntax as ASN1_generate_nconf(). For example: +using the same syntax as L. +For example: 1.2.3.4=critical,ASN1:UTF8String:Some random data @@ -450,7 +522,8 @@ for arbitrary extensions was added in OpenSSL 0.9. =head1 SEE ALSO -L, L, L +L, L, L, +L =cut Index: crypto/openssl/doc/crypto/ASN1_generate_nconf.pod =================================================================== --- crypto/openssl/doc/crypto/ASN1_generate_nconf.pod (revision 279126) +++ crypto/openssl/doc/crypto/ASN1_generate_nconf.pod (working copy) @@ -61,7 +61,7 @@ Encode the B type, the B string must =item B, B Encodes an ASN1 B type. The B string represents -the value of the integer, it can be preceeded by a minus sign and +the value of the integer, it can be preceded by a minus sign and is normally interpreted as a decimal value unless the prefix B<0x> is included. @@ -103,7 +103,8 @@ bits is set to zero. =item B, B, B, B, B, B, B, B, B, B, B, B, B, -B, B, B +B, B, B, B, +B These encode the corresponding string types. B represents the contents of this structure. The format can be B or B. Index: crypto/openssl/doc/crypto/BIO_f_base64.pod =================================================================== --- crypto/openssl/doc/crypto/BIO_f_base64.pod (revision 279126) +++ crypto/openssl/doc/crypto/BIO_f_base64.pod (working copy) @@ -46,11 +46,11 @@ to standard output: b64 = BIO_new(BIO_f_base64()); bio = BIO_new_fp(stdout, BIO_NOCLOSE); - bio = BIO_push(b64, bio); - BIO_write(bio, message, strlen(message)); - BIO_flush(bio); + BIO_push(b64, bio); + BIO_write(b64, message, strlen(message)); + BIO_flush(b64); - BIO_free_all(bio); + BIO_free_all(b64); Read Base64 encoded data from standard input and write the decoded data to standard output: @@ -62,11 +62,12 @@ data to standard output: b64 = BIO_new(BIO_f_base64()); bio = BIO_new_fp(stdin, BIO_NOCLOSE); bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); - bio = BIO_push(b64, bio); - while((inlen = BIO_read(bio, inbuf, 512)) > 0) + BIO_push(b64, bio); + while((inlen = BIO_read(b64, inbuf, 512)) > 0) BIO_write(bio_out, inbuf, inlen); - BIO_free_all(bio); + BIO_flush(bio_out); + BIO_free_all(b64); =head1 BUGS Index: crypto/openssl/doc/crypto/BIO_push.pod =================================================================== --- crypto/openssl/doc/crypto/BIO_push.pod (revision 279126) +++ crypto/openssl/doc/crypto/BIO_push.pod (working copy) @@ -40,7 +40,7 @@ If the call: BIO_push(b64, f); -is made then the new chain will be B. After making the calls +is made then the new chain will be B. After making the calls BIO_push(md2, b64); BIO_push(md1, md2); Index: crypto/openssl/doc/crypto/ERR_get_error.pod =================================================================== --- crypto/openssl/doc/crypto/ERR_get_error.pod (revision 279126) +++ crypto/openssl/doc/crypto/ERR_get_error.pod (working copy) @@ -49,10 +49,10 @@ additionally store the file name and line number w the error occurred in *B and *B, unless these are B. ERR_get_error_line_data(), ERR_peek_error_line_data() and -ERR_get_last_error_line_data() store additional data and flags +ERR_peek_last_error_line_data() store additional data and flags associated with the error code in *B and *B, unless these are B. *B contains a string -if *B&B is true. +if *B&B is true. An application B free the *B pointer (or any other pointers returned by these functions) with OPENSSL_free() as freeing is handled Index: crypto/openssl/doc/crypto/RSA_set_method.pod =================================================================== --- crypto/openssl/doc/crypto/RSA_set_method.pod (revision 279126) +++ crypto/openssl/doc/crypto/RSA_set_method.pod (working copy) @@ -125,14 +125,18 @@ the default method is used. /* sign. For backward compatibility, this is used only * if (flags & RSA_FLAG_SIGN_VER) */ - int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa); - + int (*rsa_sign)(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa); /* verify. For backward compatibility, this is used only * if (flags & RSA_FLAG_SIGN_VER) */ - int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + int (*rsa_verify)(int dtype, + const unsigned char *m, unsigned int m_length, + const unsigned char *sigbuf, unsigned int siglen, + const RSA *rsa); + /* keygen. If NULL builtin RSA key generation will be used */ + int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); } RSA_METHOD; Index: crypto/openssl/doc/crypto/RSA_sign.pod =================================================================== --- crypto/openssl/doc/crypto/RSA_sign.pod (revision 279126) +++ crypto/openssl/doc/crypto/RSA_sign.pod (working copy) @@ -20,6 +20,10 @@ RSA_sign() signs the message digest B of size B private key B as specified in PKCS #1 v2.0. It stores the signature in B and the signature size in B. B must point to RSA_size(B) bytes of memory. +Note that PKCS #1 adds meta-data, placing limits on the size of the +key that can be used. +See L for lower-level +operations. B denotes the message digest algorithm that was used to generate B. It usually is one of B, B and B; Index: crypto/openssl/doc/crypto/des.pod =================================================================== --- crypto/openssl/doc/crypto/des.pod (revision 279126) +++ crypto/openssl/doc/crypto/des.pod (working copy) @@ -135,9 +135,8 @@ depend on a global variable. DES_set_odd_parity() sets the parity of the passed I to odd. -DES_is_weak_key() returns 1 is the passed key is a weak key, 0 if it -is ok. The probability that a randomly generated key is weak is -1/2^52, so it is not really worth checking for them. +DES_is_weak_key() returns 1 if the passed key is a weak key, 0 if it +is ok. The following routines mostly operate on an input and output stream of Is. @@ -181,7 +180,7 @@ of 24 bytes. This is much better than CBC DES. DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with three keys. This means that each DES operation inside the CBC mode is -really an C. This mode is used by SSL. +an C. This mode is used by SSL. The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by reusing I for the final encryption. C. Index: crypto/openssl/doc/crypto/err.pod =================================================================== --- crypto/openssl/doc/crypto/err.pod (revision 279126) +++ crypto/openssl/doc/crypto/err.pod (working copy) @@ -171,7 +171,6 @@ ERR_get_string_table(void) respectively. =head1 SEE ALSO -L, L, L, L, Index: crypto/openssl/doc/crypto/pem.pod =================================================================== --- crypto/openssl/doc/crypto/pem.pod (revision 279126) +++ crypto/openssl/doc/crypto/pem.pod (working copy) @@ -450,9 +450,9 @@ byte B encoded as a set of hexadecimal digit After this is the base64 encoded encrypted data. -The encryption key is determined using EVP_bytestokey(), using B and an +The encryption key is determined using EVP_BytesToKey(), using B and an iteration count of 1. The IV used is the value of B and *not* the IV -returned by EVP_bytestokey(). +returned by EVP_BytesToKey(). =head1 BUGS @@ -474,3 +474,7 @@ The read routines return either a pointer to the s if an error occurred. The write routines return 1 for success or 0 for failure. + +=head1 SEE ALSO + +L, L Index: crypto/openssl/doc/crypto/ui.pod =================================================================== --- crypto/openssl/doc/crypto/ui.pod (revision 279126) +++ crypto/openssl/doc/crypto/ui.pod (working copy) @@ -119,7 +119,7 @@ verification will fail. UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered in a boolean way, with a single character for yes and a different character for no. A set of characters that can be used to cancel the prompt is given -as well. The prompt itself is really divided in two, one part being the +as well. The prompt itself is divided in two, one part being the descriptive text (given through the I argument) and one describing the possible answers (given through the I argument). Index: crypto/openssl/doc/fingerprints.txt =================================================================== --- crypto/openssl/doc/fingerprints.txt (revision 279126) +++ crypto/openssl/doc/fingerprints.txt (working copy) @@ -4,12 +4,11 @@ OpenSSL releases are signed with PGP/GnuPG keys. signatures in separate files in the same location you find the distributions themselves. The normal file name is the same as the distribution file, with '.asc' added. For example, the signature for -the distribution of OpenSSL 0.9.7f, openssl-0.9.7f.tar.gz, is found in -the file openssl-0.9.7f.tar.gz.asc. +the distribution of OpenSSL 1.0.1h, openssl-1.0.1h.tar.gz, is found in +the file openssl-1.0.1h.tar.gz.asc. The following is the list of fingerprints for the keys that are -currently in use (have been used since summer 2004) to sign OpenSSL -distributions: +currently in use to sign OpenSSL distributions: pub 1024D/F709453B 2003-10-20 Key fingerprint = C4CA B749 C34F 7F4C C04F DAC9 A7AF 9E78 F709 453B @@ -34,10 +33,6 @@ uid Mark Cox uid Mark Cox uid Mark Cox -pub 1024R/26BB437D 1997-04-28 - Key fingerprint = 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 -uid Ralf S. Engelschall - pub 1024R/9C58A66D 1997-04-03 Key fingerprint = 13 D0 B8 9D 37 30 C3 ED AC 9C 24 7D 45 8C 17 67 uid jaenicke@openssl.org @@ -62,3 +57,7 @@ uid Bodo Moeller <3moeller@inform uid Bodo Moeller uid Bodo Moeller <3moeller@rzdspc5.informatik.uni-hamburg.de> +pub 2048R/0E604491 2013-04-30 + Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 +uid Matt Caswell + Index: crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod =================================================================== --- crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod (revision 279126) +++ crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod (working copy) @@ -23,8 +23,12 @@ SSL_CIPHER_get_bits() returns the number of secret B is not NULL, it contains the number of bits processed by the chosen algorithm. If B is NULL, 0 is returned. -SSL_CIPHER_get_version() returns the protocol version for B, currently -"SSLv2", "SSLv3", or "TLSv1". If B is NULL, "(NONE)" is returned. +SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol +version that first defined the cipher. +This is currently B or B. +In some cases it should possibly return "TLSv1.2" but does not; +use SSL_CIPHER_description() instead. +If B is NULL, "(NONE)" is returned. SSL_CIPHER_description() returns a textual description of the cipher used into the buffer B of length B provided. B must be at least @@ -52,7 +56,8 @@ Textual representation of the cipher name. =item -Protocol version: B, B. The TLSv1 ciphers are flagged with SSLv3. +Protocol version: B, B, B. The TLSv1.0 ciphers are +flagged with SSLv3. No new ciphers were added by TLSv1.1. =item Kx= @@ -91,6 +96,10 @@ Some examples for the output of SSL_CIPHER_descrip RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export +A comp[lete list can be retrieved by invoking the following command: + + openssl ciphers -v ALL + =head1 BUGS If SSL_CIPHER_description() is called with B being NULL, the Index: crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod =================================================================== --- crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod (revision 279126) +++ crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod (working copy) @@ -24,6 +24,16 @@ the library will try to complete the chain from th certificates in the trusted CA storage, see L. +The B certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the B is destroyed. An application B free the B object. + +=head1 RESTRICTIONS + +Only one set of extra chain certificates can be specified per SSL_CTX +structure. Different chains for different certificates (for example if both +RSA and DSA certificates are specified by the same server) or different SSL +structures with the same parent SSL_CTX cannot be specified using this +function. + =head1 RETURN VALUES SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the Index: crypto/openssl/doc/ssl/SSL_CTX_add_session.pod =================================================================== --- crypto/openssl/doc/ssl/SSL_CTX_add_session.pod (revision 279126) +++ crypto/openssl/doc/ssl/SSL_CTX_add_session.pod (working copy) @@ -41,7 +41,7 @@ If a server SSL_CTX is configured with the SSL_SES flag then the internal cache will not be populated automatically by new sessions negotiated by the SSL/TLS implementation, even though the internal cache will be searched automatically for session-resume requests (the -latter can be surpressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the +latter can be suppressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the application can use SSL_CTX_add_session() directly to have full control over the sessions that can be resumed if desired. Index: crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod =================================================================== --- crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod (revision 279126) +++ crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod (working copy) @@ -35,7 +35,7 @@ the chosen B, overriding the setting valid fo =head1 NOTES When a TLS/SSL server requests a client certificate (see -B), it sends a list of CAs, for which +B), it sends a list of CAs, for which it will accept certificates, to the client. This list must explicitly be set using SSL_CTX_set_client_CA_list() for Index: crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod =================================================================== --- crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod (revision 279126) +++ crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod (working copy) @@ -29,7 +29,7 @@ using the B and B arguments and "1" mu certificate will be installed into B, see the NOTES and BUGS sections. If no certificate should be set, "0" has to be returned and no certificate will be sent. A negative return value will suspend the handshake and the -handshake function will return immediatly. L +handshake function will return immediately. L will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call of client_cert_cb(). It is the job of the client_cert_cb() to store information Index: crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod =================================================================== --- crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod (revision 279126) +++ crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod (working copy) @@ -61,12 +61,16 @@ deal with read/write operations returning without flag SSL_MODE_AUTO_RETRY will cause read/write operations to only return after the handshake and successful completion. -=item SSL_MODE_FALLBACK_SCSV +=item SSL_MODE_SEND_FALLBACK_SCSV Send TLS_FALLBACK_SCSV in the ClientHello. -To be set by applications that reconnect with a downgraded protocol +To be set only by applications that reconnect with a downgraded protocol version; see draft-ietf-tls-downgrade-scsv-00 for details. +DO NOT ENABLE THIS if your application attempts a normal handshake. +Only use this in explicit fallback retries, following the guidance +in draft-ietf-tls-downgrade-scsv-00. + =back =head1 RETURN VALUES Index: crypto/openssl/doc/ssl/SSL_CTX_set_options.pod =================================================================== --- crypto/openssl/doc/ssl/SSL_CTX_set_options.pod (revision 279126) +++ crypto/openssl/doc/ssl/SSL_CTX_set_options.pod (working copy) @@ -243,7 +243,7 @@ Connections and renegotiation are always permitted =head2 Unpatched client and patched OpenSSL server -The initial connection suceeds but client renegotiation is denied by the +The initial connection succeeds but client renegotiation is denied by the server with a B warning alert if TLS v1.0 is used or a fatal B alert in SSL v3.0. Index: crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod =================================================================== --- crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod (revision 0) +++ crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod (working copy) @@ -0,0 +1,195 @@ +=pod + +=head1 NAME + +SSL_CTX_set_tlsext_ticket_key_cb - set a callback for session ticket processing + +=head1 SYNOPSIS + + #include + + long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx, + int (*cb)(SSL *s, unsigned char key_name[16], + unsigned char iv[EVP_MAX_IV_LENGTH], + EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)); + +=head1 DESCRIPTION + +SSL_CTX_set_tlsext_ticket_key_cb() sets a callback fuction I for handling +session tickets for the ssl context I. Session tickets, defined in +RFC5077 provide an enhanced session resumption capability where the server +implementation is not required to maintain per session state. It only applies +to TLS and there is no SSLv3 implementation. + +The callback is available when the OpenSSL library was built without +I being defined. + +The callback function I will be called for every client instigated TLS +session when session ticket extension is presented in the TLS hello +message. It is the responsibility of this function to create or retrieve the +cryptographic parameters and to maintain their state. + +The OpenSSL library uses your callback function to help implement a common TLS +ticket construction state according to RFC5077 Section 4 such that per session +state is unnecessary and a small set of cryptographic variables needs to be +maintained by the callback function implementation. + +In order to reuse a session, a TLS client must send the a session ticket +extension to the server. The client can only send exactly one session ticket. +The server, through the callback function, either agrees to reuse the session +ticket information or it starts a full TLS handshake to create a new session +ticket. + +Before the callback function is started I and I have been +initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively. + +For new sessions tickets, when the client doesn't present a session ticket, or +an attempted retreival of the ticket failed, or a renew option was indicated, +the callback function will be called with I equal to 1. The OpenSSL +library expects that the function will set an arbitary I, initialize +I, and set the cipher context I and the hash context I. + +The I is 16 characters long and is used as a key identifier. + +The I length is the length of the IV of the corresponding cipher. The +maximum IV length is L bytes defined in B. + +The initialization vector I should be a random value. The cipher context +I should use the initialisation vector I. The cipher context can be +set using L. The hmac context can be set using L. + +When the client presents a session ticket, the callback function with be called +with I set to 0 indicating that the I function should retreive a set +of parameters. In this case I and I have already been parsed out of +the session ticket. The OpenSSL library expects that the I will be used +to retrieve a cryptographic parameters and that the cryptographic context +I will be set with the retreived parameters and the initialization vector +I. using a function like L. The I needs to be set +using L. + +If the I is still valid but a renewal of the ticket is required the +callback function should return 2. The library will call the callback again +with an arguement of enc equal to 1 to set the new ticket. + +The return value of the I function is used by OpenSSL to determine what +further processing will occur. The following return values have meaning: + +=over 4 + +=item Z<>2 + +This indicates that the I and I have been set and the session can +continue on those parameters. Additionally it indicates that the session +ticket is in a renewal period and should be replaced. The OpenSSL library will +call I again with an enc argument of 1 to set the new ticket (see RFC5077 +3.3 paragraph 2). + +=item Z<>1 + +This indicates that the I and I have been set and the session can +continue on those parameters. + +=item Z<>0 + +This indicates that it was not possible to set/retrieve a session ticket and +the SSL/TLS session will continue by by negiotationing a set of cryptographic +parameters or using the alternate SSL/TLS resumption mechanism, session ids. + +If called with enc equal to 0 the library will call the I again to get +a new set of parameters. + +=item less than 0 + +This indicates an error. + +=back + +=head1 NOTES + +Session resumption shortcuts the TLS so that the client certificate +negiotation don't occur. It makes up for this by storing client certificate +an all other negotiated state information encrypted within the ticket. In a +resumed session the applications will have all this state information available +exactly as if a full negiotation had occured. + +If an attacker can obtain the key used to encrypt a session ticket, they can +obtain the master secret for any ticket using that key and decrypt any traffic +using that session: even if the ciphersuite supports forward secrecy. As +a result applications may wish to use multiple keys and avoid using long term +keys stored in files. + +Applications can use longer keys to maintain a consistent level of security. +For example if a ciphersuite uses 256 bit ciphers but only a 128 bit ticket key +the overall security is only 128 bits because breaking the ticket key will +enable an attacker to obtain the session keys. + +=head1 EXAMPLES + +Reference Implemention: + SSL_CTX_set_tlsext_ticket_key_cb(SSL,ssl_tlsext_ticket_key_cb); + .... + + static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) + { + if (enc) { /* create new session */ + if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) ) { + return -1; /* insufficient random */ + } + + key = currentkey(); /* something that you need to implement */ + if ( !key ) { + /* current key doesn't exist or isn't valid */ + key = createkey(); /* something that you need to implement. + * createkey needs to initialise, a name, + * an aes_key, a hmac_key and optionally + * an expire time. */ + if ( !key ) { /* key couldn't be created */ + return 0; + } + } + memcpy(key_name, key->name, 16); + + EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv); + HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL); + + return 1; + + } else { /* retrieve session */ + key = findkey(name); + + if (!key || key->expire < now() ) { + return 0; + } + + HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL); + EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv ); + + if (key->expire < ( now() - RENEW_TIME ) ) { + /* return 2 - this session will get a new ticket even though the current is still valid */ + return 2; + } + return 1; + + } + } + + + +=head1 RETURN VALUES + +returns 0 to indicate the callback function was set. + +=head1 SEE ALSO + +L, L, +L, +L, +L, +L, +L, + +=head1 HISTORY + +This function was introduced in OpenSSL 0.9.8h + +=cut Index: crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod =================================================================== --- crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod (revision 279126) +++ crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod (working copy) @@ -12,12 +12,10 @@ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, S DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); - void SSL_set_tmp_dh_callback(SSL_CTX *ctx, + void SSL_set_tmp_dh_callback(SSL *ctx, DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); long SSL_set_tmp_dh(SSL *ssl, DH *dh) - DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); - =head1 DESCRIPTION SSL_CTX_set_tmp_dh_callback() sets the callback function for B to be @@ -81,7 +79,7 @@ instead (see L), but in thi is mandatory. Application authors may compile in DH parameters. Files dh512.pem, -dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current +dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current version of the OpenSSL distribution contain the 'SKIP' DH parameters, which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the B<-C> option of the Index: crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod =================================================================== --- crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod (revision 279126) +++ crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod (working copy) @@ -109,8 +109,8 @@ certificates would not be present, most likely a X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued. The depth count is "level 0:peer certificate", "level 1: CA certificate", "level 2: higher level CA certificate", and so on. Setting the maximum -depth to 2 allows the levels 0, 1, and 2. The default depth limit is 9, -allowing for the peer certificate and additional 9 CA certificates. +depth to 2 allows the levels 0, 1, and 2. The default depth limit is 100, +allowing for the peer certificate and additional 100 CA certificates. The B function is used to control the behaviour when the SSL_VERIFY_PEER flag is set. It must be supplied by the application and Index: crypto/openssl/doc/ssl/SSL_get_version.pod =================================================================== --- crypto/openssl/doc/ssl/SSL_get_version.pod (revision 279126) +++ crypto/openssl/doc/ssl/SSL_get_version.pod (working copy) @@ -12,12 +12,12 @@ SSL_get_version - get the protocol version of a co =head1 DESCRIPTION -SSL_get_cipher_version() returns the name of the protocol used for the +SSL_get_version() returns the name of the protocol used for the connection B. =head1 RETURN VALUES -The following strings can occur: +The following strings can be returned: =over 4 @@ -31,8 +31,16 @@ The connection uses the SSLv3 protocol. =item TLSv1 -The connection uses the TLSv1 protocol. +The connection uses the TLSv1.0 protocol. +=item TLSv1.1 + +The connection uses the TLSv1.1 protocol. + +=item TLSv1.2 + +The connection uses the TLSv1.2 protocol. + =item unknown This indicates that no version has been set (no connection established). Index: crypto/openssl/doc/ssl/SSL_shutdown.pod =================================================================== --- crypto/openssl/doc/ssl/SSL_shutdown.pod (revision 279126) +++ crypto/openssl/doc/ssl/SSL_shutdown.pod (working copy) @@ -104,7 +104,7 @@ erroneous SSL_ERROR_SYSCALL may be flagged even th The shutdown was successfully completed. The "close notify" alert was sent and the peer's "close notify" alert was received. -=item -1 +=item Z<>-1 The shutdown was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. It can also occur if Index: crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod =================================================================== --- crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod (revision 279126) +++ crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod (working copy) @@ -48,6 +48,16 @@ known limit on the size of the created ASN1 repres amount of space should be obtained by first calling i2d_SSL_SESSION() with B, and obtain the size needed, then allocate the memory and call i2d_SSL_SESSION() again. +Note that this will advance the value contained in B<*pp> so it is necessary +to save a copy of the original allocation. +For example: + int i,j; + char *p, *temp; + i = i2d_SSL_SESSION(sess, NULL); + p = temp = malloc(i); + j = i2d_SSL_SESSION(sess, &temp); + assert(i == j); + assert(p+i == temp); =head1 RETURN VALUES Index: crypto/openssl/e_os.h =================================================================== --- crypto/openssl/e_os.h (revision 279126) +++ crypto/openssl/e_os.h (working copy) @@ -275,7 +275,7 @@ extern "C" { # ifdef _WIN64 # define strlen(s) _strlen31(s) /* cut strings to 2GB */ -static unsigned int _strlen31(const char *str) +static __inline unsigned int _strlen31(const char *str) { unsigned int len=0; while (*str && len<0x80000000U) str++, len++; @@ -360,7 +360,7 @@ extern "C" { # define DEFAULT_HOME "C:" # endif -#else /* The non-microsoft world world */ +#else /* The non-microsoft world */ # ifdef OPENSSL_SYS_VMS # define VMS 1 @@ -702,9 +702,25 @@ struct servent *getservbyname(const char *name, co #endif /* end vxworks */ +#if !defined(inline) && !defined(__cplusplus) +# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L + /* do nothing, inline works */ +# elif defined(__GNUC__) && __GNUC__>=2 +# define inline __inline__ +# elif defined(_MSC_VER) + /* + * Visual Studio: inline is available in C++ only, however + * __inline is available for C, see + * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx + */ +# define inline __inline +# else +# define inline +# endif +#endif + #ifdef __cplusplus } #endif #endif - Index: crypto/openssl/openssl.spec =================================================================== --- crypto/openssl/openssl.spec (revision 279126) +++ crypto/openssl/openssl.spec (working copy) @@ -6,7 +6,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 0.9.8za +Version: 0.9.8zd Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries Index: crypto/openssl/ssl/Makefile =================================================================== --- crypto/openssl/ssl/Makefile (revision 279126) +++ crypto/openssl/ssl/Makefile (working copy) @@ -545,27 +545,28 @@ s3_both.o: ../include/openssl/ssl23.h ../include/o s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h -s3_cbc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s3_cbc.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s3_cbc.o: ../include/openssl/comp.h ../include/openssl/crypto.h -s3_cbc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h -s3_cbc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -s3_cbc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -s3_cbc.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_cbc.o: ../include/openssl/fips.h ../include/openssl/hmac.h -s3_cbc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_cbc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -s3_cbc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_cbc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s3_cbc.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s3_cbc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s3_cbc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s3_cbc.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_cbc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_cbc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_cbc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_cbc.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_cbc.o: ../include/openssl/x509_vfy.h s3_cbc.c ssl_locl.h +s3_cbc.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h +s3_cbc.o: ../include/openssl/bio.h ../include/openssl/bn.h +s3_cbc.o: ../include/openssl/buffer.h ../include/openssl/comp.h +s3_cbc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h +s3_cbc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h +s3_cbc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +s3_cbc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +s3_cbc.o: ../include/openssl/evp.h ../include/openssl/fips.h +s3_cbc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s3_cbc.o: ../include/openssl/lhash.h ../include/openssl/md5.h +s3_cbc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_cbc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_cbc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s3_cbc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s3_cbc.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s3_cbc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_cbc.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s3_cbc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_cbc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_cbc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_cbc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_cbc.c +s3_cbc.o: ssl_locl.h s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -674,29 +675,29 @@ s3_pkt.o: ../include/openssl/ssl3.h ../include/ope s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_pkt.c s3_pkt.o: ssl_locl.h -s3_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h -s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s3_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s3_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s3_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s3_srvr.o: ../include/openssl/evp.h ../include/openssl/fips.h -s3_srvr.o: ../include/openssl/hmac.h ../include/openssl/krb5_asn.h -s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s3_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h -s3_srvr.o: s3_srvr.c ssl_locl.h +s3_srvr.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h +s3_srvr.o: ../include/openssl/bio.h ../include/openssl/bn.h +s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h +s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/dh.h +s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h +s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s3_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s3_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h +s3_srvr.o: ../include/openssl/fips.h ../include/openssl/hmac.h +s3_srvr.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h +s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h +s3_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s3_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_srvr.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_srvr.c ssl_locl.h ssl_algs.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_algs.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_algs.o: ../include/openssl/comp.h ../include/openssl/crypto.h Index: crypto/openssl/ssl/d1_both.c =================================================================== --- crypto/openssl/ssl/d1_both.c (revision 279126) +++ crypto/openssl/ssl/d1_both.c (working copy) @@ -1195,6 +1195,8 @@ dtls1_buffer_message(SSL *s, int is_ccs) OPENSSL_assert(s->init_off == 0); frag = dtls1_hm_fragment_new(s->init_num, 0); + if (!frag) + return 0; memcpy(frag->fragment, s->init_buf->data, s->init_num); Index: crypto/openssl/ssl/d1_srvr.c =================================================================== --- crypto/openssl/ssl/d1_srvr.c (revision 279126) +++ crypto/openssl/ssl/d1_srvr.c (working copy) @@ -468,10 +468,11 @@ int dtls1_accept(SSL *s) s->state = SSL3_ST_SR_CLNT_HELLO_C; } else { - /* could be sent for a DH cert, even if we - * have not asked for it :-) */ - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; + if (s->s3->tmp.cert_request) + { + ret=ssl3_get_client_certificate(s); + if (ret <= 0) goto end; + } s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } Index: crypto/openssl/ssl/s23_lib.c =================================================================== --- crypto/openssl/ssl/s23_lib.c (revision 279126) +++ crypto/openssl/ssl/s23_lib.c (working copy) @@ -112,6 +112,9 @@ int ssl23_put_cipher_by_char(const SSL_CIPHER *c, long l; /* We can write SSLv2 and SSLv3 ciphers */ + /* but no ECC ciphers */ + if (c->algorithms & (SSL_ECDH|SSL_aECDSA)) + return 0; if (p != NULL) { l=c->id; Index: crypto/openssl/ssl/s3_cbc.c =================================================================== --- crypto/openssl/ssl/s3_cbc.c (revision 279126) +++ crypto/openssl/ssl/s3_cbc.c (working copy) @@ -53,6 +53,7 @@ * */ +#include "../crypto/constant_time_locl.h" #include "ssl_locl.h" #include @@ -67,37 +68,6 @@ * supported by TLS.) */ #define MAX_HASH_BLOCK_SIZE 128 -/* Some utility functions are needed: - * - * These macros return the given value with the MSB copied to all the other - * bits. They use the fact that arithmetic shift shifts-in the sign bit. - * However, this is not ensured by the C standard so you may need to replace - * them with something else on odd CPUs. */ -#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) ) -#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x))) - -/* constant_time_lt returns 0xff if a=b and 0x00 otherwise. */ -static unsigned constant_time_ge(unsigned a, unsigned b) - { - a -= b; - return DUPLICATE_MSB_TO_ALL(~a); - } - -/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */ -static unsigned char constant_time_eq_8(unsigned a, unsigned b) - { - unsigned c = a ^ b; - c--; - return DUPLICATE_MSB_TO_ALL_8(c); - } - /* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC * record in |rec| by updating |rec->length| in constant time. * @@ -126,8 +96,8 @@ int ssl3_cbc_remove_padding(const SSL* s, padding_length = good & (padding_length+1); rec->length -= padding_length; rec->type |= padding_length<<8; /* kludge: pass padding length */ - return (int)((good & 1) | (~good & -1)); -} + return constant_time_select_int(good, 1, -1); + } /* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC * record in |rec| in constant time and returns 1 if the padding is valid and @@ -201,7 +171,7 @@ int tls1_cbc_remove_padding(const SSL* s, for (i = 0; i < to_check; i++) { - unsigned char mask = constant_time_ge(padding_length, i); + unsigned char mask = constant_time_ge_8(padding_length, i); unsigned char b = rec->data[rec->length-1-i]; /* The final |padding_length+1| bytes should all have the value * |padding_length|. Therefore the XOR should be zero. */ @@ -209,20 +179,14 @@ int tls1_cbc_remove_padding(const SSL* s, } /* If any of the final |padding_length+1| bytes had the wrong value, - * one or more of the lower eight bits of |good| will be cleared. We - * AND the bottom 8 bits together and duplicate the result to all the - * bits. */ - good &= good >> 4; - good &= good >> 2; - good &= good >> 1; - good <<= sizeof(good)*8-1; - good = DUPLICATE_MSB_TO_ALL(good); - + * one or more of the lower eight bits of |good| will be cleared. + */ + good = constant_time_eq(0xff, good & 0xff); padding_length = good & (padding_length+1); rec->length -= padding_length; rec->type |= padding_length<<8; /* kludge: pass padding length */ - return (int)((good & 1) | (~good & -1)); + return constant_time_select_int(good, 1, -1); } /* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in @@ -289,8 +253,8 @@ void ssl3_cbc_copy_mac(unsigned char* out, memset(rotated_mac, 0, md_size); for (i = scan_start, j = 0; i < orig_len; i++) { - unsigned char mac_started = constant_time_ge(i, mac_start); - unsigned char mac_ended = constant_time_ge(i, mac_end); + unsigned char mac_started = constant_time_ge_8(i, mac_start); + unsigned char mac_ended = constant_time_ge_8(i, mac_end); unsigned char b = rec->data[i]; rotated_mac[j++] |= b & mac_started & ~mac_ended; j &= constant_time_lt(j,md_size); @@ -676,12 +640,12 @@ void ssl3_cbc_digest_record( b = data[k-header_length]; k++; - is_past_c = is_block_a & constant_time_ge(j, c); - is_past_cp1 = is_block_a & constant_time_ge(j, c+1); + is_past_c = is_block_a & constant_time_ge_8(j, c); + is_past_cp1 = is_block_a & constant_time_ge_8(j, c+1); /* If this is the block containing the end of the * application data, and we are at the offset for the * 0x80 value, then overwrite b with 0x80. */ - b = (b&~is_past_c) | (0x80&is_past_c); + b = constant_time_select_8(is_past_c, 0x80, b); /* If this the the block containing the end of the * application data and we're past the 0x80 value then * just write zero. */ @@ -697,7 +661,8 @@ void ssl3_cbc_digest_record( if (j >= md_block_size - md_length_size) { /* If this is index_b, write a length byte. */ - b = (b&~is_block_b) | (is_block_b&length_bytes[j-(md_block_size-md_length_size)]); + b = constant_time_select_8( + is_block_b, length_bytes[j-(md_block_size-md_length_size)], b); } block[j] = b; } Index: crypto/openssl/ssl/s3_clnt.c =================================================================== --- crypto/openssl/ssl/s3_clnt.c (revision 279126) +++ crypto/openssl/ssl/s3_clnt.c (working copy) @@ -442,6 +442,7 @@ int ssl3_connect(SSL *s) s->method->ssl3_enc->client_finished_label, s->method->ssl3_enc->client_finished_label_len); if (ret <= 0) goto end; + s->s3->flags |= SSL3_FLAGS_CCS_OK; s->state=SSL3_ST_CW_FLUSH; /* clear flags */ @@ -1094,8 +1095,8 @@ int ssl3_get_key_exchange(SSL *s) #endif EVP_MD_CTX md_ctx; unsigned char *param,*p; - int al,i,j,param_len,ok; - long n,alg; + int al,j,ok; + long i,param_len,n,alg; EVP_PKEY *pkey=NULL; #ifndef OPENSSL_NO_RSA RSA *rsa=NULL; @@ -1172,8 +1173,10 @@ int ssl3_get_key_exchange(SSL *s) s->session->sess_cert=ssl_sess_cert_new(); } + /* Total length of the parameters including the length prefix */ param_len=0; + al=SSL_AD_DECODE_ERROR; #ifndef OPENSSL_NO_RSA if (alg & SSL_kRSA) { @@ -1189,14 +1192,23 @@ int ssl3_get_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); goto err; } - n2s(p,i); - param_len=i+2; + + param_len = 2; if (param_len > n) { - al=SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + n2s(p,i); + + if (i > n - param_len) + { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH); goto f_err; } + param_len += i; + if (!(rsa->n=BN_bin2bn(p,i,rsa->n))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1204,14 +1216,23 @@ int ssl3_get_key_exchange(SSL *s) } p+=i; + if (2 > n - param_len) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + param_len += 2; + n2s(p,i); - param_len+=i+2; - if (param_len > n) + + if (i > n - param_len) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH); goto f_err; } + param_len += i; + if (!(rsa->e=BN_bin2bn(p,i,rsa->e))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1243,14 +1264,23 @@ int ssl3_get_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB); goto err; } - n2s(p,i); - param_len=i+2; + + param_len = 2; if (param_len > n) { - al=SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + n2s(p,i); + + if (i > n - param_len) + { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH); goto f_err; } + param_len += i; + if (!(dh->p=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1258,14 +1288,23 @@ int ssl3_get_key_exchange(SSL *s) } p+=i; + if (2 > n - param_len) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + param_len += 2; + n2s(p,i); - param_len+=i+2; - if (param_len > n) + + if (i > n - param_len) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH); goto f_err; } + param_len += i; + if (!(dh->g=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1273,14 +1312,23 @@ int ssl3_get_key_exchange(SSL *s) } p+=i; + if (2 > n - param_len) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + param_len += 2; + n2s(p,i); - param_len+=i+2; - if (param_len > n) + + if (i > n - param_len) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH); goto f_err; } + param_len += i; + if (!(dh->pub_key=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1332,13 +1380,20 @@ int ssl3_get_key_exchange(SSL *s) */ /* XXX: For now we only support named (not generic) curves - * and the ECParameters in this case is just three bytes. + * and the ECParameters in this case is just three bytes. We + * also need one byte for the length of the encoded point */ - param_len=3; - if ((param_len > n) || - (*p != NAMED_CURVE_TYPE) || - ((curve_nid = curve_id2nid(*(p + 2))) == 0)) + param_len=4; + if (param_len > n) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + + if ((*p != NAMED_CURVE_TYPE) || + ((curve_nid = curve_id2nid(*(p + 2))) == 0)) + { al=SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); goto f_err; @@ -1379,15 +1434,15 @@ int ssl3_get_key_exchange(SSL *s) encoded_pt_len = *p; /* length of encoded point */ p+=1; - param_len += (1 + encoded_pt_len); - if ((param_len > n) || + + if ((encoded_pt_len > n - param_len) || (EC_POINT_oct2point(group, srvr_ecpoint, p, encoded_pt_len, bn_ctx) == 0)) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT); goto f_err; } + param_len += encoded_pt_len; n-=param_len; p+=encoded_pt_len; @@ -1438,10 +1493,10 @@ int ssl3_get_key_exchange(SSL *s) n-=2; j=EVP_PKEY_size(pkey); + /* Check signature length. If n is 0 then signature is empty */ if ((i != n) || (n > j) || (n <= 0)) { /* wrong packet length */ - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH); goto f_err; } @@ -1450,6 +1505,7 @@ int ssl3_get_key_exchange(SSL *s) if (pkey->type == EVP_PKEY_RSA) { int num; + unsigned int size; j=0; q=md_buf; @@ -1462,9 +1518,9 @@ int ssl3_get_key_exchange(SSL *s) EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,param,param_len); - EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); - q+=i; - j+=i; + EVP_DigestFinal_ex(&md_ctx,q,&size); + q+=size; + j+=size; } i=RSA_verify(NID_md5_sha1, md_buf, j, p, n, pkey->pkey.rsa); @@ -1535,7 +1591,6 @@ int ssl3_get_key_exchange(SSL *s) } if (n != 0) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE); goto f_err; } Index: crypto/openssl/ssl/s3_pkt.c =================================================================== --- crypto/openssl/ssl/s3_pkt.c (revision 279126) +++ crypto/openssl/ssl/s3_pkt.c (working copy) @@ -110,6 +110,7 @@ */ #include +#include #include #define USE_SOCKETS #include "ssl_locl.h" @@ -230,6 +231,12 @@ int ssl3_read_n(SSL *s, int n, int max, int extend return(n); } +/* MAX_EMPTY_RECORDS defines the number of consecutive, empty records that will + * be processed per call to ssl3_get_record. Without this limit an attacker + * could send empty records at a faster rate than we can process and cause + * ssl3_get_record to loop forever. */ +#define MAX_EMPTY_RECORDS 32 + /* Call this to get a new input record. * It will return <= 0 if more data is needed, normally due to an error * or non-blocking IO. @@ -250,6 +257,7 @@ static int ssl3_get_record(SSL *s) short version; unsigned mac_size, orig_len; size_t extra; + unsigned empty_record_count = 0; rr= &(s->s3->rrec); sess=s->session; @@ -477,7 +485,17 @@ printf("\n"); s->packet_length=0; /* just read a 0 length packet */ - if (rr->length == 0) goto again; + if (rr->length == 0) + { + empty_record_count++; + if (empty_record_count > MAX_EMPTY_RECORDS) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_RECORD_TOO_SMALL); + goto f_err; + } + goto again; + } return(1); @@ -535,7 +553,7 @@ int ssl3_write_bytes(SSL *s, int type, const void int i,tot; s->rwstate=SSL_NOTHING; - OPENSSL_assert(s->s3->wnum < INT_MAX); + OPENSSL_assert(s->s3->wnum <= INT_MAX); tot=s->s3->wnum; s->s3->wnum=0; @@ -839,7 +857,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned cha if (!ssl3_setup_buffers(s)) return(-1); - if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) || + if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) || (peek && (type != SSL3_RT_APPLICATION_DATA))) { SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); Index: crypto/openssl/ssl/s3_srvr.c =================================================================== --- crypto/openssl/ssl/s3_srvr.c (revision 279126) +++ crypto/openssl/ssl/s3_srvr.c (working copy) @@ -128,6 +128,7 @@ #include #include "ssl_locl.h" #include "kssl_lcl.h" +#include "../crypto/constant_time_locl.h" #include #include #include @@ -1816,6 +1817,10 @@ int ssl3_get_client_key_exchange(SSL *s) #ifndef OPENSSL_NO_RSA if (l & SSL_kRSA) { + unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH]; + int decrypt_len; + unsigned char decrypt_good, version_good; + /* FIX THIS UP EAY EAY EAY EAY */ if (s->s3->tmp.use_rsa_tmp) { @@ -1864,54 +1869,61 @@ int ssl3_get_client_key_exchange(SSL *s) n=i; } - i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); + /* We must not leak whether a decryption failure occurs because + * of Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see + * RFC 2246, section 7.4.7.1). The code follows that advice of + * the TLS RFC and generates a random premaster secret for the + * case that the decrypt fails. See + * https://tools.ietf.org/html/rfc5246#section-7.4.7.1 */ - al = -1; - - if (i != SSL_MAX_MASTER_KEY_LENGTH) + /* should be RAND_bytes, but we cannot work around a failure. */ + if (RAND_pseudo_bytes(rand_premaster_secret, + sizeof(rand_premaster_secret)) <= 0) + goto err; + decrypt_len = RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); + ERR_clear_error(); + + /* decrypt_len should be SSL_MAX_MASTER_KEY_LENGTH. + * decrypt_good will be 0xff if so and zero otherwise. */ + decrypt_good = constant_time_eq_int_8(decrypt_len, SSL_MAX_MASTER_KEY_LENGTH); + + /* If the version in the decrypted pre-master secret is correct + * then version_good will be 0xff, otherwise it'll be zero. + * The Klima-Pokorny-Rosa extension of Bleichenbacher's attack + * (http://eprint.iacr.org/2003/052/) exploits the version + * number check as a "bad version oracle". Thus version checks + * are done in constant time and are treated like any other + * decryption error. */ + version_good = constant_time_eq_8(p[0], (unsigned)(s->client_version>>8)); + version_good &= constant_time_eq_8(p[1], (unsigned)(s->client_version&0xff)); + + /* The premaster secret must contain the same version number as + * the ClientHello to detect version rollback attacks + * (strangely, the protocol does not offer such protection for + * DH ciphersuites). However, buggy clients exist that send the + * negotiated protocol version instead if the server does not + * support the requested protocol version. If + * SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */ + if (s->options & SSL_OP_TLS_ROLLBACK_BUG) { - al=SSL_AD_DECODE_ERROR; - /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ + unsigned char workaround_good; + workaround_good = constant_time_eq_8(p[0], (unsigned)(s->version>>8)); + workaround_good &= constant_time_eq_8(p[1], (unsigned)(s->version&0xff)); + version_good |= workaround_good; } - if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) + /* Both decryption and version must be good for decrypt_good + * to remain non-zero (0xff). */ + decrypt_good &= version_good; + + /* Now copy rand_premaster_secret over p using + * decrypt_good_mask. */ + for (i = 0; i < (int) sizeof(rand_premaster_secret); i++) { - /* The premaster secret must contain the same version number as the - * ClientHello to detect version rollback attacks (strangely, the - * protocol does not offer such protection for DH ciphersuites). - * However, buggy clients exist that send the negotiated protocol - * version instead if the server does not support the requested - * protocol version. - * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */ - if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) && - (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) - { - al=SSL_AD_DECODE_ERROR; - /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */ - - /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack - * (http://eprint.iacr.org/2003/052/) exploits the version - * number check as a "bad version oracle" -- an alert would - * reveal that the plaintext corresponding to some ciphertext - * made up by the adversary is properly formatted except - * that the version number is wrong. To avoid such attacks, - * we should treat this just like any other decryption error. */ - } + p[i] = constant_time_select_8(decrypt_good, p[i], + rand_premaster_secret[i]); } - if (al != -1) - { - /* Some decryption failure -- use random value instead as countermeasure - * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding - * (see RFC 2246, section 7.4.7.1). */ - ERR_clear_error(); - i = SSL_MAX_MASTER_KEY_LENGTH; - p[0] = s->client_version >> 8; - p[1] = s->client_version & 0xff; - if (RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */ - goto err; - } - s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, @@ -2368,7 +2380,7 @@ int ssl3_get_cert_verify(SSL *s) SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B, -1, - 514, /* 514? */ + SSL3_RT_MAX_PLAIN_LENGTH, &ok); if (!ok) return((int)n); Index: crypto/openssl/ssl/ssl.h =================================================================== --- crypto/openssl/ssl/ssl.h (revision 279126) +++ crypto/openssl/ssl/ssl.h (working copy) @@ -563,8 +563,13 @@ typedef struct ssl_session_st /* Don't attempt to automatically build certificate chain */ #define SSL_MODE_NO_AUTO_CHAIN 0x00000008L /* Send TLS_FALLBACK_SCSV in the ClientHello. - * To be set by applications that reconnect with a downgraded protocol - * version; see draft-ietf-tls-downgrade-scsv-00 for details. */ + * To be set only by applications that reconnect with a downgraded protocol + * version; see draft-ietf-tls-downgrade-scsv-00 for details. + * + * DO NOT ENABLE THIS if your application attempts a normal handshake. + * Only use this in explicit fallback retries, following the guidance + * in draft-ietf-tls-downgrade-scsv-00. + */ #define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L Index: crypto/openssl/ssl/ssl_ciph.c =================================================================== --- crypto/openssl/ssl/ssl_ciph.c (revision 279126) +++ crypto/openssl/ssl/ssl_ciph.c (working copy) @@ -390,7 +390,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const break; } - if ((i < 0) || (i > SSL_ENC_NUM_IDX)) + if ((i < 0) || (i >= SSL_ENC_NUM_IDX)) *enc=NULL; else { @@ -412,7 +412,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const i= -1; break; } - if ((i < 0) || (i > SSL_MD_NUM_IDX)) + if ((i < 0) || (i >= SSL_MD_NUM_IDX)) *md=NULL; else *md=ssl_digest_methods[i]; Index: crypto/openssl/ssl/ssl_lib.c =================================================================== --- crypto/openssl/ssl/ssl_lib.c (revision 279126) +++ crypto/openssl/ssl/ssl_lib.c (working copy) @@ -1401,6 +1401,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK); goto err; } + p += n; continue; } Index: crypto/openssl/ssl/ssl_stat.c =================================================================== --- crypto/openssl/ssl/ssl_stat.c (revision 279126) +++ crypto/openssl/ssl/ssl_stat.c (working copy) @@ -186,7 +186,6 @@ case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certi case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break; #endif -#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) /* SSLv2/v3 compatibility states */ /* client */ case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break; @@ -196,7 +195,6 @@ case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read /* server */ case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break; case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break; -#endif /* DTLS */ case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break; @@ -340,7 +338,6 @@ case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break; #endif -#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) /* SSLv2/v3 compatibility states */ /* client */ case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break; @@ -350,7 +347,7 @@ case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; bre /* server */ case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break; case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break; -#endif + /* DTLS */ case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break; case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break; Index: crypto/openssl/ssl/t1_lib.c =================================================================== --- crypto/openssl/ssl/t1_lib.c (revision 279126) +++ crypto/openssl/ssl/t1_lib.c (working copy) @@ -1117,7 +1117,11 @@ static int tls_decrypt_ticket(SSL *s, const unsign } EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) + { + EVP_CIPHER_CTX_cleanup(&ctx); + OPENSSL_free(sdec); goto tickerr; + } slen += mlen; EVP_CIPHER_CTX_cleanup(&ctx); p = sdec; Index: crypto/openssl/test/Makefile =================================================================== --- crypto/openssl/test/Makefile (revision 279126) +++ crypto/openssl/test/Makefile (working copy) @@ -72,6 +72,7 @@ FIPS_DSATEST= fips_dsatest FIPS_DSSVS= fips_dssvs FIPS_RNGVS= fips_rngvs FIPS_TEST_SUITE=fips_test_suite +CONSTTIMETEST= constant_time_test TESTS= alltests @@ -88,7 +89,8 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(EC $(FIPS_HMACTEST)$(EXE_EXT) $(FIPS_RSAVTEST)$(EXE_EXT) \ $(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \ $(FIPS_DSSVS)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) \ - $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) jpaketest$(EXE_EXT) + $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) \ + jpaketest$(EXE_EXT) $(CONSTTIMETEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -105,7 +107,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECD $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \ $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o \ $(FIPS_DSSVS).o $(FIPS_DSATEST).o $(FIPS_RNGVS).o $(FIPS_TEST_SUITE).o \ - jpaketest.o + jpaketest.o $(CONSTTIMETEST).o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ @@ -119,7 +121,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECD $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \ $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c \ $(FIPS_DSSVS).c $(FIPS_DSATEST).c $(FIPS_RNGVS).c $(FIPS_TEST_SUITE).c \ - jpaketest.c + jpaketest.c $(CONSTTIMETEST).c EXHEADER= HEADER= $(EXHEADER) @@ -161,7 +163,8 @@ alltests: \ test_rand test_bn test_ec test_ecdsa test_ecdh \ test_enc test_x509 test_rsa test_crl test_sid \ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ - test_ss test_ca test_engine test_evp test_ssl test_ige test_jpake + test_ss test_ca test_engine test_evp test_ssl test_ige test_jpake \ + test_constant_time test_evp: ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt @@ -333,6 +336,10 @@ test_jpake: jpaketest$(EXE_EXT) @echo "Test JPAKE" ../util/shlib_wrap.sh ./jpaketest +test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) + @echo "Test constant time utilites" + ../util/shlib_wrap.sh ./$(CONSTTIMETEST) + lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @@ -527,6 +534,9 @@ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) jpaketest$(EXE_EXT): jpaketest.o $(DLIBCRYPTO) @target=jpaketest; $(BUILD_CMD) +$(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o + @target=$(CONSTTIMETEST) $(BUILD_CMD) + #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c @@ -561,6 +571,9 @@ bntest.o: ../include/openssl/symhacks.h ../include bntest.o: ../include/openssl/x509_vfy.h bntest.c casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h casttest.o: ../include/openssl/opensslconf.h casttest.c +constant_time_test.o: ../crypto/constant_time_locl.h ../e_os.h +constant_time_test.o: ../include/openssl/e_os2.h +constant_time_test.o: ../include/openssl/opensslconf.h constant_time_test.c destest.o: ../include/openssl/des.h ../include/openssl/des_old.h destest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h destest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h Index: crypto/openssl/test/constant_time_test.c =================================================================== --- crypto/openssl/test/constant_time_test.c (revision 0) +++ crypto/openssl/test/constant_time_test.c (working copy) @@ -0,0 +1 @@ +link ../crypto/constant_time_test.c \ No newline at end of file Index: crypto/openssl/util/mk1mf.pl =================================================================== --- crypto/openssl/util/mk1mf.pl (revision 279126) +++ crypto/openssl/util/mk1mf.pl (working copy) @@ -786,12 +786,6 @@ foreach (values %lib_nam) $lib_obj=$lib_obj{$_}; local($slib)=$shlib; - if (($_ eq "SSL") && $no_ssl2 && $no_ssl3) - { - $rules.="\$(O_SSL):\n\n"; - next; - } - if ((!$fips && ($_ eq "CRYPTO")) || ($fips && ($_ eq "FIPS"))) { if ($cpuid_asm_obj ne "") Index: crypto/openssl/util/mkerr.pl =================================================================== --- crypto/openssl/util/mkerr.pl (revision 279126) +++ crypto/openssl/util/mkerr.pl (working copy) @@ -698,7 +698,7 @@ foreach (keys %rcodes) { push (@runref, $_) unless exists $urcodes{$_}; } -if($debug && defined(@funref) ) { +if($debug && @funref) { print STDERR "The following function codes were not referenced:\n"; foreach(sort @funref) { @@ -706,7 +706,7 @@ foreach (keys %rcodes) { } } -if($debug && defined(@runref) ) { +if($debug && @runref) { print STDERR "The following reason codes were not referenced:\n"; foreach(sort @runref) { Index: secure/lib/libcrypto/Makefile =================================================================== --- secure/lib/libcrypto/Makefile (revision 279126) +++ secure/lib/libcrypto/Makefile (working copy) @@ -239,8 +239,8 @@ SRCS+= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p INCS+= pkcs12.h pkcs7.h # pkcs7 -SRCS+= example.c pk7_asn1.c pk7_attr.c pk7_dgst.c pk7_doit.c \ - pk7_lib.c pk7_mime.c pk7_smime.c pkcs7err.c +SRCS+= pk7_asn1.c pk7_attr.c pk7_dgst.c pk7_doit.c pk7_lib.c \ + pk7_mime.c pk7_smime.c pkcs7err.c # pqueue SRCS+= pqueue.c Index: secure/lib/libcrypto/Makefile.inc =================================================================== --- secure/lib/libcrypto/Makefile.inc (revision 279126) +++ secure/lib/libcrypto/Makefile.inc (working copy) @@ -3,8 +3,8 @@ .include # OpenSSL version used for manual page generation -OPENSSL_VER= 0.9.8za -OPENSSL_DATE= 2014-06-05 +OPENSSL_VER= 0.9.8zd +OPENSSL_DATE= 2015-01-08 LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl LCRYPTO_DOC= ${.CURDIR}/../../../crypto/openssl/doc Index: secure/lib/libcrypto/man/ASN1_OBJECT_new.3 =================================================================== --- secure/lib/libcrypto/man/ASN1_OBJECT_new.3 (revision 279126) +++ secure/lib/libcrypto/man/ASN1_OBJECT_new.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_OBJECT_new 3" -.TH ASN1_OBJECT_new 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ASN1_OBJECT_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -142,7 +151,7 @@ ASN1_OBJECT_new, ASN1_OBJECT_free, \- object alloc .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an -\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0. +\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1 OBJECT IDENTIFIER.\s0 .PP \&\fIASN1_OBJECT_new()\fR allocates and initializes a \s-1ASN1_OBJECT\s0 structure. .PP Index: secure/lib/libcrypto/man/ASN1_STRING_length.3 =================================================================== --- secure/lib/libcrypto/man/ASN1_STRING_length.3 (revision 279126) +++ secure/lib/libcrypto/man/ASN1_STRING_length.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_length 3" -.TH ASN1_STRING_length 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ASN1_STRING_length 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -193,7 +202,7 @@ utility functions should be used instead. In general it cannot be assumed that the data returned by \fIASN1_STRING_data()\fR is null terminated or does not contain embedded nulls. The actual format of the data will depend on the actual string type itself: for example -for and IA5String the data will be \s-1ASCII\s0, for a BMPString two bytes per +for and IA5String the data will be \s-1ASCII,\s0 for a BMPString two bytes per character in big endian format, UTF8String will be in \s-1UTF8\s0 format. .PP Similar care should be take to ensure the data is in the correct format Index: secure/lib/libcrypto/man/ASN1_STRING_new.3 =================================================================== --- secure/lib/libcrypto/man/ASN1_STRING_new.3 (revision 279126) +++ secure/lib/libcrypto/man/ASN1_STRING_new.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_new 3" -.TH ASN1_STRING_new 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ASN1_STRING_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 =================================================================== --- secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 (revision 279126) +++ secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_print_ex 3" -.TH ASN1_STRING_print_ex 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ASN1_STRING_print_ex 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,7 +159,7 @@ the options \fBflags\fR. \fIASN1_STRING_print_ex_f to \fBfp\fR instead. .PP \&\fIASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to -\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR\s0, \s-1LF\s0) +\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0) with '.'. .SH "NOTES" .IX Header "NOTES" @@ -157,7 +166,7 @@ with '.'. \&\fIASN1_STRING_print()\fR is a legacy function which should be avoided in new applications. .PP Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is -suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253\s0 & ~ASN1_STRFLGS_ESC_MSB\fR. +suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253 &\s0 ~ASN1_STRFLGS_ESC_MSB\fR. .PP The complete set of supported options for \fBflags\fR is listed below. .PP @@ -189,7 +198,7 @@ all: everything is assumed to be one byte per char debugging purposes and can result in confusing output in multi character strings. .PP If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out -before its value (for example \*(L"\s-1BMPSTRING\s0\*(R"), this actually uses \fIASN1_tag2str()\fR. +before its value (for example \*(L"\s-1BMPSTRING\*(R"\s0), this actually uses \fIASN1_tag2str()\fR. .PP The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just outputs the value of the string using the form #XXXX using hex format for each @@ -197,7 +206,7 @@ octet. .PP If \fB\s-1ASN1_STRFLGS_DUMP_ALL\s0\fR is set then any type is dumped. .PP -Normally non character string types (such as \s-1OCTET\s0 \s-1STRING\s0) are assumed to be +Normally non character string types (such as \s-1OCTET STRING\s0) are assumed to be one byte per character, if \fB\s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0\fR is set then they will be dumped instead. .PP @@ -205,10 +214,10 @@ When a type is dumped normally just the content oc \&\fB\s-1ASN1_STRFLGS_DUMP_DER\s0\fR is set then the complete encoding is dumped instead (including tag and length octets). .PP -\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253\s0. It is +\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253.\s0 It is equivalent to: \s-1ASN1_STRFLGS_ESC_2253\s0 | \s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | - \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0 \s-1ASN1_STRFLGS_DUMP_DER\s0 + \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIX509_NAME_print_ex\fR\|(3), Index: secure/lib/libcrypto/man/ASN1_generate_nconf.3 =================================================================== --- secure/lib/libcrypto/man/ASN1_generate_nconf.3 (revision 279126) +++ secure/lib/libcrypto/man/ASN1_generate_nconf.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_generate_nconf 3" -.TH ASN1_generate_nconf 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ASN1_generate_nconf 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -162,7 +171,7 @@ is: That is zero or more comma separated modifiers followed by a type followed by an optional colon and a value. The formats of \fBtype\fR, \&\fBvalue\fR and \fBmodifier\fR are explained below. -.SS "\s-1SUPPORTED\s0 \s-1TYPES\s0" +.SS "\s-1SUPPORTED TYPES\s0" .IX Subsection "SUPPORTED TYPES" The supported types are listed below. Unless otherwise specified only the \fB\s-1ASCII\s0\fR format is permissible. @@ -177,46 +186,46 @@ are acceptable. Encode the \fB\s-1NULL\s0\fR type, the \fBvalue\fR string must not be present. .IP "\fB\s-1INTEGER\s0\fR, \fB\s-1INT\s0\fR" 2 .IX Item "INTEGER, INT" -Encodes an \s-1ASN1\s0 \fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents -the value of the integer, it can be preceeded by a minus sign and +Encodes an \s-1ASN1 \s0\fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents +the value of the integer, it can be preceded by a minus sign and is normally interpreted as a decimal value unless the prefix \fB0x\fR is included. .IP "\fB\s-1ENUMERATED\s0\fR, \fB\s-1ENUM\s0\fR" 2 .IX Item "ENUMERATED, ENUM" -Encodes the \s-1ASN1\s0 \fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to +Encodes the \s-1ASN1 \s0\fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to \&\fB\s-1INTEGER\s0\fR. .IP "\fB\s-1OBJECT\s0\fR, \fB\s-1OID\s0\fR" 2 .IX Item "OBJECT, OID" -Encodes an \s-1ASN1\s0 \fB\s-1OBJECT\s0 \s-1IDENTIFIER\s0\fR, the \fBvalue\fR string can be +Encodes an \s-1ASN1 \s0\fB\s-1OBJECT IDENTIFIER\s0\fR, the \fBvalue\fR string can be a short name, a long name or numerical format. .IP "\fB\s-1UTCTIME\s0\fR, \fB\s-1UTC\s0\fR" 2 .IX Item "UTCTIME, UTC" -Encodes an \s-1ASN1\s0 \fBUTCTime\fR structure, the value should be in +Encodes an \s-1ASN1 \s0\fBUTCTime\fR structure, the value should be in the format \fB\s-1YYMMDDHHMMSSZ\s0\fR. .IP "\fB\s-1GENERALIZEDTIME\s0\fR, \fB\s-1GENTIME\s0\fR" 2 .IX Item "GENERALIZEDTIME, GENTIME" -Encodes an \s-1ASN1\s0 \fBGeneralizedTime\fR structure, the value should be in +Encodes an \s-1ASN1 \s0\fBGeneralizedTime\fR structure, the value should be in the format \fB\s-1YYYYMMDDHHMMSSZ\s0\fR. .IP "\fB\s-1OCTETSTRING\s0\fR, \fB\s-1OCT\s0\fR" 2 .IX Item "OCTETSTRING, OCT" -Encodes an \s-1ASN1\s0 \fB\s-1OCTET\s0 \s-1STRING\s0\fR. \fBvalue\fR represents the contents +Encodes an \s-1ASN1 \s0\fB\s-1OCTET STRING\s0\fR. \fBvalue\fR represents the contents of this structure, the format strings \fB\s-1ASCII\s0\fR and \fB\s-1HEX\s0\fR can be used to specify the format of \fBvalue\fR. .IP "\fB\s-1BITSTRING\s0\fR, \fB\s-1BITSTR\s0\fR" 2 .IX Item "BITSTRING, BITSTR" -Encodes an \s-1ASN1\s0 \fB\s-1BIT\s0 \s-1STRING\s0\fR. \fBvalue\fR represents the contents +Encodes an \s-1ASN1 \s0\fB\s-1BIT STRING\s0\fR. \fBvalue\fR represents the contents of this structure, the format strings \fB\s-1ASCII\s0\fR, \fB\s-1HEX\s0\fR and \fB\s-1BITLIST\s0\fR can be used to specify the format of \fBvalue\fR. .Sp If the format is anything other than \fB\s-1BITLIST\s0\fR the number of unused bits is set to zero. -.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR" 2 -.IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString" +.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR, \fB\s-1NUMERICSTRING\s0\fR, \fB\s-1NUMERIC\s0\fR" 2 +.IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString, NUMERICSTRING, NUMERIC" These encode the corresponding string types. \fBvalue\fR represents the contents of this structure. The format can be \fB\s-1ASCII\s0\fR or \fB\s-1UTF8\s0\fR. .IP "\fB\s-1SEQUENCE\s0\fR, \fB\s-1SEQ\s0\fR, \fB\s-1SET\s0\fR" 2 .IX Item "SEQUENCE, SEQ, SET" -Formats the result as an \s-1ASN1\s0 \fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fBvalue\fR +Formats the result as an \s-1ASN1 \s0\fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fBvalue\fR should be a section name which will contain the contents. The field names in the section are ignored and the values are in the generated string format. If \fBvalue\fR is absent then an empty \s-1SEQUENCE\s0 @@ -233,9 +242,9 @@ Add an explicit tag to the following structure. Th should be followed by a colon and the tag value to use as a decimal value. .Sp -By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR \s-1UNIVERSAL\s0, -\&\s-1APPLICATION\s0, \s-1PRIVATE\s0 or \s-1CONTEXT\s0 \s-1SPECIFIC\s0 tagging can be used, -the default is \s-1CONTEXT\s0 \s-1SPECIFIC\s0. +By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR \s-1UNIVERSAL, +APPLICATION, PRIVATE\s0 or \s-1CONTEXT SPECIFIC\s0 tagging can be used, +the default is \s-1CONTEXT SPECIFIC.\s0 .IP "\fB\s-1IMPLICIT\s0\fR, \fB\s-1IMP\s0\fR" 2 .IX Item "IMPLICIT, IMP" This is the same as \fB\s-1EXPLICIT\s0\fR except \s-1IMPLICIT\s0 tagging is used @@ -242,8 +251,8 @@ This is the same as \fB\s-1EXPLICIT\s0\fR except \ instead. .IP "\fB\s-1OCTWRAP\s0\fR, \fB\s-1SEQWRAP\s0\fR, \fB\s-1SETWRAP\s0\fR, \fB\s-1BITWRAP\s0\fR" 2 .IX Item "OCTWRAP, SEQWRAP, SETWRAP, BITWRAP" -The following structure is surrounded by an \s-1OCTET\s0 \s-1STRING\s0, a \s-1SEQUENCE\s0, -a \s-1SET\s0 or a \s-1BIT\s0 \s-1STRING\s0 respectively. For a \s-1BIT\s0 \s-1STRING\s0 the number of unused +The following structure is surrounded by an \s-1OCTET STRING,\s0 a \s-1SEQUENCE,\s0 +a \s-1SET\s0 or a \s-1BIT STRING\s0 respectively. For a \s-1BIT STRING\s0 the number of unused bits is set to zero. .IP "\fB\s-1FORMAT\s0\fR" 2 .IX Item "FORMAT" @@ -252,8 +261,8 @@ by a colon and one of the strings \fB\s-1ASCII\s0\ .Sp If no format specifier is included then \fB\s-1ASCII\s0\fR is used. If \fB\s-1UTF8\s0\fR is specified then the value string must be a valid \fB\s-1UTF8\s0\fR string. For \fB\s-1HEX\s0\fR the -output must be a set of hex digits. \fB\s-1BITLIST\s0\fR (which is only valid for a \s-1BIT\s0 -\&\s-1STRING\s0) is a comma separated list of the indices of the set bits, all other +output must be a set of hex digits. \fB\s-1BITLIST\s0\fR (which is only valid for a \s-1BIT +STRING\s0) is a comma separated list of the indices of the set bits, all other bits are zero. .SH "EXAMPLES" .IX Header "EXAMPLES" Index: secure/lib/libcrypto/man/BIO_ctrl.3 =================================================================== --- secure/lib/libcrypto/man/BIO_ctrl.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_ctrl.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_ctrl 3" -.TH BIO_ctrl 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_ctrl 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -164,7 +173,7 @@ BIO_get_info_callback, BIO_set_info_callback \- BI .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIBIO_ctrl()\fR, \fIBIO_callback_ctrl()\fR, \fIBIO_ptr_ctrl()\fR and \fIBIO_int_ctrl()\fR -are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types. +are \s-1BIO \s0\*(L"control\*(R" operations taking arguments of various types. These functions are not normally called directly, various macros are used instead. The standard macros are described below, macros specific to a particular type of \s-1BIO\s0 are described in the specific @@ -178,16 +187,16 @@ start of the file. \&\fIBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and \&\s-1FILE\s0 BIOs) file position pointer to \fBofs\fR bytes from start of file. .PP -\&\fIBIO_tell()\fR returns the current file position of a file related \s-1BIO\s0. +\&\fIBIO_tell()\fR returns the current file position of a file related \s-1BIO.\s0 .PP \&\fIBIO_flush()\fR normally writes out any internally buffered data, in some cases it is used to signal \s-1EOF\s0 and that no more data will be written. .PP -\&\fIBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF\s0, the precise meaning of -\&\*(L"\s-1EOF\s0\*(R" varies according to the \s-1BIO\s0 type. +\&\fIBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of +\&\*(L"\s-1EOF\*(R"\s0 varies according to the \s-1BIO\s0 type. .PP -\&\fIBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can -take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0. Typically \s-1BIO_CLOSE\s0 is used +\&\fIBIO_set_close()\fR sets the \s-1BIO \s0\fBb\fR close flag to \fBflag\fR. \fBflag\fR can +take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 Typically \s-1BIO_CLOSE\s0 is used in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should be closed when the \s-1BIO\s0 is freed. .PP @@ -213,7 +222,7 @@ for success and \-1 for failure. .PP \&\fIBIO_set_close()\fR always returns 1. .PP -\&\fIBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0. +\&\fIBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 .PP \&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR return the amount of pending data. @@ -234,10 +243,10 @@ Filter BIOs if they do not internally handle a par operation usually pass the operation to the next \s-1BIO\s0 in the chain. This often means there is no need to locate the required \s-1BIO\s0 for a particular operation, it can be called on a chain and it will -be automatically passed to the relevant \s-1BIO\s0. However this can cause +be automatically passed to the relevant \s-1BIO.\s0 However this can cause unexpected results: for example no current filter BIOs implement \&\fIBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0 -or file descriptor \s-1BIO\s0. +or file descriptor \s-1BIO.\s0 .PP Source/sink BIOs return an 0 if they do not recognize the \fIBIO_ctrl()\fR operation. Index: secure/lib/libcrypto/man/BIO_f_base64.3 =================================================================== --- secure/lib/libcrypto/man/BIO_f_base64.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_f_base64.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_base64 3" -.TH BIO_f_base64 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_f_base64 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,7 +158,7 @@ Base64 BIOs do not support \fIBIO_gets()\fR or \fI .PP \&\fIBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is used to signal that no more data is to be encoded: this is used -to flush the final block through the \s-1BIO\s0. +to flush the final block through the \s-1BIO.\s0 .PP The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fIBIO_set_flags()\fR to encode the data all on one line or expect the data to be all @@ -172,11 +181,11 @@ to standard output: \& \& b64 = BIO_new(BIO_f_base64()); \& bio = BIO_new_fp(stdout, BIO_NOCLOSE); -\& bio = BIO_push(b64, bio); -\& BIO_write(bio, message, strlen(message)); -\& BIO_flush(bio); +\& BIO_push(b64, bio); +\& BIO_write(b64, message, strlen(message)); +\& BIO_flush(b64); \& -\& BIO_free_all(bio); +\& BIO_free_all(b64); .Ve .PP Read Base64 encoded data from standard input and write the decoded @@ -190,11 +199,12 @@ data to standard output: \& b64 = BIO_new(BIO_f_base64()); \& bio = BIO_new_fp(stdin, BIO_NOCLOSE); \& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); -\& bio = BIO_push(b64, bio); -\& while((inlen = BIO_read(bio, inbuf, 512)) > 0) +\& BIO_push(b64, bio); +\& while((inlen = BIO_read(b64, inbuf, 512)) > 0) \& BIO_write(bio_out, inbuf, inlen); \& -\& BIO_free_all(bio); +\& BIO_flush(bio_out); +\& BIO_free_all(b64); .Ve .SH "BUGS" .IX Header "BUGS" @@ -202,7 +212,7 @@ The ambiguity of \s-1EOF\s0 in base64 encoded data data following the base64 encoded block to be misinterpreted. .PP There should be some way of specifying a test that the \s-1BIO\s0 can perform -to reliably determine \s-1EOF\s0 (for example a \s-1MIME\s0 boundary). +to reliably determine \s-1EOF \s0(for example a \s-1MIME\s0 boundary). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\s-1TBA\s0 Index: secure/lib/libcrypto/man/BIO_f_buffer.3 =================================================================== --- secure/lib/libcrypto/man/BIO_f_buffer.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_f_buffer.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_buffer 3" -.TH BIO_f_buffer 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_f_buffer 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,7 +168,7 @@ Calling \fIBIO_reset()\fR on a buffering \s-1BIO\s .PP \&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR set the read, write or both read and write buffer sizes to \fBsize\fR. The initial -buffer size is \s-1DEFAULT_BUFFER_SIZE\s0, currently 4096. Any attempt to reduce the +buffer size is \s-1DEFAULT_BUFFER_SIZE,\s0 currently 4096. Any attempt to reduce the buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared when the buffer is resized. .PP Index: secure/lib/libcrypto/man/BIO_f_cipher.3 =================================================================== --- secure/lib/libcrypto/man/BIO_f_cipher.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_f_cipher.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_cipher 3" -.TH BIO_f_cipher 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_f_cipher 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,10 +163,10 @@ Cipher BIOs do not support \fIBIO_gets()\fR or \fI .PP \&\fIBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is used to signal that no more data is to be encrypted: this is used -to flush and possibly pad the final block through the \s-1BIO\s0. +to flush and possibly pad the final block through the \s-1BIO.\s0 .PP -\&\fIBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR -and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for +\&\fIBIO_set_cipher()\fR sets the cipher of \s-1BIO \s0\fBb\fR to \fBcipher\fR using key \fBkey\fR +and \s-1IV \s0\fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for decryption. .PP When reading from an encryption \s-1BIO\s0 the final block is automatically @@ -172,7 +181,7 @@ with the standard cipher routines to set it up. Th .SH "NOTES" .IX Header "NOTES" When encrypting \fIBIO_flush()\fR \fBmust\fR be called to flush the final block -through the \s-1BIO\s0. If it is not then the final block will fail a subsequent +through the \s-1BIO.\s0 If it is not then the final block will fail a subsequent decrypt. .PP When decrypting an error on the final block is signalled by a zero @@ -181,7 +190,7 @@ by \s-1EOF\s0 will also return zero for the final should be called to determine if the decrypt was successful. .PP As always, if \fIBIO_gets()\fR or \fIBIO_puts()\fR support is needed then it can -be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO\s0. +be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. Index: secure/lib/libcrypto/man/BIO_f_md.3 =================================================================== --- secure/lib/libcrypto/man/BIO_f_md.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_f_md.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_md 3" -.TH BIO_f_md 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_f_md 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,9 +165,9 @@ Any data written or read through a digest \s-1BIO\ digest calculation and returns the digest value. \fIBIO_puts()\fR is not supported. .PP -\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO\s0. +\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO.\s0 .PP -\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this +\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO \s0\fBb\fR to \fBmd\fR: this must be called to initialize a digest \s-1BIO\s0 before any data is passed through it. It is a \fIBIO_ctrl()\fR macro. .PP @@ -183,7 +192,7 @@ data is passed through it. .PP If an application needs to call \fIBIO_gets()\fR or \fIBIO_puts()\fR through a chain containing digest BIOs then this can be done by prepending -a buffering \s-1BIO\s0. +a buffering \s-1BIO.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fIBIO_f_md()\fR returns the digest \s-1BIO\s0 method. Index: secure/lib/libcrypto/man/BIO_f_null.3 =================================================================== --- secure/lib/libcrypto/man/BIO_f_null.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_f_null.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_null 3" -.TH BIO_f_null 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_f_null 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_f_ssl.3 =================================================================== --- secure/lib/libcrypto/man/BIO_f_ssl.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_f_ssl.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_ssl 3" -.TH BIO_f_ssl 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_f_ssl 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -162,32 +171,32 @@ BIO_ssl_shutdown \- SSL BIO .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_f_ssl()\fR returns the \s-1SSL\s0 \s-1BIO\s0 method. This is a filter \s-1BIO\s0 which -is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to -\&\s-1SSL\s0 I/O. +\&\fIBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which +is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO \s0\*(L"flavour\*(R" to +\&\s-1SSL I/O. \s0 .PP -I/O performed on an \s-1SSL\s0 \s-1BIO\s0 communicates using the \s-1SSL\s0 protocol with +I/O performed on an \s-1SSL BIO\s0 communicates using the \s-1SSL\s0 protocol with the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established then an attempt is made to establish one on the first I/O call. .PP -If a \s-1BIO\s0 is appended to an \s-1SSL\s0 \s-1BIO\s0 using \fIBIO_push()\fR it is automatically +If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fIBIO_push()\fR it is automatically used as the \s-1SSL\s0 BIOs read and write BIOs. .PP -Calling \fIBIO_reset()\fR on an \s-1SSL\s0 \s-1BIO\s0 closes down any current \s-1SSL\s0 connection +Calling \fIBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection by calling \fISSL_shutdown()\fR. \fIBIO_reset()\fR is then sent to the next \s-1BIO\s0 in the chain: this will typically disconnect the underlying transport. -The \s-1SSL\s0 \s-1BIO\s0 is then reset to the initial accept or connect state. +The \s-1SSL BIO\s0 is then reset to the initial accept or connect state. .PP -If the close flag is set when an \s-1SSL\s0 \s-1BIO\s0 is freed then the internal +If the close flag is set when an \s-1SSL BIO\s0 is freed then the internal \&\s-1SSL\s0 structure is also freed using \fISSL_free()\fR. .PP -\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using +\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO \s0\fBb\fR to \fBssl\fR using the close flag \fBc\fR. .PP -\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be +\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO \s0\fBb\fR, it can then be manipulated using the standard \s-1SSL\s0 library functions. .PP -\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL\s0 \s-1BIO\s0 mode to \fBclient\fR. If \fBclient\fR +\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR is 1 client mode is set. If \fBclient\fR is 0 server mode is set. .PP \&\fIBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count @@ -202,15 +211,15 @@ automatically renegotiated. \&\fIBIO_get_num_renegotiates()\fR returns the total number of session renegotiations due to I/O or timeout. .PP -\&\fIBIO_new_ssl()\fR allocates an \s-1SSL\s0 \s-1BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using +\&\fIBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX \s0\fBctx\fR and using client mode if \fBclient\fR is non zero. .PP \&\fIBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an -\&\s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO\s0. +\&\s-1SSL BIO \s0(using \fBctx\fR) followed by a connect \s-1BIO.\s0 .PP \&\fIBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting -of a buffering \s-1BIO\s0, an \s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) and a connect -\&\s-1BIO\s0. +of a buffering \s-1BIO,\s0 an \s-1SSL BIO \s0(using \fBctx\fR) and a connect +\&\s-1BIO.\s0 .PP \&\fIBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between \&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the @@ -218,7 +227,7 @@ client mode if \fBclient\fR is non zero. the internal \s-1SSL\s0 pointer. .PP \&\fIBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0 -chain \fBbio\fR. It does this by locating the \s-1SSL\s0 \s-1BIO\s0 in the +chain \fBbio\fR. It does this by locating the \s-1SSL BIO\s0 in the chain and calling \fISSL_shutdown()\fR on its internal \s-1SSL\s0 pointer. .PP @@ -239,7 +248,7 @@ case where this happens is when \s-1SGC\s0 or step .PP In OpenSSL 0.9.6 and later the \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be set to disable this behaviour. That is when this flag is set -an \s-1SSL\s0 \s-1BIO\s0 using a blocking transport will never request a +an \s-1SSL BIO\s0 using a blocking transport will never request a retry. .PP Since unknown \fIBIO_ctrl()\fR operations are sent through filter @@ -323,7 +332,7 @@ unencrypted example in \fIBIO_s_connect\fR\|(3). .Ve .PP Here is a simple server example. It makes use of a buffering -\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL\s0 \s-1BIO\s0 using BIO_gets. +\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL BIO\s0 using BIO_gets. It creates a pseudo web page containing the actual request from a client and also echoes the request to standard output. .PP Index: secure/lib/libcrypto/man/BIO_find_type.3 =================================================================== --- secure/lib/libcrypto/man/BIO_find_type.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_find_type.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_find_type 3" -.TH BIO_find_type 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_find_type 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -169,7 +178,7 @@ BIO_find_type, BIO_next \- BIO chain traversal .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fIBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting -at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \s-1BIO_TYPE_MEM\s0) then a search +at \s-1BIO \s0\fBb\fR. If \fBtype\fR is a specific type (such as \s-1BIO_TYPE_MEM\s0) then a search is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as \&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is searched for. \fIBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is @@ -181,7 +190,7 @@ Note: not all the \fBBIO_TYPE_*\fR types above hav in a chain or used in conjunction with \fIBIO_find_type()\fR to find all BIOs of a certain type. .PP -\&\fIBIO_method_type()\fR returns the type of a \s-1BIO\s0. +\&\fIBIO_method_type()\fR returns the type of a \s-1BIO.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fIBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match. @@ -188,7 +197,7 @@ certain type. .PP \&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain. .PP -\&\fIBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR. +\&\fIBIO_method_type()\fR returns the type of the \s-1BIO \s0\fBb\fR. .SH "NOTES" .IX Header "NOTES" \&\fIBIO_next()\fR was added to OpenSSL 0.9.6 to provide a 'clean' way to traverse a \s-1BIO\s0 Index: secure/lib/libcrypto/man/BIO_new.3 =================================================================== --- secure/lib/libcrypto/man/BIO_new.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_new.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_new 3" -.TH BIO_new 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,9 +155,9 @@ BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_al .IX Header "DESCRIPTION" The \fIBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR. .PP -\&\fIBIO_set()\fR sets the method of an already existing \s-1BIO\s0. +\&\fIBIO_set()\fR sets the method of an already existing \s-1BIO.\s0 .PP -\&\fIBIO_free()\fR frees up a single \s-1BIO\s0, \fIBIO_vfree()\fR also frees up a single \s-1BIO\s0 +\&\fIBIO_free()\fR frees up a single \s-1BIO,\s0 \fIBIO_vfree()\fR also frees up a single \s-1BIO\s0 but it does not return a value. Calling \fIBIO_free()\fR may also have some effect on the underlying I/O structure, for example it may close the file being referred to under certain circumstances. For more details see the individual @@ -176,7 +185,7 @@ Calling \fIBIO_free_all()\fR a single \s-1BIO\s0 h on it other than the discarded return value. .PP Normally the \fBtype\fR argument is supplied by a function which returns a -pointer to a \s-1BIO_METHOD\s0. There is a naming convention for such functions: +pointer to a \s-1BIO_METHOD.\s0 There is a naming convention for such functions: a source/sink \s-1BIO\s0 is normally called BIO_s_*() and a filter \s-1BIO\s0 BIO_f_*(); .SH "EXAMPLE" Index: secure/lib/libcrypto/man/BIO_push.3 =================================================================== --- secure/lib/libcrypto/man/BIO_push.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_push.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_push 3" -.TH BIO_push 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_push 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -141,11 +150,11 @@ BIO_push, BIO_pop \- add and remove BIOs from a ch .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns +The \fIBIO_push()\fR function appends the \s-1BIO \s0\fBappend\fR to \fBb\fR, it returns \&\fBb\fR. .PP -\&\fIBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0 -in the chain, or \s-1NULL\s0 if there is no next \s-1BIO\s0. The removed \s-1BIO\s0 then +\&\fIBIO_pop()\fR removes the \s-1BIO \s0\fBb\fR from a chain and returns the next \s-1BIO\s0 +in the chain, or \s-1NULL\s0 if there is no next \s-1BIO.\s0 The removed \s-1BIO\s0 then becomes a single \s-1BIO\s0 with no association with the original chain, it can thus be freed or attached to a different chain. .SH "NOTES" @@ -160,7 +169,7 @@ be noted in the descriptions of individual BIOs. .SH "EXAMPLES" .IX Header "EXAMPLES" For these examples suppose \fBmd1\fR and \fBmd2\fR are digest BIOs, \fBb64\fR is -a base64 \s-1BIO\s0 and \fBf\fR is a file \s-1BIO\s0. +a base64 \s-1BIO\s0 and \fBf\fR is a file \s-1BIO.\s0 .PP If the call: .PP @@ -168,7 +177,7 @@ If the call: \& BIO_push(b64, f); .Ve .PP -is made then the new chain will be \fBb64\-chain\fR. After making the calls +is made then the new chain will be \fBb64\-f\fR. After making the calls .PP .Vb 2 \& BIO_push(md2, b64); @@ -193,7 +202,7 @@ be written to \fBmd1\fR as before. \&\fIBIO_push()\fR returns the end of the chain, \fBb\fR. .PP \&\fIBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next -\&\s-1BIO\s0. +\&\s-1BIO.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\s-1TBA\s0 Index: secure/lib/libcrypto/man/BIO_read.3 =================================================================== --- secure/lib/libcrypto/man/BIO_read.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_read.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_read 3" -.TH BIO_read 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_read 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -143,7 +152,7 @@ BIO_read, BIO_write, BIO_gets, BIO_puts \- BIO I/O .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places +\&\fIBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO \s0\fBb\fR and places the data in \fBbuf\fR. .PP \&\fIBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data @@ -152,9 +161,9 @@ from the \s-1BIO\s0 of maximum length \fBlen\fR. T however, for example \fIBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and return the digest and other BIOs may not support \fIBIO_gets()\fR at all. .PP -\&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR. +\&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO \s0\fBb\fR. .PP -\&\fIBIO_puts()\fR attempts to write a null terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR +\&\fIBIO_puts()\fR attempts to write a null terminated string \fBbuf\fR to \s-1BIO \s0\fBb\fR .SH "RETURN VALUES" .IX Header "RETURN VALUES" All these functions return either the amount of data successfully read or @@ -182,7 +191,7 @@ See \fIBIO_should_retry\fR\|(3) for details of how determine the cause of a retry and other I/O issues. .PP If the \fIBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to -work around this by adding a buffering \s-1BIO\s0 \fIBIO_f_buffer\fR\|(3) +work around this by adding a buffering \s-1BIO \s0\fIBIO_f_buffer\fR\|(3) to the chain. .SH "SEE ALSO" .IX Header "SEE ALSO" Index: secure/lib/libcrypto/man/BIO_s_accept.3 =================================================================== --- secure/lib/libcrypto/man/BIO_s_accept.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_s_accept.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_accept 3" -.TH BIO_s_accept 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_s_accept 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -203,18 +212,18 @@ a single call: that is it creates a new accept \s- \&\fIBIO_set_accept_bios()\fR can be used to set a chain of BIOs which will be duplicated and prepended to the chain when an incoming connection is received. This is useful if, for example, a -buffering or \s-1SSL\s0 \s-1BIO\s0 is required for each connection. The +buffering or \s-1SSL BIO\s0 is required for each connection. The chain of BIOs must not be freed after this call, they will be automatically freed when the accept \s-1BIO\s0 is freed. .PP \&\fIBIO_set_bind_mode()\fR and \fIBIO_get_bind_mode()\fR set and retrieve -the current bind mode. If \s-1BIO_BIND_NORMAL\s0 (the default) is set +the current bind mode. If \s-1BIO_BIND_NORMAL \s0(the default) is set then another socket cannot be bound to the same port. If \&\s-1BIO_BIND_REUSEADDR\s0 is set then other sockets can bind to the same port. If \s-1BIO_BIND_REUSEADDR_IF_UNUSED\s0 is set then and -attempt is first made to use \s-1BIO_BIN_NORMAL\s0, if this fails +attempt is first made to use \s-1BIO_BIN_NORMAL,\s0 if this fails and the port is not in use then a second attempt is made -using \s-1BIO_BIND_REUSEADDR\s0. +using \s-1BIO_BIND_REUSEADDR.\s0 .PP \&\fIBIO_do_accept()\fR serves two functions. When it is first called, after the accept \s-1BIO\s0 has been setup, it will attempt @@ -235,7 +244,7 @@ an initial accept socket will await an incoming co perform I/O on it. .PP If any additional BIOs have been set using \fIBIO_set_accept_bios()\fR -then they are placed between the socket and the accept \s-1BIO\s0, +then they are placed between the socket and the accept \s-1BIO,\s0 that is the chain will be accept\->otherbios\->socket. .PP If a server wishes to process multiple connections (as is normally @@ -261,7 +270,7 @@ and freeing up the accept \s-1BIO\s0 after the ini .PP If the underlying accept socket is non-blocking and \fIBIO_do_accept()\fR is called to await an incoming connection it is possible for -\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT\s0. If this happens +\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens then it is an indication that an accept attempt would block: the application should take appropriate action to wait until the underlying socket has accepted a connection and retry the call. Index: secure/lib/libcrypto/man/BIO_s_bio.3 =================================================================== --- secure/lib/libcrypto/man/BIO_s_bio.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_s_bio.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_bio 3" -.TH BIO_s_bio 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_s_bio 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -170,7 +179,7 @@ Since \s-1BIO\s0 chains typically end in a source/ one half of a \s-1BIO\s0 pair and have all the data processed by the chain under application control. .PP -One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL\s0 I/O under application control, this +One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL I/O\s0 under application control, this can be used when the application wishes to use a non standard transport for \&\s-1TLS/SSL\s0 or the normal socket routines are inappropriate. .PP @@ -190,12 +199,12 @@ determine the amount of pending data in the read o \&\fIBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing up any half of the pair will automatically destroy the association. .PP -\&\fIBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further -writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other +\&\fIBIO_shutdown_wr()\fR is used to close down a \s-1BIO \s0\fBb\fR. After this call no further +writes on \s-1BIO \s0\fBb\fR are allowed (they will return an error). Reads on the other half of the pair will return any pending data or \s-1EOF\s0 when all pending data has been read. .PP -\&\fIBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR. +\&\fIBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO \s0\fBb\fR to \fBsize\fR. If the size is not initialized a default value is used. This is currently 17K, sufficient for a maximum size \s-1TLS\s0 record. .PP @@ -205,11 +214,11 @@ If the size is not initialized a default value is \&\fIBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is zero then the default size is used. \fIBIO_new_bio_pair()\fR does not check whether -\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO\s0, the values are overwritten, +\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO,\s0 the values are overwritten, \&\fIBIO_free()\fR is not called. .PP \&\fIBIO_get_write_guarantee()\fR and \fIBIO_ctrl_get_write_guarantee()\fR return the maximum -length of data that can be currently written to the \s-1BIO\s0. Writes larger than this +length of data that can be currently written to the \s-1BIO.\s0 Writes larger than this value will return a value from \fIBIO_write()\fR less than the amount requested or if the buffer is full request a retry. \fIBIO_ctrl_get_write_guarantee()\fR is a function whereas \fIBIO_get_write_guarantee()\fR is a macro. Index: secure/lib/libcrypto/man/BIO_s_connect.3 =================================================================== --- secure/lib/libcrypto/man/BIO_s_connect.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_s_connect.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_connect 3" -.TH BIO_s_connect 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_s_connect 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -180,7 +189,7 @@ Calling \fIBIO_reset()\fR on a connect \s-1BIO\s0 connection and reset the \s-1BIO\s0 into a state where it can connect to the same host again. .PP -\&\fIBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL\s0, +\&\fIBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL,\s0 it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). .PP @@ -220,7 +229,7 @@ non blocking I/O is set during the connect process \&\fIBIO_new_connect()\fR combines \fIBIO_new()\fR and \fIBIO_set_conn_hostname()\fR into a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR. .PP -\&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO\s0. It returns 1 +\&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 It returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established, the call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs @@ -250,7 +259,7 @@ If non blocking I/O is set then retries will be re .PP It addition to \fIBIO_should_read()\fR and \fIBIO_should_write()\fR it is also possible for \fIBIO_should_io_special()\fR to be true during the initial -connection process with the reason \s-1BIO_RR_CONNECT\s0. If this is returned +connection process with the reason \s-1BIO_RR_CONNECT.\s0 If this is returned then this is an indication that a connection attempt would block, the application should then take appropriate action to wait until the underlying socket has connected and retry the call. Index: secure/lib/libcrypto/man/BIO_s_fd.3 =================================================================== --- secure/lib/libcrypto/man/BIO_s_fd.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_s_fd.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_fd 3" -.TH BIO_s_fd 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_s_fd 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -162,10 +171,10 @@ using lseek(fd, ofs, 0). .PP \&\fIBIO_tell()\fR returns the current file position by calling lseek(fd, 0, 1). .PP -\&\fIBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close +\&\fIBIO_set_fd()\fR sets the file descriptor of \s-1BIO \s0\fBb\fR to \fBfd\fR and the close flag to \fBc\fR. .PP -\&\fIBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL\s0, it also +\&\fIBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also returns the file descriptor. If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). .PP Index: secure/lib/libcrypto/man/BIO_s_file.3 =================================================================== --- secure/lib/libcrypto/man/BIO_s_file.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_s_file.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_file 3" -.TH BIO_s_file 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_s_file 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,7 +163,7 @@ BIO_rw_filename \- FILE bio .IX Header "DESCRIPTION" \&\fIBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it is a wrapper round the stdio \s-1FILE\s0 structure and it is a -source/sink \s-1BIO\s0. +source/sink \s-1BIO.\s0 .PP Calls to \fIBIO_read()\fR and \fIBIO_write()\fR read and write data to the underlying stream. \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported on file BIOs. @@ -175,10 +184,10 @@ is freed. .PP \&\fIBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning of \fBmode\fR is the same as the stdio function \fIfopen()\fR. The \s-1BIO_CLOSE\s0 -flag is set on the returned \s-1BIO\s0. +flag is set on the returned \s-1BIO.\s0 .PP \&\fIBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be: -\&\s-1BIO_CLOSE\s0, \s-1BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying +\&\s-1BIO_CLOSE, BIO_NOCLOSE \s0(the close flag) \s-1BIO_FP_TEXT \s0(sets the underlying stream to text mode, default is binary: this only has any effect under Win32). .PP @@ -185,7 +194,7 @@ Win32). \&\fIBIO_set_fp()\fR set the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same meaning as in \fIBIO_new_fp()\fR, it is a macro. .PP -\&\fIBIO_get_fp()\fR retrieves the fp of a file \s-1BIO\s0, it is a macro. +\&\fIBIO_get_fp()\fR retrieves the fp of a file \s-1BIO,\s0 it is a macro. .PP \&\fIBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes from the start of file. @@ -193,7 +202,7 @@ from the start of file. \&\fIBIO_tell()\fR returns the value of the position pointer. .PP \&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and -\&\fIBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for +\&\fIBIO_rw_filename()\fR set the file \s-1BIO \s0\fBb\fR to use file \fBname\fR for reading, writing, append or read write respectively. .SH "NOTES" .IX Header "NOTES" @@ -201,10 +210,10 @@ When wrapping stdout, stdin or stderr the underlyi normally be closed so the \s-1BIO_NOCLOSE\s0 flag should be set. .PP Because the file \s-1BIO\s0 calls the underlying stdio functions any quirks -in stdio behaviour will be mirrored by the corresponding \s-1BIO\s0. +in stdio behaviour will be mirrored by the corresponding \s-1BIO.\s0 .SH "EXAMPLES" .IX Header "EXAMPLES" -File \s-1BIO\s0 \*(L"hello world\*(R": +File \s-1BIO \s0\*(L"hello world\*(R": .PP .Vb 3 \& BIO *bio_out; Index: secure/lib/libcrypto/man/BIO_s_mem.3 =================================================================== --- secure/lib/libcrypto/man/BIO_s_mem.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_s_mem.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_mem 3" -.TH BIO_s_mem 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_s_mem 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,7 +165,7 @@ as appropriate to accommodate the stored data. .PP Any data written to a memory \s-1BIO\s0 can be recalled by reading from it. Unless the memory \s-1BIO\s0 is read only any data read from it is deleted from -the \s-1BIO\s0. +the \s-1BIO.\s0 .PP Memory BIOs support \fIBIO_gets()\fR and \fIBIO_puts()\fR. .PP @@ -167,12 +176,12 @@ Calling \fIBIO_reset()\fR on a read write memory \ read only \s-1BIO\s0 it restores the \s-1BIO\s0 to its original state and the read only data can be read again. .PP -\&\fIBIO_eof()\fR is true if no data is in the \s-1BIO\s0. +\&\fIBIO_eof()\fR is true if no data is in the \s-1BIO.\s0 .PP \&\fIBIO_ctrl_pending()\fR returns the number of bytes currently stored. .PP -\&\fIBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is -empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is +\&\fIBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO \s0\fBb\fR when it is +empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF \s0(that is it will return zero and BIO_should_retry(b) will be false. If \fBv\fR is non zero then it will return \fBv\fR when it is empty and it will set the read retry flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal @@ -182,7 +191,7 @@ positive return value \fBv\fR should be set to a n and returns the total amount of data available. It is implemented as a macro. .PP \&\fIBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the -close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0. +close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 It is a macro. .PP \&\fIBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in \fBpp\fR. It is @@ -192,7 +201,7 @@ a macro. if \fBlen\fR is \-1 then the \fBbuf\fR is assumed to be null terminated and its length is determined by \fBstrlen\fR. The \s-1BIO\s0 is set to a read only state and as a result cannot be written to. This is useful when some data needs to be -made available from a static area of memory in the form of a \s-1BIO\s0. The +made available from a static area of memory in the form of a \s-1BIO.\s0 The supplied data is read directly from the supplied buffer: it is \fBnot\fR copied first, so the supplied area of memory must be unchanged until the \s-1BIO\s0 is freed. .SH "NOTES" @@ -207,7 +216,7 @@ memory \s-1BIO\s0 avoids this problem. If the \s-1 a buffering \s-1BIO\s0 to the chain will speed up the process. .SH "BUGS" .IX Header "BUGS" -There should be an option to set the maximum size of a memory \s-1BIO\s0. +There should be an option to set the maximum size of a memory \s-1BIO.\s0 .PP There should be a way to \*(L"rewind\*(R" a read write \s-1BIO\s0 without destroying its contents. Index: secure/lib/libcrypto/man/BIO_s_null.3 =================================================================== --- secure/lib/libcrypto/man/BIO_s_null.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_s_null.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_null 3" -.TH BIO_s_null 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_s_null 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -141,7 +150,7 @@ BIO_s_null \- null data sink .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to -the null sink is discarded, reads return \s-1EOF\s0. +the null sink is discarded, reads return \s-1EOF.\s0 .SH "NOTES" .IX Header "NOTES" A null sink \s-1BIO\s0 behaves in a similar manner to the Unix /dev/null Index: secure/lib/libcrypto/man/BIO_s_socket.3 =================================================================== --- secure/lib/libcrypto/man/BIO_s_socket.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_s_socket.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_socket 3" -.TH BIO_s_socket 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_s_socket 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,10 +163,10 @@ round the platform's socket routines. If the close flag is set then the socket is shut down and closed when the \s-1BIO\s0 is freed. .PP -\&\fIBIO_set_fd()\fR sets the socket of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close +\&\fIBIO_set_fd()\fR sets the socket of \s-1BIO \s0\fBb\fR to \fBfd\fR and the close flag to \fBclose_flag\fR. .PP -\&\fIBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL\s0, it also +\&\fIBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL,\s0 it also returns the socket. If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). .PP \&\fIBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR. Index: secure/lib/libcrypto/man/BIO_set_callback.3 =================================================================== --- secure/lib/libcrypto/man/BIO_set_callback.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_set_callback.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_set_callback 3" -.TH BIO_set_callback 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_set_callback 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -170,7 +179,7 @@ The \s-1BIO\s0 the callback is attached to is pass .PP \&\fBoper\fR is set to the operation being performed. For some operations the callback is called twice, once before and once after the actual -operation, the latter case has \fBoper\fR or'ed with \s-1BIO_CB_RETURN\s0. +operation, the latter case has \fBoper\fR or'ed with \s-1BIO_CB_RETURN.\s0 .PP The meaning of the arguments \fBargp\fR, \fBargi\fR and \fBargl\fR depends on the value of \fBoper\fR, that is the operation being performed. @@ -189,26 +198,26 @@ value returned to the application. .IX Header "CALLBACK OPERATIONS" .IP "\fBBIO_free(b)\fR" 4 .IX Item "BIO_free(b)" -callback(b, \s-1BIO_CB_FREE\s0, \s-1NULL\s0, 0L, 0L, 1L) is called before the +callback(b, \s-1BIO_CB_FREE, NULL, 0L, 0L, 1L\s0) is called before the free operation. .IP "\fBBIO_read(b, out, outl)\fR" 4 .IX Item "BIO_read(b, out, outl)" -callback(b, \s-1BIO_CB_READ\s0, out, outl, 0L, 1L) is called before +callback(b, \s-1BIO_CB_READ,\s0 out, outl, 0L, 1L) is called before the read and callback(b, BIO_CB_READ|BIO_CB_RETURN, out, outl, 0L, retvalue) after. .IP "\fBBIO_write(b, in, inl)\fR" 4 .IX Item "BIO_write(b, in, inl)" -callback(b, \s-1BIO_CB_WRITE\s0, in, inl, 0L, 1L) is called before +callback(b, \s-1BIO_CB_WRITE,\s0 in, inl, 0L, 1L) is called before the write and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, inl, 0L, retvalue) after. .IP "\fBBIO_gets(b, out, outl)\fR" 4 .IX Item "BIO_gets(b, out, outl)" -callback(b, \s-1BIO_CB_GETS\s0, out, outl, 0L, 1L) is called before +callback(b, \s-1BIO_CB_GETS,\s0 out, outl, 0L, 1L) is called before the operation and callback(b, BIO_CB_GETS|BIO_CB_RETURN, out, outl, 0L, retvalue) after. .IP "\fBBIO_puts(b, in)\fR" 4 .IX Item "BIO_puts(b, in)" -callback(b, \s-1BIO_CB_WRITE\s0, in, 0, 0L, 1L) is called before +callback(b, \s-1BIO_CB_WRITE,\s0 in, 0, 0L, 1L) is called before the operation and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, 0, 0L, retvalue) after. .IP "\fBBIO_ctrl(\s-1BIO\s0 *b, int cmd, long larg, void *parg)\fR" 4 Index: secure/lib/libcrypto/man/BIO_should_retry.3 =================================================================== --- secure/lib/libcrypto/man/BIO_should_retry.3 (revision 279126) +++ secure/lib/libcrypto/man/BIO_should_retry.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_should_retry 3" -.TH BIO_should_retry 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BIO_should_retry 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -185,7 +194,7 @@ the reason code and the action that should be take the type of \s-1BIO\s0 that resulted in this condition. .PP \&\fIBIO_get_retry_reason()\fR returns the reason for a special condition if -passed the relevant \s-1BIO\s0, for example as returned by \fIBIO_get_retry_BIO()\fR. +passed the relevant \s-1BIO,\s0 for example as returned by \fIBIO_get_retry_BIO()\fR. .SH "NOTES" .IX Header "NOTES" If \fIBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R" @@ -193,7 +202,7 @@ depends on the \s-1BIO\s0 type that caused it and operation. For example if a call to \fIBIO_read()\fR on a socket \s-1BIO\s0 returns 0 and \fIBIO_should_retry()\fR is false then the cause will be that the connection closed. A similar condition on a file \s-1BIO\s0 will mean that it -has reached \s-1EOF\s0. Some \s-1BIO\s0 types may place additional information on +has reached \s-1EOF.\s0 Some \s-1BIO\s0 types may place additional information on the error queue. For more details see the individual \s-1BIO\s0 type manual pages. .PP @@ -201,7 +210,7 @@ If the underlying I/O structure is in a blocking m \&\s-1BIO\s0 types will not request a retry, because the underlying I/O calls will not. If the application knows that the \s-1BIO\s0 type will never signal a retry then it need not call \fIBIO_should_retry()\fR after a failed -\&\s-1BIO\s0 I/O call. This is typically done with file BIOs. +\&\s-1BIO I/O\s0 call. This is typically done with file BIOs. .PP \&\s-1SSL\s0 BIOs are the only current exception to this rule: they can request a retry even if the underlying I/O structure is blocking, if a handshake Index: secure/lib/libcrypto/man/BN_BLINDING_new.3 =================================================================== --- secure/lib/libcrypto/man/BN_BLINDING_new.3 (revision 279126) +++ secure/lib/libcrypto/man/BN_BLINDING_new.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_BLINDING_new 3" -.TH BN_BLINDING_new 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BN_BLINDING_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -180,7 +189,7 @@ the inverse blinding. .PP \&\fIBN_BLINDING_convert()\fR and \fIBN_BLINDING_invert()\fR are wrapper functions for \fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR -with \fBr\fR set to \s-1NULL\s0. +with \fBr\fR set to \s-1NULL.\s0 .PP \&\fIBN_BLINDING_set_thread_id()\fR and \fIBN_BLINDING_get_thread_id()\fR set and get the \*(L"thread id\*(R" value of the \fB\s-1BN_BLINDING\s0\fR structure, Index: secure/lib/libcrypto/man/BN_CTX_new.3 =================================================================== --- secure/lib/libcrypto/man/BN_CTX_new.3 (revision 279126) +++ secure/lib/libcrypto/man/BN_CTX_new.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_new 3" -.TH BN_CTX_new 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BN_CTX_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_CTX_start.3 =================================================================== --- secure/lib/libcrypto/man/BN_CTX_start.3 (revision 279126) +++ secure/lib/libcrypto/man/BN_CTX_start.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_start 3" -.TH BN_CTX_start 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BN_CTX_start 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_add.3 =================================================================== --- secure/lib/libcrypto/man/BN_add.3 (revision 279126) +++ secure/lib/libcrypto/man/BN_add.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_add 3" -.TH BN_add 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BN_add 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_add_word.3 =================================================================== --- secure/lib/libcrypto/man/BN_add_word.3 (revision 279126) +++ secure/lib/libcrypto/man/BN_add_word.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_add_word 3" -.TH BN_add_word 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BN_add_word 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_bn2bin.3 =================================================================== --- secure/lib/libcrypto/man/BN_bn2bin.3 (revision 279126) +++ secure/lib/libcrypto/man/BN_bn2bin.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_bn2bin 3" -.TH BN_bn2bin 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BN_bn2bin 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,7 +168,7 @@ memory. .PP \&\fIBN_bin2bn()\fR converts the positive integer in big-endian form of length \&\fBlen\fR at \fBs\fR into a \fB\s-1BIGNUM\s0\fR and places it in \fBret\fR. If \fBret\fR is -\&\s-1NULL\s0, a new \fB\s-1BIGNUM\s0\fR is created. +\&\s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. .PP \&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return printable strings containing the hexadecimal and decimal encoding of \fBa\fR respectively. For negative @@ -167,8 +176,8 @@ numbers, the string is prefaced with a leading '\- freed later using \fIOPENSSL_free()\fR. .PP \&\fIBN_hex2bn()\fR converts the string \fBstr\fR containing a hexadecimal number -to a \fB\s-1BIGNUM\s0\fR and stores it in **\fBbn\fR. If *\fBbn\fR is \s-1NULL\s0, a new -\&\fB\s-1BIGNUM\s0\fR is created. If \fBbn\fR is \s-1NULL\s0, it only computes the number's +to a \fB\s-1BIGNUM\s0\fR and stores it in **\fBbn\fR. If *\fBbn\fR is \s-1NULL,\s0 a new +\&\fB\s-1BIGNUM\s0\fR is created. If \fBbn\fR is \s-1NULL,\s0 it only computes the number's length in hexadecimal digits. If the string starts with '\-', the number is negative. \fIBN_dec2bn()\fR is the same using the decimal system. .PP @@ -188,7 +197,7 @@ calling BN_bn2mpi(\fBa\fR, \s-1NULL\s0). .PP \&\fIBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to a \fB\s-1BIGNUM\s0\fR and stores it at \fBret\fR, or in a newly allocated \fB\s-1BIGNUM\s0\fR -if \fBret\fR is \s-1NULL\s0. +if \fBret\fR is \s-1NULL.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fIBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR. Index: secure/lib/libcrypto/man/BN_cmp.3 =================================================================== --- secure/lib/libcrypto/man/BN_cmp.3 (revision 279126) +++ secure/lib/libcrypto/man/BN_cmp.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_cmp 3" -.TH BN_cmp 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BN_cmp 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_copy.3 =================================================================== --- secure/lib/libcrypto/man/BN_copy.3 (revision 279126) +++ secure/lib/libcrypto/man/BN_copy.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_copy 3" -.TH BN_copy 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BN_copy 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_generate_prime.3 =================================================================== --- secure/lib/libcrypto/man/BN_generate_prime.3 (revision 279126) +++ secure/lib/libcrypto/man/BN_generate_prime.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_generate_prime 3" -.TH BN_generate_prime 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BN_generate_prime 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_mod_inverse.3 =================================================================== --- secure/lib/libcrypto/man/BN_mod_inverse.3 (revision 279126) +++ secure/lib/libcrypto/man/BN_mod_inverse.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_inverse 3" -.TH BN_mod_inverse 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BN_mod_inverse 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -142,7 +151,7 @@ BN_mod_inverse \- compute inverse modulo n .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR -places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL\s0, +places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. .PP \&\fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary Index: secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 =================================================================== --- secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 (revision 279126) +++ secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_mul_montgomery 3" -.TH BN_mod_mul_montgomery 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BN_mod_mul_montgomery 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 =================================================================== --- secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 (revision 279126) +++ secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_mul_reciprocal 3" -.TH BN_mod_mul_reciprocal 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BN_mod_mul_reciprocal 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_new.3 =================================================================== --- secure/lib/libcrypto/man/BN_new.3 (revision 279126) +++ secure/lib/libcrypto/man/BN_new.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_new 3" -.TH BN_new 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BN_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_num_bytes.3 =================================================================== --- secure/lib/libcrypto/man/BN_num_bytes.3 (revision 279126) +++ secure/lib/libcrypto/man/BN_num_bytes.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_num_bytes 3" -.TH BN_num_bytes 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BN_num_bytes 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_rand.3 =================================================================== --- secure/lib/libcrypto/man/BN_rand.3 (revision 279126) +++ secure/lib/libcrypto/man/BN_rand.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_rand 3" -.TH BN_rand 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BN_rand 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_set_bit.3 =================================================================== --- secure/lib/libcrypto/man/BN_set_bit.3 (revision 279126) +++ secure/lib/libcrypto/man/BN_set_bit.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_set_bit 3" -.TH BN_set_bit 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BN_set_bit 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_swap.3 =================================================================== --- secure/lib/libcrypto/man/BN_swap.3 (revision 279126) +++ secure/lib/libcrypto/man/BN_swap.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_swap 3" -.TH BN_swap 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BN_swap 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_zero.3 =================================================================== --- secure/lib/libcrypto/man/BN_zero.3 (revision 279126) +++ secure/lib/libcrypto/man/BN_zero.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_zero 3" -.TH BN_zero 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH BN_zero 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CONF_modules_free.3 =================================================================== --- secure/lib/libcrypto/man/CONF_modules_free.3 (revision 279126) +++ secure/lib/libcrypto/man/CONF_modules_free.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CONF_modules_free 3" -.TH CONF_modules_free 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH CONF_modules_free 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CONF_modules_load_file.3 =================================================================== --- secure/lib/libcrypto/man/CONF_modules_load_file.3 (revision 279126) +++ secure/lib/libcrypto/man/CONF_modules_load_file.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CONF_modules_load_file 3" -.TH CONF_modules_load_file 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH CONF_modules_load_file 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 =================================================================== --- secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 (revision 279126) +++ secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRYPTO_set_ex_data 3" -.TH CRYPTO_set_ex_data 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH CRYPTO_set_ex_data 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DH_generate_key.3 =================================================================== --- secure/lib/libcrypto/man/DH_generate_key.3 (revision 279126) +++ secure/lib/libcrypto/man/DH_generate_key.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_generate_key 3" -.TH DH_generate_key 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DH_generate_key 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DH_generate_parameters.3 =================================================================== --- secure/lib/libcrypto/man/DH_generate_parameters.3 (revision 279126) +++ secure/lib/libcrypto/man/DH_generate_parameters.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_generate_parameters 3" -.TH DH_generate_parameters 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DH_generate_parameters 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -191,4 +200,4 @@ a usable generator. The \fBcb_arg\fR argument to \fIDH_generate_parameters()\fR was added in SSLeay 0.9.0. .PP In versions before OpenSSL 0.9.5, \s-1DH_CHECK_P_NOT_STRONG_PRIME\s0 is used -instead of \s-1DH_CHECK_P_NOT_SAFE_PRIME\s0. +instead of \s-1DH_CHECK_P_NOT_SAFE_PRIME.\s0 Index: secure/lib/libcrypto/man/DH_get_ex_new_index.3 =================================================================== --- secure/lib/libcrypto/man/DH_get_ex_new_index.3 (revision 279126) +++ secure/lib/libcrypto/man/DH_get_ex_new_index.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_get_ex_new_index 3" -.TH DH_get_ex_new_index 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DH_get_ex_new_index 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DH_new.3 =================================================================== --- secure/lib/libcrypto/man/DH_new.3 (revision 279126) +++ secure/lib/libcrypto/man/DH_new.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_new 3" -.TH DH_new 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DH_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DH_set_method.3 =================================================================== --- secure/lib/libcrypto/man/DH_set_method.3 (revision 279126) +++ secure/lib/libcrypto/man/DH_set_method.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_set_method 3" -.TH DH_set_method 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DH_set_method 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,7 +162,7 @@ DH_set_method, DH_new_method, DH_OpenSSL \- select A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman operations. By modifying the method, alternative implementations such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for -important information about how these \s-1DH\s0 \s-1API\s0 functions are affected by the use +important information about how these \s-1DH API\s0 functions are affected by the use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as @@ -161,15 +170,15 @@ returned by \fIDH_OpenSSL()\fR. .PP \&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0 structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set -as a default for \s-1DH\s0, so this function is no longer recommended. +as a default for \s-1DH,\s0 so this function is no longer recommended. .PP -\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD\s0. -However, the meaningfulness of this result is dependent on whether the \s-1ENGINE\s0 -\&\s-1API\s0 is being used, so this function is no longer recommended. +\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0 +However, the meaningfulness of this result is dependent on whether the \s-1ENGINE +API\s0 is being used, so this function is no longer recommended. .PP \&\fIDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR. This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method -was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will be released during the +was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module that supports embedded hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0 @@ -176,7 +185,7 @@ hardware-protected keys), and in such cases attemp for the key can have unexpected results. .PP \&\fIDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will -be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default \s-1ENGINE\s0 for \s-1DH\s0 +be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1DH\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by \&\fIDH_set_default_method()\fR is used. .SH "THE DH_METHOD STRUCTURE" @@ -227,10 +236,10 @@ returns a pointer to the newly allocated structure .SH "NOTES" .IX Header "NOTES" As of version 0.9.7, \s-1DH_METHOD\s0 implementations are grouped together with other -algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a -default \s-1ENGINE\s0 is specified for \s-1DH\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function, -that will override any \s-1DH\s0 defaults set using the \s-1DH\s0 \s-1API\s0 (ie. -\&\fIDH_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way +algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a +default \s-1ENGINE\s0 is specified for \s-1DH\s0 functionality using an \s-1ENGINE API\s0 function, +that will override any \s-1DH\s0 defaults set using the \s-1DH API \s0(ie. +\&\fIDH_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way to control default implementations for use in \s-1DH\s0 and other cryptographic algorithms. .SH "SEE ALSO" @@ -245,8 +254,8 @@ algorithms. \&\fIDH_set_default_method()\fR and \fIDH_get_default_method()\fR respectively, and \&\fIDH_set_method()\fR and \fIDH_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than \&\fB\s-1DH_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For -0.9.7, the handling of defaults in the \s-1ENGINE\s0 \s-1API\s0 was restructured so that this +0.9.7, the handling of defaults in the \s-1ENGINE API\s0 was restructured so that this change was reversed, and behaviour of the other functions resembled more closely -the previous behaviour. The behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now -transparently overrides the behaviour of defaults in the \s-1DH\s0 \s-1API\s0 without +the previous behaviour. The behaviour of defaults in the \s-1ENGINE API\s0 now +transparently overrides the behaviour of defaults in the \s-1DH API\s0 without requiring changing these function prototypes. Index: secure/lib/libcrypto/man/DH_size.3 =================================================================== --- secure/lib/libcrypto/man/DH_size.3 (revision 279126) +++ secure/lib/libcrypto/man/DH_size.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_size 3" -.TH DH_size 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DH_size 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DSA_SIG_new.3 =================================================================== --- secure/lib/libcrypto/man/DSA_SIG_new.3 (revision 279126) +++ secure/lib/libcrypto/man/DSA_SIG_new.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SIG_new 3" -.TH DSA_SIG_new 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DSA_SIG_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DSA_do_sign.3 =================================================================== --- secure/lib/libcrypto/man/DSA_do_sign.3 (revision 279126) +++ secure/lib/libcrypto/man/DSA_do_sign.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_do_sign 3" -.TH DSA_do_sign 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DSA_do_sign 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DSA_dup_DH.3 =================================================================== --- secure/lib/libcrypto/man/DSA_dup_DH.3 (revision 279126) +++ secure/lib/libcrypto/man/DSA_dup_DH.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_dup_DH 3" -.TH DSA_dup_DH 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DSA_dup_DH 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DSA_generate_key.3 =================================================================== --- secure/lib/libcrypto/man/DSA_generate_key.3 (revision 279126) +++ secure/lib/libcrypto/man/DSA_generate_key.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_generate_key 3" -.TH DSA_generate_key 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DSA_generate_key 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DSA_generate_parameters.3 =================================================================== --- secure/lib/libcrypto/man/DSA_generate_parameters.3 (revision 279126) +++ secure/lib/libcrypto/man/DSA_generate_parameters.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_generate_parameters 3" -.TH DSA_generate_parameters 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DSA_generate_parameters 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -143,7 +152,7 @@ DSA_generate_parameters \- generate DSA parameters .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIDSA_generate_parameters()\fR generates primes p and q and a generator g -for use in the \s-1DSA\s0. +for use in the \s-1DSA.\s0 .PP \&\fBbits\fR is the length of the prime to be generated; the \s-1DSS\s0 allows a maximum of 1024 bits. Index: secure/lib/libcrypto/man/DSA_get_ex_new_index.3 =================================================================== --- secure/lib/libcrypto/man/DSA_get_ex_new_index.3 (revision 279126) +++ secure/lib/libcrypto/man/DSA_get_ex_new_index.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_get_ex_new_index 3" -.TH DSA_get_ex_new_index 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DSA_get_ex_new_index 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DSA_new.3 =================================================================== --- secure/lib/libcrypto/man/DSA_new.3 (revision 279126) +++ secure/lib/libcrypto/man/DSA_new.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_new 3" -.TH DSA_new 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DSA_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DSA_set_method.3 =================================================================== --- secure/lib/libcrypto/man/DSA_set_method.3 (revision 279126) +++ secure/lib/libcrypto/man/DSA_set_method.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_set_method 3" -.TH DSA_set_method 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DSA_set_method 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,7 +162,7 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL \- sel A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0 operations. By modifying the method, alternative implementations such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for -important information about how these \s-1DSA\s0 \s-1API\s0 functions are affected by the use +important information about how these \s-1DSA API\s0 functions are affected by the use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation, @@ -161,16 +170,16 @@ as returned by \fIDSA_OpenSSL()\fR. .PP \&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0 structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has -been set as a default for \s-1DSA\s0, so this function is no longer recommended. +been set as a default for \s-1DSA,\s0 so this function is no longer recommended. .PP \&\fIDSA_get_default_method()\fR returns a pointer to the current default -\&\s-1DSA_METHOD\s0. However, the meaningfulness of this result is dependent on -whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer +\&\s-1DSA_METHOD.\s0 However, the meaningfulness of this result is dependent on +whether the \s-1ENGINE API\s0 is being used, so this function is no longer recommended. .PP \&\fIDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key \&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the -previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will +previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the change. It is possible to have \s-1DSA\s0 keys that only work with certain \s-1DSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module that supports embedded hardware-protected keys), and in such cases @@ -178,7 +187,7 @@ attempting to change the \s-1DSA_METHOD\s0 for the results. .PP \&\fIDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR -will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default engine +will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default engine for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0 controlled by \fIDSA_set_default_method()\fR is used. .SH "THE DSA_METHOD STRUCTURE" @@ -241,10 +250,10 @@ fails. Otherwise it returns a pointer to the newly .SH "NOTES" .IX Header "NOTES" As of version 0.9.7, \s-1DSA_METHOD\s0 implementations are grouped together with other -algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a -default \s-1ENGINE\s0 is specified for \s-1DSA\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function, -that will override any \s-1DSA\s0 defaults set using the \s-1DSA\s0 \s-1API\s0 (ie. -\&\fIDSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way +algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a +default \s-1ENGINE\s0 is specified for \s-1DSA\s0 functionality using an \s-1ENGINE API\s0 function, +that will override any \s-1DSA\s0 defaults set using the \s-1DSA API \s0(ie. +\&\fIDSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way to control default implementations for use in \s-1DSA\s0 and other cryptographic algorithms. .SH "SEE ALSO" @@ -259,8 +268,8 @@ algorithms. \&\fIDSA_set_default_method()\fR and \fIDSA_get_default_method()\fR respectively, and \&\fIDSA_set_method()\fR and \fIDSA_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than \&\fB\s-1DSA_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For -0.9.7, the handling of defaults in the \s-1ENGINE\s0 \s-1API\s0 was restructured so that this +0.9.7, the handling of defaults in the \s-1ENGINE API\s0 was restructured so that this change was reversed, and behaviour of the other functions resembled more closely -the previous behaviour. The behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now -transparently overrides the behaviour of defaults in the \s-1DSA\s0 \s-1API\s0 without +the previous behaviour. The behaviour of defaults in the \s-1ENGINE API\s0 now +transparently overrides the behaviour of defaults in the \s-1DSA API\s0 without requiring changing these function prototypes. Index: secure/lib/libcrypto/man/DSA_sign.3 =================================================================== --- secure/lib/libcrypto/man/DSA_sign.3 (revision 279126) +++ secure/lib/libcrypto/man/DSA_sign.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_sign 3" -.TH DSA_sign 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DSA_sign 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,7 +157,7 @@ DSA_sign, DSA_sign_setup, DSA_verify \- DSA signat .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message -digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN\s0.1 \s-1DER\s0 +digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN.1 DER\s0 encoding at \fBsigret\fR. The length of the signature is places in *\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory. .PP @@ -156,9 +165,9 @@ encoding at \fBsigret\fR. The length of the signat operation in case signature generation is time-critical. It expects \&\fBdsa\fR to contain \s-1DSA\s0 parameters. It places the precomputed values in newly allocated \fB\s-1BIGNUM\s0\fRs at *\fBkinvp\fR and *\fBrp\fR, after freeing -the old ones unless *\fBkinvp\fR and *\fBrp\fR are \s-1NULL\s0. These values may +the old ones unless *\fBkinvp\fR and *\fBrp\fR are \s-1NULL.\s0 These values may be passed to \fIDSA_sign()\fR in \fBdsa\->kinv\fR and \fBdsa\->r\fR. -\&\fBctx\fR is a pre-allocated \fB\s-1BN_CTX\s0\fR or \s-1NULL\s0. +\&\fBctx\fR is a pre-allocated \fB\s-1BN_CTX\s0\fR or \s-1NULL.\s0 .PP \&\fIDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR matches a given message digest \fBdgst\fR of size \fBlen\fR. @@ -176,8 +185,8 @@ signature and \-1 on error. The error codes can be \&\fIERR_get_error\fR\|(3). .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186 (Digital Signature -Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30 +\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186 \s0(Digital Signature +Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3), Index: secure/lib/libcrypto/man/DSA_size.3 =================================================================== --- secure/lib/libcrypto/man/DSA_size.3 (revision 279126) +++ secure/lib/libcrypto/man/DSA_size.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_size 3" -.TH DSA_size 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DSA_size 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -140,7 +149,7 @@ DSA_size \- get DSA signature size .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -This function returns the size of an \s-1ASN\s0.1 encoded \s-1DSA\s0 signature in +This function returns the size of an \s-1ASN.1\s0 encoded \s-1DSA\s0 signature in bytes. It can be used to determine how much memory must be allocated for a \s-1DSA\s0 signature. .PP Index: secure/lib/libcrypto/man/ERR_GET_LIB.3 =================================================================== --- secure/lib/libcrypto/man/ERR_GET_LIB.3 (revision 279126) +++ secure/lib/libcrypto/man/ERR_GET_LIB.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_GET_LIB 3" -.TH ERR_GET_LIB 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ERR_GET_LIB 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,7 +166,7 @@ reason codes are unique within each sub-library. libraries may use the same value to signal different functions and reasons. .PP -\&\fB\s-1ERR_R_\s0...\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally +\&\fB\s-1ERR_R_...\s0\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally unique. However, when checking for sub-library specific reason codes, be sure to also compare the library number. .PP Index: secure/lib/libcrypto/man/ERR_clear_error.3 =================================================================== --- secure/lib/libcrypto/man/ERR_clear_error.3 (revision 279126) +++ secure/lib/libcrypto/man/ERR_clear_error.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_clear_error 3" -.TH ERR_clear_error 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ERR_clear_error 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ERR_error_string.3 =================================================================== --- secure/lib/libcrypto/man/ERR_error_string.3 (revision 279126) +++ secure/lib/libcrypto/man/ERR_error_string.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_error_string 3" -.TH ERR_error_string 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ERR_error_string 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ERR_get_error.3 =================================================================== --- secure/lib/libcrypto/man/ERR_get_error.3 (revision 279126) +++ secure/lib/libcrypto/man/ERR_get_error.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_get_error 3" -.TH ERR_get_error 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ERR_get_error 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -177,12 +186,12 @@ additionally store the file name and line number w the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR. .PP \&\fIERR_get_error_line_data()\fR, \fIERR_peek_error_line_data()\fR and -\&\fIERR_get_last_error_line_data()\fR store additional data and flags +\&\fIERR_peek_last_error_line_data()\fR store additional data and flags associated with the error code in *\fBdata\fR and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true. .PP -An application \fB\s-1MUST\s0 \s-1NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers +An application \fB\s-1MUST NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers returned by these functions) with \fIOPENSSL_free()\fR as freeing is handled automatically by the error library. .SH "RETURN VALUES" Index: secure/lib/libcrypto/man/ERR_load_crypto_strings.3 =================================================================== --- secure/lib/libcrypto/man/ERR_load_crypto_strings.3 (revision 279126) +++ secure/lib/libcrypto/man/ERR_load_crypto_strings.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_load_crypto_strings 3" -.TH ERR_load_crypto_strings 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ERR_load_crypto_strings 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ERR_load_strings.3 =================================================================== --- secure/lib/libcrypto/man/ERR_load_strings.3 (revision 279126) +++ secure/lib/libcrypto/man/ERR_load_strings.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_load_strings 3" -.TH ERR_load_strings 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ERR_load_strings 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ERR_print_errors.3 =================================================================== --- secure/lib/libcrypto/man/ERR_print_errors.3 (revision 279126) +++ secure/lib/libcrypto/man/ERR_print_errors.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_print_errors 3" -.TH ERR_print_errors 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ERR_print_errors 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ERR_put_error.3 =================================================================== --- secure/lib/libcrypto/man/ERR_put_error.3 (revision 279126) +++ secure/lib/libcrypto/man/ERR_put_error.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_put_error 3" -.TH ERR_put_error 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ERR_put_error 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ERR_remove_state.3 =================================================================== --- secure/lib/libcrypto/man/ERR_remove_state.3 (revision 279126) +++ secure/lib/libcrypto/man/ERR_remove_state.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_remove_state 3" -.TH ERR_remove_state 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ERR_remove_state 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ERR_set_mark.3 =================================================================== --- secure/lib/libcrypto/man/ERR_set_mark.3 (revision 279126) +++ secure/lib/libcrypto/man/ERR_set_mark.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_set_mark 3" -.TH ERR_set_mark 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ERR_set_mark 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/EVP_BytesToKey.3 =================================================================== --- secure/lib/libcrypto/man/EVP_BytesToKey.3 (revision 279126) +++ secure/lib/libcrypto/man/EVP_BytesToKey.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_BytesToKey 3" -.TH EVP_BytesToKey 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH EVP_BytesToKey 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -168,7 +177,7 @@ v2.0 for key derivation. .SH "KEY DERIVATION ALGORITHM" .IX Header "KEY DERIVATION ALGORITHM" The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until -enough data is available for the key and \s-1IV\s0. D_i is defined as: +enough data is available for the key and \s-1IV.\s0 D_i is defined as: .PP .Vb 1 \& D_i = HASH^count(D_(i\-1) || data || salt) @@ -179,7 +188,7 @@ algorithm in use, HASH^1(data) is simply \s-1HASH\ is \s-1HASH\s0(\s-1HASH\s0(data)) and so on. .PP The initial bytes are used for the key and the subsequent bytes for -the \s-1IV\s0. +the \s-1IV.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fIEVP_BytesToKey()\fR returns the size of the derived key in bytes. Index: secure/lib/libcrypto/man/EVP_DigestInit.3 =================================================================== --- secure/lib/libcrypto/man/EVP_DigestInit.3 (revision 279126) +++ secure/lib/libcrypto/man/EVP_DigestInit.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestInit 3" -.TH EVP_DigestInit 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH EVP_DigestInit 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -197,7 +206,7 @@ The \s-1EVP\s0 digest routines are a high level in \&\fIEVP_MD_CTX_create()\fR allocates, initializes and returns a digest context. .PP \&\fIEVP_DigestInit_ex()\fR sets up digest context \fBctx\fR to use a digest -\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized before calling this +\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized before calling this function. \fBtype\fR will typically be supplied by a functionsuch as \fIEVP_sha1()\fR. If \fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used. .PP @@ -242,7 +251,7 @@ hash. \&\fIEVP_MD_block_size()\fR and \fIEVP_MD_CTX_block_size()\fR return the block size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure. .PP -\&\fIEVP_MD_type()\fR and \fIEVP_MD_CTX_type()\fR return the \s-1NID\s0 of the \s-1OBJECT\s0 \s-1IDENTIFIER\s0 +\&\fIEVP_MD_type()\fR and \fIEVP_MD_CTX_type()\fR return the \s-1NID\s0 of the \s-1OBJECT IDENTIFIER\s0 representing the given message digest when passed an \fB\s-1EVP_MD\s0\fR structure. For example EVP_MD_type(\fIEVP_sha1()\fR) returns \fBNID_sha1\fR. This function is normally used when setting \s-1ASN1\s0 OIDs. @@ -256,11 +265,11 @@ return \fBNID_sha1WithRSAEncryption\fR. This \*(L" algorithms may not be retained in future versions of OpenSSL. .PP \&\fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR -return \fB\s-1EVP_MD\s0\fR structures for the \s-1MD2\s0, \s-1MD5\s0, \s-1SHA\s0, \s-1SHA1\s0, \s-1MDC2\s0 and \s-1RIPEMD160\s0 digest +return \fB\s-1EVP_MD\s0\fR structures for the \s-1MD2, MD5, SHA, SHA1, MDC2\s0 and \s-1RIPEMD160\s0 digest algorithms respectively. The associated signature algorithm is \s-1RSA\s0 in each case. .PP \&\fIEVP_dss()\fR and \fIEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA\s0 and \s-1SHA1\s0 digest -algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm. +algorithms but using \s-1DSS \s0(\s-1DSA\s0) for the signature algorithm. .PP \&\fIEVP_md_null()\fR is a \*(L"null\*(R" message digest that does nothing: i.e. the hash it returns is of zero length. @@ -277,7 +286,7 @@ success and 0 for failure. \&\fIEVP_MD_CTX_copy_ex()\fR returns 1 if successful or 0 for failure. .PP \&\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR and \fIEVP_MD_type()\fR return the \s-1NID\s0 of the -corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if none exists. +corresponding \s-1OBJECT IDENTIFIER\s0 or NID_undef if none exists. .PP \&\fIEVP_MD_size()\fR, \fIEVP_MD_block_size()\fR, EVP_MD_CTX_size(e), \fIEVP_MD_size()\fR, \&\fIEVP_MD_CTX_block_size()\fR and \fIEVP_MD_block_size()\fR return the digest or block Index: secure/lib/libcrypto/man/EVP_EncryptInit.3 =================================================================== --- secure/lib/libcrypto/man/EVP_EncryptInit.3 (revision 279126) +++ secure/lib/libcrypto/man/EVP_EncryptInit.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_EncryptInit 3" -.TH EVP_EncryptInit 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH EVP_EncryptInit 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -227,7 +236,7 @@ symmetric ciphers. \&\fIEVP_CIPHER_CTX_init()\fR initializes cipher contex \fBctx\fR. .PP \&\fIEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption -with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized +with cipher \fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized before calling this function. \fBtype\fR is normally supplied by a function such as \fIEVP_des_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the default implementation is used. \fBkey\fR is the symmetric key to use @@ -235,7 +244,7 @@ and \fBiv\fR is the \s-1IV\s0 to use (if necessary used for the key and \s-1IV\s0 depends on the cipher. It is possible to set all parameters to \s-1NULL\s0 except \fBtype\fR in an initial call and supply the remaining parameters in subsequent calls, all of which have \fBtype\fR -set to \s-1NULL\s0. This is done when the default cipher parameters are not +set to \s-1NULL.\s0 This is done when the default cipher parameters are not appropriate. .PP \&\fIEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and @@ -294,8 +303,8 @@ return an \s-1EVP_CIPHER\s0 structure when passed .PP \&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The actual \s-1NID\s0 -value is an internal value which may not have a corresponding \s-1OBJECT\s0 -\&\s-1IDENTIFIER\s0. +value is an internal value which may not have a corresponding \s-1OBJECT +IDENTIFIER.\s0 .PP \&\fIEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. By default encryption operations are padded using standard block padding and the @@ -317,7 +326,7 @@ length to any value other than the fixed value is .PP \&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR. -It will return zero if the cipher does not use an \s-1IV\s0. The constant +It will return zero if the cipher does not use an \s-1IV. \s0 The constant \&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers. .PP \&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block @@ -326,9 +335,9 @@ structure. The constant \fB\s-1EVP_MAX_IV_LENGTH\s length for all ciphers. .PP \&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the type of the passed -cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT\s0 -\&\s-1IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and -128 bit \s-1RC2\s0 have the same \s-1NID\s0. If the cipher does not have an object +cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT +IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and +128 bit \s-1RC2\s0 have the same \s-1NID.\s0 If the cipher does not have an object identifier or does not have \s-1ASN1\s0 support this function will return \&\fBNID_undef\fR. .PP @@ -336,13 +345,13 @@ identifier or does not have \s-1ASN1\s0 support th an \fB\s-1EVP_CIPHER_CTX\s0\fR structure. .PP \&\fIEVP_CIPHER_mode()\fR and \fIEVP_CIPHER_CTX_mode()\fR return the block cipher mode: -\&\s-1EVP_CIPH_ECB_MODE\s0, \s-1EVP_CIPH_CBC_MODE\s0, \s-1EVP_CIPH_CFB_MODE\s0 or -\&\s-1EVP_CIPH_OFB_MODE\s0. If the cipher is a stream cipher then +\&\s-1EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE\s0 or +\&\s-1EVP_CIPH_OFB_MODE.\s0 If the cipher is a stream cipher then \&\s-1EVP_CIPH_STREAM_CIPHER\s0 is returned. .PP \&\fIEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based on the passed cipher. This will typically include any parameters and an -\&\s-1IV\s0. The cipher \s-1IV\s0 (if any) must be set when this call is made. This call +\&\s-1IV.\s0 The cipher \s-1IV \s0(if any) must be set when this call is made. This call should be made before the cipher is actually \*(L"used\*(R" (before any \&\fIEVP_EncryptUpdate()\fR, \fIEVP_DecryptUpdate()\fR calls for example). This function may fail if the cipher does not have any \s-1ASN1\s0 support. @@ -349,11 +358,11 @@ may fail if the cipher does not have any \s-1ASN1\ .PP \&\fIEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0 AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher -In the case of \s-1RC2\s0, for example, it will set the \s-1IV\s0 and effective key length. +In the case of \s-1RC2,\s0 for example, it will set the \s-1IV\s0 and effective key length. This function should be called after the base cipher type is set but before the key is set. For example \fIEVP_CipherInit()\fR will be called with the \s-1IV\s0 and -key set to \s-1NULL\s0, \fIEVP_CIPHER_asn1_to_param()\fR will be called and finally -\&\fIEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL\s0. It is +key set to \s-1NULL,\s0 \fIEVP_CIPHER_asn1_to_param()\fR will be called and finally +\&\fIEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support or the parameters cannot be set (for example the \s-1RC2\s0 effective key length is not supported. @@ -377,7 +386,7 @@ return 1 for success and 0 for failure. \&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error. .PP -\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return a \s-1NID\s0. +\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0 .PP \&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block size. @@ -388,10 +397,10 @@ length. \&\fIEVP_CIPHER_CTX_set_padding()\fR always returns 1. .PP \&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 -length or zero if the cipher does not use an \s-1IV\s0. +length or zero if the cipher does not use an \s-1IV.\s0 .PP \&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's -\&\s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT\s0 \s-1IDENTIFIER\s0. +\&\s-1OBJECT IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT IDENTIFIER.\s0 .PP \&\fIEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure. .PP @@ -405,13 +414,13 @@ All algorithms have a fixed key length unless othe Null cipher: does nothing. .IP "EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)" 4 .IX Item "EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)" -\&\s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. +\&\s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. .IP "EVP_des_ede_cbc(void), \fIEVP_des_ede()\fR, EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)" 4 -.IX Item "EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)" -Two key triple \s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. +.IX Item "EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)" +Two key triple \s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. .IP "EVP_des_ede3_cbc(void), \fIEVP_des_ede3()\fR, EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)" 4 -.IX Item "EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)" -Three key triple \s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. +.IX Item "EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)" +Three key triple \s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. .IP "EVP_desx_cbc(void)" 4 .IX Item "EVP_desx_cbc(void)" \&\s-1DESX\s0 algorithm in \s-1CBC\s0 mode. @@ -424,10 +433,10 @@ Null cipher: does nothing. and the \fIEVP_CIPHER_CTX_set_key_length()\fR function. .IP "\fIEVP_idea_cbc()\fR EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)" 4 .IX Item "EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)" -\&\s-1IDEA\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. +\&\s-1IDEA\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. .IP "EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)" 4 .IX Item "EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)" -\&\s-1RC2\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key +\&\s-1RC2\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length cipher with an additional parameter called \*(L"effective key bits\*(R" or \*(L"effective key length\*(R". By default both are set to 128 bits. .IP "EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)" 4 @@ -437,15 +446,15 @@ These are obsolete and new code should use \fIEVP_ \&\fIEVP_CIPHER_CTX_ctrl()\fR to set the key length and effective key length. .IP "EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);" 4 .IX Item "EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);" -Blowfish encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key +Blowfish encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length cipher. .IP "EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)" 4 .IX Item "EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)" -\&\s-1CAST\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key +\&\s-1CAST\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length cipher. .IP "EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)" 4 .IX Item "EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)" -\&\s-1RC5\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length +\&\s-1RC5\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length cipher with an additional \*(L"number of rounds\*(R" parameter. By default the key length is set to 128 bits and 12 rounds. .SH "NOTES" @@ -487,7 +496,7 @@ unpredictable. This is because it has become stand generic key as a fixed unsigned char array containing \s-1EVP_MAX_KEY_LENGTH\s0 bytes. .PP The \s-1ASN1\s0 code is incomplete (and sometimes inaccurate) it has only been tested -for certain common S/MIME ciphers (\s-1RC2\s0, \s-1DES\s0, triple \s-1DES\s0) in \s-1CBC\s0 mode. +for certain common S/MIME ciphers (\s-1RC2, DES,\s0 triple \s-1DES\s0) in \s-1CBC\s0 mode. .SH "EXAMPLES" .IX Header "EXAMPLES" Get the number of rounds used in \s-1RC5:\s0 @@ -570,7 +579,7 @@ utility with the command line: \& S .Ve .PP -General encryption, decryption function example using \s-1FILE\s0 I/O and \s-1RC2\s0 with an +General encryption, decryption function example using \s-1FILE I/O\s0 and \s-1RC2\s0 with an 80 bit key: .PP .Vb 10 Index: secure/lib/libcrypto/man/EVP_OpenInit.3 =================================================================== --- secure/lib/libcrypto/man/EVP_OpenInit.3 (revision 279126) +++ secure/lib/libcrypto/man/EVP_OpenInit.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_OpenInit 3" -.TH EVP_OpenInit 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH EVP_OpenInit 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,7 +172,7 @@ page. It is possible to call \fIEVP_OpenInit()\fR twice in the same way as \&\fIEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0 and (after setting any cipher parameters) it should be called again -with \fBtype\fR set to \s-1NULL\s0. +with \fBtype\fR set to \s-1NULL.\s0 .PP If the cipher passed in the \fBtype\fR parameter is a variable length cipher then the key length will be set to the value of the recovered Index: secure/lib/libcrypto/man/EVP_PKEY_new.3 =================================================================== --- secure/lib/libcrypto/man/EVP_PKEY_new.3 (revision 279126) +++ secure/lib/libcrypto/man/EVP_PKEY_new.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_new 3" -.TH EVP_PKEY_new 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH EVP_PKEY_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 =================================================================== --- secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 (revision 279126) +++ secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_set1_RSA 3" -.TH EVP_PKEY_set1_RSA 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH EVP_PKEY_set1_RSA 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -172,8 +181,8 @@ will be freed when the parent \fBpkey\fR is freed. .PP \&\fIEVP_PKEY_type()\fR returns the type of key corresponding to the value \&\fBtype\fR. The type of a key can be obtained with -EVP_PKEY_type(pkey\->type). The return value will be \s-1EVP_PKEY_RSA\s0, -\&\s-1EVP_PKEY_DSA\s0, \s-1EVP_PKEY_DH\s0 or \s-1EVP_PKEY_EC\s0 for the corresponding +EVP_PKEY_type(pkey\->type). The return value will be \s-1EVP_PKEY_RSA, +EVP_PKEY_DSA, EVP_PKEY_DH\s0 or \s-1EVP_PKEY_EC\s0 for the corresponding key types or NID_undef if the key type is unassigned. .SH "NOTES" .IX Header "NOTES" Index: secure/lib/libcrypto/man/EVP_SealInit.3 =================================================================== --- secure/lib/libcrypto/man/EVP_SealInit.3 (revision 279126) +++ secure/lib/libcrypto/man/EVP_SealInit.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SealInit 3" -.TH EVP_SealInit 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH EVP_SealInit 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,12 +156,12 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1EVP\s0 envelope routines are a high level interface to envelope -encryption. They generate a random key and \s-1IV\s0 (if required) then +encryption. They generate a random key and \s-1IV \s0(if required) then \&\*(L"envelope\*(R" it by using public key encryption. Data can then be encrypted using this key. .PP \&\fIEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption -with cipher \fBtype\fR using a random secret key and \s-1IV\s0. \fBtype\fR is normally +with cipher \fBtype\fR using a random secret key and \s-1IV. \s0\fBtype\fR is normally supplied by a function such as \fIEVP_des_cbc()\fR. The secret key is encrypted using one or more public keys, this allows the same encrypted data to be decrypted using any of the corresponding private keys. \fBek\fR is an array of @@ -163,7 +172,7 @@ size of each encrypted secret key is written to th an array of \fBnpubk\fR public keys. .PP The \fBiv\fR parameter is a buffer where the generated \s-1IV\s0 is written to. It must -contain enough room for the corresponding cipher's \s-1IV\s0, as determined by (for +contain enough room for the corresponding cipher's \s-1IV,\s0 as determined by (for example) EVP_CIPHER_iv_length(type). .PP If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored @@ -196,7 +205,7 @@ using public key encryption. It is possible to call \fIEVP_SealInit()\fR twice in the same way as \&\fIEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0 and (after setting any cipher parameters) it should be called again -with \fBtype\fR set to \s-1NULL\s0. +with \fBtype\fR set to \s-1NULL.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIevp\fR\|(3), \fIrand\fR\|(3), Index: secure/lib/libcrypto/man/EVP_SignInit.3 =================================================================== --- secure/lib/libcrypto/man/EVP_SignInit.3 (revision 279126) +++ secure/lib/libcrypto/man/EVP_SignInit.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SignInit 3" -.TH EVP_SignInit 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH EVP_SignInit 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,7 +159,7 @@ The \s-1EVP\s0 signature routines are a high level signatures. .PP \&\fIEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest -\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized with +\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized with \&\fIEVP_MD_CTX_init()\fR before calling this function. .PP \&\fIEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the Index: secure/lib/libcrypto/man/EVP_VerifyInit.3 =================================================================== --- secure/lib/libcrypto/man/EVP_VerifyInit.3 (revision 279126) +++ secure/lib/libcrypto/man/EVP_VerifyInit.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_VerifyInit 3" -.TH EVP_VerifyInit 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH EVP_VerifyInit 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,7 +157,7 @@ The \s-1EVP\s0 signature verification routines are signatures. .PP \&\fIEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest -\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized by calling +\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized by calling \&\fIEVP_MD_CTX_init()\fR before calling this function. .PP \&\fIEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the Index: secure/lib/libcrypto/man/OBJ_nid2obj.3 =================================================================== --- secure/lib/libcrypto/man/OBJ_nid2obj.3 (revision 279126) +++ secure/lib/libcrypto/man/OBJ_nid2obj.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OBJ_nid2obj 3" -.TH OBJ_nid2obj 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH OBJ_nid2obj 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,9 +169,9 @@ functions .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are -a representation of the \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (\s-1OID\s0) type. +a representation of the \s-1ASN1 OBJECT IDENTIFIER \s0(\s-1OID\s0) type. .PP -\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to +\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID \s0\fBn\fR to an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively, or \fB\s-1NULL\s0\fR is an error occurred. .PP @@ -223,7 +232,7 @@ Objects which are not in the table have the \s-1NI .PP Objects do not need to be in the internal tables to be processed, the functions \fIOBJ_txt2obj()\fR and \fIOBJ_obj2txt()\fR can process the numerical -form of an \s-1OID\s0. +form of an \s-1OID.\s0 .SH "EXAMPLES" .IX Header "EXAMPLES" Create an object for \fBcommonName\fR: Index: secure/lib/libcrypto/man/OPENSSL_Applink.3 =================================================================== --- secure/lib/libcrypto/man/OPENSSL_Applink.3 (revision 279126) +++ secure/lib/libcrypto/man/OPENSSL_Applink.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_Applink 3" -.TH OPENSSL_Applink 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH OPENSSL_Applink 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 =================================================================== --- secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 (revision 279126) +++ secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_VERSION_NUMBER 3" -.TH OPENSSL_VERSION_NUMBER 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH OPENSSL_VERSION_NUMBER 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -205,8 +214,8 @@ The \*(L"Configure\*(R" target of the library buil if available or \*(L"platform: information not available\*(R" otherwise. .IP "\s-1SSLEAY_DIR\s0" 4 .IX Item "SSLEAY_DIR" -The \*(L"\s-1OPENSSLDIR\s0\*(R" setting of the library build in the form \*(L"\s-1OPENSSLDIR:\s0 \*(R"..."\*(L" -if available or \*(R"\s-1OPENSSLDIR:\s0 N/A" otherwise. +The \*(L"\s-1OPENSSLDIR\*(R"\s0 setting of the library build in the form \*(L"\s-1OPENSSLDIR: \*(R"..."\*(L"\s0 +if available or \*(R"\s-1OPENSSLDIR: N/A"\s0 otherwise. .PP For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned. .SH "RETURN VALUE" Index: secure/lib/libcrypto/man/OPENSSL_config.3 =================================================================== --- secure/lib/libcrypto/man/OPENSSL_config.3 (revision 279126) +++ secure/lib/libcrypto/man/OPENSSL_config.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_config 3" -.TH OPENSSL_config 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH OPENSSL_config 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/OPENSSL_ia32cap.3 =================================================================== --- secure/lib/libcrypto/man/OPENSSL_ia32cap.3 (revision 279126) +++ secure/lib/libcrypto/man/OPENSSL_ia32cap.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_ia32cap 3" -.TH OPENSSL_ia32cap 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH OPENSSL_ia32cap 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,7 +168,7 @@ significant, namely: .PP For example, clearing bit #26 at run-time disables high-performance \&\s-1SSE2\s0 code present in the crypto library. You might have to do this if -target OpenSSL application is executed on \s-1SSE2\s0 capable \s-1CPU\s0, but under +target OpenSSL application is executed on \s-1SSE2\s0 capable \s-1CPU,\s0 but under control of \s-1OS\s0 which does not support \s-1SSE2\s0 extentions. Even though you can manipulate the value programmatically, you most likely will find it more appropriate to set up an environment variable with the same name Index: secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 =================================================================== --- secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 (revision 279126) +++ secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_load_builtin_modules 3" -.TH OPENSSL_load_builtin_modules 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH OPENSSL_load_builtin_modules 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +155,7 @@ The function \fIOPENSSL_load_builtin_modules()\fR configuration modules to the internal list. They can then be used by the OpenSSL configuration code. .PP -\&\fIASN1_add_oid_module()\fR adds just the \s-1ASN1\s0 \s-1OBJECT\s0 module. +\&\fIASN1_add_oid_module()\fR adds just the \s-1ASN1 OBJECT\s0 module. .PP \&\fIENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module. .SH "NOTES" Index: secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 =================================================================== --- secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 (revision 279126) +++ secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OpenSSL_add_all_algorithms 3" -.TH OpenSSL_add_all_algorithms 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH OpenSSL_add_all_algorithms 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -171,7 +180,7 @@ needs to lookup algorithms. .PP The cipher and digest lookup functions are used in many parts of the library. If the table is not initialized several functions will misbehave and complain they -cannot find algorithms. This includes the \s-1PEM\s0, PKCS#12, \s-1SSL\s0 and S/MIME libraries. +cannot find algorithms. This includes the \s-1PEM,\s0 PKCS#12, \s-1SSL\s0 and S/MIME libraries. This is a common query in the OpenSSL mailing lists. .PP Calling \fIOpenSSL_add_all_algorithms()\fR links in all algorithms: as a result a Index: secure/lib/libcrypto/man/PKCS12_create.3 =================================================================== --- secure/lib/libcrypto/man/PKCS12_create.3 (revision 279126) +++ secure/lib/libcrypto/man/PKCS12_create.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_create 3" -.TH PKCS12_create 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH PKCS12_create 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,15 +167,15 @@ The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBi can all be set to zero and sensible defaults will be used. .PP These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0 -encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0 -(currently 2048) and a \s-1MAC\s0 iteration count of 1. +encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER +\&\s0(currently 2048) and a \s-1MAC\s0 iteration count of 1. .PP The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility -is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER\s0. +is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER.\s0 .PP \&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension -that is only currently interpreted by \s-1MSIE\s0. If set to zero the flag is omitted, +that is only currently interpreted by \s-1MSIE.\s0 If set to zero the flag is omitted, if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR it can be used for signing and encryption. This option was useful for old export grade software which could use signing only keys of arbitrary size but Index: secure/lib/libcrypto/man/PKCS12_parse.3 =================================================================== --- secure/lib/libcrypto/man/PKCS12_parse.3 (revision 279126) +++ secure/lib/libcrypto/man/PKCS12_parse.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_parse 3" -.TH PKCS12_parse 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH PKCS12_parse 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/PKCS7_decrypt.3 =================================================================== --- secure/lib/libcrypto/man/PKCS7_decrypt.3 (revision 279126) +++ secure/lib/libcrypto/man/PKCS7_decrypt.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_decrypt 3" -.TH PKCS7_decrypt 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH PKCS7_decrypt 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/PKCS7_encrypt.3 =================================================================== --- secure/lib/libcrypto/man/PKCS7_encrypt.3 (revision 279126) +++ secure/lib/libcrypto/man/PKCS7_encrypt.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_encrypt 3" -.TH PKCS7_encrypt 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH PKCS7_encrypt 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,7 +162,7 @@ be signed using the \s-1RSA\s0 algorithm. most clients will support it. .PP Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 bit -\&\s-1RC2\s0. These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR respectively. +\&\s-1RC2.\s0 These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR respectively. .PP The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of its parameters. Index: secure/lib/libcrypto/man/PKCS7_sign.3 =================================================================== --- secure/lib/libcrypto/man/PKCS7_sign.3 (revision 279126) +++ secure/lib/libcrypto/man/PKCS7_sign.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_sign 3" -.TH PKCS7_sign 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH PKCS7_sign 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +154,7 @@ is the certificate to sign with, \fBpkey\fR is the \&\fBcerts\fR is an optional additional set of certificates to include in the PKCS#7 structure (for example any intermediate CAs in the chain). .PP -The data to be signed is read from \s-1BIO\s0 \fBdata\fR. +The data to be signed is read from \s-1BIO \s0\fBdata\fR. .PP \&\fBflags\fR is an optional set of flags. .SH "NOTES" @@ -177,7 +186,7 @@ will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is omitted. .PP If present the SMIMECapabilities attribute indicates support for the following -algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any +algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of these algorithms is disabled then it will not be included. .PP If the flags \fB\s-1PKCS7_PARTSIGN\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure Index: secure/lib/libcrypto/man/PKCS7_verify.3 =================================================================== --- secure/lib/libcrypto/man/PKCS7_verify.3 (revision 279126) +++ secure/lib/libcrypto/man/PKCS7_verify.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_verify 3" -.TH PKCS7_verify 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH PKCS7_verify 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +156,7 @@ structure to verify. \fBcerts\fR is a set of certi the signer's certificate. \fBstore\fR is a trusted certficate store (used for chain verification). \fBindata\fR is the signed data if the content is not present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR -if it is not \s-1NULL\s0. +if it is not \s-1NULL.\s0 .PP \&\fBflags\fR is an optional set of flags, which can be used to modify the verify operation. Index: secure/lib/libcrypto/man/RAND_add.3 =================================================================== --- secure/lib/libcrypto/man/RAND_add.3 (revision 279126) +++ secure/lib/libcrypto/man/RAND_add.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_add 3" -.TH RAND_add 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RAND_add 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,7 +165,7 @@ key presses, mouse movements) and certain hardware \&\fBentropy\fR argument is (the lower bound of) an estimate of how much randomness is contained in \fBbuf\fR, measured in bytes. Details about sources of randomness and how to estimate their entropy can be found -in the literature, e.g. \s-1RFC\s0 1750. +in the literature, e.g. \s-1RFC 1750.\s0 .PP \&\fIRAND_add()\fR may be called with sensitive data such as user entered passwords. The seed values cannot be recovered from the \s-1PRNG\s0 output. @@ -174,11 +183,11 @@ or \fIRAND_load_file\fR\|(3). movements and other user interaction. It should be called with the \&\fBiMsg\fR, \fBwParam\fR and \fBlParam\fR arguments of \fIall\fR messages sent to the window procedure. It will estimate the entropy contained in the -event message (if any), and add it to the \s-1PRNG\s0. The program can then +event message (if any), and add it to the \s-1PRNG.\s0 The program can then process the messages as usual. .PP The \fIRAND_screen()\fR function is available for the convenience of Windows -programmers. It adds the current contents of the screen to the \s-1PRNG\s0. +programmers. It adds the current contents of the screen to the \s-1PRNG.\s0 For applications that can catch Windows events, seeding the \s-1PRNG\s0 by calling \fIRAND_event()\fR is a significantly better source of randomness. It should be noted that both methods cannot be used on Index: secure/lib/libcrypto/man/RAND_bytes.3 =================================================================== --- secure/lib/libcrypto/man/RAND_bytes.3 (revision 279126) +++ secure/lib/libcrypto/man/RAND_bytes.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_bytes 3" -.TH RAND_bytes 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RAND_bytes 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RAND_cleanup.3 =================================================================== --- secure/lib/libcrypto/man/RAND_cleanup.3 (revision 279126) +++ secure/lib/libcrypto/man/RAND_cleanup.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_cleanup 3" -.TH RAND_cleanup 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RAND_cleanup 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -140,7 +149,7 @@ RAND_cleanup \- erase the PRNG state .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRAND_cleanup()\fR erases the memory used by the \s-1PRNG\s0. +\&\fIRAND_cleanup()\fR erases the memory used by the \s-1PRNG.\s0 .SH "RETURN VALUE" .IX Header "RETURN VALUE" \&\fIRAND_cleanup()\fR returns no value. Index: secure/lib/libcrypto/man/RAND_egd.3 =================================================================== --- secure/lib/libcrypto/man/RAND_egd.3 (revision 279126) +++ secure/lib/libcrypto/man/RAND_egd.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_egd 3" -.TH RAND_egd 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RAND_egd 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,12 +154,12 @@ RAND_egd \- query entropy gathering daemon .IX Header "DESCRIPTION" \&\fIRAND_egd()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR. It queries 255 bytes and uses \fIRAND_add\fR\|(3) to seed the -OpenSSL built-in \s-1PRNG\s0. RAND_egd(path) is a wrapper for +OpenSSL built-in \s-1PRNG.\s0 RAND_egd(path) is a wrapper for RAND_egd_bytes(path, 255); .PP \&\fIRAND_egd_bytes()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR. It queries \fBbytes\fR bytes and uses \fIRAND_add\fR\|(3) to seed the -OpenSSL built-in \s-1PRNG\s0. +OpenSSL built-in \s-1PRNG.\s0 This function is more flexible than \fIRAND_egd()\fR. When only one secret key must be generated, it is not necessary to request the full amount 255 bytes from @@ -159,7 +168,7 @@ that can be retrieved from \s-1EGD\s0 over time is .PP \&\fIRAND_query_egd_bytes()\fR performs the actual query of the \s-1EGD\s0 daemon on socket \&\fBpath\fR. If \fBbuf\fR is given, \fBbytes\fR bytes are queried and written into -\&\fBbuf\fR. If \fBbuf\fR is \s-1NULL\s0, \fBbytes\fR bytes are queried and used to seed the +\&\fBbuf\fR. If \fBbuf\fR is \s-1NULL, \s0\fBbytes\fR bytes are queried and used to seed the OpenSSL built-in \s-1PRNG\s0 using \fIRAND_add\fR\|(3). .SH "NOTES" .IX Header "NOTES" @@ -191,7 +200,7 @@ is located at /var/run/egd\-pool, /dev/egd\-pool o .IX Header "RETURN VALUE" \&\fIRAND_egd()\fR and \fIRAND_egd_bytes()\fR return the number of bytes read from the daemon on success, and \-1 if the connection failed or the daemon did not -return enough data to fully seed the \s-1PRNG\s0. +return enough data to fully seed the \s-1PRNG.\s0 .PP \&\fIRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on success, and \-1 if the connection failed. The \s-1PRNG\s0 state is not considered. Index: secure/lib/libcrypto/man/RAND_load_file.3 =================================================================== --- secure/lib/libcrypto/man/RAND_load_file.3 (revision 279126) +++ secure/lib/libcrypto/man/RAND_load_file.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_load_file 3" -.TH RAND_load_file 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RAND_load_file 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,7 +160,7 @@ set, \f(CW$HOME\fR/.rnd otherwise. If \f(CW$HOME\f too small for the path name, an error occurs. .PP \&\fIRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and -adds them to the \s-1PRNG\s0. If \fBmax_bytes\fR is non-negative, +adds them to the \s-1PRNG.\s0 If \fBmax_bytes\fR is non-negative, up to to \fBmax_bytes\fR are read; starting with OpenSSL 0.9.5, if \fBmax_bytes\fR is \-1, the complete file is read. .PP Index: secure/lib/libcrypto/man/RAND_set_rand_method.3 =================================================================== --- secure/lib/libcrypto/man/RAND_set_rand_method.3 (revision 279126) +++ secure/lib/libcrypto/man/RAND_set_rand_method.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_set_rand_method 3" -.TH RAND_set_rand_method 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RAND_set_rand_method 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +156,7 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_S A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number generation. By modifying the method, alternative implementations such as hardware RNGs may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for important -information about how these \s-1RAND\s0 \s-1API\s0 functions are affected by the use of +information about how these \s-1RAND API\s0 functions are affected by the use of \&\fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP Initially, the default \s-1RAND_METHOD\s0 is the OpenSSL internal implementation, as @@ -154,12 +163,12 @@ Initially, the default \s-1RAND_METHOD\s0 is the O returned by \fIRAND_SSLeay()\fR. .PP \&\fIRAND_set_default_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. \fB\s-1NB\s0\fR: This is -true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1RAND\s0, so this function +true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1RAND,\s0 so this function is no longer recommended. .PP -\&\fIRAND_get_default_method()\fR returns a pointer to the current \s-1RAND_METHOD\s0. -However, the meaningfulness of this result is dependent on whether the \s-1ENGINE\s0 -\&\s-1API\s0 is being used, so this function is no longer recommended. +\&\fIRAND_get_default_method()\fR returns a pointer to the current \s-1RAND_METHOD.\s0 +However, the meaningfulness of this result is dependent on whether the \s-1ENGINE +API\s0 is being used, so this function is no longer recommended. .SH "THE RAND_METHOD STRUCTURE" .IX Header "THE RAND_METHOD STRUCTURE" .Vb 9 @@ -185,10 +194,10 @@ Each component may be \s-1NULL\s0 if the function .SH "NOTES" .IX Header "NOTES" As of version 0.9.7, \s-1RAND_METHOD\s0 implementations are grouped together with other -algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a -default \s-1ENGINE\s0 is specified for \s-1RAND\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function, -that will override any \s-1RAND\s0 defaults set using the \s-1RAND\s0 \s-1API\s0 (ie. -\&\fIRAND_set_rand_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way +algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a +default \s-1ENGINE\s0 is specified for \s-1RAND\s0 functionality using an \s-1ENGINE API\s0 function, +that will override any \s-1RAND\s0 defaults set using the \s-1RAND API \s0(ie. +\&\fIRAND_set_rand_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way to control default implementations for use in \s-1RAND\s0 and other cryptographic algorithms. .SH "SEE ALSO" @@ -201,6 +210,6 @@ available in all versions of OpenSSL. .PP In the engine version of version 0.9.6, \fIRAND_set_rand_method()\fR was altered to take an \s-1ENGINE\s0 pointer as its argument. As of version 0.9.7, that has been -reverted as the \s-1ENGINE\s0 \s-1API\s0 transparently overrides \s-1RAND\s0 defaults if used, -otherwise \s-1RAND\s0 \s-1API\s0 functions work as before. \fIRAND_set_rand_engine()\fR was also +reverted as the \s-1ENGINE API\s0 transparently overrides \s-1RAND\s0 defaults if used, +otherwise \s-1RAND API\s0 functions work as before. \fIRAND_set_rand_engine()\fR was also introduced in version 0.9.7. Index: secure/lib/libcrypto/man/RSA_blinding_on.3 =================================================================== --- secure/lib/libcrypto/man/RSA_blinding_on.3 (revision 279126) +++ secure/lib/libcrypto/man/RSA_blinding_on.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_blinding_on 3" -.TH RSA_blinding_on 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RSA_blinding_on 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_check_key.3 =================================================================== --- secure/lib/libcrypto/man/RSA_check_key.3 (revision 279126) +++ secure/lib/libcrypto/man/RSA_check_key.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_check_key 3" -.TH RSA_check_key 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RSA_check_key 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -173,7 +182,7 @@ acceleration or analysis purposes, then in all lik is complete and untouched, but this can't be assumed in the general case. .SH "BUGS" .IX Header "BUGS" -A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA\s0 \s-1API\s0 functions might need +A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA API\s0 functions might need to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and completely violating encapsulation and object-orientation in the process). Index: secure/lib/libcrypto/man/RSA_generate_key.3 =================================================================== --- secure/lib/libcrypto/man/RSA_generate_key.3 (revision 279126) +++ secure/lib/libcrypto/man/RSA_generate_key.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_generate_key 3" -.TH RSA_generate_key 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RSA_generate_key 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_get_ex_new_index.3 =================================================================== --- secure/lib/libcrypto/man/RSA_get_ex_new_index.3 (revision 279126) +++ secure/lib/libcrypto/man/RSA_get_ex_new_index.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_get_ex_new_index 3" -.TH RSA_get_ex_new_index 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RSA_get_ex_new_index 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -166,7 +175,7 @@ The \fB\f(BIRSA_get_ex_new_index()\fB\fR function new application specific data. It takes three optional function pointers which are called when the parent structure (in this case an \s-1RSA\s0 structure) is initially created, when it is copied and when it is freed up. If any or all of -these function pointer arguments are not used they should be set to \s-1NULL\s0. The +these function pointer arguments are not used they should be set to \s-1NULL.\s0 The precise manner in which these function pointers are called is described in more detail below. \fB\f(BIRSA_get_ex_new_index()\fB\fR also takes additional long and pointer parameters which will be passed to the supplied functions but which otherwise Index: secure/lib/libcrypto/man/RSA_new.3 =================================================================== --- secure/lib/libcrypto/man/RSA_new.3 (revision 279126) +++ secure/lib/libcrypto/man/RSA_new.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_new 3" -.TH RSA_new 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RSA_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 =================================================================== --- secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 (revision 279126) +++ secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_padding_add_PKCS1_type_1 3" -.TH RSA_padding_add_PKCS1_type_1 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RSA_padding_add_PKCS1_type_1 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_print.3 =================================================================== --- secure/lib/libcrypto/man/RSA_print.3 (revision 279126) +++ secure/lib/libcrypto/man/RSA_print.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_print 3" -.TH RSA_print 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RSA_print 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_private_encrypt.3 =================================================================== --- secure/lib/libcrypto/man/RSA_private_encrypt.3 (revision 279126) +++ secure/lib/libcrypto/man/RSA_private_encrypt.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_private_encrypt 3" -.TH RSA_private_encrypt 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RSA_private_encrypt 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_public_encrypt.3 =================================================================== --- secure/lib/libcrypto/man/RSA_public_encrypt.3 (revision 279126) +++ secure/lib/libcrypto/man/RSA_public_encrypt.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_public_encrypt 3" -.TH RSA_public_encrypt 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RSA_public_encrypt 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,7 +163,7 @@ session key) using the public key \fBrsa\fR and st \&\s-1PKCS\s0 #1 v1.5 padding. This currently is the most widely used mode. .IP "\s-1RSA_PKCS1_OAEP_PADDING\s0" 4 .IX Item "RSA_PKCS1_OAEP_PADDING" -EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1\s0, \s-1MGF1\s0 and an empty +EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1, MGF1\s0 and an empty encoding parameter. This mode is recommended for all new applications. .IP "\s-1RSA_SSLV23_PADDING\s0" 4 .IX Item "RSA_SSLV23_PADDING" @@ -168,7 +177,7 @@ Encrypting user data directly with \s-1RSA\s0 is i .PP \&\fBflen\fR must be less than RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 based padding modes, less than RSA_size(\fBrsa\fR) \- 41 for -\&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING\s0. +\&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING.\s0 The random number generator must be seeded prior to calling \&\fIRSA_public_encrypt()\fR. .PP @@ -187,7 +196,7 @@ On error, \-1 is returned; the error codes can be obtained by \fIERR_get_error\fR\|(3). .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 +\&\s-1SSL, PKCS\s0 #1 v2.0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIERR_get_error\fR\|(3), \fIrand\fR\|(3), \fIrsa\fR\|(3), Index: secure/lib/libcrypto/man/RSA_set_method.3 =================================================================== --- secure/lib/libcrypto/man/RSA_set_method.3 (revision 279126) +++ secure/lib/libcrypto/man/RSA_set_method.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_set_method 3" -.TH RSA_set_method 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RSA_set_method 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,7 +168,7 @@ RSA_new_method \- select RSA method An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0 operations. By modifying the method, alternative implementations such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for -important information about how these \s-1RSA\s0 \s-1API\s0 functions are affected by the +important information about how these \s-1RSA API\s0 functions are affected by the use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation, @@ -167,16 +176,16 @@ as returned by \fIRSA_PKCS1_SSLeay()\fR. .PP \&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0 structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has -been set as a default for \s-1RSA\s0, so this function is no longer recommended. +been set as a default for \s-1RSA,\s0 so this function is no longer recommended. .PP \&\fIRSA_get_default_method()\fR returns a pointer to the current default -\&\s-1RSA_METHOD\s0. However, the meaningfulness of this result is dependent on -whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer +\&\s-1RSA_METHOD.\s0 However, the meaningfulness of this result is dependent on +whether the \s-1ENGINE API\s0 is being used, so this function is no longer recommended. .PP \&\fIRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key \&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the -previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will +previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the change. It is possible to have \s-1RSA\s0 keys that only work with certain \s-1RSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module that supports embedded hardware-protected keys), and in such cases @@ -190,10 +199,10 @@ it is, the return value can only be guaranteed to \&\fIRSA_set_method()\fR. .PP \&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current -\&\s-1RSA_METHOD\s0. See the \s-1BUGS\s0 section. +\&\s-1RSA_METHOD.\s0 See the \s-1BUGS\s0 section. .PP \&\fIRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that -\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the +\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1RSA_METHOD\s0 controlled by \fIRSA_set_default_method()\fR is used. .PP @@ -253,14 +262,18 @@ the default method is used. \& /* sign. For backward compatibility, this is used only \& * if (flags & RSA_FLAG_SIGN_VER) \& */ -\& int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len, -\& unsigned char *sigret, unsigned int *siglen, RSA *rsa); -\& +\& int (*rsa_sign)(int type, +\& const unsigned char *m, unsigned int m_length, +\& unsigned char *sigret, unsigned int *siglen, const RSA *rsa); \& /* verify. For backward compatibility, this is used only \& * if (flags & RSA_FLAG_SIGN_VER) \& */ -\& int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len, -\& unsigned char *sigbuf, unsigned int siglen, RSA *rsa); +\& int (*rsa_verify)(int dtype, +\& const unsigned char *m, unsigned int m_length, +\& const unsigned char *sigbuf, unsigned int siglen, +\& const RSA *rsa); +\& /* keygen. If NULL builtin RSA key generation will be used */ +\& int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); \& \& } RSA_METHOD; .Ve @@ -273,7 +286,7 @@ and \fIRSA_get_method()\fR return pointers to the .PP \&\fIRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation that was replaced. However, this return value should probably be ignored -because if it was supplied by an \s-1ENGINE\s0, the pointer could be invalidated +because if it was supplied by an \s-1ENGINE,\s0 the pointer could be invalidated at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a result of the \fIRSA_set_method()\fR function releasing its handle to the \&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR @@ -285,10 +298,10 @@ it returns a pointer to the newly allocated struct .SH "NOTES" .IX Header "NOTES" As of version 0.9.7, \s-1RSA_METHOD\s0 implementations are grouped together with -other algorithmic APIs (eg. \s-1DSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) into \fB\s-1ENGINE\s0\fR +other algorithmic APIs (eg. \s-1DSA_METHOD, EVP_CIPHER,\s0 etc) into \fB\s-1ENGINE\s0\fR modules. If a default \s-1ENGINE\s0 is specified for \s-1RSA\s0 functionality using an -\&\s-1ENGINE\s0 \s-1API\s0 function, that will override any \s-1RSA\s0 defaults set using the \s-1RSA\s0 -\&\s-1API\s0 (ie. \fIRSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the +\&\s-1ENGINE API\s0 function, that will override any \s-1RSA\s0 defaults set using the \s-1RSA +API \s0(ie. \fIRSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way to control default implementations for use in \s-1RSA\s0 and other cryptographic algorithms. .SH "BUGS" @@ -316,9 +329,9 @@ added in OpenSSL 0.9.4. replaced \fIRSA_set_default_method()\fR and \fIRSA_get_default_method()\fR respectively, and \fIRSA_set_method()\fR and \fIRSA_new_method()\fR were altered to use \&\fB\s-1ENGINE\s0\fRs rather than \fB\s-1RSA_METHOD\s0\fRs during development of the engine -version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the \s-1ENGINE\s0 -\&\s-1API\s0 was restructured so that this change was reversed, and behaviour of the +version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the \s-1ENGINE +API\s0 was restructured so that this change was reversed, and behaviour of the other functions resembled more closely the previous behaviour. The -behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now transparently overrides the -behaviour of defaults in the \s-1RSA\s0 \s-1API\s0 without requiring changing these +behaviour of defaults in the \s-1ENGINE API\s0 now transparently overrides the +behaviour of defaults in the \s-1RSA API\s0 without requiring changing these function prototypes. Index: secure/lib/libcrypto/man/RSA_sign.3 =================================================================== --- secure/lib/libcrypto/man/RSA_sign.3 (revision 279126) +++ secure/lib/libcrypto/man/RSA_sign.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_sign 3" -.TH RSA_sign 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RSA_sign 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,6 +157,10 @@ RSA_sign, RSA_verify \- RSA signatures private key \fBrsa\fR as specified in \s-1PKCS\s0 #1 v2.0. It stores the signature in \fBsigret\fR and the signature size in \fBsiglen\fR. \fBsigret\fR must point to RSA_size(\fBrsa\fR) bytes of memory. +Note that \s-1PKCS\s0 #1 adds meta-data, placing limits on the size of the +key that can be used. +See \fIRSA_private_encrypt\fR\|(3) for lower-level +operations. .PP \&\fBtype\fR denotes the message digest algorithm that was used to generate \&\fBm\fR. It usually is one of \fBNID_sha1\fR, \fBNID_ripemd160\fR and \fBNID_md5\fR; @@ -171,7 +184,7 @@ Certain signatures with an improper algorithm iden for compatibility with SSLeay 0.4.5 :\-) .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 +\&\s-1SSL, PKCS\s0 #1 v2.0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIERR_get_error\fR\|(3), \fIobjects\fR\|(3), Index: secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 =================================================================== --- secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 (revision 279126) +++ secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_sign_ASN1_OCTET_STRING 3" -.TH RSA_sign_ASN1_OCTET_STRING 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RSA_sign_ASN1_OCTET_STRING 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_size.3 =================================================================== --- secure/lib/libcrypto/man/RSA_size.3 (revision 279126) +++ secure/lib/libcrypto/man/RSA_size.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_size 3" -.TH RSA_size 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RSA_size 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/SMIME_read_PKCS7.3 =================================================================== --- secure/lib/libcrypto/man/SMIME_read_PKCS7.3 (revision 279126) +++ secure/lib/libcrypto/man/SMIME_read_PKCS7.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_read_PKCS7 3" -.TH SMIME_read_PKCS7 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SMIME_read_PKCS7 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/SMIME_write_PKCS7.3 =================================================================== --- secure/lib/libcrypto/man/SMIME_write_PKCS7.3 (revision 279126) +++ secure/lib/libcrypto/man/SMIME_write_PKCS7.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_write_PKCS7 3" -.TH SMIME_write_PKCS7 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SMIME_write_PKCS7 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 =================================================================== --- secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 (revision 279126) +++ secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_ENTRY_get_object 3" -.TH X509_NAME_ENTRY_get_object 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH X509_NAME_ENTRY_get_object 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 =================================================================== --- secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 (revision 279126) +++ secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_add_entry_by_txt 3" -.TH X509_NAME_add_entry_by_txt 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH X509_NAME_add_entry_by_txt 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,7 +160,7 @@ X509_NAME_add_entry, X509_NAME_delete_entry \- X50 .IX Header "DESCRIPTION" \&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR and \&\fIX509_NAME_add_entry_by_NID()\fR add a field whose name is defined -by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively. +by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID \s0\fBnid\fR respectively. The field value to be added is in \fBbytes\fR of length \fBlen\fR. If \&\fBlen\fR is \-1 then the field length is calculated internally using strlen(bytes). Index: secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 =================================================================== --- secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 (revision 279126) +++ secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_get_index_by_NID 3" -.TH X509_NAME_get_index_by_NID 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH X509_NAME_get_index_by_NID 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,7 +160,7 @@ X509_NAME lookup and enumeration functions .IX Header "DESCRIPTION" These functions allow an \fBX509_NAME\fR structure to be examined. The \&\fBX509_NAME\fR structure is the same as the \fBName\fR type defined in -\&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject +\&\s-1RFC2459 \s0(and elsewhere) and used for example in certificate subject and issuer names. .PP \&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR retrieve Index: secure/lib/libcrypto/man/X509_NAME_print_ex.3 =================================================================== --- secure/lib/libcrypto/man/X509_NAME_print_ex.3 (revision 279126) +++ secure/lib/libcrypto/man/X509_NAME_print_ex.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_print_ex 3" -.TH X509_NAME_print_ex 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH X509_NAME_print_ex 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,7 +153,7 @@ X509_NAME_oneline \- X509_NAME printing routines. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each +\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO \s0\fBout\fR. Each line (for multiline formats) is indented by \fBindent\fR spaces. The output format can be extensively customised by use of the \fBflags\fR parameter. .PP @@ -169,7 +178,7 @@ Although there are a large number of possible flag \&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice. As noted on the \fIASN1_STRING_print_ex\fR\|(3) manual page for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR should be unset: so for example -\&\fB\s-1XN_FLAG_ONELINE\s0 & ~ASN1_STRFLGS_ESC_MSB\fR would be used. +\&\fB\s-1XN_FLAG_ONELINE &\s0 ~ASN1_STRFLGS_ESC_MSB\fR would be used. .PP The complete set of the flags supported by \fIX509_NAME_print_ex()\fR is listed below. .PP @@ -178,7 +187,7 @@ Several options can be ored together. The options \fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR, \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR, \&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR determine the field separators to use. Two distinct separators are used between distinct RelativeDistinguishedName -components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN\s0. Multi-valued +components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN.\s0 Multi-valued RDNs are currently very rare so the second separator will hardly ever be used. .PP \&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators. \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR Index: secure/lib/libcrypto/man/X509_new.3 =================================================================== --- secure/lib/libcrypto/man/X509_new.3 (revision 279126) +++ secure/lib/libcrypto/man/X509_new.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_new 3" -.TH X509_new 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH X509_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/bio.3 =================================================================== --- secure/lib/libcrypto/man/bio.3 (revision 279126) +++ secure/lib/libcrypto/man/bio.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "bio 3" -.TH bio 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH bio 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,10 +154,10 @@ details from an application. If an application use I/O it can transparently handle \s-1SSL\s0 connections, unencrypted network connections and file I/O. .PP -There are two type of \s-1BIO\s0, a source/sink \s-1BIO\s0 and a filter \s-1BIO\s0. +There are two type of \s-1BIO,\s0 a source/sink \s-1BIO\s0 and a filter \s-1BIO.\s0 .PP As its name implies a source/sink \s-1BIO\s0 is a source and/or sink of data, -examples include a socket \s-1BIO\s0 and a file \s-1BIO\s0. +examples include a socket \s-1BIO\s0 and a file \s-1BIO.\s0 .PP A filter \s-1BIO\s0 takes data from one \s-1BIO\s0 and passes it through to another, or the application. The data may be left unmodified (for Index: secure/lib/libcrypto/man/blowfish.3 =================================================================== --- secure/lib/libcrypto/man/blowfish.3 (revision 279126) +++ secure/lib/libcrypto/man/blowfish.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "blowfish 3" -.TH blowfish 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH blowfish 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,9 +170,9 @@ by Counterpane (see http://www.counterpane.com/blo Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. It uses a variable size key, but typically, 128 bit (16 byte) keys are considered good for strong encryption. Blowfish can be used in the same -modes as \s-1DES\s0 (see \fIdes_modes\fR\|(7)). Blowfish is currently one -of the faster block ciphers. It is quite a bit faster than \s-1DES\s0, and much -faster than \s-1IDEA\s0 or \s-1RC2\s0. +modes as \s-1DES \s0(see \fIdes_modes\fR\|(7)). Blowfish is currently one +of the faster block ciphers. It is quite a bit faster than \s-1DES,\s0 and much +faster than \s-1IDEA\s0 or \s-1RC2.\s0 .PP Blowfish consists of a key setup phase and the actual encryption or decryption phase. @@ -183,7 +192,7 @@ all operate on variable length data. They all tak \&\fBivec\fR which needs to be passed along into the next call of the same function for the same message. \fBivec\fR may be initialized with anything, but the recipient needs to know what it was initialized with, or it won't be able -to decrypt. Some programs and protocols simplify this, like \s-1SSH\s0, where +to decrypt. Some programs and protocols simplify this, like \s-1SSH,\s0 where \&\fBivec\fR is simply initialized to zero. \&\fIBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while \&\fIBF_cfb64_encrypt()\fR and \fIBF_ofb64_encrypt()\fR are used to encrypt an variable Index: secure/lib/libcrypto/man/bn.3 =================================================================== --- secure/lib/libcrypto/man/bn.3 (revision 279126) +++ secure/lib/libcrypto/man/bn.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "bn 3" -.TH bn 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH bn 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/bn_internal.3 =================================================================== --- secure/lib/libcrypto/man/bn_internal.3 (revision 279126) +++ secure/lib/libcrypto/man/bn_internal.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "bn_internal 3" -.TH bn_internal 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH bn_internal 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/buffer.3 =================================================================== --- secure/lib/libcrypto/man/buffer.3 (revision 279126) +++ secure/lib/libcrypto/man/buffer.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "buffer 3" -.TH buffer 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH buffer 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/crypto.3 =================================================================== --- secure/lib/libcrypto/man/crypto.3 (revision 279126) +++ secure/lib/libcrypto/man/crypto.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "crypto 3" -.TH crypto 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH crypto 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -137,8 +146,8 @@ crypto \- OpenSSL cryptographic library .IX Header "DESCRIPTION" The OpenSSL \fBcrypto\fR library implements a wide range of cryptographic algorithms used in various Internet standards. The services provided -by this library are used by the OpenSSL implementations of \s-1SSL\s0, \s-1TLS\s0 -and S/MIME, and they have also been used to implement \s-1SSH\s0, OpenPGP, and +by this library are used by the OpenSSL implementations of \s-1SSL, TLS\s0 +and S/MIME, and they have also been used to implement \s-1SSH,\s0 OpenPGP, and other cryptographic standards. .SH "OVERVIEW" .IX Header "OVERVIEW" @@ -148,30 +157,30 @@ individual algorithms. The functionality includes symmetric encryption, public key cryptography and key agreement, certificate handling, cryptographic hash functions and a cryptographic pseudo-random number generator. -.IP "\s-1SYMMETRIC\s0 \s-1CIPHERS\s0" 4 +.IP "\s-1SYMMETRIC CIPHERS\s0" 4 .IX Item "SYMMETRIC CIPHERS" \&\fIblowfish\fR\|(3), \fIcast\fR\|(3), \fIdes\fR\|(3), \&\fIidea\fR\|(3), \fIrc2\fR\|(3), \fIrc4\fR\|(3), \fIrc5\fR\|(3) -.IP "\s-1PUBLIC\s0 \s-1KEY\s0 \s-1CRYPTOGRAPHY\s0 \s-1AND\s0 \s-1KEY\s0 \s-1AGREEMENT\s0" 4 +.IP "\s-1PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT\s0" 4 .IX Item "PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT" \&\fIdsa\fR\|(3), \fIdh\fR\|(3), \fIrsa\fR\|(3) .IP "\s-1CERTIFICATES\s0" 4 .IX Item "CERTIFICATES" \&\fIx509\fR\|(3), \fIx509v3\fR\|(3) -.IP "\s-1AUTHENTICATION\s0 \s-1CODES\s0, \s-1HASH\s0 \s-1FUNCTIONS\s0" 4 +.IP "\s-1AUTHENTICATION CODES, HASH FUNCTIONS\s0" 4 .IX Item "AUTHENTICATION CODES, HASH FUNCTIONS" \&\fIhmac\fR\|(3), \fImd2\fR\|(3), \fImd4\fR\|(3), \&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3), \&\fIsha\fR\|(3) -.IP "\s-1AUXILIARY\s0 \s-1FUNCTIONS\s0" 4 +.IP "\s-1AUXILIARY FUNCTIONS\s0" 4 .IX Item "AUXILIARY FUNCTIONS" \&\fIerr\fR\|(3), \fIthreads\fR\|(3), \fIrand\fR\|(3), \&\s-1\fIOPENSSL_VERSION_NUMBER\s0\fR\|(3) -.IP "\s-1INPUT/OUTPUT\s0, \s-1DATA\s0 \s-1ENCODING\s0" 4 +.IP "\s-1INPUT/OUTPUT, DATA ENCODING\s0" 4 .IX Item "INPUT/OUTPUT, DATA ENCODING" \&\fIasn1\fR\|(3), \fIbio\fR\|(3), \fIevp\fR\|(3), \fIpem\fR\|(3), \&\fIpkcs7\fR\|(3), \fIpkcs12\fR\|(3) -.IP "\s-1INTERNAL\s0 \s-1FUNCTIONS\s0" 4 +.IP "\s-1INTERNAL FUNCTIONS\s0" 4 .IX Item "INTERNAL FUNCTIONS" \&\fIbn\fR\|(3), \fIbuffer\fR\|(3), \fIlhash\fR\|(3), \&\fIobjects\fR\|(3), \fIstack\fR\|(3), Index: secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 =================================================================== --- secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 (revision 279126) +++ secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_ASN1_OBJECT 3" -.TH d2i_ASN1_OBJECT 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH d2i_ASN1_OBJECT 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -141,7 +150,7 @@ d2i_ASN1_OBJECT, i2d_ASN1_OBJECT \- ASN1 OBJECT ID .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -These functions decode and encode an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0. +These functions decode and encode an \s-1ASN1 OBJECT IDENTIFIER.\s0 .PP Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR described in the \fId2i_X509\fR\|(3) manual page. Index: secure/lib/libcrypto/man/d2i_DHparams.3 =================================================================== --- secure/lib/libcrypto/man/d2i_DHparams.3 (revision 279126) +++ secure/lib/libcrypto/man/d2i_DHparams.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_DHparams 3" -.TH d2i_DHparams 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH d2i_DHparams 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/d2i_DSAPublicKey.3 =================================================================== --- secure/lib/libcrypto/man/d2i_DSAPublicKey.3 (revision 279126) +++ secure/lib/libcrypto/man/d2i_DSAPublicKey.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_DSAPublicKey 3" -.TH d2i_DSAPublicKey 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH d2i_DSAPublicKey 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -171,10 +180,10 @@ a SubjectPublicKeyInfo (certificate public key) st components. .PP \&\fId2i_DSAparams()\fR, \fIi2d_DSAparams()\fR decode and encode the \s-1DSA\s0 parameters using -a \fBDss-Parms\fR structure as defined in \s-1RFC2459\s0. +a \fBDss-Parms\fR structure as defined in \s-1RFC2459.\s0 .PP \&\fId2i_DSA_SIG()\fR, \fIi2d_DSA_SIG()\fR decode and encode a \s-1DSA\s0 signature using a -\&\fBDss-Sig-Value\fR structure as defined in \s-1RFC2459\s0. +\&\fBDss-Sig-Value\fR structure as defined in \s-1RFC2459.\s0 .PP The usage of all of these functions is similar to the \fId2i_X509()\fR and \&\fIi2d_X509()\fR described in the \fId2i_X509\fR\|(3) manual page. Index: secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 =================================================================== --- secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 (revision 279126) +++ secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_PKCS8PrivateKey 3" -.TH d2i_PKCS8PrivateKey 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH d2i_PKCS8PrivateKey 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/d2i_RSAPublicKey.3 =================================================================== --- secure/lib/libcrypto/man/d2i_RSAPublicKey.3 (revision 279126) +++ secure/lib/libcrypto/man/d2i_RSAPublicKey.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_RSAPublicKey 3" -.TH d2i_RSAPublicKey 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH d2i_RSAPublicKey 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/d2i_X509.3 =================================================================== --- secure/lib/libcrypto/man/d2i_X509.3 (revision 279126) +++ secure/lib/libcrypto/man/d2i_X509.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509 3" -.TH d2i_X509 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH d2i_X509 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -172,23 +181,23 @@ case \fB*out\fR is not incremented and it points t data just written. .PP \&\fId2i_X509_bio()\fR is similar to \fId2i_X509()\fR except it attempts -to parse data from \s-1BIO\s0 \fBbp\fR. +to parse data from \s-1BIO \s0\fBbp\fR. .PP \&\fId2i_X509_fp()\fR is similar to \fId2i_X509()\fR except it attempts to parse data from \s-1FILE\s0 pointer \fBfp\fR. .PP \&\fIi2d_X509_bio()\fR is similar to \fIi2d_X509()\fR except it writes -the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it +the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it returns 1 for success and 0 for failure. .PP \&\fIi2d_X509_fp()\fR is similar to \fIi2d_X509()\fR except it writes -the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it +the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it returns 1 for success and 0 for failure. .SH "NOTES" .IX Header "NOTES" The letters \fBi\fR and \fBd\fR in for example \fBi2d_X509\fR stand for -\&\*(L"internal\*(R" (that is an internal C structure) and \*(L"\s-1DER\s0\*(R". So that -\&\fBi2d_X509\fR converts from internal to \s-1DER\s0. +\&\*(L"internal\*(R" (that is an internal C structure) and \*(L"\s-1DER\*(R".\s0 So that +\&\fBi2d_X509\fR converts from internal to \s-1DER.\s0 .PP The functions can also understand \fB\s-1BER\s0\fR forms. .PP Index: secure/lib/libcrypto/man/d2i_X509_ALGOR.3 =================================================================== --- secure/lib/libcrypto/man/d2i_X509_ALGOR.3 (revision 279126) +++ secure/lib/libcrypto/man/d2i_X509_ALGOR.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_ALGOR 3" -.TH d2i_X509_ALGOR 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH d2i_X509_ALGOR 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/d2i_X509_CRL.3 =================================================================== --- secure/lib/libcrypto/man/d2i_X509_CRL.3 (revision 279126) +++ secure/lib/libcrypto/man/d2i_X509_CRL.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_CRL 3" -.TH d2i_X509_CRL 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH d2i_X509_CRL 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,7 +157,7 @@ i2d_X509_CRL_bio, i2d_X509_CRL_fp \- PKCS#10 certi .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -These functions decode and encode an X509 \s-1CRL\s0 (certificate revocation +These functions decode and encode an X509 \s-1CRL \s0(certificate revocation list). .PP Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR Index: secure/lib/libcrypto/man/d2i_X509_NAME.3 =================================================================== --- secure/lib/libcrypto/man/d2i_X509_NAME.3 (revision 279126) +++ secure/lib/libcrypto/man/d2i_X509_NAME.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_NAME 3" -.TH d2i_X509_NAME 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH d2i_X509_NAME 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -142,7 +151,7 @@ d2i_X509_NAME, i2d_X509_NAME \- X509_NAME encoding .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions decode and encode an \fBX509_NAME\fR structure which is the -the same as the \fBName\fR type defined in \s-1RFC2459\s0 (and elsewhere) and used +the same as the \fBName\fR type defined in \s-1RFC2459 \s0(and elsewhere) and used for example in certificate subject and issuer names. .PP Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR Index: secure/lib/libcrypto/man/d2i_X509_REQ.3 =================================================================== --- secure/lib/libcrypto/man/d2i_X509_REQ.3 (revision 279126) +++ secure/lib/libcrypto/man/d2i_X509_REQ.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_REQ 3" -.TH d2i_X509_REQ 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH d2i_X509_REQ 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/d2i_X509_SIG.3 =================================================================== --- secure/lib/libcrypto/man/d2i_X509_SIG.3 (revision 279126) +++ secure/lib/libcrypto/man/d2i_X509_SIG.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_SIG 3" -.TH d2i_X509_SIG 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH d2i_X509_SIG 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/des.3 =================================================================== --- secure/lib/libcrypto/man/des.3 (revision 279126) +++ secure/lib/libcrypto/man/des.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "des 3" -.TH des 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH des 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -263,9 +272,8 @@ depend on a global variable. .PP \&\fIDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd. .PP -\&\fIDES_is_weak_key()\fR returns 1 is the passed key is a weak key, 0 if it -is ok. The probability that a randomly generated key is weak is -1/2^52, so it is not really worth checking for them. +\&\fIDES_is_weak_key()\fR returns 1 if the passed key is a weak key, 0 if it +is ok. .PP The following routines mostly operate on an input and output stream of \&\fIDES_cblock\fRs. @@ -293,7 +301,7 @@ The macro \fIDES_ecb2_encrypt()\fR is provided to encryption by using \fIks1\fR for the final encryption. .PP \&\fIDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR -(\s-1CBC\s0) mode of \s-1DES\s0. If the \fIencrypt\fR argument is non-zero, the +(\s-1CBC\s0) mode of \s-1DES. \s0 If the \fIencrypt\fR argument is non-zero, the routine cipher-block-chain encrypts the cleartext data pointed to by the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR argument, using the key schedule provided by the \fIschedule\fR argument, @@ -302,14 +310,14 @@ and initialization vector provided by the \fIivec\ last block is copied to a temporary area and zero filled. The output is always an integral multiple of eight bytes. .PP -\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES\s0. It uses \fIinw\fR and +\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES. \s0 It uses \fIinw\fR and \&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret (unlike the iv) and are as such, part of the key. So the key is sort -of 24 bytes. This is much better than \s-1CBC\s0 \s-1DES\s0. +of 24 bytes. This is much better than \s-1CBC DES.\s0 .PP -\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC\s0 \s-1DES\s0 encryption with +\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is -really an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL\s0. +an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL.\s0 .PP The \fIDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR. @@ -324,7 +332,7 @@ method takes an array of characters as input and o characters. It does not require any padding to 8 character groups. Note: the \fIivec\fR variable is changed and the new changed value needs to be passed to the next call to this function. Since this function runs -a complete \s-1DES\s0 \s-1ECB\s0 encryption per \fInumbits\fR, this function is only +a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only suggested for use when sending small numbers of characters. .PP \&\fIDES_cfb64_encrypt()\fR @@ -333,7 +341,7 @@ useful you ask? Because this routine will allow y arbitrary number of bytes, no 8 byte padding. Each call to this routine will encrypt the input bytes to output and then update ivec and num. num contains 'how far' we are though ivec. If this does -not make much sense, read more about cfb mode of \s-1DES\s0 :\-). +not make much sense, read more about cfb mode of \s-1DES :\-\s0). .PP \&\fIDES_ede3_cfb64_encrypt()\fR and \fIDES_ede2_cfb64_encrypt()\fR is the same as \&\fIDES_cfb64_encrypt()\fR except that Triple-DES is used. @@ -343,7 +351,7 @@ takes an array of characters as input and outputs characters. It does not require any padding to 8 character groups. Note: the \fIivec\fR variable is changed and the new changed value needs to be passed to the next call to this function. Since this function runs -a complete \s-1DES\s0 \s-1ECB\s0 encryption per numbits, this function is only +a complete \s-1DES ECB\s0 encryption per numbits, this function is only suggested for use when sending small numbers of characters. .PP \&\fIDES_ofb64_encrypt()\fR is the same as \fIDES_cfb64_encrypt()\fR using Output @@ -397,7 +405,7 @@ the key schedule and \fIiv\fR for the initial vect \&\fBWarning:\fR The data format used by \fIDES_enc_write()\fR and \fIDES_enc_read()\fR has a cryptographic weakness: When asked to write more than \s-1MAXWRITE\s0 bytes, \fIDES_enc_write()\fR will split the data into several chunks that -are all encrypted using the same \s-1IV\s0. So don't use these functions +are all encrypted using the same \s-1IV. \s0 So don't use these functions unless you are sure you know what you do (in which case you might not want to use them anyway). They cannot handle non-blocking sockets. \&\fIDES_enc_read()\fR uses an internal state and thus cannot be used on @@ -435,7 +443,7 @@ get ugly! The same applies for \fIDES_string_to_2key()\fR. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1ANSI\s0 X3.106 +\&\s-1ANSI X3.106\s0 .PP The \fBdes\fR library was written to be source code compatible with the \s-1MIT\s0 Kerberos library. Index: secure/lib/libcrypto/man/dh.3 =================================================================== --- secure/lib/libcrypto/man/dh.3 (revision 279126) +++ secure/lib/libcrypto/man/dh.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "dh 3" -.TH dh 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH dh 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/dsa.3 =================================================================== --- secure/lib/libcrypto/man/dsa.3 (revision 279126) +++ secure/lib/libcrypto/man/dsa.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "dsa 3" -.TH dsa 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH dsa 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -213,7 +222,7 @@ The \fB\s-1DSA\s0\fR structure consists of several \& DSA; .Ve .PP -In public keys, \fBpriv_key\fR is \s-1NULL\s0. +In public keys, \fBpriv_key\fR is \s-1NULL.\s0 .PP Note that \s-1DSA\s0 keys may use non-standard \fB\s-1DSA_METHOD\s0\fR implementations, either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an @@ -224,8 +233,8 @@ structure elements directly and instead use \s-1AP modify keys. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186 (Digital Signature -Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30 +\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186 \s0(Digital Signature +Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIbn\fR\|(3), \fIdh\fR\|(3), \fIerr\fR\|(3), \fIrand\fR\|(3), Index: secure/lib/libcrypto/man/ecdsa.3 =================================================================== --- secure/lib/libcrypto/man/ecdsa.3 (revision 279126) +++ secure/lib/libcrypto/man/ecdsa.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ecdsa 3" -.TH ecdsa 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ecdsa 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -178,7 +187,7 @@ ecdsa \- Elliptic Curve Digital Signature Algorith .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fB\s-1ECDSA_SIG\s0\fR structure consists of two BIGNUMs for the -r and s value of a \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS\s0 186\-2). +r and s value of a \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS 186\-2\s0). .PP .Vb 5 \& struct @@ -195,7 +204,7 @@ function also allocates the BIGNUMs) and initializ .PP \&\fIi2d_ECDSA_SIG()\fR creates the \s-1DER\s0 encoding of the \s-1ECDSA\s0 signature \&\fBsig\fR and writes the encoded signature to \fB*pp\fR (note: if \fBpp\fR -is \s-1NULL\s0 \fBi2d_ECDSA_SIG\fR returns the expected length in bytes of +is \s-1NULL \s0\fBi2d_ECDSA_SIG\fR returns the expected length in bytes of the \s-1DER\s0 encoded signature). \fBi2d_ECDSA_SIG\fR returns the length of the \s-1DER\s0 encoded signature (or 0 on error). .PP @@ -214,7 +223,7 @@ values or returned in \fBkinv\fR and \fBrp\fR and later call to \fBECDSA_sign_ex\fR or \fBECDSA_do_sign_ex\fR. .PP \&\fIECDSA_sign()\fR is wrapper function for ECDSA_sign_ex with \fBkinv\fR -and \fBrp\fR set to \s-1NULL\s0. +and \fBrp\fR set to \s-1NULL.\s0 .PP \&\fIECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value \fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR and the optional @@ -229,7 +238,7 @@ is ignored. The parameter \fBtype\fR is ignored. .PP \&\fIECDSA_do_sign()\fR is wrapper function for ECDSA_do_sign_ex with \fBkinv\fR -and \fBrp\fR set to \s-1NULL\s0. +and \fBrp\fR set to \s-1NULL.\s0 .PP \&\fIECDSA_do_sign_ex()\fR computes a digital signature of the \fBdgst_len\fR bytes hash value \fBdgst\fR using the private key \fBeckey\fR and the @@ -327,8 +336,8 @@ and finally evaluate the return value: .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1ANSI\s0 X9.62, \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186\-2 -(Digital Signature Standard, \s-1DSS\s0) +\&\s-1ANSI X9.62, US\s0 Federal Information Processing Standard \s-1FIPS 186\-2 +\&\s0(Digital Signature Standard, \s-1DSS\s0) .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIdsa\fR\|(3), \fIrsa\fR\|(3) Index: secure/lib/libcrypto/man/engine.3 =================================================================== --- secure/lib/libcrypto/man/engine.3 (revision 279126) +++ secure/lib/libcrypto/man/engine.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "engine 3" -.TH engine 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH engine 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -308,7 +317,7 @@ implementation includes the following abstractions .Ve .SS "Reference counting and handles" .IX Subsection "Reference counting and handles" -Due to the modular nature of the \s-1ENGINE\s0 \s-1API\s0, pointers to ENGINEs need to be +Due to the modular nature of the \s-1ENGINE API,\s0 pointers to ENGINEs need to be treated as handles \- ie. not only as pointers, but also as references to the underlying \s-1ENGINE\s0 object. Ie. one should obtain a new reference when making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and @@ -330,7 +339,7 @@ specialised form of structural reference, because implicitly contains a structural reference as well \- however to avoid difficult-to-find programming bugs, it is recommended to treat the two kinds of reference independently. If you have a functional reference to an -\&\s-1ENGINE\s0, you have a guarantee that the \s-1ENGINE\s0 has been initialised ready to +\&\s-1ENGINE,\s0 you have a guarantee that the \s-1ENGINE\s0 has been initialised ready to perform cryptographic operations and will remain uninitialised until after you have released your reference. .PP @@ -338,12 +347,12 @@ until after you have released your reference. .PP This basic type of reference is used for instantiating new ENGINEs, iterating across OpenSSL's internal linked-list of loaded -ENGINEs, reading information about an \s-1ENGINE\s0, etc. Essentially a structural +ENGINEs, reading information about an \s-1ENGINE,\s0 etc. Essentially a structural reference is sufficient if you only need to query or manipulate the data of an \s-1ENGINE\s0 implementation rather than use its functionality. .PP The \fIENGINE_new()\fR function returns a structural reference to a new (empty) -\&\s-1ENGINE\s0 object. There are other \s-1ENGINE\s0 \s-1API\s0 functions that return structural +\&\s-1ENGINE\s0 object. There are other \s-1ENGINE API\s0 functions that return structural references such as; \fIENGINE_by_id()\fR, \fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR, \&\fIENGINE_get_next()\fR, \fIENGINE_get_prev()\fR. All structural references should be released by a corresponding to call to the \fIENGINE_free()\fR function \- the @@ -350,7 +359,7 @@ released by a corresponding to call to the \fIENGI \&\s-1ENGINE\s0 object itself will only actually be cleaned up and deallocated when the last structural reference is released. .PP -It should also be noted that many \s-1ENGINE\s0 \s-1API\s0 function calls that accept a +It should also be noted that many \s-1ENGINE API\s0 function calls that accept a structural reference will internally obtain another reference \- typically this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to @@ -375,7 +384,7 @@ the openssl/engine.h header file includes some hin As mentioned, functional references exist when the cryptographic functionality of an \s-1ENGINE\s0 is required to be available. A functional reference can be obtained in one of two ways; from an existing structural -reference to the required \s-1ENGINE\s0, or by asking OpenSSL for the default +reference to the required \s-1ENGINE,\s0 or by asking OpenSSL for the default operational \s-1ENGINE\s0 for a given cryptographic purpose. .PP To obtain a functional reference from an existing structural reference, @@ -383,7 +392,7 @@ call the \fIENGINE_init()\fR function. This return already operational and couldn't be successfully initialised (eg. lack of system drivers, no special hardware attached, etc), otherwise it will return non-zero to indicate that the \s-1ENGINE\s0 is now operational and will -have allocated a new \fBfunctional\fR reference to the \s-1ENGINE\s0. All functional +have allocated a new \fBfunctional\fR reference to the \s-1ENGINE.\s0 All functional references are released by calling \fIENGINE_finish()\fR (which removes the implicit structural reference as well). .PP @@ -392,7 +401,7 @@ default implementation for a given task, eg. by \f \&\fIENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next section, though they are not usually required by application programmers as they are used automatically when creating and using the relevant -algorithm-specific types in OpenSSL, such as \s-1RSA\s0, \s-1DSA\s0, \s-1EVP_CIPHER_CTX\s0, etc. +algorithm-specific types in OpenSSL, such as \s-1RSA, DSA, EVP_CIPHER_CTX,\s0 etc. .SS "Default implementations" .IX Subsection "Default implementations" For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table @@ -401,7 +410,7 @@ abstraction and which should be used by default. T registered in the tables and indexed by an 'nid' value, because abstractions like \s-1EVP_CIPHER\s0 and \s-1EVP_DIGEST\s0 support many distinct algorithms and modes, and ENGINEs can support arbitrarily many of them. -In the case of other abstractions like \s-1RSA\s0, \s-1DSA\s0, etc, there is only one +In the case of other abstractions like \s-1RSA, DSA,\s0 etc, there is only one \&\*(L"algorithm\*(R" so all implementations implicitly register using the same 'nid' index. .PP @@ -410,15 +419,15 @@ when calling RSA_new_method(\s-1NULL\s0)), a \*(L" \&\s-1ENGINE\s0 subsystem to process the corresponding state table and return a functional reference to an initialised \s-1ENGINE\s0 whose implementation should be used. If no \s-1ENGINE\s0 should (or can) be used, it will return \s-1NULL\s0 and the caller -will operate with a \s-1NULL\s0 \s-1ENGINE\s0 handle \- this usually equates to using the +will operate with a \s-1NULL ENGINE\s0 handle \- this usually equates to using the conventional software implementation. In the latter case, OpenSSL will from -then on behave the way it used to before the \s-1ENGINE\s0 \s-1API\s0 existed. +then on behave the way it used to before the \s-1ENGINE API\s0 existed. .PP Each state table has a flag to note whether it has processed this \&\*(L"get_default\*(R" query since the table was last modified, because to process this question it must iterate across all the registered ENGINEs in the table trying to initialise each of them in turn, in case one of them is -operational. If it returns a functional reference to an \s-1ENGINE\s0, it will +operational. If it returns a functional reference to an \s-1ENGINE,\s0 it will also cache another reference to speed up processing future queries (without needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0 response if no \s-1ENGINE\s0 was available so that future queries won't repeat the @@ -429,7 +438,7 @@ instead the only way for the state table to return \&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg. \&\fIENGINE_set_default_RSA()\fR does the same job as \fIENGINE_register_RSA()\fR except that it also sets the state table's cached response for the \*(L"get_default\*(R" -query. In the case of abstractions like \s-1EVP_CIPHER\s0, where implementations are +query. In the case of abstractions like \s-1EVP_CIPHER,\s0 where implementations are indexed by 'nid', these flags and cached-responses are distinct for each 'nid' value. .SS "Application requirements" @@ -440,7 +449,7 @@ available to the user. The first thing to consider programmer wishes to make alternative \s-1ENGINE\s0 modules available to the application and user. OpenSSL maintains an internal linked list of \&\*(L"visible\*(R" ENGINEs from which it has to operate \- at start-up, this list is -empty and in fact if an application does not call any \s-1ENGINE\s0 \s-1API\s0 calls and +empty and in fact if an application does not call any \s-1ENGINE API\s0 calls and it uses static linking against openssl, then the resulting application binary will not contain any alternative \s-1ENGINE\s0 code at all. So the first consideration is whether any/all available \s-1ENGINE\s0 implementations should be @@ -468,13 +477,13 @@ mention an important \s-1API\s0 function; \& void ENGINE_cleanup(void); .Ve .PP -If no \s-1ENGINE\s0 \s-1API\s0 functions are called at all in an application, then there +If no \s-1ENGINE API\s0 functions are called at all in an application, then there are no inherent memory leaks to worry about from the \s-1ENGINE\s0 functionality, however if any ENGINEs are loaded, even if they are never registered or used, it is necessary to use the \fIENGINE_cleanup()\fR function to correspondingly cleanup before program exit, if the caller wishes to avoid memory leaks. This mechanism uses an internal callback registration table -so that any \s-1ENGINE\s0 \s-1API\s0 functionality that knows it requires cleanup can +so that any \s-1ENGINE API\s0 functionality that knows it requires cleanup can register its cleanup details to be called during \fIENGINE_cleanup()\fR. This approach allows \fIENGINE_cleanup()\fR to clean up after any \s-1ENGINE\s0 functionality at all that your program uses, yet doesn't automatically create linker @@ -499,9 +508,9 @@ source code to openssl's builtin utilities as guid \&\fIUsing a specific \s-1ENGINE\s0 implementation\fR .PP Here we'll assume an application has been configured by its user or admin -to want to use the \*(L"\s-1ACME\s0\*(R" \s-1ENGINE\s0 if it is available in the version of +to want to use the \*(L"\s-1ACME\*(R" ENGINE\s0 if it is available in the version of OpenSSL the application was compiled with. If it is available, it should be -used by default for all \s-1RSA\s0, \s-1DSA\s0, and symmetric cipher operation, otherwise +used by default for all \s-1RSA, DSA,\s0 and symmetric cipher operation, otherwise OpenSSL should use its builtin software as per usual. The following code illustrates how to approach this; .PP @@ -574,7 +583,7 @@ so that it can be initialised for use. This could driver or config files it needs to load, required network addresses, smart-card identifiers, passwords to initialise protected devices, logging information, etc etc. This class of commands typically needs to be -passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before +passed to an \s-1ENGINE \s0\fBbefore\fR attempting to initialise it, ie. before calling \fIENGINE_init()\fR. The other class of commands consist of settings or operations that tweak certain behaviour or cause certain operations to take place, and these commands may work either before or after \fIENGINE_init()\fR, or @@ -589,8 +598,8 @@ name of the \s-1ENGINE\s0 it wishes to use, a tabl initialisation, and another table for use after initialisation. Note that the string-pairs used for control commands consist of a command \*(L"name\*(R" followed by the command \*(L"parameter\*(R" \- the parameter could be \s-1NULL\s0 in some -cases but the name can not. This function should initialise the \s-1ENGINE\s0 -(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards) +cases but the name can not. This function should initialise the \s-1ENGINE +\&\s0(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards) and set it as the default for everything except \s-1RAND\s0 and then return a boolean success or failure. .PP @@ -639,7 +648,7 @@ failure if the \s-1ENGINE\s0 supported the given c executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply return success without doing anything. In this case we assume the user is only supplying commands specific to the given \s-1ENGINE\s0 so we set this to -\&\s-1FALSE\s0. +\&\s-1FALSE.\s0 .PP \&\fIDiscovering supported control commands\fR .PP @@ -647,14 +656,14 @@ It is possible to discover at run-time the names, and input parameters of the control commands supported by an \s-1ENGINE\s0 using a structural reference. Note that some control commands are defined by OpenSSL itself and it will intercept and handle these control commands on behalf of the -\&\s-1ENGINE\s0, ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not used for the control command. -openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE\s0, that all control commands +\&\s-1ENGINE,\s0 ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not used for the control command. +openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE,\s0 that all control commands implemented by ENGINEs should be numbered from. Any command value lower than this symbol is considered a \*(L"generic\*(R" command is handled directly by the OpenSSL core routines. .PP It is using these \*(L"core\*(R" control commands that one can discover the control -commands implemented by a given \s-1ENGINE\s0, specifically the commands; +commands implemented by a given \s-1ENGINE,\s0 specifically the commands; .PP .Vb 9 \& #define ENGINE_HAS_CTRL_FUNCTION 10 @@ -693,7 +702,7 @@ OpenSSL framework code will work with the followin .PP If the \s-1ENGINE\s0's array of control commands is empty then all other commands will fail, otherwise; \s-1ENGINE_CTRL_GET_FIRST_CMD_TYPE\s0 returns the identifier of -the first command supported by the \s-1ENGINE\s0, \s-1ENGINE_GET_NEXT_CMD_TYPE\s0 takes the +the first command supported by the \s-1ENGINE, ENGINE_GET_NEXT_CMD_TYPE\s0 takes the identifier of a command supported by the \s-1ENGINE\s0 and returns the next command identifier or fails if there are no more, \s-1ENGINE_CMD_FROM_NAME\s0 takes a string name for a command and returns the corresponding identifier or fails if no such @@ -714,18 +723,18 @@ possible values; If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely informational to the caller \- this flag will prevent the command being usable for any higher-level \s-1ENGINE\s0 functions such as \fIENGINE_ctrl_cmd_string()\fR. -\&\*(L"\s-1INTERNAL\s0\*(R" commands are not intended to be exposed to text-based configuration +\&\*(L"\s-1INTERNAL\*(R"\s0 commands are not intended to be exposed to text-based configuration by applications, administrations, users, etc. These can support arbitrary operations via \fIENGINE_ctrl()\fR, including passing to and/or from the control commands data of any arbitrary type. These commands are supported in the discovery mechanisms simply to allow applications determinie if an \s-1ENGINE\s0 supports certain specific commands it might want to use (eg. application \*(L"foo\*(R" -might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\s0\*(R" \- +might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\*(R" \-\s0 and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific extension). .SS "Future developments" .IX Subsection "Future developments" -The \s-1ENGINE\s0 \s-1API\s0 and internal architecture is currently being reviewed. Slated for +The \s-1ENGINE API\s0 and internal architecture is currently being reviewed. Slated for possible release in 0.9.8 is support for transparent loading of \*(L"dynamic\*(R" ENGINEs (built as self-contained shared-libraries). This would allow \s-1ENGINE\s0 implementations to be provided independently of OpenSSL libraries and/or Index: secure/lib/libcrypto/man/err.3 =================================================================== --- secure/lib/libcrypto/man/err.3 (revision 279126) +++ secure/lib/libcrypto/man/err.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "err 3" -.TH err 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH err 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -202,8 +211,8 @@ new error codes to OpenSSL or add error codes from .SS "Reporting errors" .IX Subsection "Reporting errors" Each sub-library has a specific macro \fIXXXerr()\fR that is used to report -errors. Its first argument is a function code \fB\s-1XXX_F_\s0...\fR, the second -argument is a reason code \fB\s-1XXX_R_\s0...\fR. Function codes are derived +errors. Its first argument is a function code \fB\s-1XXX_F_...\s0\fR, the second +argument is a reason code \fB\s-1XXX_R_...\s0\fR. Function codes are derived from the function names; reason codes consist of textual error descriptions. For example, the function \fIssl23_read()\fR reports a \&\*(L"handshake failure\*(R" as follows: @@ -216,7 +225,7 @@ Function and reason codes should consist of upper numbers and underscores only. The error file generation script translates function codes into function names by looking in the header files for an appropriate function name, if none is found it just uses -the capitalized form such as \*(L"\s-1SSL23_READ\s0\*(R" in the above example. +the capitalized form such as \*(L"\s-1SSL23_READ\*(R"\s0 in the above example. .PP The trailing section of a reason code (after the \*(L"_R_\*(R") is translated into lower case and underscores changed to spaces. @@ -267,7 +276,7 @@ Typically it will initially look like this: \& /* BEGIN ERROR CODES */ .Ve .PP -The \fB\s-1BEGIN\s0 \s-1ERROR\s0 \s-1CODES\s0\fR sequence is used by the error code +The \fB\s-1BEGIN ERROR CODES\s0\fR sequence is used by the error code generation script as the point to place new error codes, any text after this point will be overwritten when \fBmake errors\fR is run. The closing #endif etc will be automatically added by the script. @@ -299,7 +308,6 @@ be obtained by calling ERR_get_err_state_table(voi ERR_get_string_table(void) respectively. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fICRYPTO_set_id_callback\fR\|(3), \&\fICRYPTO_set_locking_callback\fR\|(3), \&\fIERR_get_error\fR\|(3), \&\s-1\fIERR_GET_LIB\s0\fR\|(3), Index: secure/lib/libcrypto/man/evp.3 =================================================================== --- secure/lib/libcrypto/man/evp.3 (revision 279126) +++ secure/lib/libcrypto/man/evp.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "evp 3" -.TH evp 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH evp 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/hmac.3 =================================================================== --- secure/lib/libcrypto/man/hmac.3 (revision 279126) +++ secure/lib/libcrypto/man/hmac.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "hmac 3" -.TH hmac 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH hmac 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,7 +164,7 @@ authentication code .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\s-1HMAC\s0 is a \s-1MAC\s0 (message authentication code), i.e. a keyed hash +\&\s-1HMAC\s0 is a \s-1MAC \s0(message authentication code), i.e. a keyed hash function used for message authentication, which is based on a hash function. .PP @@ -165,7 +174,7 @@ function. .PP It places the result in \fBmd\fR (which must have space for the output of the hash function, which is no more than \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes). -If \fBmd\fR is \s-1NULL\s0, the digest is placed in a static array. The size of +If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. The size of the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR. .PP \&\fBevp_md\fR can be \fIEVP_sha1()\fR, \fIEVP_ripemd160()\fR etc. @@ -189,7 +198,7 @@ long. It is deprecated and only included for backw with OpenSSL 0.9.6b. .PP \&\fIHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use -the function \fBevp_md\fR and key \fBkey\fR. Either can be \s-1NULL\s0, in which +the function \fBevp_md\fR and key \fBkey\fR. Either can be \s-1NULL,\s0 in which case the existing one will be reused. \fIHMAC_CTX_init()\fR must have been called before the first use of an \fB\s-1HMAC_CTX\s0\fR in this function. \fBN.B. \f(BIHMAC_Init()\fB had this undocumented behaviour in @@ -209,7 +218,7 @@ must have space for the hash function output. \&\fIHMAC_CTX_cleanup()\fR do not return values. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1RFC\s0 2104 +\&\s-1RFC 2104\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIsha\fR\|(3), \fIevp\fR\|(3) Index: secure/lib/libcrypto/man/lh_stats.3 =================================================================== --- secure/lib/libcrypto/man/lh_stats.3 (revision 279126) +++ secure/lib/libcrypto/man/lh_stats.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "lh_stats 3" -.TH lh_stats 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH lh_stats 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/lhash.3 =================================================================== --- secure/lib/libcrypto/man/lhash.3 (revision 279126) +++ secure/lib/libcrypto/man/lhash.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "lhash 3" -.TH lhash 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH lhash 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -354,7 +363,7 @@ the wrapper functions without \*(L"const\*(R" type Callers that only have \*(L"const\*(R" access to data they're indexing in a table, yet declare callbacks without constant types (or cast the \&\*(L"const\*(R" away themselves), are therefore creating their own risks/bugs -without being encouraged to do so by the \s-1API\s0. On a related note, +without being encouraged to do so by the \s-1API. \s0 On a related note, those auditing code should pay special attention to any instances of DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types without any \*(L"const\*(R" qualifiers. @@ -419,6 +428,6 @@ The \fBlhash\fR library is available in all versio This manpage is derived from the SSLeay documentation. .PP In OpenSSL 0.9.7, all lhash functions that were passed function pointers -were changed for better type safety, and the function types \s-1LHASH_COMP_FN_TYPE\s0, -\&\s-1LHASH_HASH_FN_TYPE\s0, \s-1LHASH_DOALL_FN_TYPE\s0 and \s-1LHASH_DOALL_ARG_FN_TYPE\s0 +were changed for better type safety, and the function types \s-1LHASH_COMP_FN_TYPE, +LHASH_HASH_FN_TYPE, LHASH_DOALL_FN_TYPE\s0 and \s-1LHASH_DOALL_ARG_FN_TYPE \s0 became available. Index: secure/lib/libcrypto/man/md5.3 =================================================================== --- secure/lib/libcrypto/man/md5.3 (revision 279126) +++ secure/lib/libcrypto/man/md5.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "md5 3" -.TH md5 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH md5 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -169,12 +178,12 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final \- MD2, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output. +\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output. .PP -\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR compute the \s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 message digest +\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR compute the \s-1MD2, MD4,\s0 and \s-1MD5\s0 message digest of the \fBn\fR bytes at \fBd\fR and place it in \fBmd\fR (which must have space for \s-1MD2_DIGEST_LENGTH\s0 == \s-1MD4_DIGEST_LENGTH\s0 == \s-1MD5_DIGEST_LENGTH\s0 == 16 -bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest is placed in a static +bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. .PP The following functions may be used if the message is not completely @@ -196,7 +205,7 @@ Applications should use the higher level functions etc. instead of calling the hash functions directly. .SH "NOTE" .IX Header "NOTE" -\&\s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 are recommended only for compatibility with existing +\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are recommended only for compatibility with existing applications. In new applications, \s-1SHA\-1\s0 or \s-1RIPEMD\-160\s0 should be preferred. .SH "RETURN VALUES" @@ -208,7 +217,7 @@ preferred. success, 0 otherwise. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1RFC\s0 1319, \s-1RFC\s0 1320, \s-1RFC\s0 1321 +\&\s-1RFC 1319, RFC 1320, RFC 1321\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIsha\fR\|(3), \fIripemd\fR\|(3), \fIEVP_DigestInit\fR\|(3) Index: secure/lib/libcrypto/man/mdc2.3 =================================================================== --- secure/lib/libcrypto/man/mdc2.3 (revision 279126) +++ secure/lib/libcrypto/man/mdc2.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "mdc2 3" -.TH mdc2 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH mdc2 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,11 +157,11 @@ MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 h .IX Header "DESCRIPTION" \&\s-1MDC2\s0 is a method to construct hash functions with 128 bit output from block ciphers. These functions are an implementation of \s-1MDC2\s0 with -\&\s-1DES\s0. +\&\s-1DES.\s0 .PP \&\s-1\fIMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR bytes at \fBd\fR and places it in \fBmd\fR (which must have space for -\&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest +\&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. .PP The following functions may be used if the message is not completely @@ -176,7 +185,7 @@ hash functions directly. \&\fIMDC2_Init()\fR, \fIMDC2_Update()\fR and \fIMDC2_Final()\fR return 1 for success, 0 otherwise. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1ISO/IEC\s0 10118\-2, with \s-1DES\s0 +\&\s-1ISO/IEC 10118\-2,\s0 with \s-1DES\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIsha\fR\|(3), \fIEVP_DigestInit\fR\|(3) Index: secure/lib/libcrypto/man/pem.3 =================================================================== --- secure/lib/libcrypto/man/pem.3 (revision 279126) +++ secure/lib/libcrypto/man/pem.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "pem 3" -.TH pem 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH pem 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -313,7 +322,7 @@ this sense \s-1PEM\s0 format is simply base64 enco by header lines. .PP For more details about the meaning of arguments see the -\&\fB\s-1PEM\s0 \s-1FUNCTION\s0 \s-1ARGUMENTS\s0\fR section. +\&\fB\s-1PEM FUNCTION ARGUMENTS\s0\fR section. .PP Each operation has four functions associated with it. For clarity the term "\fBfoobar\fR functions" will be used to collectively @@ -338,7 +347,7 @@ encryption is used and a PKCS#8 PrivateKeyInfo str also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the -corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (see \s-1NOTES\s0 section). +corresponding \s-1OBJECT IDENTIFIER \s0(see \s-1NOTES\s0 section). .PP The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0 structure. The public key is encoded as a SubjectPublicKeyInfo @@ -346,7 +355,7 @@ structure. .PP The \fBRSAPrivateKey\fR functions process an \s-1RSA\s0 private key using an \&\s-1RSA\s0 structure. It handles the same formats as the \fBPrivateKey\fR -functions but an error occurs if the private key is not \s-1RSA\s0. +functions but an error occurs if the private key is not \s-1RSA.\s0 .PP The \fBRSAPublicKey\fR functions process an \s-1RSA\s0 public key using an \&\s-1RSA\s0 structure. The public key is encoded using a PKCS#1 RSAPublicKey @@ -355,16 +364,16 @@ structure. The \fB\s-1RSA_PUBKEY\s0\fR functions also process an \s-1RSA\s0 public key using an \s-1RSA\s0 structure. However the public key is encoded using a SubjectPublicKeyInfo structure and an error occurs if the public -key is not \s-1RSA\s0. +key is not \s-1RSA.\s0 .PP The \fBDSAPrivateKey\fR functions process a \s-1DSA\s0 private key using a \&\s-1DSA\s0 structure. It handles the same formats as the \fBPrivateKey\fR -functions but an error occurs if the private key is not \s-1DSA\s0. +functions but an error occurs if the private key is not \s-1DSA.\s0 .PP The \fB\s-1DSA_PUBKEY\s0\fR functions process a \s-1DSA\s0 public key using a \s-1DSA\s0 structure. The public key is encoded using a SubjectPublicKeyInfo structure and an error occurs if the public -key is not \s-1DSA\s0. +key is not \s-1DSA.\s0 .PP The \fBDSAparams\fR functions process \s-1DSA\s0 parameters using a \s-1DSA\s0 structure. The parameters are encoded using a foobar structure. @@ -382,8 +391,8 @@ an X509 structure. .PP The \fBX509_REQ\fR and \fBX509_REQ_NEW\fR functions process a PKCS#10 certificate request using an X509_REQ structure. The \fBX509_REQ\fR -write functions use \fB\s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR in the header whereas -the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW\s0 \s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR +write functions use \fB\s-1CERTIFICATE REQUEST\s0\fR in the header whereas +the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW CERTIFICATE REQUEST\s0\fR (as required by some CAs). The \fBX509_REQ\fR read functions will handle either form so there are no \fBX509_REQ_NEW\fR read functions. .PP @@ -453,7 +462,7 @@ an error occurred. .SH "EXAMPLES" .IX Header "EXAMPLES" Although the \s-1PEM\s0 routines take several arguments in almost all applications -most of them are set to 0 or \s-1NULL\s0. +most of them are set to 0 or \s-1NULL.\s0 .PP Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0 .PP @@ -598,9 +607,9 @@ byte \fBsalt\fR encoded as a set of hexadecimal di .PP After this is the base64 encoded encrypted data. .PP -The encryption key is determined using \fIEVP_bytestokey()\fR, using \fBsalt\fR and an +The encryption key is determined using \fIEVP_BytesToKey()\fR, using \fBsalt\fR and an iteration count of 1. The \s-1IV\s0 used is the value of \fBsalt\fR and *not* the \s-1IV\s0 -returned by \fIEVP_bytestokey()\fR. +returned by \fIEVP_BytesToKey()\fR. .SH "BUGS" .IX Header "BUGS" The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse @@ -624,3 +633,6 @@ The read routines return either a pointer to the s if an error occurred. .PP The write routines return 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_get_cipherbyname\fR\|(3), \fIEVP_BytesToKey\fR\|(3) Index: secure/lib/libcrypto/man/rand.3 =================================================================== --- secure/lib/libcrypto/man/rand.3 (revision 279126) +++ secure/lib/libcrypto/man/rand.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "rand 3" -.TH rand 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH rand 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,8 +172,8 @@ rand \- pseudo\-random number generator .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -Since the introduction of the \s-1ENGINE\s0 \s-1API\s0, the recommended way of controlling -default implementations is by using the \s-1ENGINE\s0 \s-1API\s0 functions. The default +Since the introduction of the \s-1ENGINE API,\s0 the recommended way of controlling +default implementations is by using the \s-1ENGINE API\s0 functions. The default \&\fB\s-1RAND_METHOD\s0\fR, as set by \fIRAND_set_rand_method()\fR and returned by \&\fIRAND_get_rand_method()\fR, is only used if no \s-1ENGINE\s0 has been set as the default \&\*(L"rand\*(R" implementation. Hence, these two functions are no longer the recommened @@ -188,7 +197,7 @@ described in \fIRAND_add\fR\|(3). Its state can be seeding process whenever the application is started. .PP \&\fIRAND_bytes\fR\|(3) describes how to obtain random data from the -\&\s-1PRNG\s0. +\&\s-1PRNG. \s0 .SH "INTERNALS" .IX Header "INTERNALS" The \fIRAND_SSLeay()\fR method implements a \s-1PRNG\s0 based on a cryptographic @@ -197,9 +206,9 @@ hash function. The following description of its design is based on the SSLeay documentation: .PP -First up I will state the things I believe I need for a good \s-1RNG\s0. +First up I will state the things I believe I need for a good \s-1RNG.\s0 .IP "1." 4 -A good hashing algorithm to mix things up and to convert the \s-1RNG\s0 'state' +A good hashing algorithm to mix things up and to convert the \s-1RNG \s0'state' to random numbers. .IP "2." 4 An initial source of random 'state'. @@ -251,7 +260,7 @@ believe this system addresses points 1 (hash funct \&\s-1SHA\-1\s0), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash function and xor). .PP -When bytes are extracted from the \s-1RNG\s0, the following process is used. +When bytes are extracted from the \s-1RNG,\s0 the following process is used. For each group of 10 bytes (or less), we do the following: .PP Input into the hash function the local 'md' (which is initialized from Index: secure/lib/libcrypto/man/rc4.3 =================================================================== --- secure/lib/libcrypto/man/rc4.3 (revision 279126) +++ secure/lib/libcrypto/man/rc4.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "rc4 3" -.TH rc4 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH rc4 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ripemd.3 =================================================================== --- secure/lib/libcrypto/man/ripemd.3 (revision 279126) +++ secure/lib/libcrypto/man/ripemd.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ripemd 3" -.TH ripemd 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ripemd 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,7 +161,7 @@ RIPEMD\-160 hash function .PP \&\s-1\fIRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR bytes at \fBd\fR and places it in \fBmd\fR (which must have space for -\&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest +\&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. .PP The following functions may be used if the message is not completely @@ -178,7 +187,7 @@ hash functions directly. success, 0 otherwise. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1ISO/IEC\s0 10118\-3 (draft) (??) +\&\s-1ISO/IEC 10118\-3 \s0(draft) (??) .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIsha\fR\|(3), \fIhmac\fR\|(3), \fIEVP_DigestInit\fR\|(3) Index: secure/lib/libcrypto/man/rsa.3 =================================================================== --- secure/lib/libcrypto/man/rsa.3 (revision 279126) +++ secure/lib/libcrypto/man/rsa.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "rsa 3" -.TH rsa 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH rsa 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -191,7 +200,7 @@ rsa \- RSA public key cryptosystem .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions implement \s-1RSA\s0 public key encryption and signatures -as defined in \s-1PKCS\s0 #1 v2.0 [\s-1RFC\s0 2437]. +as defined in \s-1PKCS\s0 #1 v2.0 [\s-1RFC 2437\s0]. .PP The \fB\s-1RSA\s0\fR structure consists of several \s-1BIGNUM\s0 components. It can contain public as well as private \s-1RSA\s0 keys: @@ -228,7 +237,7 @@ structure elements directly and instead use \s-1AP modify keys. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 +\&\s-1SSL, PKCS\s0 #1 v2.0 .SH "PATENTS" .IX Header "PATENTS" \&\s-1RSA\s0 was covered by a \s-1US\s0 patent which expired in September 2000. Index: secure/lib/libcrypto/man/sha.3 =================================================================== --- secure/lib/libcrypto/man/sha.3 (revision 279126) +++ secure/lib/libcrypto/man/sha.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "sha 3" -.TH sha 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH sha 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,12 +155,12 @@ SHA1, SHA1_Init, SHA1_Update, SHA1_Final \- Secure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\s-1SHA\-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a +\&\s-1SHA\-1 \s0(Secure Hash Algorithm) is a cryptographic hash function with a 160 bit output. .PP \&\s-1\fISHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR bytes at \fBd\fR and places it in \fBmd\fR (which must have space for -\&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest +\&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. .PP The following functions may be used if the message is not completely @@ -169,7 +178,7 @@ Applications should use the higher level functions \&\fIEVP_DigestInit\fR\|(3) etc. instead of calling the hash functions directly. .PP -The predecessor of \s-1SHA\-1\s0, \s-1SHA\s0, is also implemented, but it should be +The predecessor of \s-1SHA\-1, SHA,\s0 is also implemented, but it should be used only when backward compatibility is required. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -178,11 +187,11 @@ used only when backward compatibility is required. \&\fISHA1_Init()\fR, \fISHA1_Update()\fR and \fISHA1_Final()\fR return 1 for success, 0 otherwise. .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1SHA:\s0 \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 \s-1PUB\s0 180 (Secure Hash +\&\s-1SHA: US\s0 Federal Information Processing Standard \s-1FIPS PUB 180 \s0(Secure Hash Standard), -\&\s-1SHA\-1:\s0 \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 \s-1PUB\s0 180\-1 (Secure Hash +\&\s-1SHA\-1: US\s0 Federal Information Processing Standard \s-1FIPS PUB 180\-1 \s0(Secure Hash Standard), -\&\s-1ANSI\s0 X9.30 +\&\s-1ANSI X9.30\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIripemd\fR\|(3), \fIhmac\fR\|(3), \fIEVP_DigestInit\fR\|(3) Index: secure/lib/libcrypto/man/threads.3 =================================================================== --- secure/lib/libcrypto/man/threads.3 (revision 279126) +++ secure/lib/libcrypto/man/threads.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "threads 3" -.TH threads 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH threads 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -193,7 +202,7 @@ different mutex locks. It sets the \fBn\fR\-th loc \&\fBfile\fR and \fBline\fR are the file number of the function setting the lock. They can be useful for debugging. .PP -id_function(void) is a function that returns a thread \s-1ID\s0, for example +id_function(void) is a function that returns a thread \s-1ID,\s0 for example \&\fIpthread_self()\fR if it returns an integer (see \s-1NOTES\s0 below). It isn't needed on Windows nor on platforms where \fIgetpid()\fR returns a different \&\s-1ID\s0 for each thread (see \s-1NOTES\s0 below). @@ -270,7 +279,7 @@ different answers in each thread, since that may d the program is run on, not the machine where the program is being compiled. For instance, Red Hat 8 Linux and earlier used LinuxThreads, whose \fIgetpid()\fR returns a different value for each -thread. Red Hat 9 Linux and later use \s-1NPTL\s0, which is +thread. Red Hat 9 Linux and later use \s-1NPTL,\s0 which is Posix-conformant, and has a \fIgetpid()\fR that returns the same value for all threads in a process. A program compiled on Red Hat 8 and run on Red Hat 9 will therefore see \fIgetpid()\fR returning the same value for Index: secure/lib/libcrypto/man/ui.3 =================================================================== --- secure/lib/libcrypto/man/ui.3 (revision 279126) +++ secure/lib/libcrypto/man/ui.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ui 3" -.TH ui 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ui 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -201,9 +210,9 @@ prompt the user for text-based information. Throu imaginable, be it plain text prompting, through dialog boxes or from a cell phone. .PP -All the functions work through a context of the type \s-1UI\s0. This context +All the functions work through a context of the type \s-1UI. \s0 This context contains all the information needed to prompt correctly as well as a -reference to a \s-1UI_METHOD\s0, which is an ordered vector of functions that +reference to a \s-1UI_METHOD,\s0 which is an ordered vector of functions that carry out the actual prompting. .PP The first thing to do is to create a \s-1UI\s0 with \fIUI_new()\fR or \fIUI_new_method()\fR, @@ -222,10 +231,10 @@ result with \fIUI_get0_result()\fR. The functions are as follows: .PP \&\fIUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with -this \s-1UI\s0, it should be freed using \fIUI_free()\fR. +this \s-1UI,\s0 it should be freed using \fIUI_free()\fR. .PP \&\fIUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with -this \s-1UI\s0, it should be freed using \fIUI_free()\fR. +this \s-1UI,\s0 it should be freed using \fIUI_free()\fR. .PP \&\fIUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not the default one, since the default can be changed. See further on). This method is the @@ -235,7 +244,7 @@ most problems when porting. \&\fIUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory that's connected to it, like duplicated input strings, results and others. .PP -\&\fIUI_add_input_string()\fR and \fIUI_add_verify_string()\fR add a prompt to the \s-1UI\s0, +\&\fIUI_add_input_string()\fR and \fIUI_add_verify_string()\fR add a prompt to the \s-1UI,\s0 as well as flags and a result buffer and the desired minimum and maximum sizes of the result. The given information is used to prompt for information, for example a password, and to verify a password (i.e. having @@ -247,7 +256,7 @@ verification will fail. \&\fIUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered in a boolean way, with a single character for yes and a different character for no. A set of characters that can be used to cancel the prompt is given -as well. The prompt itself is really divided in two, one part being the +as well. The prompt itself is divided in two, one part being the descriptive text (given through the \fIprompt\fR argument) and one describing the possible answers (given through the \fIaction_desc\fR argument). .PP @@ -257,10 +266,10 @@ The difference between the two is only conceptual. there's no technical difference between them. Other methods may make a difference between them, however. .PP -The flags currently supported are \s-1UI_INPUT_FLAG_ECHO\s0, which is relevant for +The flags currently supported are \s-1UI_INPUT_FLAG_ECHO,\s0 which is relevant for \&\fIUI_add_input_string()\fR and will have the users response be echoed (when prompting for a password, this flag should obviously not be used, and -\&\s-1UI_INPUT_FLAG_DEFAULT_PWD\s0, which means that a default password of some +\&\s-1UI_INPUT_FLAG_DEFAULT_PWD,\s0 which means that a default password of some sort will be used (completely depending on the application and the \s-1UI\s0 method). .PP @@ -293,9 +302,9 @@ the information indexed by \fIi\fR. and prompting and returns. .PP \&\fIUI_ctrl()\fR adds extra control for the application author. For now, it -understands two commands: \s-1UI_CTRL_PRINT_ERRORS\s0, which makes \fIUI_process()\fR -print the OpenSSL error stack as part of processing the \s-1UI\s0, and -\&\s-1UI_CTRL_IS_REDOABLE\s0, which returns a flag saying if the used \s-1UI\s0 can +understands two commands: \s-1UI_CTRL_PRINT_ERRORS,\s0 which makes \fIUI_process()\fR +print the OpenSSL error stack as part of processing the \s-1UI,\s0 and +\&\s-1UI_CTRL_IS_REDOABLE,\s0 which returns a flag saying if the used \s-1UI\s0 can be used again or not. .PP \&\fIUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given. @@ -302,9 +311,9 @@ be used again or not. .PP \&\fIUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method. .PP -\&\fIUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI\s0. +\&\fIUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI.\s0 .PP -\&\fIUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI\s0. +\&\fIUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIui_create\fR\|(3), \fIui_compat\fR\|(3) Index: secure/lib/libcrypto/man/ui_compat.3 =================================================================== --- secure/lib/libcrypto/man/ui_compat.3 (revision 279126) +++ secure/lib/libcrypto/man/ui_compat.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ui_compat 3" -.TH ui_compat 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ui_compat 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +156,7 @@ Compatibility user interface functions .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1DES\s0 library contained a few routines to prompt for passwords. These -aren't necessarely dependent on \s-1DES\s0, and have therefore become part of the +aren't necessarely dependent on \s-1DES,\s0 and have therefore become part of the \&\s-1UI\s0 compatibility library. .PP \&\fIdes_read_pw()\fR writes the string specified by \fIprompt\fR to standard output Index: secure/lib/libcrypto/man/x509.3 =================================================================== --- secure/lib/libcrypto/man/x509.3 (revision 279126) +++ secure/lib/libcrypto/man/x509.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "x509 3" -.TH x509 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH x509 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -139,15 +148,15 @@ x509 \- X.509 certificate handling .SH "DESCRIPTION" .IX Header "DESCRIPTION" A X.509 certificate is a structured grouping of information about -an individual, a device, or anything one can imagine. A X.509 \s-1CRL\s0 -(certificate revocation list) is a tool to help determine if a +an individual, a device, or anything one can imagine. A X.509 \s-1CRL +\&\s0(certificate revocation list) is a tool to help determine if a certificate is still valid. The exact definition of those can be -found in the X.509 document from ITU-T, or in \s-1RFC3280\s0 from \s-1PKIX\s0. +found in the X.509 document from ITU-T, or in \s-1RFC3280\s0 from \s-1PKIX.\s0 In OpenSSL, the type X509 is used to express such a certificate, and -the type X509_CRL is used to express a \s-1CRL\s0. +the type X509_CRL is used to express a \s-1CRL.\s0 .PP A related structure is a certificate request, defined in PKCS#10 from -\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896\s0. In OpenSSL, the type +\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896. \s0 In OpenSSL, the type X509_REQ is used to express such a certificate request. .PP To handle some complex parts of a certificate, there are the types @@ -155,7 +164,7 @@ X509_NAME (to express a certificate name), X509_AT a certificate attributes), X509_EXTENSION (to express a certificate extension) and a few more. .PP -Finally, there's the supertype X509_INFO, which can contain a \s-1CRL\s0, a +Finally, there's the supertype X509_INFO, which can contain a \s-1CRL,\s0 a certificate and a corresponding private key. .PP \&\fBX509_\fR\fI...\fR, \fBd2i_X509_\fR\fI...\fR and \fBi2d_X509_\fR\fI...\fR handle X.509 Index: secure/lib/libssl/Makefile.man =================================================================== --- secure/lib/libssl/Makefile.man (revision 279126) +++ secure/lib/libssl/Makefile.man (working copy) @@ -32,6 +32,7 @@ MAN+= SSL_CTX_set_session_cache_mode.3 MAN+= SSL_CTX_set_session_id_context.3 MAN+= SSL_CTX_set_ssl_version.3 MAN+= SSL_CTX_set_timeout.3 +MAN+= SSL_CTX_set_tlsext_ticket_key_cb.3 MAN+= SSL_CTX_set_tmp_dh_callback.3 MAN+= SSL_CTX_set_tmp_rsa_callback.3 MAN+= SSL_CTX_set_verify.3 Index: secure/lib/libssl/man/SSL_CIPHER_get_name.3 =================================================================== --- secure/lib/libssl/man/SSL_CIPHER_get_name.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CIPHER_get_name.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CIPHER_get_name 3" -.TH SSL_CIPHER_get_name 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CIPHER_get_name 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,20 +153,24 @@ SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPH .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fISSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the -argument is the \s-1NULL\s0 pointer, a pointer to the constant value \*(L"\s-1NONE\s0\*(R" is +argument is the \s-1NULL\s0 pointer, a pointer to the constant value \*(L"\s-1NONE\*(R"\s0 is returned. .PP \&\fISSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. If -\&\fBalg_bits\fR is not \s-1NULL\s0, it contains the number of bits processed by the -chosen algorithm. If \fBcipher\fR is \s-1NULL\s0, 0 is returned. +\&\fBalg_bits\fR is not \s-1NULL,\s0 it contains the number of bits processed by the +chosen algorithm. If \fBcipher\fR is \s-1NULL, 0\s0 is returned. .PP -\&\fISSL_CIPHER_get_version()\fR returns the protocol version for \fBcipher\fR, currently -\&\*(L"SSLv2\*(R", \*(L"SSLv3\*(R", or \*(L"TLSv1\*(R". If \fBcipher\fR is \s-1NULL\s0, \*(L"(\s-1NONE\s0)\*(R" is returned. +\&\fISSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol +version that first defined the cipher. +This is currently \fBSSLv2\fR or \fBTLSv1/SSLv3\fR. +In some cases it should possibly return \*(L"TLSv1.2\*(R" but does not; +use \fISSL_CIPHER_description()\fR instead. +If \fBcipher\fR is \s-1NULL, \*(L"\s0(\s-1NONE\s0)\*(R" is returned. .PP \&\fISSL_CIPHER_description()\fR returns a textual description of the cipher used into the buffer \fBbuf\fR of length \fBlen\fR provided. \fBlen\fR must be at least 128 bytes, otherwise a pointer to the string \*(L"Buffer too small\*(R" is -returned. If \fBbuf\fR is \s-1NULL\s0, a buffer of 128 bytes is allocated using +returned. If \fBbuf\fR is \s-1NULL,\s0 a buffer of 128 bytes is allocated using \&\fIOPENSSL_malloc()\fR. If the allocation fails, a pointer to the string \&\*(L"OPENSSL_malloc Error\*(R" is returned. .SH "NOTES" @@ -175,7 +188,8 @@ sequence: Textual representation of the cipher name. .IP "" 4 .IX Item "" -Protocol version: \fBSSLv2\fR, \fBSSLv3\fR. The TLSv1 ciphers are flagged with SSLv3. +Protocol version: \fBSSLv2\fR, \fBSSLv3\fR, \fBTLSv1.2\fR. The TLSv1.0 ciphers are +flagged with SSLv3. No new ciphers were added by TLSv1.1. .IP "Kx=" 4 .IX Item "Kx=" Key exchange method: \fB\s-1RSA\s0\fR (for export ciphers as \fB\s-1RSA\s0(512)\fR or @@ -207,9 +221,15 @@ Some examples for the output of \fISSL_CIPHER_desc \& RC4\-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 \& EXP\-RC4\-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export .Ve +.PP +A comp[lete list can be retrieved by invoking the following command: +.PP +.Vb 1 +\& openssl ciphers \-v ALL +.Ve .SH "BUGS" .IX Header "BUGS" -If \fISSL_CIPHER_description()\fR is called with \fBcipher\fR being \s-1NULL\s0, the +If \fISSL_CIPHER_description()\fR is called with \fBcipher\fR being \s-1NULL,\s0 the library crashes. .PP If \fISSL_CIPHER_description()\fR cannot handle a built-in cipher, the according Index: secure/lib/libssl/man/SSL_COMP_add_compression_method.3 =================================================================== --- secure/lib/libssl/man/SSL_COMP_add_compression_method.3 (revision 279126) +++ secure/lib/libssl/man/SSL_COMP_add_compression_method.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_COMP_add_compression_method 3" -.TH SSL_COMP_add_compression_method 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_COMP_add_compression_method 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +156,7 @@ It cannot be set for specific \s-1SSL_CTX\s0 or \s .SH "NOTES" .IX Header "NOTES" The \s-1TLS\s0 standard (or SSLv3) allows the integration of compression methods -into the communication. The \s-1TLS\s0 \s-1RFC\s0 does however not specify compression +into the communication. The \s-1TLS RFC\s0 does however not specify compression methods or their corresponding identifiers, so there is currently no compatible way to integrate compression with unknown peers. It is therefore currently not recommended to integrate compression into applications. Applications for Index: secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add_extra_chain_cert 3" -.TH SSL_CTX_add_extra_chain_cert 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_add_extra_chain_cert 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,6 +159,15 @@ these certificates explicitly specified. If no cha the library will try to complete the chain from the available \s-1CA\s0 certificates in the trusted \s-1CA\s0 storage, see \&\fISSL_CTX_load_verify_locations\fR\|(3). +.PP +The \fBx509\fR certificate provided to \fISSL_CTX_add_extra_chain_cert()\fR will be freed by the library when the \fB\s-1SSL_CTX\s0\fR is destroyed. An application \fBshould not\fR free the \fBx509\fR object. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +Only one set of extra chain certificates can be specified per \s-1SSL_CTX\s0 +structure. Different chains for different certificates (for example if both +\&\s-1RSA\s0 and \s-1DSA\s0 certificates are specified by the same server) or different \s-1SSL\s0 +structures with the same parent \s-1SSL_CTX\s0 cannot be specified using this +function. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_CTX_add_extra_chain_cert()\fR returns 1 on success. Check out the Index: secure/lib/libssl/man/SSL_CTX_add_session.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_add_session.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_add_session.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add_session 3" -.TH SSL_CTX_add_session 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_add_session 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -168,7 +177,7 @@ If a server \s-1SSL_CTX\s0 is configured with the flag then the internal cache will not be populated automatically by new sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal cache will be searched automatically for session-resume requests (the -latter can be surpressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the +latter can be suppressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the application can use \fISSL_CTX_add_session()\fR directly to have full control over the sessions that can be resumed if desired. .SH "RETURN VALUES" Index: secure/lib/libssl/man/SSL_CTX_ctrl.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_ctrl.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_ctrl.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ctrl 3" -.TH SSL_CTX_ctrl 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_ctrl 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_flush_sessions.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_flush_sessions.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_flush_sessions.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_flush_sessions 3" -.TH SSL_CTX_flush_sessions 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_flush_sessions 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_free.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_free.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_free.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_free 3" -.TH SSL_CTX_free 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_free 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get_ex_new_index 3" -.TH SSL_CTX_get_ex_new_index 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_get_ex_new_index 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get_verify_mode 3" -.TH SSL_CTX_get_verify_mode 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_get_verify_mode 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_load_verify_locations 3" -.TH SSL_CTX_load_verify_locations 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_load_verify_locations 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +156,7 @@ which \s-1CA\s0 certificates for verification purp available via \fBCAfile\fR and \fBCApath\fR are trusted. .SH "NOTES" .IX Header "NOTES" -If \fBCAfile\fR is not \s-1NULL\s0, it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0 +If \fBCAfile\fR is not \s-1NULL,\s0 it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0 format. The file can contain several \s-1CA\s0 certificates identified by .PP .Vb 3 @@ -162,7 +171,7 @@ which can be used e.g. for descriptions of the cer The \fBCAfile\fR is processed on execution of the \fISSL_CTX_load_verify_locations()\fR function. .PP -If \fBCApath\fR is not \s-1NULL\s0, it points to a directory containing \s-1CA\s0 certificates +If \fBCApath\fR is not \s-1NULL,\s0 it points to a directory containing \s-1CA\s0 certificates in \s-1PEM\s0 format. The files each contain one \s-1CA\s0 certificate. The files are looked up by the \s-1CA\s0 subject name hash value, which must hence be available. If more than one \s-1CA\s0 certificate with the same name hash value exist, the Index: secure/lib/libssl/man/SSL_CTX_new.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_new.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_new.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_new 3" -.TH SSL_CTX_new 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_sess_number.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_sess_number.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_sess_number.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_number 3" -.TH SSL_CTX_sess_number 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_sess_number 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_cache_size 3" -.TH SSL_CTX_sess_set_cache_size 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_sess_set_cache_size 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +156,7 @@ of context \fBctx\fR to \fBt\fR. \&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size. .SH "NOTES" .IX Header "NOTES" -The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT\s0, +The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,\s0 currently 1024*20, so that up to 20000 sessions can be held. This size can be modified using the \fISSL_CTX_sess_set_cache_size()\fR call. A special case is the size 0, which is used for unlimited size. Index: secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_get_cb 3" -.TH SSL_CTX_sess_set_get_cb 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_sess_set_get_cb 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_sessions.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_sessions.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_sessions.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sessions 3" -.TH SSL_CTX_sessions 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_sessions 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_cert_store.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_cert_store.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_cert_store.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_store 3" -.TH SSL_CTX_set_cert_store 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_cert_store 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_verify_callback 3" -.TH SSL_CTX_set_cert_verify_callback 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_cert_verify_callback 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,7 +159,7 @@ function is called. If the application does not ex verification callback function, the built-in verification function is used. If a verification callback \fIcallback\fR is specified via \&\fISSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called -instead. By setting \fIcallback\fR to \s-1NULL\s0, the default behaviour is restored. +instead. By setting \fIcallback\fR to \s-1NULL,\s0 the default behaviour is restored. .PP When the verification must be performed, \fIcallback\fR will be called with the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The Index: secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cipher_list 3" -.TH SSL_CTX_set_cipher_list 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_cipher_list 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_CA_list 3" -.TH SSL_CTX_set_client_CA_list 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_client_CA_list 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -162,7 +171,7 @@ the chosen \fBssl\fR, overriding the setting valid .SH "NOTES" .IX Header "NOTES" When a \s-1TLS/SSL\s0 server requests a client certificate (see -\&\fB\f(BISSL_CTX_set_verify_options()\fB\fR), it sends a list of CAs, for which +\&\fB\f(BISSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept certificates, to the client. .PP This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR for Index: secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_cert_cb 3" -.TH SSL_CTX_set_client_cert_cb 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_client_cert_cb 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +155,7 @@ SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cer called when a client certificate is requested by a server and no certificate was yet set for the \s-1SSL\s0 object. .PP -When \fB\f(BIclient_cert_cb()\fB\fR is \s-1NULL\s0, no callback function is used. +When \fB\f(BIclient_cert_cb()\fB\fR is \s-1NULL,\s0 no callback function is used. .PP \&\fISSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback function. @@ -157,7 +166,7 @@ using the \fBx509\fR and \fBpkey\fR arguments and certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate will be sent. A negative return value will suspend the handshake and the -handshake function will return immediatly. \fISSL_get_error\fR\|(3) +handshake function will return immediately. \fISSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call of \fIclient_cert_cb()\fR. It is the job of the \fIclient_cert_cb()\fR to store information Index: secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_default_passwd_cb 3" -.TH SSL_CTX_set_default_passwd_cb 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_default_passwd_cb 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_generate_session_id 3" -.TH SSL_CTX_set_generate_session_id 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_generate_session_id 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_info_callback.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_info_callback.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_info_callback.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_info_callback 3" -.TH SSL_CTX_set_info_callback 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_info_callback 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,11 +157,11 @@ SSL_CTX_set_info_callback, SSL_CTX_get_info_callba obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection setup and use. The setting for \fBctx\fR is overridden from the setting for a specific \s-1SSL\s0 object, if specified. -When \fBcallback\fR is \s-1NULL\s0, not callback function is used. +When \fBcallback\fR is \s-1NULL,\s0 not callback function is used. .PP \&\fISSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to obtain state information for \fBssl\fR during connection setup and use. -When \fBcallback\fR is \s-1NULL\s0, the callback setting currently valid for +When \fBcallback\fR is \s-1NULL,\s0 the callback setting currently valid for \&\fBctx\fR is used. .PP \&\fISSL_CTX_get_info_callback()\fR returns a pointer to the currently set information @@ -189,25 +198,25 @@ Callback has been called during write operation. .IP "\s-1SSL_CB_ALERT\s0" 4 .IX Item "SSL_CB_ALERT" Callback has been called due to an alert being sent or received. -.IP "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4 -.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" +.IP "\s-1SSL_CB_READ_ALERT \s0(SSL_CB_ALERT|SSL_CB_READ)" 4 +.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" .PD 0 -.IP "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4 -.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" -.IP "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 -.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" -.IP "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 -.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" -.IP "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4 -.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" -.IP "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4 -.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" +.IP "\s-1SSL_CB_WRITE_ALERT \s0(SSL_CB_ALERT|SSL_CB_WRITE)" 4 +.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" +.IP "\s-1SSL_CB_ACCEPT_LOOP \s0(SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 +.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" +.IP "\s-1SSL_CB_ACCEPT_EXIT \s0(SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 +.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" +.IP "\s-1SSL_CB_CONNECT_LOOP \s0(SSL_ST_CONNECT|SSL_CB_LOOP)" 4 +.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" +.IP "\s-1SSL_CB_CONNECT_EXIT \s0(SSL_ST_CONNECT|SSL_CB_EXIT)" 4 +.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" .IP "\s-1SSL_CB_HANDSHAKE_START\s0" 4 .IX Item "SSL_CB_HANDSHAKE_START" .PD Callback has been called because a new handshake is started. -.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0 0x20" 4 -.IX Item "SSL_CB_HANDSHAKE_DONE 0x20" +.IP "\s-1SSL_CB_HANDSHAKE_DONE \s0 0x20" 4 +.IX Item "SSL_CB_HANDSHAKE_DONE 0x20" Callback has been called because a handshake is finished. .PP The current state information can be obtained using the @@ -223,7 +232,7 @@ The \fBret\fR information can be evaluated using t .SH "EXAMPLES" .IX Header "EXAMPLES" The following example callback function prints state strings, information -about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO\s0. +about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO.\s0 .PP .Vb 4 \& void apps_ssl_info_callback(SSL *s, int where, int ret) Index: secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_max_cert_list 3" -.TH SSL_CTX_set_max_cert_list 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_max_cert_list 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_mode.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_mode.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_mode.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_mode 3" -.TH SSL_CTX_set_mode 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_mode 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,7 +184,7 @@ non-blocking \fIwrite()\fR. Never bother the application with retries if the transport is blocking. If a renegotiation take place during normal operation, a \&\fISSL_read\fR\|(3) or \fISSL_write\fR\|(3) would return -with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ\s0. +with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ.\s0 In a non-blocking environment applications must be prepared to handle incomplete read/write operations. In a blocking environment, applications are not always prepared to @@ -182,6 +191,15 @@ In a blocking environment, applications are not al deal with read/write operations returning without success report. The flag \s-1SSL_MODE_AUTO_RETRY\s0 will cause read/write operations to only return after the handshake and successful completion. +.IP "\s-1SSL_MODE_SEND_FALLBACK_SCSV\s0" 4 +.IX Item "SSL_MODE_SEND_FALLBACK_SCSV" +Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. +To be set only by applications that reconnect with a downgraded protocol +version; see draft\-ietf\-tls\-downgrade\-scsv\-00 for details. +.Sp +\&\s-1DO NOT ENABLE THIS\s0 if your application attempts a normal handshake. +Only use this in explicit fallback retries, following the guidance +in draft\-ietf\-tls\-downgrade\-scsv\-00. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_CTX_set_mode()\fR and \fISSL_set_mode()\fR return the new mode bitmask Index: secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_msg_callback 3" -.TH SSL_CTX_set_msg_callback 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_msg_callback 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,12 +176,12 @@ when a protocol message has been sent. .IX Item "version" The protocol version according to which the protocol message is interpreted by the library. Currently, this is one of -\&\fB\s-1SSL2_VERSION\s0\fR, \fB\s-1SSL3_VERSION\s0\fR and \fB\s-1TLS1_VERSION\s0\fR (for \s-1SSL\s0 2.0, \s-1SSL\s0 -3.0 and \s-1TLS\s0 1.0, respectively). +\&\fB\s-1SSL2_VERSION\s0\fR, \fB\s-1SSL3_VERSION\s0\fR and \fB\s-1TLS1_VERSION\s0\fR (for \s-1SSL 2.0, SSL +3.0\s0 and \s-1TLS 1.0,\s0 respectively). .IP "\fIcontent_type\fR" 4 .IX Item "content_type" -In the case of \s-1SSL\s0 2.0, this is always \fB0\fR. In the case of \s-1SSL\s0 3.0 -or \s-1TLS\s0 1.0, this is one of the \fBContentType\fR values defined in the +In the case of \s-1SSL 2.0,\s0 this is always \fB0\fR. In the case of \s-1SSL 3.0\s0 +or \s-1TLS 1.0,\s0 this is one of the \fBContentType\fR values defined in the protocol specification (\fBchange_cipher_spec(20)\fR, \fBalert(21)\fR, \&\fBhandshake(22)\fR; but never \fBapplication_data(23)\fR because the callback will only be called for protocol messages). @@ -201,7 +210,7 @@ processed. .PP Due to automatic protocol version negotiation, \fIversion\fR is not necessarily the protocol version used by the sender of the message: If -a \s-1TLS\s0 1.0 ClientHello message is received by an \s-1SSL\s0 3.0\-only server, +a \s-1TLS 1.0\s0 ClientHello message is received by an \s-1SSL 3\s0.0\-only server, \&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" Index: secure/lib/libssl/man/SSL_CTX_set_options.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_options.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_options.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_options 3" -.TH SSL_CTX_set_options 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_options 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -209,8 +218,8 @@ As of OpenSSL 0.9.8q and 1.0.0c, this option has n \&... .IP "\s-1SSL_OP_SAFARI_ECDHE_ECDSA_BUG\s0" 4 .IX Item "SSL_OP_SAFARI_ECDHE_ECDSA_BUG" -Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS\s0 X. -\&\s-1OS\s0 X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. +Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS X. +OS X 10.8..10.8.3\s0 has broken support for ECDHE-ECDSA ciphers. .IP "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4 .IX Item "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" \&... @@ -222,7 +231,7 @@ As of OpenSSL 0.9.8q and 1.0.0c, this option has n \&... .IP "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 .IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" -Disables a countermeasure against a \s-1SSL\s0 3.0/TLS 1.0 protocol +Disables a countermeasure against a \s-1SSL 3.0/TLS 1.0\s0 protocol vulnerability affecting \s-1CBC\s0 ciphers, which cannot be handled by some broken \s-1SSL\s0 implementations. This option has no effect for connections using other ciphers. @@ -259,15 +268,7 @@ a new \s-1DH\s0 key during each handshake but it i temporary/ephemeral \s-1DH\s0 parameters are used. .IP "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 .IX Item "SSL_OP_EPHEMERAL_RSA" -Always use ephemeral (temporary) \s-1RSA\s0 key when doing \s-1RSA\s0 operations -(see \fISSL_CTX_set_tmp_rsa_callback\fR\|(3)). -According to the specifications this is only done, when a \s-1RSA\s0 key -can only be used for signature operations (namely under export ciphers -with restricted \s-1RSA\s0 keylength). By setting this option, ephemeral -\&\s-1RSA\s0 keys are always used. This option breaks compatibility with the -\&\s-1SSL/TLS\s0 specifications and may lead to interoperability problems with -clients and should therefore never be used. Ciphers with \s-1EDH\s0 (ephemeral -Diffie-Hellman) key exchange should be used instead. +This option is no longer implemented and is treated as no op. .IP "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4 .IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE" When choosing a cipher, use the server's preferences instead of the client @@ -314,16 +315,16 @@ not be used by clients or servers. .IP "\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0" 4 .IX Item "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" Allow legacy insecure renegotiation between OpenSSL and unpatched clients or -servers. See the \fB\s-1SECURE\s0 \s-1RENEGOTIATION\s0\fR section for more details. +servers. See the \fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. .IP "\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0" 4 .IX Item "SSL_OP_LEGACY_SERVER_CONNECT" Allow legacy insecure renegotiation between OpenSSL and unpatched servers \&\fBonly\fR: this option is currently set by default. See the -\&\fB\s-1SECURE\s0 \s-1RENEGOTIATION\s0\fR section for more details. +\&\fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. .SH "SECURE RENEGOTIATION" .IX Header "SECURE RENEGOTIATION" OpenSSL 0.9.8m and later always attempts to use secure renegotiation as -described in \s-1RFC5746\s0. This counters the prefix attack described in +described in \s-1RFC5746.\s0 This counters the prefix attack described in \&\s-1CVE\-2009\-3555\s0 and elsewhere. .PP The deprecated and highly broken SSLv2 protocol does not support @@ -341,7 +342,7 @@ renegotiation implementation. Connections and renegotiation are always permitted by OpenSSL implementations. .SS "Unpatched client and patched OpenSSL server" .IX Subsection "Unpatched client and patched OpenSSL server" -The initial connection suceeds but client renegotiation is denied by the +The initial connection succeeds but client renegotiation is denied by the server with a \fBno_renegotiation\fR warning alert if \s-1TLS\s0 v1.0 is used or a fatal \&\fBhandshake_failure\fR alert in \s-1SSL\s0 v3.0. .PP Index: secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_quiet_shutdown 3" -.TH SSL_CTX_set_quiet_shutdown 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_quiet_shutdown 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_cache_mode 3" -.TH SSL_CTX_set_session_cache_mode 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_session_cache_mode 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -207,10 +216,10 @@ As automatic lookup only applies for \s-1SSL/TLS\s clients. .IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4 .IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE" -Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER\s0, +Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER,\s0 sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse. Normally a new session is added to the internal cache as well as any external -session caching (callback) that is configured for the \s-1SSL_CTX\s0. This flag will +session caching (callback) that is configured for the \s-1SSL_CTX.\s0 This flag will prevent sessions being stored in the internal cache (though the application can add them manually using \fISSL_CTX_add_session\fR\|(3)). Note: in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful @@ -222,7 +231,7 @@ prevents these additions to the internal cache as Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and \&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time. .PP -The default mode is \s-1SSL_SESS_CACHE_SERVER\s0. +The default mode is \s-1SSL_SESS_CACHE_SERVER.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode. Index: secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_id_context 3" -.TH SSL_CTX_set_session_id_context 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_session_id_context 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_ssl_version 3" -.TH SSL_CTX_set_ssl_version 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_ssl_version 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -143,12 +152,12 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_g .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects +\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL \s0\fBmethod\fR for \s-1SSL\s0 objects newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with \&\fISSL_new\fR\|(3) are not affected, except when \&\fISSL_clear\fR\|(3) is being called. .PP -\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR +\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL \s0\fBmethod\fR for a particular \fBssl\fR object. It may be reset, when \fISSL_clear()\fR is called. .PP \&\fISSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method Index: secure/lib/libssl/man/SSL_CTX_set_timeout.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_timeout.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_timeout.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_timeout 3" -.TH SSL_CTX_set_timeout 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_timeout 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 (revision 0) +++ secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 (working copy) @@ -0,0 +1,316 @@ +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_set_tlsext_ticket_key_cb 3" +.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2015-01-08" "0.9.8zd" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_ticket_key_cb \- set a callback for session ticket processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx, +\& int (*cb)(SSL *s, unsigned char key_name[16], +\& unsigned char iv[EVP_MAX_IV_LENGTH], +\& EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_tlsext_ticket_key_cb()\fR sets a callback fuction \fIcb\fR for handling +session tickets for the ssl context \fIsslctx\fR. Session tickets, defined in +\&\s-1RFC5077\s0 provide an enhanced session resumption capability where the server +implementation is not required to maintain per session state. It only applies +to \s-1TLS\s0 and there is no SSLv3 implementation. +.PP +The callback is available when the OpenSSL library was built without +\&\fI\s-1OPENSSL_NO_TLSEXT\s0\fR being defined. +.PP +The callback function \fIcb\fR will be called for every client instigated \s-1TLS\s0 +session when session ticket extension is presented in the \s-1TLS\s0 hello +message. It is the responsibility of this function to create or retrieve the +cryptographic parameters and to maintain their state. +.PP +The OpenSSL library uses your callback function to help implement a common \s-1TLS \s0 +ticket construction state according to \s-1RFC5077\s0 Section 4 such that per session +state is unnecessary and a small set of cryptographic variables needs to be +maintained by the callback function implementation. +.PP +In order to reuse a session, a \s-1TLS\s0 client must send the a session ticket +extension to the server. The client can only send exactly one session ticket. +The server, through the callback function, either agrees to reuse the session +ticket information or it starts a full \s-1TLS\s0 handshake to create a new session +ticket. +.PP +Before the callback function is started \fIctx\fR and \fIhctx\fR have been +initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively. +.PP +For new sessions tickets, when the client doesn't present a session ticket, or +an attempted retreival of the ticket failed, or a renew option was indicated, +the callback function will be called with \fIenc\fR equal to 1. The OpenSSL +library expects that the function will set an arbitary \fIname\fR, initialize +\&\fIiv\fR, and set the cipher context \fIctx\fR and the hash context \fIhctx\fR. +.PP +The \fIname\fR is 16 characters long and is used as a key identifier. +.PP +The \fIiv\fR length is the length of the \s-1IV\s0 of the corresponding cipher. The +maximum \s-1IV\s0 length is \s-1EVP_MAX_IV_LENGTH\s0 bytes defined in \fBevp.h\fR. +.PP +The initialization vector \fIiv\fR should be a random value. The cipher context +\&\fIctx\fR should use the initialisation vector \fIiv\fR. The cipher context can be +set using EVP_EncryptInit_ex. The hmac context can be set using HMAC_Init_ex. +.PP +When the client presents a session ticket, the callback function with be called +with \fIenc\fR set to 0 indicating that the \fIcb\fR function should retreive a set +of parameters. In this case \fIname\fR and \fIiv\fR have already been parsed out of +the session ticket. The OpenSSL library expects that the \fIname\fR will be used +to retrieve a cryptographic parameters and that the cryptographic context +\&\fIctx\fR will be set with the retreived parameters and the initialization vector +\&\fIiv\fR. using a function like EVP_DecryptInit_ex. The \fIhctx\fR needs to be set +using HMAC_Init_ex. +.PP +If the \fIname\fR is still valid but a renewal of the ticket is required the +callback function should return 2. The library will call the callback again +with an arguement of enc equal to 1 to set the new ticket. +.PP +The return value of the \fIcb\fR function is used by OpenSSL to determine what +further processing will occur. The following return values have meaning: +.IP "2" 4 +.IX Item "2" +This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can +continue on those parameters. Additionally it indicates that the session +ticket is in a renewal period and should be replaced. The OpenSSL library will +call \fIcb\fR again with an enc argument of 1 to set the new ticket (see \s-1RFC5077 +3.3\s0 paragraph 2). +.IP "1" 4 +.IX Item "1" +This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can +continue on those parameters. +.IP "0" 4 +This indicates that it was not possible to set/retrieve a session ticket and +the \s-1SSL/TLS\s0 session will continue by by negiotationing a set of cryptographic +parameters or using the alternate \s-1SSL/TLS\s0 resumption mechanism, session ids. +.Sp +If called with enc equal to 0 the library will call the \fIcb\fR again to get +a new set of parameters. +.IP "less than 0" 4 +.IX Item "less than 0" +This indicates an error. +.SH "NOTES" +.IX Header "NOTES" +Session resumption shortcuts the \s-1TLS\s0 so that the client certificate +negiotation don't occur. It makes up for this by storing client certificate +an all other negotiated state information encrypted within the ticket. In a +resumed session the applications will have all this state information available +exactly as if a full negiotation had occured. +.PP +If an attacker can obtain the key used to encrypt a session ticket, they can +obtain the master secret for any ticket using that key and decrypt any traffic +using that session: even if the ciphersuite supports forward secrecy. As +a result applications may wish to use multiple keys and avoid using long term +keys stored in files. +.PP +Applications can use longer keys to maintain a consistent level of security. +For example if a ciphersuite uses 256 bit ciphers but only a 128 bit ticket key +the overall security is only 128 bits because breaking the ticket key will +enable an attacker to obtain the session keys. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Reference Implemention: + SSL_CTX_set_tlsext_ticket_key_cb(\s-1SSL\s0,ssl_tlsext_ticket_key_cb); + .... +.PP +.Vb 6 +\& static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) +\& { +\& if (enc) { /* create new session */ +\& if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) ) { +\& return \-1; /* insufficient random */ +\& } +\& +\& key = currentkey(); /* something that you need to implement */ +\& if ( !key ) { +\& /* current key doesn\*(Aqt exist or isn\*(Aqt valid */ +\& key = createkey(); /* something that you need to implement. +\& * createkey needs to initialise, a name, +\& * an aes_key, a hmac_key and optionally +\& * an expire time. */ +\& if ( !key ) { /* key couldn\*(Aqt be created */ +\& return 0; +\& } +\& } +\& memcpy(key_name, key\->name, 16); +\& +\& EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv); +\& HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL); +\& +\& return 1; +\& +\& } else { /* retrieve session */ +\& key = findkey(name); +\& +\& if (!key || key\->expire < now() ) { +\& return 0; +\& } +\& +\& HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL); +\& EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv ); +\& +\& if (key\->expire < ( now() \- RENEW_TIME ) ) { +\& /* return 2 \- this session will get a new ticket even though the current is still valid */ +\& return 2; +\& } +\& return 1; +\& +\& } +\& } +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +returns 0 to indicate the callback function was set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(3), \fISSL_set_session\fR\|(3), +\&\fISSL_session_reused\fR\|(3), +\&\fISSL_CTX_add_session\fR\|(3), +\&\fISSL_CTX_sess_number\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3), +\&\fISSL_CTX_set_session_id_context\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +This function was introduced in OpenSSL 0.9.8h Index: secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_dh_callback 3" -.TH SSL_CTX_set_tmp_dh_callback 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_tmp_dh_callback 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -140,11 +149,9 @@ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, S \& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); \& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); \& -\& void SSL_set_tmp_dh_callback(SSL_CTX *ctx, +\& void SSL_set_tmp_dh_callback(SSL *ctx, \& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); \& long SSL_set_tmp_dh(SSL *ssl, DH *dh) -\& -\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -208,7 +215,7 @@ instead (see \fIdhparam\fR\|(1)), but in this case is mandatory. .PP Application authors may compile in \s-1DH\s0 parameters. Files dh512.pem, -dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current +dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the \fB\-C\fR option of the Index: secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_rsa_callback 3" -.TH SSL_CTX_set_tmp_rsa_callback 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_tmp_rsa_callback 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -197,26 +206,19 @@ the \s-1TLS\s0 standard, when the \s-1RSA\s0 key c for export ciphers. Using ephemeral \s-1RSA\s0 key exchange for other purposes violates the standard and can break interoperability with clients. It is therefore strongly recommended to not use ephemeral \s-1RSA\s0 key -exchange and use \s-1EDH\s0 (Ephemeral Diffie-Hellman) key exchange instead +exchange and use \s-1EDH \s0(Ephemeral Diffie-Hellman) key exchange instead in order to achieve forward secrecy (see \&\fISSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP -On OpenSSL servers ephemeral \s-1RSA\s0 key exchange is therefore disabled by default -and must be explicitly enabled using the \s-1SSL_OP_EPHEMERAL_RSA\s0 option of -\&\fISSL_CTX_set_options\fR\|(3), violating the \s-1TLS/SSL\s0 -standard. When ephemeral \s-1RSA\s0 key exchange is required for export ciphers, -it will automatically be used without this option! +An application may either directly specify the key or can supply the key via a +callback function. The callback approach has the advantage, that the callback +may generate the key only in case it is actually needed. As the generation of a +\&\s-1RSA\s0 key is however costly, it will lead to a significant delay in the handshake +procedure. Another advantage of the callback function is that it can supply +keys of different size while the explicit setting of the key is only useful for +key size of 512 bits to satisfy the export restricted ciphers and does give +away key length if a longer key would be allowed. .PP -An application may either directly specify the key or can supply the key via -a callback function. The callback approach has the advantage, that the -callback may generate the key only in case it is actually needed. As the -generation of a \s-1RSA\s0 key is however costly, it will lead to a significant -delay in the handshake procedure. Another advantage of the callback function -is that it can supply keys of different size (e.g. for \s-1SSL_OP_EPHEMERAL_RSA\s0 -usage) while the explicit setting of the key is only useful for key size of -512 bits to satisfy the export restricted ciphers and does give away key length -if a longer key would be allowed. -.PP The \fBtmp_rsa_callback\fR is called with the \fBkeylength\fR needed and the \fBis_export\fR information. The \fBis_export\fR flag is set, when the ephemeral \s-1RSA\s0 key exchange is performed with an export cipher. Index: secure/lib/libssl/man/SSL_CTX_set_verify.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_verify.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_set_verify.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_verify 3" -.TH SSL_CTX_set_verify 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_set_verify 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -197,7 +206,7 @@ anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 i .IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" \&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0 handshake is immediately terminated with a \*(L"handshake failure\*(R" alert. -This flag must be used together with \s-1SSL_VERIFY_PEER\s0. +This flag must be used together with \s-1SSL_VERIFY_PEER.\s0 .Sp \&\fBClient mode:\fR ignored .IP "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4 @@ -204,7 +213,7 @@ handshake is immediately terminated with a \*(L"ha .IX Item "SSL_VERIFY_CLIENT_ONCE" \&\fBServer mode:\fR only request a client certificate on the initial \s-1TLS/SSL\s0 handshake. Do not ask for a client certificate again in case of a -renegotiation. This flag must be used together with \s-1SSL_VERIFY_PEER\s0. +renegotiation. This flag must be used together with \s-1SSL_VERIFY_PEER.\s0 .Sp \&\fBClient mode:\fR ignored .PP @@ -228,8 +237,8 @@ certificates would not be present, most likely a X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued. The depth count is \*(L"level 0:peer certificate\*(R", \*(L"level 1: \s-1CA\s0 certificate\*(R", \&\*(L"level 2: higher level \s-1CA\s0 certificate\*(R", and so on. Setting the maximum -depth to 2 allows the levels 0, 1, and 2. The default depth limit is 9, -allowing for the peer certificate and additional 9 \s-1CA\s0 certificates. +depth to 2 allows the levels 0, 1, and 2. The default depth limit is 100, +allowing for the peer certificate and additional 100 \s-1CA\s0 certificates. .PP The \fBverify_callback\fR function is used to control the behaviour when the \&\s-1SSL_VERIFY_PEER\s0 flag is set. It must be supplied by the application and Index: secure/lib/libssl/man/SSL_CTX_use_certificate.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_use_certificate.3 (revision 279126) +++ secure/lib/libssl/man/SSL_CTX_use_certificate.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_use_certificate 3" -.TH SSL_CTX_use_certificate 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_CTX_use_certificate 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -189,7 +198,7 @@ the memory location \fBd\fR (with length \fBlen\fR .PP \&\fISSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified -from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0. +from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 \&\fISSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR. See the \s-1NOTES\s0 section on why \fISSL_CTX_use_certificate_chain_file()\fR should be preferred. @@ -198,7 +207,7 @@ should be preferred. \&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must be sorted starting with the subject's certificate (actual client or server certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and -ending at the highest level (root) \s-1CA\s0. +ending at the highest level (root) \s-1CA.\s0 There is no corresponding function working on a single \s-1SSL\s0 object. .PP \&\fISSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. @@ -220,7 +229,7 @@ key to \fBssl\fR. .PP \&\fISSL_CTX_use_PrivateKey_file()\fR adds the first private key found in \&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified -from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0. +from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 \&\fISSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in \&\fBfile\fR to \fBctx\fR. \fISSL_use_PrivateKey_file()\fR adds the first private key found in \fBfile\fR to \fBssl\fR; \fISSL_use_RSAPrivateKey_file()\fR adds the first private @@ -237,11 +246,11 @@ this \fBssl\fR, the last item added into \fBctx\fR .IX Header "NOTES" The internal certificate store of OpenSSL can hold two private key/certificate pairs at a time: one key/certificate of type \s-1RSA\s0 and one key/certificate -of type \s-1DSA\s0. The certificate used depends on the cipher select, see +of type \s-1DSA.\s0 The certificate used depends on the cipher select, see also \fISSL_CTX_set_cipher_list\fR\|(3). .PP When reading certificates and private keys from file, files of type -\&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain +\&\s-1SSL_FILETYPE_ASN1 \s0(also known as \fB\s-1DER\s0\fR, binary encoding) can only contain one certificate or private key, consequently \&\fISSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting. Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. Index: secure/lib/libssl/man/SSL_SESSION_free.3 =================================================================== --- secure/lib/libssl/man/SSL_SESSION_free.3 (revision 279126) +++ secure/lib/libssl/man/SSL_SESSION_free.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_free 3" -.TH SSL_SESSION_free 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_SESSION_free 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 =================================================================== --- secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 (revision 279126) +++ secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_get_ex_new_index 3" -.TH SSL_SESSION_get_ex_new_index 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_SESSION_get_ex_new_index 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_SESSION_get_time.3 =================================================================== --- secure/lib/libssl/man/SSL_SESSION_get_time.3 (revision 279126) +++ secure/lib/libssl/man/SSL_SESSION_get_time.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_get_time 3" -.TH SSL_SESSION_get_time 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_SESSION_get_time 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_accept.3 =================================================================== --- secure/lib/libssl/man/SSL_accept.3 (revision 279126) +++ secure/lib/libssl/man/SSL_accept.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_accept 3" -.TH SSL_accept 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_accept 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,11 +154,11 @@ The communication channel must already have been s \&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR. .SH "NOTES" .IX Header "NOTES" -The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO\s0. +The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO. \s0 .PP If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_accept()\fR will only return once the -handshake has been finished or an error occurred, except for \s-1SGC\s0 (Server -Gated Cryptography). For \s-1SGC\s0, \fISSL_accept()\fR may return with \-1, but +handshake has been finished or an error occurred, except for \s-1SGC \s0(Server +Gated Cryptography). For \s-1SGC,\s0 \fISSL_accept()\fR may return with \-1, but \&\fISSL_get_error()\fR will yield \fB\s-1SSL_ERROR_WANT_READ/WRITE\s0\fR and \fISSL_accept()\fR should be called again. .PP @@ -160,9 +169,9 @@ In this case a call to \fISSL_get_error()\fR with return value of \fISSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fISSL_accept()\fR. -The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check for the required -condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Index: secure/lib/libssl/man/SSL_alert_type_string.3 =================================================================== --- secure/lib/libssl/man/SSL_alert_type_string.3 (revision 279126) +++ secure/lib/libssl/man/SSL_alert_type_string.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_alert_type_string 3" -.TH SSL_alert_type_string 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_alert_type_string 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -171,7 +180,7 @@ receiving side may cancel the connection on recept alert on it discretion. .PP Several alert messages must be sent as fatal alert messages as specified -by the \s-1TLS\s0 \s-1RFC\s0. A fatal alert always leads to a connection abort. +by the \s-1TLS RFC. A\s0 fatal alert always leads to a connection abort. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following strings can occur for \fISSL_alert_type_string()\fR or @@ -192,131 +201,131 @@ Probably \fBvalue\fR does not contain a correct al .PP The following strings can occur for \fISSL_alert_desc_string()\fR or \&\fISSL_alert_desc_string_long()\fR: -.ie n .IP """\s-1CN\s0""/""close notify""" 4 -.el .IP "``\s-1CN\s0''/``close notify''" 4 +.ie n .IP """\s-1CN""/\s0""close notify""" 4 +.el .IP "``\s-1CN''/\s0``close notify''" 4 .IX Item "CN/close notify" The connection shall be closed. This is a warning alert. -.ie n .IP """\s-1UM\s0""/""unexpected message""" 4 -.el .IP "``\s-1UM\s0''/``unexpected message''" 4 +.ie n .IP """\s-1UM""/\s0""unexpected message""" 4 +.el .IP "``\s-1UM''/\s0``unexpected message''" 4 .IX Item "UM/unexpected message" An inappropriate message was received. This alert is always fatal and should never be observed in communication between proper implementations. -.ie n .IP """\s-1BM\s0""/""bad record mac""" 4 -.el .IP "``\s-1BM\s0''/``bad record mac''" 4 +.ie n .IP """\s-1BM""/\s0""bad record mac""" 4 +.el .IP "``\s-1BM''/\s0``bad record mac''" 4 .IX Item "BM/bad record mac" This alert is returned if a record is received with an incorrect -\&\s-1MAC\s0. This message is always fatal. -.ie n .IP """\s-1DF\s0""/""decompression failure""" 4 -.el .IP "``\s-1DF\s0''/``decompression failure''" 4 +\&\s-1MAC.\s0 This message is always fatal. +.ie n .IP """\s-1DF""/\s0""decompression failure""" 4 +.el .IP "``\s-1DF''/\s0``decompression failure''" 4 .IX Item "DF/decompression failure" The decompression function received improper input (e.g. data that would expand to excessive length). This message is always fatal. -.ie n .IP """\s-1HF\s0""/""handshake failure""" 4 -.el .IP "``\s-1HF\s0''/``handshake failure''" 4 +.ie n .IP """\s-1HF""/\s0""handshake failure""" 4 +.el .IP "``\s-1HF''/\s0``handshake failure''" 4 .IX Item "HF/handshake failure" Reception of a handshake_failure alert message indicates that the sender was unable to negotiate an acceptable set of security parameters given the options available. This is a fatal error. -.ie n .IP """\s-1NC\s0""/""no certificate""" 4 -.el .IP "``\s-1NC\s0''/``no certificate''" 4 +.ie n .IP """\s-1NC""/\s0""no certificate""" 4 +.el .IP "``\s-1NC''/\s0``no certificate''" 4 .IX Item "NC/no certificate" A client, that was asked to send a certificate, does not send a certificate (SSLv3 only). -.ie n .IP """\s-1BC\s0""/""bad certificate""" 4 -.el .IP "``\s-1BC\s0''/``bad certificate''" 4 +.ie n .IP """\s-1BC""/\s0""bad certificate""" 4 +.el .IP "``\s-1BC''/\s0``bad certificate''" 4 .IX Item "BC/bad certificate" A certificate was corrupt, contained signatures that did not verify correctly, etc -.ie n .IP """\s-1UC\s0""/""unsupported certificate""" 4 -.el .IP "``\s-1UC\s0''/``unsupported certificate''" 4 +.ie n .IP """\s-1UC""/\s0""unsupported certificate""" 4 +.el .IP "``\s-1UC''/\s0``unsupported certificate''" 4 .IX Item "UC/unsupported certificate" A certificate was of an unsupported type. -.ie n .IP """\s-1CR\s0""/""certificate revoked""" 4 -.el .IP "``\s-1CR\s0''/``certificate revoked''" 4 +.ie n .IP """\s-1CR""/\s0""certificate revoked""" 4 +.el .IP "``\s-1CR''/\s0``certificate revoked''" 4 .IX Item "CR/certificate revoked" A certificate was revoked by its signer. -.ie n .IP """\s-1CE\s0""/""certificate expired""" 4 -.el .IP "``\s-1CE\s0''/``certificate expired''" 4 +.ie n .IP """\s-1CE""/\s0""certificate expired""" 4 +.el .IP "``\s-1CE''/\s0``certificate expired''" 4 .IX Item "CE/certificate expired" A certificate has expired or is not currently valid. -.ie n .IP """\s-1CU\s0""/""certificate unknown""" 4 -.el .IP "``\s-1CU\s0''/``certificate unknown''" 4 +.ie n .IP """\s-1CU""/\s0""certificate unknown""" 4 +.el .IP "``\s-1CU''/\s0``certificate unknown''" 4 .IX Item "CU/certificate unknown" Some other (unspecified) issue arose in processing the certificate, rendering it unacceptable. -.ie n .IP """\s-1IP\s0""/""illegal parameter""" 4 -.el .IP "``\s-1IP\s0''/``illegal parameter''" 4 +.ie n .IP """\s-1IP""/\s0""illegal parameter""" 4 +.el .IP "``\s-1IP''/\s0``illegal parameter''" 4 .IX Item "IP/illegal parameter" A field in the handshake was out of range or inconsistent with other fields. This is always fatal. -.ie n .IP """\s-1DC\s0""/""decryption failed""" 4 -.el .IP "``\s-1DC\s0''/``decryption failed''" 4 +.ie n .IP """\s-1DC""/\s0""decryption failed""" 4 +.el .IP "``\s-1DC''/\s0``decryption failed''" 4 .IX Item "DC/decryption failed" A TLSCiphertext decrypted in an invalid way: either it wasn't an even multiple of the block length or its padding values, when checked, weren't correct. This message is always fatal. -.ie n .IP """\s-1RO\s0""/""record overflow""" 4 -.el .IP "``\s-1RO\s0''/``record overflow''" 4 +.ie n .IP """\s-1RO""/\s0""record overflow""" 4 +.el .IP "``\s-1RO''/\s0``record overflow''" 4 .IX Item "RO/record overflow" A TLSCiphertext record was received which had a length more than 2^14+2048 bytes, or a record decrypted to a TLSCompressed record with more than 2^14+1024 bytes. This message is always fatal. -.ie n .IP """\s-1CA\s0""/""unknown \s-1CA\s0""" 4 -.el .IP "``\s-1CA\s0''/``unknown \s-1CA\s0''" 4 +.ie n .IP """\s-1CA""/\s0""unknown \s-1CA""\s0" 4 +.el .IP "``\s-1CA''/\s0``unknown \s-1CA''\s0" 4 .IX Item "CA/unknown CA" A valid certificate chain or partial chain was received, but the certificate was not accepted because the \s-1CA\s0 certificate could not -be located or couldn't be matched with a known, trusted \s-1CA\s0. This +be located or couldn't be matched with a known, trusted \s-1CA. \s0 This message is always fatal. -.ie n .IP """\s-1AD\s0""/""access denied""" 4 -.el .IP "``\s-1AD\s0''/``access denied''" 4 +.ie n .IP """\s-1AD""/\s0""access denied""" 4 +.el .IP "``\s-1AD''/\s0``access denied''" 4 .IX Item "AD/access denied" A valid certificate was received, but when access control was applied, the sender decided not to proceed with negotiation. This message is always fatal. -.ie n .IP """\s-1DE\s0""/""decode error""" 4 -.el .IP "``\s-1DE\s0''/``decode error''" 4 +.ie n .IP """\s-1DE""/\s0""decode error""" 4 +.el .IP "``\s-1DE''/\s0``decode error''" 4 .IX Item "DE/decode error" A message could not be decoded because some field was out of the specified range or the length of the message was incorrect. This message is always fatal. -.ie n .IP """\s-1CY\s0""/""decrypt error""" 4 -.el .IP "``\s-1CY\s0''/``decrypt error''" 4 +.ie n .IP """\s-1CY""/\s0""decrypt error""" 4 +.el .IP "``\s-1CY''/\s0``decrypt error''" 4 .IX Item "CY/decrypt error" A handshake cryptographic operation failed, including being unable to correctly verify a signature, decrypt a key exchange, or validate a finished message. -.ie n .IP """\s-1ER\s0""/""export restriction""" 4 -.el .IP "``\s-1ER\s0''/``export restriction''" 4 +.ie n .IP """\s-1ER""/\s0""export restriction""" 4 +.el .IP "``\s-1ER''/\s0``export restriction''" 4 .IX Item "ER/export restriction" A negotiation not in compliance with export restrictions was detected; for example, attempting to transfer a 1024 bit ephemeral \s-1RSA\s0 key for the \s-1RSA_EXPORT\s0 handshake method. This message is always fatal. -.ie n .IP """\s-1PV\s0""/""protocol version""" 4 -.el .IP "``\s-1PV\s0''/``protocol version''" 4 +.ie n .IP """\s-1PV""/\s0""protocol version""" 4 +.el .IP "``\s-1PV''/\s0``protocol version''" 4 .IX Item "PV/protocol version" The protocol version the client has attempted to negotiate is recognized, but not supported. (For example, old protocol versions might be avoided for security reasons). This message is always fatal. -.ie n .IP """\s-1IS\s0""/""insufficient security""" 4 -.el .IP "``\s-1IS\s0''/``insufficient security''" 4 +.ie n .IP """\s-1IS""/\s0""insufficient security""" 4 +.el .IP "``\s-1IS''/\s0``insufficient security''" 4 .IX Item "IS/insufficient security" Returned instead of handshake_failure when a negotiation has failed specifically because the server requires ciphers more secure than those supported by the client. This message is always fatal. -.ie n .IP """\s-1IE\s0""/""internal error""" 4 -.el .IP "``\s-1IE\s0''/``internal error''" 4 +.ie n .IP """\s-1IE""/\s0""internal error""" 4 +.el .IP "``\s-1IE''/\s0``internal error''" 4 .IX Item "IE/internal error" An internal error unrelated to the peer or the correctness of the protocol makes it impossible to continue (such as a memory allocation failure). This message is always fatal. -.ie n .IP """\s-1US\s0""/""user canceled""" 4 -.el .IP "``\s-1US\s0''/``user canceled''" 4 +.ie n .IP """\s-1US""/\s0""user canceled""" 4 +.el .IP "``\s-1US''/\s0``user canceled''" 4 .IX Item "US/user canceled" This handshake is being canceled for some reason unrelated to a protocol failure. If the user cancels an operation after the @@ -323,8 +332,8 @@ protocol failure. If the user cancels an operation handshake is complete, just closing the connection by sending a close_notify is more appropriate. This alert should be followed by a close_notify. This message is generally a warning. -.ie n .IP """\s-1NR\s0""/""no renegotiation""" 4 -.el .IP "``\s-1NR\s0''/``no renegotiation''" 4 +.ie n .IP """\s-1NR""/\s0""no renegotiation""" 4 +.el .IP "``\s-1NR''/\s0``no renegotiation''" 4 .IX Item "NR/no renegotiation" Sent by the client in response to a hello request or by the server in response to a client hello after initial handshaking. @@ -337,8 +346,8 @@ satisfy a request; the process might receive secur (key length, authentication, etc.) at startup and it might be difficult to communicate changes to these parameters after that point. This message is always a warning. -.ie n .IP """\s-1UK\s0""/""unknown""" 4 -.el .IP "``\s-1UK\s0''/``unknown''" 4 +.ie n .IP """\s-1UK""/\s0""unknown""" 4 +.el .IP "``\s-1UK''/\s0``unknown''" 4 .IX Item "UK/unknown" This indicates that no description is available for this alert type. Probably \fBvalue\fR does not contain a correct alert message. Index: secure/lib/libssl/man/SSL_clear.3 =================================================================== --- secure/lib/libssl/man/SSL_clear.3 (revision 279126) +++ secure/lib/libssl/man/SSL_clear.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_clear 3" -.TH SSL_clear 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_clear 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +156,7 @@ BIOs) are kept. SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While all settings are kept, a side effect is the handling of the current \s-1SSL\s0 session. If a session is still \fBopen\fR, it is considered bad and will be removed -from the session cache, as required by \s-1RFC2246\s0. A session is considered open, +from the session cache, as required by \s-1RFC2246. A\s0 session is considered open, if \fISSL_shutdown\fR\|(3) was not called for the connection or at least \fISSL_set_shutdown\fR\|(3) was used to set the \s-1SSL_SENT_SHUTDOWN\s0 state. Index: secure/lib/libssl/man/SSL_connect.3 =================================================================== --- secure/lib/libssl/man/SSL_connect.3 (revision 279126) +++ secure/lib/libssl/man/SSL_connect.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_connect 3" -.TH SSL_connect 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_connect 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +154,7 @@ channel must already have been set and assigned to underlying \fB\s-1BIO\s0\fR. .SH "NOTES" .IX Header "NOTES" -The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO\s0. +The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO. \s0 .PP If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_connect()\fR will only return once the handshake has been finished or an error occurred. @@ -157,9 +166,9 @@ In this case a call to \fISSL_get_error()\fR with return value of \fISSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fISSL_connect()\fR. -The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check for the required -condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Index: secure/lib/libssl/man/SSL_do_handshake.3 =================================================================== --- secure/lib/libssl/man/SSL_do_handshake.3 (revision 279126) +++ secure/lib/libssl/man/SSL_do_handshake.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_do_handshake 3" -.TH SSL_do_handshake 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_do_handshake 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,11 +156,11 @@ routines may have to be explicitly set in advance \&\fISSL_set_accept_state\fR\|(3). .SH "NOTES" .IX Header "NOTES" -The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO\s0. +The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO.\s0 .PP If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_do_handshake()\fR will only return -once the handshake has been finished or an error occurred, except for \s-1SGC\s0 -(Server Gated Cryptography). For \s-1SGC\s0, \fISSL_do_handshake()\fR may return with \-1, +once the handshake has been finished or an error occurred, except for \s-1SGC +\&\s0(Server Gated Cryptography). For \s-1SGC,\s0 \fISSL_do_handshake()\fR may return with \-1, but \fISSL_get_error()\fR will yield \fB\s-1SSL_ERROR_WANT_READ/WRITE\s0\fR and \&\fISSL_do_handshake()\fR should be called again. .PP @@ -161,9 +170,9 @@ to continue the handshake. In this case a call to return value of \fISSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fISSL_do_handshake()\fR. -The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check for the required -condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Index: secure/lib/libssl/man/SSL_free.3 =================================================================== --- secure/lib/libssl/man/SSL_free.3 (revision 279126) +++ secure/lib/libssl/man/SSL_free.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_free 3" -.TH SSL_free 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_free 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +155,7 @@ reference count has reached 0. .SH "NOTES" .IX Header "NOTES" \&\fISSL_free()\fR also calls the \fIfree()\fRing procedures for indirectly affected items, if -applicable: the buffering \s-1BIO\s0, the read and write BIOs, +applicable: the buffering \s-1BIO,\s0 the read and write BIOs, cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR. Do not explicitly free these indirectly freed up items before or after calling \fISSL_free()\fR, as trying to free things twice may lead to program @@ -158,7 +167,7 @@ session cache. If the session is considered bad, b \&\fISSL_shutdown\fR\|(3) was not called for the connection and \fISSL_set_shutdown\fR\|(3) was not used to set the \&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed -from the session cache as required by \s-1RFC2246\s0. +from the session cache as required by \s-1RFC2246.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_free()\fR does not provide diagnostic information. Index: secure/lib/libssl/man/SSL_get_SSL_CTX.3 =================================================================== --- secure/lib/libssl/man/SSL_get_SSL_CTX.3 (revision 279126) +++ secure/lib/libssl/man/SSL_get_SSL_CTX.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_SSL_CTX 3" -.TH SSL_get_SSL_CTX 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_get_SSL_CTX 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_ciphers.3 =================================================================== --- secure/lib/libssl/man/SSL_get_ciphers.3 (revision 279126) +++ secure/lib/libssl/man/SSL_get_ciphers.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ciphers 3" -.TH SSL_get_ciphers 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_get_ciphers 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +155,7 @@ sorted by preference. If \fBssl\fR is \s-1NULL\s0 is returned. .PP \&\fISSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0 -listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL\s0, no ciphers are +listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0 is returned. .SH "NOTES" Index: secure/lib/libssl/man/SSL_get_client_CA_list.3 =================================================================== --- secure/lib/libssl/man/SSL_get_client_CA_list.3 (revision 279126) +++ secure/lib/libssl/man/SSL_get_client_CA_list.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_client_CA_list 3" -.TH SSL_get_client_CA_list 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_get_client_CA_list 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_current_cipher.3 =================================================================== --- secure/lib/libssl/man/SSL_get_current_cipher.3 (revision 279126) +++ secure/lib/libssl/man/SSL_get_current_cipher.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_current_cipher 3" -.TH SSL_get_current_cipher 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_get_current_cipher 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,7 +169,7 @@ macro to obtain the number of secret/algorithm bit See \fISSL_CIPHER_get_name\fR\|(3) for more details. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_get_current_cipher()\fR returns the cipher actually used or \s-1NULL\s0, when +\&\fISSL_get_current_cipher()\fR returns the cipher actually used or \s-1NULL,\s0 when no session has been established. .SH "SEE ALSO" .IX Header "SEE ALSO" Index: secure/lib/libssl/man/SSL_get_default_timeout.3 =================================================================== --- secure/lib/libssl/man/SSL_get_default_timeout.3 (revision 279126) +++ secure/lib/libssl/man/SSL_get_default_timeout.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_default_timeout 3" -.TH SSL_get_default_timeout 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_get_default_timeout 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_error.3 =================================================================== --- secure/lib/libssl/man/SSL_get_error.3 (revision 279126) +++ secure/lib/libssl/man/SSL_get_error.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_error 3" -.TH SSL_get_error 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_get_error 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -143,14 +152,14 @@ SSL_get_error \- obtain result code for TLS/SSL I/ \&\fISSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R" statement) for a preceding call to \fISSL_connect()\fR, \fISSL_accept()\fR, \fISSL_do_handshake()\fR, \&\fISSL_read()\fR, \fISSL_peek()\fR, or \fISSL_write()\fR on \fBssl\fR. The value returned by -that \s-1TLS/SSL\s0 I/O function must be passed to \fISSL_get_error()\fR in parameter +that \s-1TLS/SSL I/O\s0 function must be passed to \fISSL_get_error()\fR in parameter \&\fBret\fR. .PP In addition to \fBssl\fR and \fBret\fR, \fISSL_get_error()\fR inspects the current thread's OpenSSL error queue. Thus, \fISSL_get_error()\fR must be -used in the same thread that performed the \s-1TLS/SSL\s0 I/O operation, and no +used in the same thread that performed the \s-1TLS/SSL I/O\s0 operation, and no other OpenSSL function calls should appear in between. The current -thread's error queue must be empty before the \s-1TLS/SSL\s0 I/O operation is +thread's error queue must be empty before the \s-1TLS/SSL I/O\s0 operation is attempted, or \fISSL_get_error()\fR will not work reliably. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -157,19 +166,19 @@ attempted, or \fISSL_get_error()\fR will not work The following return values can currently occur: .IP "\s-1SSL_ERROR_NONE\s0" 4 .IX Item "SSL_ERROR_NONE" -The \s-1TLS/SSL\s0 I/O operation completed. This result code is returned +The \s-1TLS/SSL I/O\s0 operation completed. This result code is returned if and only if \fBret > 0\fR. .IP "\s-1SSL_ERROR_ZERO_RETURN\s0" 4 .IX Item "SSL_ERROR_ZERO_RETURN" -The \s-1TLS/SSL\s0 connection has been closed. If the protocol version is \s-1SSL\s0 3.0 -or \s-1TLS\s0 1.0, this result code is returned only if a closure +The \s-1TLS/SSL\s0 connection has been closed. If the protocol version is \s-1SSL 3.0\s0 +or \s-1TLS 1.0,\s0 this result code is returned only if a closure alert has occurred in the protocol, i.e. if the connection has been closed cleanly. Note that in this case \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR does not necessarily indicate that the underlying transport has been closed. -.IP "\s-1SSL_ERROR_WANT_READ\s0, \s-1SSL_ERROR_WANT_WRITE\s0" 4 +.IP "\s-1SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE\s0" 4 .IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE" -The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be +The operation did not complete; the same \s-1TLS/SSL I/O\s0 function should be called again later. If, by then, the underlying \fB\s-1BIO\s0\fR has data available for reading (if the result code is \fB\s-1SSL_ERROR_WANT_READ\s0\fR) or allows writing data (\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR), then some \s-1TLS/SSL\s0 @@ -182,21 +191,21 @@ protocol level. .Sp For socket \fB\s-1BIO\s0\fRs (e.g. when \fISSL_set_fd()\fR was used), \fIselect()\fR or \&\fIpoll()\fR on the underlying socket can be used to find out when the -\&\s-1TLS/SSL\s0 I/O function should be retried. +\&\s-1TLS/SSL I/O\s0 function should be retried. .Sp -Caveat: Any \s-1TLS/SSL\s0 I/O function can lead to either of +Caveat: Any \s-1TLS/SSL I/O\s0 function can lead to either of \&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. In particular, \&\fISSL_read()\fR or \fISSL_peek()\fR may want to write data and \fISSL_write()\fR may want to read data. This is mainly because \s-1TLS/SSL\s0 handshakes may occur at any time during the protocol (initiated by either the client or the server); \&\fISSL_read()\fR, \fISSL_peek()\fR, and \fISSL_write()\fR will handle any pending handshakes. -.IP "\s-1SSL_ERROR_WANT_CONNECT\s0, \s-1SSL_ERROR_WANT_ACCEPT\s0" 4 +.IP "\s-1SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT\s0" 4 .IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT" -The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be +The operation did not complete; the same \s-1TLS/SSL I/O\s0 function should be called again later. The underlying \s-1BIO\s0 was not connected yet to the peer and the call would block in \fIconnect()\fR/\fIaccept()\fR. The \s-1SSL\s0 function should be called again when the connection is established. These messages can only -appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO\s0, respectively. +appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO,\s0 respectively. In order to find out, when the connection has been successfully established, on many platforms \fIselect()\fR or \fIpoll()\fR for writing on the socket file descriptor can be used. @@ -204,7 +213,7 @@ can be used. .IX Item "SSL_ERROR_WANT_X509_LOOKUP" The operation did not complete because an application callback set by \&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. -The \s-1TLS/SSL\s0 I/O function should be called again later. +The \s-1TLS/SSL I/O\s0 function should be called again later. Details depend on the application. .IP "\s-1SSL_ERROR_SYSCALL\s0" 4 .IX Item "SSL_ERROR_SYSCALL" Index: secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 =================================================================== --- secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 (revision 279126) +++ secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3" -.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_ex_new_index.3 =================================================================== --- secure/lib/libssl/man/SSL_get_ex_new_index.3 (revision 279126) +++ secure/lib/libssl/man/SSL_get_ex_new_index.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ex_new_index 3" -.TH SSL_get_ex_new_index 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_get_ex_new_index 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_fd.3 =================================================================== --- secure/lib/libssl/man/SSL_get_fd.3 (revision 279126) +++ secure/lib/libssl/man/SSL_get_fd.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_fd 3" -.TH SSL_get_fd 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_get_fd 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_peer_cert_chain.3 =================================================================== --- secure/lib/libssl/man/SSL_get_peer_cert_chain.3 (revision 279126) +++ secure/lib/libssl/man/SSL_get_peer_cert_chain.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_peer_cert_chain 3" -.TH SSL_get_peer_cert_chain 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_get_peer_cert_chain 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_peer_certificate.3 =================================================================== --- secure/lib/libssl/man/SSL_get_peer_certificate.3 (revision 279126) +++ secure/lib/libssl/man/SSL_get_peer_certificate.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_peer_certificate 3" -.TH SSL_get_peer_certificate 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_get_peer_certificate 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_rbio.3 =================================================================== --- secure/lib/libssl/man/SSL_get_rbio.3 (revision 279126) +++ secure/lib/libssl/man/SSL_get_rbio.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_rbio 3" -.TH SSL_get_rbio 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_get_rbio 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_session.3 =================================================================== --- secure/lib/libssl/man/SSL_get_session.3 (revision 279126) +++ secure/lib/libssl/man/SSL_get_session.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_session 3" -.TH SSL_get_session 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_get_session 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_verify_result.3 =================================================================== --- secure/lib/libssl/man/SSL_get_verify_result.3 (revision 279126) +++ secure/lib/libssl/man/SSL_get_verify_result.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_verify_result 3" -.TH SSL_get_verify_result 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_get_verify_result 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_version.3 =================================================================== --- secure/lib/libssl/man/SSL_get_version.3 (revision 279126) +++ secure/lib/libssl/man/SSL_get_version.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_version 3" -.TH SSL_get_version 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_get_version 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -140,11 +149,11 @@ SSL_get_version \- get the protocol version of a c .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_cipher_version()\fR returns the name of the protocol used for the +\&\fISSL_get_version()\fR returns the name of the protocol used for the connection \fBssl\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The following strings can occur: +The following strings can be returned: .IP "SSLv2" 4 .IX Item "SSLv2" The connection uses the SSLv2 protocol. @@ -153,7 +162,13 @@ The connection uses the SSLv2 protocol. The connection uses the SSLv3 protocol. .IP "TLSv1" 4 .IX Item "TLSv1" -The connection uses the TLSv1 protocol. +The connection uses the TLSv1.0 protocol. +.IP "TLSv1.1" 4 +.IX Item "TLSv1.1" +The connection uses the TLSv1.1 protocol. +.IP "TLSv1.2" 4 +.IX Item "TLSv1.2" +The connection uses the TLSv1.2 protocol. .IP "unknown" 4 .IX Item "unknown" This indicates that no version has been set (no connection established). Index: secure/lib/libssl/man/SSL_library_init.3 =================================================================== --- secure/lib/libssl/man/SSL_library_init.3 (revision 279126) +++ secure/lib/libssl/man/SSL_library_init.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_library_init 3" -.TH SSL_library_init 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_library_init 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,7 +162,7 @@ for \fISSL_library_init()\fR. .SH "WARNING" .IX Header "WARNING" \&\fISSL_library_init()\fR adds ciphers and digests used directly and indirectly by -\&\s-1SSL/TLS\s0. +\&\s-1SSL/TLS.\s0 .SH "EXAMPLES" .IX Header "EXAMPLES" A typical \s-1TLS/SSL\s0 application will start with the library initialization, Index: secure/lib/libssl/man/SSL_load_client_CA_file.3 =================================================================== --- secure/lib/libssl/man/SSL_load_client_CA_file.3 (revision 279126) +++ secure/lib/libssl/man/SSL_load_client_CA_file.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_load_client_CA_file 3" -.TH SSL_load_client_CA_file 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_load_client_CA_file 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_new.3 =================================================================== --- secure/lib/libssl/man/SSL_new.3 (revision 279126) +++ secure/lib/libssl/man/SSL_new.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_new 3" -.TH SSL_new 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_pending.3 =================================================================== --- secure/lib/libssl/man/SSL_pending.3 (revision 279126) +++ secure/lib/libssl/man/SSL_pending.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_pending 3" -.TH SSL_pending 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_pending 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_read.3 =================================================================== --- secure/lib/libssl/man/SSL_read.3 (revision 279126) +++ secure/lib/libssl/man/SSL_read.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_read 3" -.TH SSL_read 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_read 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,7 +158,7 @@ not already explicitly performed by \fISSL_connect \&\fISSL_accept\fR\|(3). If the peer requests a re-negotiation, it will be performed transparently during the \fISSL_read()\fR operation. The behaviour of \fISSL_read()\fR depends on the -underlying \s-1BIO\s0. +underlying \s-1BIO. \s0 .PP For the transparent negotiation to succeed, the \fBssl\fR must have been initialized to client or server mode. This is being done by calling @@ -186,9 +195,9 @@ return value of \fISSL_read()\fR will yield \fB\s- \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a call to \fISSL_read()\fR can also cause write operations! The calling process then must repeat the call after taking appropriate action to satisfy the -needs of \fISSL_read()\fR. The action depends on the underlying \s-1BIO\s0. When using a +needs of \fISSL_read()\fR. The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check -for the required condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data +for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .PP \&\fISSL_pending\fR\|(3) can be used to find out whether there Index: secure/lib/libssl/man/SSL_rstate_string.3 =================================================================== --- secure/lib/libssl/man/SSL_rstate_string.3 (revision 279126) +++ secure/lib/libssl/man/SSL_rstate_string.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_rstate_string 3" -.TH SSL_rstate_string 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_rstate_string 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,7 +159,7 @@ the \s-1SSL\s0 object \fBssl\fR. .IX Header "NOTES" When performing a read operation, the \s-1SSL/TLS\s0 engine must parse the record, consisting of header and body. When working in a blocking environment, -SSL_rstate_string[_long]() should always return \*(L"\s-1RD\s0\*(R"/\*(L"read done\*(R". +SSL_rstate_string[_long]() should always return \*(L"\s-1RD\*(R"/\s0\*(L"read done\*(R". .PP This function should only seldom be needed in applications. .SH "RETURN VALUES" @@ -157,16 +166,16 @@ This function should only seldom be needed in appl .IX Header "RETURN VALUES" \&\fISSL_rstate_string()\fR and \fISSL_rstate_string_long()\fR can return the following values: -.ie n .IP """\s-1RH\s0""/""read header""" 4 -.el .IP "``\s-1RH\s0''/``read header''" 4 +.ie n .IP """\s-1RH""/\s0""read header""" 4 +.el .IP "``\s-1RH''/\s0``read header''" 4 .IX Item "RH/read header" The header of the record is being evaluated. -.ie n .IP """\s-1RB\s0""/""read body""" 4 -.el .IP "``\s-1RB\s0''/``read body''" 4 +.ie n .IP """\s-1RB""/\s0""read body""" 4 +.el .IP "``\s-1RB''/\s0``read body''" 4 .IX Item "RB/read body" The body of the record is being evaluated. -.ie n .IP """\s-1RD\s0""/""read done""" 4 -.el .IP "``\s-1RD\s0''/``read done''" 4 +.ie n .IP """\s-1RD""/\s0""read done""" 4 +.el .IP "``\s-1RD''/\s0``read done''" 4 .IX Item "RD/read done" The record has been completely processed. .ie n .IP """unknown""/""unknown""" 4 Index: secure/lib/libssl/man/SSL_session_reused.3 =================================================================== --- secure/lib/libssl/man/SSL_session_reused.3 (revision 279126) +++ secure/lib/libssl/man/SSL_session_reused.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_session_reused 3" -.TH SSL_session_reused 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_session_reused 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_set_bio.3 =================================================================== --- secure/lib/libssl/man/SSL_set_bio.3 (revision 279126) +++ secure/lib/libssl/man/SSL_set_bio.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_bio 3" -.TH SSL_set_bio 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_set_bio 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -141,7 +150,7 @@ SSL_set_bio \- connect the SSL object with a BIO .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fISSL_set_bio()\fR connects the BIOs \fBrbio\fR and \fBwbio\fR for the read and write -operations of the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. +operations of the \s-1TLS/SSL \s0(encrypted) side of \fBssl\fR. .PP The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR and \fBwbio\fR, respectively. If a \s-1BIO\s0 is non-blocking, the \fBssl\fR will also have non-blocking behaviour. Index: secure/lib/libssl/man/SSL_set_connect_state.3 =================================================================== --- secure/lib/libssl/man/SSL_set_connect_state.3 (revision 279126) +++ secure/lib/libssl/man/SSL_set_connect_state.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_connect_state 3" -.TH SSL_set_connect_state 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_set_connect_state 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_set_fd.3 =================================================================== --- secure/lib/libssl/man/SSL_set_fd.3 (revision 279126) +++ secure/lib/libssl/man/SSL_set_fd.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_fd 3" -.TH SSL_set_fd 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_set_fd 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -143,7 +152,7 @@ SSL_set_fd \- connect the SSL object with a file d .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fISSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility -for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the +for the \s-1TLS/SSL \s0(encrypted) side of \fBssl\fR. \fBfd\fR will typically be the socket file descriptor of a network connection. .PP When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to Index: secure/lib/libssl/man/SSL_set_session.3 =================================================================== --- secure/lib/libssl/man/SSL_set_session.3 (revision 279126) +++ secure/lib/libssl/man/SSL_set_session.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_session 3" -.TH SSL_set_session 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_set_session 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_set_shutdown.3 =================================================================== --- secure/lib/libssl/man/SSL_set_shutdown.3 (revision 279126) +++ secure/lib/libssl/man/SSL_set_shutdown.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_shutdown 3" -.TH SSL_set_shutdown 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_set_shutdown 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -164,9 +173,9 @@ or a fatal error. The shutdown state of the connection is used to determine the state of the ssl session. If the session is still open, when \&\fISSL_clear\fR\|(3) or \fISSL_free\fR\|(3) is called, -it is considered bad and removed according to \s-1RFC2246\s0. -The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0 -(according to the \s-1TLS\s0 \s-1RFC\s0, it is acceptable to only send the \*(L"close notify\*(R" +it is considered bad and removed according to \s-1RFC2246.\s0 +The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN +\&\s0(according to the \s-1TLS RFC,\s0 it is acceptable to only send the \*(L"close notify\*(R" alert but to not wait for the peer's answer, when the underlying connection is closed). \&\fISSL_set_shutdown()\fR can be used to set this state without sending a Index: secure/lib/libssl/man/SSL_set_verify_result.3 =================================================================== --- secure/lib/libssl/man/SSL_set_verify_result.3 (revision 279126) +++ secure/lib/libssl/man/SSL_set_verify_result.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_verify_result 3" -.TH SSL_set_verify_result 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_set_verify_result 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_shutdown.3 =================================================================== --- secure/lib/libssl/man/SSL_shutdown.3 (revision 279126) +++ secure/lib/libssl/man/SSL_shutdown.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_shutdown 3" -.TH SSL_shutdown 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_shutdown 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -176,7 +185,7 @@ complete (return value of the first call is 0). As specially handled in the SSLv2 protocol, \fISSL_shutdown()\fR will succeed on the first call. .PP -The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO\s0. +The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO. \s0 .PP If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_shutdown()\fR will only return once the handshake step has been finished or an error occurred. @@ -187,9 +196,9 @@ to continue the handshake. In this case a call to return value of \fISSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after taking appropriate action to satisfy the needs of \fISSL_shutdown()\fR. -The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check for the required -condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .PP \&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" Index: secure/lib/libssl/man/SSL_state_string.3 =================================================================== --- secure/lib/libssl/man/SSL_state_string.3 (revision 279126) +++ secure/lib/libssl/man/SSL_state_string.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_state_string 3" -.TH SSL_state_string 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_state_string 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_want.3 =================================================================== --- secure/lib/libssl/man/SSL_want.3 (revision 279126) +++ secure/lib/libssl/man/SSL_want.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_want 3" -.TH SSL_want 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_want 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -171,19 +180,19 @@ There is no data to be written or to be read. There are data in the \s-1SSL\s0 buffer that must be written to the underlying \&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. A call to \fISSL_get_error\fR\|(3) should return -\&\s-1SSL_ERROR_WANT_WRITE\s0. +\&\s-1SSL_ERROR_WANT_WRITE.\s0 .IP "\s-1SSL_READING\s0" 4 .IX Item "SSL_READING" More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. A call to \fISSL_get_error\fR\|(3) should return -\&\s-1SSL_ERROR_WANT_READ\s0. +\&\s-1SSL_ERROR_WANT_READ.\s0 .IP "\s-1SSL_X509_LOOKUP\s0" 4 .IX Item "SSL_X509_LOOKUP" The operation did not complete because an application callback set by \&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. A call to \fISSL_get_error\fR\|(3) should return -\&\s-1SSL_ERROR_WANT_X509_LOOKUP\s0. +\&\s-1SSL_ERROR_WANT_X509_LOOKUP.\s0 .PP \&\fISSL_want_nothing()\fR, \fISSL_want_read()\fR, \fISSL_want_write()\fR, \fISSL_want_x509_lookup()\fR return 1, when the corresponding condition is true or 0 otherwise. Index: secure/lib/libssl/man/SSL_write.3 =================================================================== --- secure/lib/libssl/man/SSL_write.3 (revision 279126) +++ secure/lib/libssl/man/SSL_write.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_write 3" -.TH SSL_write 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SSL_write 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,7 +158,7 @@ not already explicitly performed by \fISSL_connect \&\fISSL_accept\fR\|(3). If the peer requests a re-negotiation, it will be performed transparently during the \fISSL_write()\fR operation. The behaviour of \fISSL_write()\fR depends on the -underlying \s-1BIO\s0. +underlying \s-1BIO. \s0 .PP For the transparent negotiation to succeed, the \fBssl\fR must have been initialized to client or server mode. This is being done by calling @@ -170,9 +179,9 @@ return value of \fISSL_write()\fR will yield \fB\s \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a call to \fISSL_write()\fR can also cause read operations! The calling process then must repeat the call after taking appropriate action to satisfy the -needs of \fISSL_write()\fR. The action depends on the underlying \s-1BIO\s0. When using a +needs of \fISSL_write()\fR. The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check -for the required condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data +for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. .PP \&\fISSL_write()\fR will only return with success, when the complete contents Index: secure/lib/libssl/man/d2i_SSL_SESSION.3 =================================================================== --- secure/lib/libssl/man/d2i_SSL_SESSION.3 (revision 279126) +++ secure/lib/libssl/man/d2i_SSL_SESSION.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_SSL_SESSION 3" -.TH d2i_SSL_SESSION 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH d2i_SSL_SESSION 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,6 +184,16 @@ known limit on the size of the created \s-1ASN1\s0 amount of space should be obtained by first calling \fIi2d_SSL_SESSION()\fR with \&\fBpp=NULL\fR, and obtain the size needed, then allocate the memory and call \fIi2d_SSL_SESSION()\fR again. +Note that this will advance the value contained in \fB*pp\fR so it is necessary +to save a copy of the original allocation. +For example: + int i,j; + char *p, *temp; + i = i2d_SSL_SESSION(sess, \s-1NULL\s0); + p = temp = malloc(i); + j = i2d_SSL_SESSION(sess, &temp); + assert(i == j); + assert(p+i == temp); .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fId2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0 Index: secure/lib/libssl/man/ssl.3 =================================================================== --- secure/lib/libssl/man/ssl.3 (revision 279126) +++ secure/lib/libssl/man/ssl.3 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ssl 3" -.TH ssl 3 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ssl 3 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -187,7 +196,7 @@ connection: \fB\s-1SSL_CIPHER\s0\fRs, client and s .IP "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4 .IX Item "SSL (SSL Connection)" That's the main \s-1SSL/TLS\s0 structure which is created by a server or client per -established connection. This actually is the core structure in the \s-1SSL\s0 \s-1API\s0. +established connection. This actually is the core structure in the \s-1SSL API.\s0 Under run-time the application usually deals with this structure which has links to mostly all other structures. .SH "HEADER FILES" @@ -196,10 +205,10 @@ Currently the OpenSSL \fBssl\fR library provides t containing the prototypes for the data structures and and functions: .IP "\fBssl.h\fR" 4 .IX Item "ssl.h" -That's the common header file for the \s-1SSL/TLS\s0 \s-1API\s0. Include it into your +That's the common header file for the \s-1SSL/TLS API. \s0 Include it into your program to make the \s-1API\s0 of the \fBssl\fR library available. It internally includes both more private \s-1SSL\s0 headers and headers from the \fBcrypto\fR library. -Whenever you need hard-core details on the internals of the \s-1SSL\s0 \s-1API\s0, look +Whenever you need hard-core details on the internals of the \s-1SSL API,\s0 look inside this header file. .IP "\fBssl2.h\fR" 4 .IX Item "ssl2.h" @@ -226,7 +235,7 @@ it's already included by ssl.h\fR. .IX Header "API FUNCTIONS" Currently the OpenSSL \fBssl\fR library exports 214 \s-1API\s0 functions. They are documented in the following: -.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1METHODS\s0" +.SS "\s-1DEALING WITH PROTOCOL METHODS\s0" .IX Subsection "DEALING WITH PROTOCOL METHODS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 protocol methods defined in \fB\s-1SSL_METHOD\s0\fR structures. @@ -257,7 +266,7 @@ Constructor for the TLSv1 \s-1SSL_METHOD\s0 struct .IP "\s-1SSL_METHOD\s0 *\fBTLSv1_method\fR(void);" 4 .IX Item "SSL_METHOD *TLSv1_method(void);" Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for combined client and server. -.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1CIPHERS\s0" +.SS "\s-1DEALING WITH CIPHERS\s0" .IX Subsection "DEALING WITH CIPHERS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 ciphers defined in \fB\s-1SSL_CIPHER\s0\fR structures. @@ -280,7 +289,7 @@ definitions in the header files. Returns a string like "\f(CW\*(C`TLSv1/SSLv3\*(C'\fR\*(L" or \*(R"\f(CW\*(C`SSLv2\*(C'\fR" which indicates the \&\s-1SSL/TLS\s0 protocol version to which \fIcipher\fR belongs (i.e. where it was defined in the specification the first time). -.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1CONTEXTS\s0" +.SS "\s-1DEALING WITH PROTOCOL CONTEXTS\s0" .IX Subsection "DEALING WITH PROTOCOL CONTEXTS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure. @@ -453,7 +462,7 @@ session instead of a context. .IP "int \fBSSL_CTX_use_certificate_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 .IX Item "int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);" .PD -.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1SESSIONS\s0" +.SS "\s-1DEALING WITH SESSIONS\s0" .IX Subsection "DEALING WITH SESSIONS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 sessions defined in the \fB\s-1SSL_SESSION\s0\fR structures. @@ -489,7 +498,7 @@ sessions defined in the \fB\s-1SSL_SESSION\s0\fR s .IP "long \fBSSL_SESSION_set_timeout\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 .IX Item "long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);" .PD -.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1CONNECTIONS\s0" +.SS "\s-1DEALING WITH CONNECTIONS\s0" .IX Subsection "DEALING WITH CONNECTIONS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 connection defined in the \fB\s-1SSL\s0\fR structure. Index: secure/usr.bin/openssl/man/CA.pl.1 =================================================================== --- secure/usr.bin/openssl/man/CA.pl.1 (revision 279126) +++ secure/usr.bin/openssl/man/CA.pl.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CA.PL 1" -.TH CA.PL 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH CA.PL 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -196,7 +205,7 @@ to standard output. .IX Item "-signCA" this option is the same as the \fB\-signreq\fR option except it uses the configuration file section \fBv3_ca\fR and so makes the signed request a valid \s-1CA\s0 certificate. This -is useful when creating intermediate \s-1CA\s0 from a root \s-1CA\s0. +is useful when creating intermediate \s-1CA\s0 from a root \s-1CA.\s0 .IP "\fB\-signcert\fR" 4 .IX Item "-signcert" this option is the same as \fB\-sign\fR except it expects a self signed certificate @@ -216,7 +225,7 @@ Create a \s-1CA\s0 hierarchy: \& CA.pl \-newca .Ve .PP -Complete certificate creation example: create a \s-1CA\s0, create a request, sign +Complete certificate creation example: create a \s-1CA,\s0 create a request, sign the request and finally create a PKCS#12 file containing it. .PP .Vb 4 @@ -237,7 +246,7 @@ Create some \s-1DSA\s0 parameters: \& openssl dsaparam \-out dsap.pem 1024 .Ve .PP -Create a \s-1DSA\s0 \s-1CA\s0 certificate and private key: +Create a \s-1DSA CA\s0 certificate and private key: .PP .Vb 1 \& openssl req \-x509 \-newkey dsa:dsap.pem \-keyout cacert.pem \-out cacert.pem Index: secure/usr.bin/openssl/man/asn1parse.1 =================================================================== --- secure/usr.bin/openssl/man/asn1parse.1 (revision 279126) +++ secure/usr.bin/openssl/man/asn1parse.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1PARSE 1" -.TH ASN1PARSE 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ASN1PARSE 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -142,13 +151,15 @@ asn1parse \- ASN.1 parsing tool [\fB\-length number\fR] [\fB\-i\fR] [\fB\-oid filename\fR] +[\fB\-dump\fR] +[\fB\-dlimit num\fR] [\fB\-strparse offset\fR] [\fB\-genstr string\fR] [\fB\-genconf file\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fBasn1parse\fR command is a diagnostic utility that can parse \s-1ASN\s0.1 -structures. It can also be used to extract data from \s-1ASN\s0.1 formatted data. +The \fBasn1parse\fR command is a diagnostic utility that can parse \s-1ASN.1\s0 +structures. It can also be used to extract data from \s-1ASN.1\s0 formatted data. .SH "OPTIONS" .IX Header "OPTIONS" .IP "\fB\-inform\fR \fBDER|PEM\fR" 4 @@ -179,9 +190,15 @@ indents the output according to the \*(L"depth\*(R .IX Item "-oid filename" a file containing additional \s-1OBJECT\s0 IDENTIFIERs (OIDs). The format of this file is described in the \s-1NOTES\s0 section below. +.IP "\fB\-dump\fR" 4 +.IX Item "-dump" +dump unknown data in hex format. +.IP "\fB\-dlimit num\fR" 4 +.IX Item "-dlimit num" +like \fB\-dump\fR, but only the first \fBnum\fR bytes are output. .IP "\fB\-strparse offset\fR" 4 .IX Item "-strparse offset" -parse the contents octets of the \s-1ASN\s0.1 object starting at \fBoffset\fR. This +parse the contents octets of the \s-1ASN.1\s0 object starting at \fBoffset\fR. This option can be used multiple times to \*(L"drill down\*(R" into a nested structure. .IP "\fB\-genstr string\fR, \fB\-genconf file\fR" 4 .IX Item "-genstr string, -genconf file" @@ -218,15 +235,15 @@ The output will typically contain lines like this: .PP This example is part of a self signed certificate. Each line starts with the offset in decimal. \fBd=XX\fR specifies the current depth. The depth is increased -within the scope of any \s-1SET\s0 or \s-1SEQUENCE\s0. \fBhl=XX\fR gives the header length +within the scope of any \s-1SET\s0 or \s-1SEQUENCE. \s0\fBhl=XX\fR gives the header length (tag and length octets) of the current type. \fBl=XX\fR gives the length of the contents octets. .PP The \fB\-i\fR option can be used to make the output more readable. .PP -Some knowledge of the \s-1ASN\s0.1 structure is needed to interpret the output. +Some knowledge of the \s-1ASN.1\s0 structure is needed to interpret the output. .PP -In this example the \s-1BIT\s0 \s-1STRING\s0 at offset 229 is the certificate public key. +In this example the \s-1BIT STRING\s0 at offset 229 is the certificate public key. The contents octets of this will contain the public key information. This can be examined using the option \fB\-strparse 229\fR to yield: .PP @@ -291,4 +308,4 @@ Example config file: .SH "BUGS" .IX Header "BUGS" There should be options to change the format of output lines. The output of some -\&\s-1ASN\s0.1 types is not well handled (if at all). +\&\s-1ASN.1\s0 types is not well handled (if at all). Index: secure/usr.bin/openssl/man/ca.1 =================================================================== --- secure/usr.bin/openssl/man/ca.1 (revision 279126) +++ secure/usr.bin/openssl/man/ca.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CA 1" -.TH CA 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH CA 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -139,6 +148,8 @@ ca \- sample minimal CA application [\fB\-name section\fR] [\fB\-gencrl\fR] [\fB\-revoke file\fR] +[\fB\-status serial\fR] +[\fB\-updatedb\fR] [\fB\-crl_reason reason\fR] [\fB\-crl_hold instruction\fR] [\fB\-crl_compromise time\fR] @@ -152,6 +163,7 @@ ca \- sample minimal CA application [\fB\-md arg\fR] [\fB\-policy arg\fR] [\fB\-keyfile arg\fR] +[\fB\-keyform PEM|DER\fR] [\fB\-key arg\fR] [\fB\-passin arg\fR] [\fB\-cert file\fR] @@ -193,15 +205,15 @@ specifies the configuration file section to use (o .IP "\fB\-in filename\fR" 4 .IX Item "-in filename" an input filename containing a single certificate request to be -signed by the \s-1CA\s0. +signed by the \s-1CA.\s0 .IP "\fB\-ss_cert filename\fR" 4 .IX Item "-ss_cert filename" -a single self signed certificate to be signed by the \s-1CA\s0. +a single self signed certificate to be signed by the \s-1CA.\s0 .IP "\fB\-spkac filename\fR" 4 .IX Item "-spkac filename" a file containing a single Netscape signed public key and challenge -and additional field values to be signed by the \s-1CA\s0. See the \fB\s-1SPKAC\s0 \s-1FORMAT\s0\fR -section for information on the required format. +and additional field values to be signed by the \s-1CA.\s0 See the \fB\s-1SPKAC FORMAT\s0\fR +section for information on the required input and output format. .IP "\fB\-infiles\fR" 4 .IX Item "-infiles" if present this should be the last option, all subsequent arguments @@ -210,7 +222,7 @@ are assumed to be the names of files containing ce .IX Item "-out filename" the output file to output certificates to. The default is standard output. The certificate details will also be printed out to this -file. +file in \s-1PEM\s0 format (except that \fB\-spkac\fR outputs \s-1DER\s0 format). .IP "\fB\-outdir directory\fR" 4 .IX Item "-outdir directory" the directory to output certificates to. The certificate will be @@ -222,6 +234,10 @@ the \s-1CA\s0 certificate file. .IP "\fB\-keyfile filename\fR" 4 .IX Item "-keyfile filename" the private key to sign requests with. +.IP "\fB\-keyform PEM|DER\fR" 4 +.IX Item "-keyform PEM|DER" +the format of the data in the private key file. +The default is \s-1PEM.\s0 .IP "\fB\-key password\fR" 4 .IX Item "-key password" the password used to encrypt the private key. Since on some @@ -243,7 +259,7 @@ self-signed certificate. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-verbose\fR" 4 .IX Item "-verbose" this prints extra details about the operations being performed. @@ -253,11 +269,11 @@ don't output the text form of a certificate to the .IP "\fB\-startdate date\fR" 4 .IX Item "-startdate date" this allows the start date to be explicitly set. The format of the -date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure). +date is \s-1YYMMDDHHMMSSZ \s0(the same as an \s-1ASN1\s0 UTCTime structure). .IP "\fB\-enddate date\fR" 4 .IX Item "-enddate date" this allows the expiry date to be explicitly set. The format of the -date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure). +date is \s-1YYMMDDHHMMSSZ \s0(the same as an \s-1ASN1\s0 UTCTime structure). .IP "\fB\-days arg\fR" 4 .IX Item "-days arg" the number of days to certify the certificate for. @@ -267,9 +283,9 @@ the message digest to use. Possible values include This option also applies to CRLs. .IP "\fB\-policy arg\fR" 4 .IX Item "-policy arg" -this option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in +this option defines the \s-1CA \s0\*(L"policy\*(R" to use. This is a section in the configuration file which decides which fields should be mandatory -or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section +or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY FORMAT\s0\fR section for more information. .IP "\fB\-msie_hack\fR" 4 .IX Item "-msie_hack" @@ -288,7 +304,7 @@ DNs match the order of the request. This is not ne .IP "\fB\-noemailDN\fR" 4 .IX Item "-noemailDN" The \s-1DN\s0 of a certificate can contain the \s-1EMAIL\s0 field if present in the -request \s-1DN\s0, however it is good policy just having the e\-mail set into +request \s-1DN,\s0 however it is good policy just having the e\-mail set into the altName extension of the certificate. When this option is set the \&\s-1EMAIL\s0 field is removed from the certificate' subject and set only in the, eventually present, extensions. The \fBemail_in_dn\fR keyword can be @@ -323,7 +339,7 @@ characters may be escaped by \e (backslash), no sp .IP "\fB\-utf8\fR" 4 .IX Item "-utf8" this option causes field values to be interpreted as \s-1UTF8\s0 strings, by -default they are interpreted as \s-1ASCII\s0. This means that the field +default they are interpreted as \s-1ASCII.\s0 This means that the field values, whether prompted from a terminal or obtained from a configuration file, must be valid \s-1UTF8\s0 strings. .IP "\fB\-multivalue\-rdn\fR" 4 @@ -349,6 +365,13 @@ the number of hours before the next \s-1CRL\s0 is .IP "\fB\-revoke filename\fR" 4 .IX Item "-revoke filename" a filename containing a certificate to revoke. +.IP "\fB\-status serial\fR" 4 +.IX Item "-status serial" +displays the revocation status of the certificate with the specified +serial number and exits. +.IP "\fB\-updatedb\fR" 4 +.IX Item "-updatedb" +Updates the database index to purge expired certificates. .IP "\fB\-crl_reason reason\fR" 4 .IX Item "-crl_reason reason" revocation reason, where \fBreason\fR is one of: \fBunspecified\fR, \fBkeyCompromise\fR, @@ -361,7 +384,7 @@ in delta CRLs which are not currently implemented. .IP "\fB\-crl_hold instruction\fR" 4 .IX Item "-crl_hold instruction" This sets the \s-1CRL\s0 revocation reason code to \fBcertificateHold\fR and the hold -instruction to \fBinstruction\fR which must be an \s-1OID\s0. Although any \s-1OID\s0 can be +instruction to \fBinstruction\fR which must be an \s-1OID.\s0 Although any \s-1OID\s0 can be used only \fBholdInstructionNone\fR (the use of which is discouraged by \s-1RFC2459\s0) \&\fBholdInstructionCallIssuer\fR or \fBholdInstructionReject\fR will normally be used. .IP "\fB\-crl_compromise time\fR" 4 @@ -389,8 +412,8 @@ be used must be named in the \fBdefault_ca\fR opti of the configuration file (or in the default section of the configuration file). Besides \fBdefault_ca\fR, the following options are read directly from the \fBca\fR section: - \s-1RANDFILE\s0 - preserve + \s-1RANDFILE +\&\s0 preserve msie_hack With the exception of \fB\s-1RANDFILE\s0\fR, this is probably a bug and may change in future releases. @@ -403,7 +426,7 @@ the configuration file or the command line equival any) used. .IP "\fBoid_file\fR" 4 .IX Item "oid_file" -This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. +This specifies a file containing additional \fB\s-1OBJECT IDENTIFIERS\s0\fR. Each line of the file should consist of the numerical form of the object identifier followed by white space then the short name followed by white space and finally the long name. @@ -446,7 +469,7 @@ present. .IX Item "default_crl_hours default_crl_days" the same as the \fB\-crlhours\fR and the \fB\-crldays\fR options. These will only be used if neither command line option is present. At -least one of these must be present to generate a \s-1CRL\s0. +least one of these must be present to generate a \s-1CRL.\s0 .IP "\fBdefault_md\fR" 4 .IX Item "default_md" the same as the \fB\-md\fR option. The message digest to use. Mandatory. @@ -485,13 +508,13 @@ the same as \fB\-preserveDN\fR .IX Item "email_in_dn" the same as \fB\-noemailDN\fR. If you want the \s-1EMAIL\s0 field to be removed from the \s-1DN\s0 of the certificate simply set this to 'no'. If not present -the default is to allow for the \s-1EMAIL\s0 filed in the certificate's \s-1DN\s0. +the default is to allow for the \s-1EMAIL\s0 filed in the certificate's \s-1DN.\s0 .IP "\fBmsie_hack\fR" 4 .IX Item "msie_hack" the same as \fB\-msie_hack\fR .IP "\fBpolicy\fR" 4 .IX Item "policy" -the same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section +the same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY FORMAT\s0\fR section for more information. .IP "\fBname_opt\fR, \fBcert_opt\fR" 4 .IX Item "name_opt, cert_opt" @@ -542,6 +565,10 @@ The file should contain the variable \s-1SPKAC\s0 the \s-1SPKAC\s0 and also the required \s-1DN\s0 components as name value pairs. If you need to include the same component twice then it can be preceded by a number and a '.'. +.PP +When processing \s-1SPKAC\s0 format, the output is \s-1DER\s0 if the \fB\-out\fR +flag is used, but \s-1PEM\s0 format if sending to stdout or the \fB\-outdir\fR +flag is used. .SH "EXAMPLES" .IX Header "EXAMPLES" Note: these examples assume that the \fBca\fR directory structure is @@ -679,7 +706,7 @@ exposed at either a command or interface level so .PP Any fields in a request that are not present in a policy are silently deleted. This does not happen if the \fB\-preserveDN\fR option is used. To -enforce the absence of the \s-1EMAIL\s0 field within the \s-1DN\s0, as suggested by +enforce the absence of the \s-1EMAIL\s0 field within the \s-1DN,\s0 as suggested by RFCs, regardless the contents of the request' subject the \fB\-noemailDN\fR option can be used. The behaviour should be more friendly and configurable. @@ -691,7 +718,7 @@ create an empty file. The \fBca\fR command is quirky and at times downright unfriendly. .PP The \fBca\fR utility was originally meant as an example of how to do things -in a \s-1CA\s0. It was not supposed to be used as a full blown \s-1CA\s0 itself: +in a \s-1CA.\s0 It was not supposed to be used as a full blown \s-1CA\s0 itself: nevertheless some people are using it for this purpose. .PP The \fBca\fR command is effectively a single user command: no locking is Index: secure/usr.bin/openssl/man/ciphers.1 =================================================================== --- secure/usr.bin/openssl/man/ciphers.1 (revision 279126) +++ secure/usr.bin/openssl/man/ciphers.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CIPHERS 1" -.TH CIPHERS 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH CIPHERS 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -187,7 +196,7 @@ algorithms. .PP Lists of cipher suites can be combined in a single cipher string using the \&\fB+\fR character. This is used as a logical \fBand\fR operation. For example -\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1\s0 \fBand\fR the \s-1DES\s0 +\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1 \s0\fBand\fR the \s-1DES\s0 algorithms. .PP Each cipher string can be optionally preceded by the characters \fB!\fR, @@ -253,7 +262,7 @@ export encryption algorithms. Including 40 and 56 with support for experimental ciphers. .IP "\fBeNULL\fR, \fB\s-1NULL\s0\fR" 4 .IX Item "eNULL, NULL" -the \*(L"\s-1NULL\s0\*(R" ciphers that is those offering no encryption. Because these offer no +the \*(L"\s-1NULL\*(R"\s0 ciphers that is those offering no encryption. Because these offer no encryption at all and are a security risk they are disabled unless explicitly included. .IP "\fBaNULL\fR" 4 @@ -290,46 +299,46 @@ ciphers suites using \s-1FORTEZZA\s0 key exchange, \&\s-1TLS\s0 v1.0, \s-1SSL\s0 v3.0 or \s-1SSL\s0 v2.0 cipher suites respectively. .IP "\fB\s-1DH\s0\fR" 4 .IX Item "DH" -cipher suites using \s-1DH\s0, including anonymous \s-1DH\s0. +cipher suites using \s-1DH,\s0 including anonymous \s-1DH.\s0 .IP "\fB\s-1ADH\s0\fR" 4 .IX Item "ADH" anonymous \s-1DH\s0 cipher suites. .IP "\fB\s-1AES\s0\fR" 4 .IX Item "AES" -cipher suites using \s-1AES\s0. +cipher suites using \s-1AES.\s0 .IP "\fB\s-1CAMELLIA\s0\fR" 4 .IX Item "CAMELLIA" cipher suites using Camellia. .IP "\fB3DES\fR" 4 .IX Item "3DES" -cipher suites using triple \s-1DES\s0. +cipher suites using triple \s-1DES.\s0 .IP "\fB\s-1DES\s0\fR" 4 .IX Item "DES" -cipher suites using \s-1DES\s0 (not triple \s-1DES\s0). +cipher suites using \s-1DES \s0(not triple \s-1DES\s0). .IP "\fB\s-1RC4\s0\fR" 4 .IX Item "RC4" -cipher suites using \s-1RC4\s0. +cipher suites using \s-1RC4.\s0 .IP "\fB\s-1RC2\s0\fR" 4 .IX Item "RC2" -cipher suites using \s-1RC2\s0. +cipher suites using \s-1RC2.\s0 .IP "\fB\s-1IDEA\s0\fR" 4 .IX Item "IDEA" -cipher suites using \s-1IDEA\s0. +cipher suites using \s-1IDEA.\s0 .IP "\fB\s-1SEED\s0\fR" 4 .IX Item "SEED" -cipher suites using \s-1SEED\s0. +cipher suites using \s-1SEED.\s0 .IP "\fB\s-1MD5\s0\fR" 4 .IX Item "MD5" -cipher suites using \s-1MD5\s0. +cipher suites using \s-1MD5.\s0 .IP "\fB\s-1SHA1\s0\fR, \fB\s-1SHA\s0\fR" 4 .IX Item "SHA1, SHA" -cipher suites using \s-1SHA1\s0. +cipher suites using \s-1SHA1.\s0 .SH "CIPHER SUITE NAMES" .IX Header "CIPHER SUITE NAMES" The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the relevant specification and their OpenSSL equivalents. It should be noted, that several cipher suite names do not include the authentication used, -e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used. +e.g. \s-1DES\-CBC3\-SHA.\s0 In these cases, \s-1RSA\s0 authentication is used. .SS "\s-1SSL\s0 v3.0 cipher suites." .IX Subsection "SSL v3.0 cipher suites." .Vb 10 @@ -400,7 +409,7 @@ that several cipher suite names do not include the \& TLS_DH_anon_WITH_DES_CBC_SHA ADH\-DES\-CBC\-SHA \& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA .Ve -.SS "\s-1AES\s0 ciphersuites from \s-1RFC3268\s0, extending \s-1TLS\s0 v1.0" +.SS "\s-1AES\s0 ciphersuites from \s-1RFC3268,\s0 extending \s-1TLS\s0 v1.0" .IX Subsection "AES ciphersuites from RFC3268, extending TLS v1.0" .Vb 2 \& TLS_RSA_WITH_AES_128_CBC_SHA AES128\-SHA @@ -419,7 +428,7 @@ that several cipher suite names do not include the \& TLS_DH_anon_WITH_AES_128_CBC_SHA ADH\-AES128\-SHA \& TLS_DH_anon_WITH_AES_256_CBC_SHA ADH\-AES256\-SHA .Ve -.SS "Camellia ciphersuites from \s-1RFC4132\s0, extending \s-1TLS\s0 v1.0" +.SS "Camellia ciphersuites from \s-1RFC4132,\s0 extending \s-1TLS\s0 v1.0" .IX Subsection "Camellia ciphersuites from RFC4132, extending TLS v1.0" .Vb 2 \& TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128\-SHA @@ -438,7 +447,7 @@ that several cipher suite names do not include the \& TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH\-CAMELLIA128\-SHA \& TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH\-CAMELLIA256\-SHA .Ve -.SS "\s-1SEED\s0 ciphersuites from \s-1RFC4162\s0, extending \s-1TLS\s0 v1.0" +.SS "\s-1SEED\s0 ciphersuites from \s-1RFC4162,\s0 extending \s-1TLS\s0 v1.0" .IX Subsection "SEED ciphersuites from RFC4162, extending TLS v1.0" .Vb 1 \& TLS_RSA_WITH_SEED_CBC_SHA SEED\-SHA Index: secure/usr.bin/openssl/man/crl.1 =================================================================== --- secure/usr.bin/openssl/man/crl.1 (revision 279126) +++ secure/usr.bin/openssl/man/crl.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRL 1" -.TH CRL 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH CRL 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -139,6 +148,7 @@ crl \- CRL utility [\fB\-text\fR] [\fB\-in filename\fR] [\fB\-out filename\fR] +[\fB\-nameopt option\fR] [\fB\-noout\fR] [\fB\-hash\fR] [\fB\-issuer\fR] @@ -171,9 +181,13 @@ default. .IP "\fB\-text\fR" 4 .IX Item "-text" print out the \s-1CRL\s0 in text form. +.IP "\fB\-nameopt option\fR" 4 +.IX Item "-nameopt option" +option which determines how the subject or issuer names are displayed. See +the description of \fB\-nameopt\fR in \fIx509\fR\|(1). .IP "\fB\-noout\fR" 4 .IX Item "-noout" -don't output the encoded version of the \s-1CRL\s0. +don't output the encoded version of the \s-1CRL.\s0 .IP "\fB\-hash\fR" 4 .IX Item "-hash" output a hash of the issuer name. This can be use to lookup CRLs in @@ -199,7 +213,7 @@ is a hash of each subject name (using \fBx509 \-ha to each certificate. .SH "NOTES" .IX Header "NOTES" -The \s-1PEM\s0 \s-1CRL\s0 format uses the header and footer lines: +The \s-1PEM CRL\s0 format uses the header and footer lines: .PP .Vb 2 \& \-\-\-\-\-BEGIN X509 CRL\-\-\-\-\- Index: secure/usr.bin/openssl/man/crl2pkcs7.1 =================================================================== --- secure/usr.bin/openssl/man/crl2pkcs7.1 (revision 279126) +++ secure/usr.bin/openssl/man/crl2pkcs7.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRL2PKCS7 1" -.TH CRL2PKCS7 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH CRL2PKCS7 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -193,7 +202,7 @@ different certificates: .SH "NOTES" .IX Header "NOTES" The output file is a PKCS#7 signed data structure containing no signers and -just certificates and an optional \s-1CRL\s0. +just certificates and an optional \s-1CRL.\s0 .PP This utility can be used to send certificates and CAs to Netscape as part of the certificate enrollment process. This involves sending the \s-1DER\s0 encoded output Index: secure/usr.bin/openssl/man/dgst.1 =================================================================== --- secure/usr.bin/openssl/man/dgst.1 (revision 279126) +++ secure/usr.bin/openssl/man/dgst.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DGST 1" -.TH DGST 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DGST 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -181,11 +190,11 @@ digitally sign the digest using the private key in .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the private key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-verify filename\fR" 4 .IX Item "-verify filename" verify the signature using the public key in \*(L"filename\*(R". -The output is either \*(L"Verification \s-1OK\s0\*(R" or \*(L"Verification Failure\*(R". +The output is either \*(L"Verification \s-1OK\*(R"\s0 or \*(L"Verification Failure\*(R". .IP "\fB\-prverify filename\fR" 4 .IX Item "-prverify filename" verify the signature using the the private key in \*(L"filename\*(R". @@ -208,7 +217,7 @@ file or files to digest. If no files are specified used. .SH "NOTES" .IX Header "NOTES" -The digest of choice for all new applications is \s-1SHA1\s0. Other digests are +The digest of choice for all new applications is \s-1SHA1.\s0 Other digests are however still widely used. .PP If you wish to sign or verify data using the \s-1DSA\s0 algorithm then the dss1 @@ -215,7 +224,7 @@ If you wish to sign or verify data using the \s-1D digest must be used. .PP A source of random numbers is required for certain signing algorithms, in -particular \s-1DSA\s0. +particular \s-1DSA.\s0 .PP The signing and verify options should only be used if a single file is being signed or verified. Index: secure/usr.bin/openssl/man/dhparam.1 =================================================================== --- secure/usr.bin/openssl/man/dhparam.1 (revision 279126) +++ secure/usr.bin/openssl/man/dhparam.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DHPARAM 1" -.TH DHPARAM 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DHPARAM 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -139,6 +148,7 @@ dhparam \- DH parameter manipulation and generatio [\fB\-in\fR \fIfilename\fR] [\fB\-out\fR \fIfilename\fR] [\fB\-dsaparam\fR] +[\fB\-check\fR] [\fB\-noout\fR] [\fB\-text\fR] [\fB\-C\fR] @@ -154,7 +164,7 @@ This command is used to manipulate \s-1DH\s0 param .IX Header "OPTIONS" .IP "\fB\-inform DER|PEM\fR" 4 .IX Item "-inform DER|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded form compatible with the PKCS#3 DHparameter structure. The \s-1PEM\s0 form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines. @@ -182,6 +192,9 @@ and the recommended exponent length is shorter, wh exchange more efficient. Beware that with such DSA-style \s-1DH\s0 parameters, a fresh \s-1DH\s0 key should be created for each use to avoid small-subgroup attacks that may be possible otherwise. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +check if the parameters are valid primes and generator. .IP "\fB\-2\fR, \fB\-5\fR" 4 .IX Item "-2, -5" The generator to use, either 2 or 5. 2 is the default. If present then the @@ -230,8 +243,8 @@ versions of OpenSSL. \& \-\-\-\-\-END DH PARAMETERS\-\-\-\-\- .Ve .PP -OpenSSL currently only supports the older PKCS#3 \s-1DH\s0, not the newer X9.42 -\&\s-1DH\s0. +OpenSSL currently only supports the older PKCS#3 \s-1DH,\s0 not the newer X9.42 +\&\s-1DH.\s0 .PP This program manipulates \s-1DH\s0 parameters not keys. .SH "BUGS" Index: secure/usr.bin/openssl/man/dsa.1 =================================================================== --- secure/usr.bin/openssl/man/dsa.1 (revision 279126) +++ secure/usr.bin/openssl/man/dsa.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA 1" -.TH DSA 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DSA 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -140,6 +149,12 @@ dsa \- DSA key processing [\fB\-passin arg\fR] [\fB\-out filename\fR] [\fB\-passout arg\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] [\fB\-des\fR] [\fB\-des3\fR] [\fB\-idea\fR] @@ -160,10 +175,10 @@ applications should use the more secure PKCS#8 for .IP "\fB\-inform DER|PEM\fR" 4 .IX Item "-inform DER|PEM" This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses -an \s-1ASN1\s0 \s-1DER\s0 encoded form of an \s-1ASN\s0.1 \s-1SEQUENCE\s0 consisting of the values of +an \s-1ASN1 DER\s0 encoded form of an \s-1ASN.1 SEQUENCE\s0 consisting of the values of version (currently zero), p, q, g, the public and private key components -respectively as \s-1ASN\s0.1 INTEGERs. When used with a public key it uses a -SubjectPublicKeyInfo structure: it is an error if the key is not \s-1DSA\s0. +respectively as \s-1ASN.1\s0 INTEGERs. When used with a public key it uses a +SubjectPublicKeyInfo structure: it is an error if the key is not \s-1DSA.\s0 .Sp The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines. In the case of a private key @@ -180,7 +195,7 @@ prompted for. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" This specifies the output filename to write a key to or standard output by @@ -190,11 +205,11 @@ filename. .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -.IP "\fB\-des|\-des3|\-idea\fR" 4 -.IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the -\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4 +.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea" +These options encrypt the private key with the specified +cipher before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This means that using the \fBdsa\fR utility to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by Index: secure/usr.bin/openssl/man/dsaparam.1 =================================================================== --- secure/usr.bin/openssl/man/dsaparam.1 (revision 279126) +++ secure/usr.bin/openssl/man/dsaparam.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSAPARAM 1" -.TH DSAPARAM 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH DSAPARAM 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,8 +161,8 @@ This command is used to manipulate or generate \s- .IX Header "OPTIONS" .IP "\fB\-inform DER|PEM\fR" 4 .IX Item "-inform DER|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded -form compatible with \s-1RFC2459\s0 (\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded +form compatible with \s-1RFC2459 \s0(\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting of p, q and g respectively. The \s-1PEM\s0 form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines. .IP "\fB\-outform DER|PEM\fR" 4 Index: secure/usr.bin/openssl/man/ec.1 =================================================================== --- secure/usr.bin/openssl/man/ec.1 (revision 279126) +++ secure/usr.bin/openssl/man/ec.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC 1" -.TH EC 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH EC 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,7 +164,7 @@ ec \- EC key processing .IX Header "DESCRIPTION" The \fBec\fR command processes \s-1EC\s0 keys. They can be converted between various forms and their components printed out. \fBNote\fR OpenSSL uses the -private key format specified in '\s-1SEC\s0 1: Elliptic Curve Cryptography' +private key format specified in '\s-1SEC 1:\s0 Elliptic Curve Cryptography' (http://www.secg.org/). To convert a OpenSSL \s-1EC\s0 private key into the PKCS#8 private key format use the \fBpkcs8\fR command. .SH "COMMAND OPTIONS" @@ -163,8 +172,8 @@ PKCS#8 private key format use the \fBpkcs8\fR comm .IP "\fB\-inform DER|PEM\fR" 4 .IX Item "-inform DER|PEM" This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses -an \s-1ASN\s0.1 \s-1DER\s0 encoded \s-1SEC1\s0 private key. When used with a public key it -uses the SubjectPublicKeyInfo structur as specified in \s-1RFC\s0 3280. +an \s-1ASN.1 DER\s0 encoded \s-1SEC1\s0 private key. When used with a public key it +uses the SubjectPublicKeyInfo structur as specified in \s-1RFC 3280.\s0 The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines. In the case of a private key PKCS#8 format is also accepted. @@ -180,7 +189,7 @@ prompted for. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" This specifies the output filename to write a key to or standard output by @@ -190,10 +199,10 @@ filename. .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-des|\-des3|\-idea\fR" 4 .IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, \s-1IDEA\s0 or +These options encrypt the private key with the \s-1DES,\s0 triple \s-1DES, IDEA\s0 or any other cipher supported by OpenSSL before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This @@ -232,10 +241,10 @@ the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_CO .IX Item "-param_enc arg" This specifies how the elliptic curve parameters are encoded. Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are -specified by a \s-1OID\s0, or \fBexplicit\fR where the ec parameters are -explicitly given (see \s-1RFC\s0 3279 for the definition of the +specified by a \s-1OID,\s0 or \fBexplicit\fR where the ec parameters are +explicitly given (see \s-1RFC 3279\s0 for the definition of the \&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. -\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC\s0 3279, +\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC 3279,\s0 is currently not implemented in OpenSSL. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" Index: secure/usr.bin/openssl/man/ecparam.1 =================================================================== --- secure/usr.bin/openssl/man/ecparam.1 (revision 279126) +++ secure/usr.bin/openssl/man/ecparam.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ECPARAM 1" -.TH ECPARAM 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ECPARAM 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -143,7 +152,7 @@ ecparam \- EC parameter manipulation and generatio [\fB\-C\fR] [\fB\-check\fR] [\fB\-name arg\fR] -[\fB\-list_curve\fR] +[\fB\-list_curves\fR] [\fB\-conv_form arg\fR] [\fB\-param_enc arg\fR] [\fB\-no_seed\fR] @@ -157,8 +166,8 @@ This command is used to manipulate or generate \s- .IX Header "OPTIONS" .IP "\fB\-inform DER|PEM\fR" 4 .IX Item "-inform DER|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN\s0.1 \s-1DER\s0 encoded -form compatible with \s-1RFC\s0 3279 EcpkParameters. The \s-1PEM\s0 form is the default +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN.1 DER\s0 encoded +form compatible with \s-1RFC 3279\s0 EcpkParameters. The \s-1PEM\s0 form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines. .IP "\fB\-outform DER|PEM\fR" 4 @@ -208,15 +217,15 @@ the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_CO .IX Item "-param_enc arg" This specifies how the elliptic curve parameters are encoded. Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are -specified by a \s-1OID\s0, or \fBexplicit\fR where the ec parameters are -explicitly given (see \s-1RFC\s0 3279 for the definition of the +specified by a \s-1OID,\s0 or \fBexplicit\fR where the ec parameters are +explicitly given (see \s-1RFC 3279\s0 for the definition of the \&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. -\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC\s0 3279, +\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC 3279,\s0 is currently not implemented in OpenSSL. .IP "\fB\-no_seed\fR" 4 .IX Item "-no_seed" This option inhibits that the 'seed' for the parameter generation -is included in the ECParameters structure (see \s-1RFC\s0 3279). +is included in the ECParameters structure (see \s-1RFC 3279\s0). .IP "\fB\-genkey\fR" 4 .IX Item "-genkey" This option will generate a \s-1EC\s0 private key using the specified parameters. Index: secure/usr.bin/openssl/man/enc.1 =================================================================== --- secure/usr.bin/openssl/man/enc.1 (revision 279126) +++ secure/usr.bin/openssl/man/enc.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ENC 1" -.TH ENC 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ENC 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,13 +176,13 @@ the output filename, standard output by default. .IP "\fB\-pass arg\fR" 4 .IX Item "-pass arg" the password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-salt\fR" 4 .IX Item "-salt" use a salt in the key derivation routines. This is the default. .IP "\fB\-nosalt\fR" 4 .IX Item "-nosalt" -don't use a salt in the key derivation routines. This option \fB\s-1SHOULD\s0 \s-1NOT\s0\fR be +don't use a salt in the key derivation routines. This option \fB\s-1SHOULD NOT\s0\fR be used except for test purposes or compatibility with ancient versions of OpenSSL and SSLeay. .IP "\fB\-e\fR" 4 Index: secure/usr.bin/openssl/man/errstr.1 =================================================================== --- secure/usr.bin/openssl/man/errstr.1 (revision 279126) +++ secure/usr.bin/openssl/man/errstr.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERRSTR 1" -.TH ERRSTR 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH ERRSTR 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/gendsa.1 =================================================================== --- secure/usr.bin/openssl/man/gendsa.1 (revision 279126) +++ secure/usr.bin/openssl/man/gendsa.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENDSA 1" -.TH GENDSA 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH GENDSA 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -135,6 +144,12 @@ gendsa \- generate a DSA private key from a set of .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBgendsa\fR [\fB\-out filename\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] [\fB\-des\fR] [\fB\-des3\fR] [\fB\-idea\fR] @@ -147,10 +162,10 @@ The \fBgendsa\fR command generates a \s-1DSA\s0 pr (which will be typically generated by the \fBopenssl dsaparam\fR command). .SH "OPTIONS" .IX Header "OPTIONS" -.IP "\fB\-des|\-des3|\-idea\fR" 4 -.IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the -\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. +.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4 +.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea" +These options encrypt the private key with specified +cipher before outputting it. A pass phrase is prompted for. If none of these options is specified no encryption is used. .IP "\fB\-rand file(s)\fR" 4 .IX Item "-rand file(s)" Index: secure/usr.bin/openssl/man/genrsa.1 =================================================================== --- secure/usr.bin/openssl/man/genrsa.1 (revision 279126) +++ secure/usr.bin/openssl/man/genrsa.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENRSA 1" -.TH GENRSA 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH GENRSA 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -136,6 +145,18 @@ genrsa \- generate an RSA private key \&\fBopenssl\fR \fBgenrsa\fR [\fB\-out filename\fR] [\fB\-passout arg\fR] +[\fB\-aes128\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] [\fB\-des\fR] [\fB\-des3\fR] [\fB\-idea\fR] @@ -156,11 +177,11 @@ used. .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -.IP "\fB\-des|\-des3|\-idea\fR" 4 -.IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the -\&\s-1IDEA\s0 ciphers respectively before outputting it. If none of these options is +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4 +.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea" +These options encrypt the private key with specified +cipher before outputting it. If none of these options is specified no encryption is used. If encryption is used a pass phrase is prompted for if it is not supplied via the \fB\-passout\fR argument. .IP "\fB\-F4|\-3\fR" 4 Index: secure/usr.bin/openssl/man/nseq.1 =================================================================== --- secure/usr.bin/openssl/man/nseq.1 (revision 279126) +++ secure/usr.bin/openssl/man/nseq.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "NSEQ 1" -.TH NSEQ 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH NSEQ 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/ocsp.1 =================================================================== --- secure/usr.bin/openssl/man/ocsp.1 (revision 279126) +++ secure/usr.bin/openssl/man/ocsp.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP 1" -.TH OCSP 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH OCSP 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -181,7 +190,7 @@ ocsp \- Online Certificate Status Protocol utility .SH "DESCRIPTION" .IX Header "DESCRIPTION" The Online Certificate Status Protocol (\s-1OCSP\s0) enables applications to -determine the (revocation) state of an identified certificate (\s-1RFC\s0 2560). +determine the (revocation) state of an identified certificate (\s-1RFC 2560\s0). .PP The \fBocsp\fR command performs many common \s-1OCSP\s0 tasks. It can be used to print out requests and responses, create requests and send queries @@ -237,7 +246,7 @@ if \s-1OCSP\s0 request or response creation is imp with \fBserial\fR, \fBcert\fR and \fBhost\fR options). .IP "\fB\-url responder_url\fR" 4 .IX Item "-url responder_url" -specify the responder \s-1URL\s0. Both \s-1HTTP\s0 and \s-1HTTPS\s0 (\s-1SSL/TLS\s0) URLs can be specified. +specify the responder \s-1URL.\s0 Both \s-1HTTP\s0 and \s-1HTTPS \s0(\s-1SSL/TLS\s0) URLs can be specified. .IP "\fB\-host hostname:port\fR, \fB\-path pathname\fR" 4 .IX Item "-host hostname:port, -path pathname" if the \fBhost\fR option is present then the \s-1OCSP\s0 request is sent to the host @@ -334,7 +343,7 @@ Additional certificates to include in the \s-1OCSP Don't include any certificates in the \s-1OCSP\s0 response. .IP "\fB\-resp_key_id\fR" 4 .IX Item "-resp_key_id" -Identify the signer certificate using the key \s-1ID\s0, default is to use the subject name. +Identify the signer certificate using the key \s-1ID,\s0 default is to use the subject name. .IP "\fB\-rkey file\fR" 4 .IX Item "-rkey file" The private key to sign \s-1OCSP\s0 responses with: if not present the file specified in the @@ -353,7 +362,7 @@ Number of minutes or days when fresh revocation in omitted meaning fresh revocation information is immediately available. .SH "OCSP Response verification." .IX Header "OCSP Response verification." -\&\s-1OCSP\s0 Response follows the rules specified in \s-1RFC2560\s0. +\&\s-1OCSP\s0 Response follows the rules specified in \s-1RFC2560.\s0 .PP Initially the \s-1OCSP\s0 responder certificate is located and the signature on the \s-1OCSP\s0 request checked using the responder certificate's public key. Index: secure/usr.bin/openssl/man/openssl.1 =================================================================== --- secure/usr.bin/openssl/man/openssl.1 (revision 279126) +++ secure/usr.bin/openssl/man/openssl.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL 1" -.TH OPENSSL 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH OPENSSL 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -180,11 +189,11 @@ same name, this provides an easy way for shell scr availability of ciphers in the \fBopenssl\fR program. (\fBno\-\fR\fI\s-1XXX\s0\fR is not able to detect pseudo-commands such as \fBquit\fR, \&\fBlist\-\fR\fI...\fR\fB\-commands\fR, or \fBno\-\fR\fI\s-1XXX\s0\fR itself.) -.SS "\s-1STANDARD\s0 \s-1COMMANDS\s0" +.SS "\s-1STANDARD COMMANDS\s0" .IX Subsection "STANDARD COMMANDS" .IP "\fBasn1parse\fR" 10 .IX Item "asn1parse" -Parse an \s-1ASN\s0.1 sequence. +Parse an \s-1ASN.1\s0 sequence. .IP "\fBca\fR" 10 .IX Item "ca" Certificate Authority (\s-1CA\s0) Management. @@ -256,13 +265,13 @@ X.509 Certificate Signing Request (\s-1CSR\s0) Man .IP "\fBs_client\fR" 10 .IX Item "s_client" This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent -connection to a remote server speaking \s-1SSL/TLS\s0. It's intended for testing +connection to a remote server speaking \s-1SSL/TLS.\s0 It's intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly all functionality of the OpenSSL \fBssl\fR library. .IP "\fBs_server\fR" 10 .IX Item "s_server" This implements a generic \s-1SSL/TLS\s0 server which accepts connections from remote -clients speaking \s-1SSL/TLS\s0. It's intended for testing purposes only and provides +clients speaking \s-1SSL/TLS.\s0 It's intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly all functionality of the OpenSSL \fBssl\fR library. It provides both an own command line oriented protocol for testing \s-1SSL\s0 functions and a simple \s-1HTTP\s0 response @@ -288,7 +297,7 @@ OpenSSL Version Information. .IP "\fBx509\fR" 10 .IX Item "x509" X.509 Certificate Data Management. -.SS "\s-1MESSAGE\s0 \s-1DIGEST\s0 \s-1COMMANDS\s0" +.SS "\s-1MESSAGE DIGEST COMMANDS\s0" .IX Subsection "MESSAGE DIGEST COMMANDS" .IP "\fBmd2\fR" 10 .IX Item "md2" @@ -320,7 +329,7 @@ X.509 Certificate Data Management. .IP "\fBsha512\fR" 10 .IX Item "sha512" \&\s-1SHA\-512\s0 Digest -.SS "\s-1ENCODING\s0 \s-1AND\s0 \s-1CIPHER\s0 \s-1COMMANDS\s0" +.SS "\s-1ENCODING AND CIPHER COMMANDS\s0" .IX Subsection "ENCODING AND CIPHER COMMANDS" .IP "\fBbase64\fR" 10 .IX Item "base64" Index: secure/usr.bin/openssl/man/passwd.1 =================================================================== --- secure/usr.bin/openssl/man/passwd.1 (revision 279126) +++ secure/usr.bin/openssl/man/passwd.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PASSWD 1" -.TH PASSWD 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH PASSWD 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/pkcs12.1 =================================================================== --- secure/usr.bin/openssl/man/pkcs12.1 (revision 279126) +++ secure/usr.bin/openssl/man/pkcs12.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12 1" -.TH PKCS12 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH PKCS12 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -188,12 +197,12 @@ They are all written in \s-1PEM\s0 format. .IP "\fB\-pass arg\fR, \fB\-passin arg\fR" 4 .IX Item "-pass arg, -passin arg" the PKCS#12 file (i.e. input file) password source. For more information about the -format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in +format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \&\fIopenssl\fR\|(1). .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" pass phrase source to encrypt any outputed private keys with. For more information -about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in +about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \&\fIopenssl\fR\|(1). .IP "\fB\-noout\fR" 4 .IX Item "-noout" @@ -271,12 +280,12 @@ displays them. .IP "\fB\-pass arg\fR, \fB\-passout arg\fR" 4 .IX Item "-pass arg, -passout arg" the PKCS#12 file (i.e. output file) password source. For more information about -the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in +the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \&\fIopenssl\fR\|(1). .IP "\fB\-passin password\fR" 4 .IX Item "-passin password" pass phrase source to decrypt any input private keys with. For more information -about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in +about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \&\fIopenssl\fR\|(1). .IP "\fB\-chain\fR" 4 .IX Item "-chain" @@ -285,9 +294,9 @@ certificate chain of the user certificate. The sta for this search. If the search fails it is considered a fatal error. .IP "\fB\-descert\fR" 4 .IX Item "-descert" -encrypt the certificate using triple \s-1DES\s0, this may render the PKCS#12 +encrypt the certificate using triple \s-1DES,\s0 this may render the PKCS#12 file unreadable by some \*(L"export grade\*(R" software. By default the private -key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC2\s0. +key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC2.\s0 .IP "\fB\-keypbe alg\fR, \fB\-certpbe alg\fR" 4 .IX Item "-keypbe alg, -certpbe alg" these options allow the algorithm used to encrypt the private key and @@ -302,12 +311,12 @@ This option is only interpreted by \s-1MSIE\s0 and encryption purposes but arbitrary length keys for signing. The \fB\-keysig\fR option marks the key for signing only. Signing only keys can be used for S/MIME signing, authenticode (ActiveX control signing) and \s-1SSL\s0 client -authentication, however due to a bug only \s-1MSIE\s0 5.0 and later support +authentication, however due to a bug only \s-1MSIE 5.0\s0 and later support the use of signing only keys for \s-1SSL\s0 client authentication. .IP "\fB\-nomaciter\fR, \fB\-noiter\fR" 4 .IX Item "-nomaciter, -noiter" these options affect the iteration counts on the \s-1MAC\s0 and key algorithms. -Unless you wish to produce files compatible with \s-1MSIE\s0 4.0 you should leave +Unless you wish to produce files compatible with \s-1MSIE 4.0\s0 you should leave these options alone. .Sp To discourage attacks by using large dictionaries of common passwords the @@ -319,7 +328,7 @@ By default both \s-1MAC\s0 and encryption iteratio these options the \s-1MAC\s0 and encryption iteration counts can be set to 1, since this reduces the file security you should not use these options unless you really have to. Most software supports both \s-1MAC\s0 and key iteration counts. -\&\s-1MSIE\s0 4.0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR +\&\s-1MSIE 4.0\s0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR option. .IP "\fB\-maciter\fR" 4 .IX Item "-maciter" @@ -353,7 +362,7 @@ The \fB\-keypbe\fR and \fB\-certpbe\fR algorithms algorithms for private keys and certificates to be specified. Normally the defaults are fine but occasionally software can't handle triple \s-1DES\s0 encrypted private keys, then the option \fB\-keypbe \s-1PBE\-SHA1\-RC2\-40\s0\fR can -be used to reduce the private key encryption to 40 bit \s-1RC2\s0. A complete +be used to reduce the private key encryption to 40 bit \s-1RC2. A\s0 complete description of all algorithms is contained in the \fBpkcs8\fR manual page. .SH "EXAMPLES" .IX Header "EXAMPLES" Index: secure/usr.bin/openssl/man/pkcs7.1 =================================================================== --- secure/usr.bin/openssl/man/pkcs7.1 (revision 279126) +++ secure/usr.bin/openssl/man/pkcs7.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7 1" -.TH PKCS7 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH PKCS7 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -215,7 +224,7 @@ For compatibility with some CAs it will also accep There is no option to print out all the fields of a PKCS#7 file. .PP This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in \s-1RFC2315\s0 they -cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630\s0. +cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIcrl2pkcs7\fR\|(1) Index: secure/usr.bin/openssl/man/pkcs8.1 =================================================================== --- secure/usr.bin/openssl/man/pkcs8.1 (revision 279126) +++ secure/usr.bin/openssl/man/pkcs8.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS8 1" -.TH PKCS8 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH PKCS8 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -180,7 +189,7 @@ prompted for. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" This specifies the output filename to write a key to or standard output by @@ -190,7 +199,7 @@ filename. .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-nocrypt\fR" 4 .IX Item "-nocrypt" PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo @@ -202,15 +211,15 @@ code signing software used unencrypted private key .IP "\fB\-nooct\fR" 4 .IX Item "-nooct" This option generates \s-1RSA\s0 private keys in a broken format that some software -uses. Specifically the private key should be enclosed in a \s-1OCTET\s0 \s-1STRING\s0 +uses. Specifically the private key should be enclosed in a \s-1OCTET STRING\s0 but some software just includes the structure itself without the -surrounding \s-1OCTET\s0 \s-1STRING\s0. +surrounding \s-1OCTET STRING.\s0 .IP "\fB\-embed\fR" 4 .IX Item "-embed" This option generates \s-1DSA\s0 keys in a broken format. The \s-1DSA\s0 parameters are -embedded inside the PrivateKey structure. In this form the \s-1OCTET\s0 \s-1STRING\s0 -contains an \s-1ASN1\s0 \s-1SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing -the parameters and an \s-1ASN1\s0 \s-1INTEGER\s0 containing the private key. +embedded inside the PrivateKey structure. In this form the \s-1OCTET STRING\s0 +contains an \s-1ASN1 SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing +the parameters and an \s-1ASN1 INTEGER\s0 containing the private key. .IP "\fB\-nsdb\fR" 4 .IX Item "-nsdb" This option generates \s-1DSA\s0 keys in a broken format compatible with Netscape @@ -276,17 +285,17 @@ level whereas the traditional format includes them Various algorithms can be used with the \fB\-v1\fR command line option, including PKCS#5 v1.5 and PKCS#12. These are described in more detail below. -.IP "\fB\s-1PBE\-MD2\-DES\s0 \s-1PBE\-MD5\-DES\s0\fR" 4 +.IP "\fB\s-1PBE\-MD2\-DES PBE\-MD5\-DES\s0\fR" 4 .IX Item "PBE-MD2-DES PBE-MD5-DES" These algorithms were included in the original PKCS#5 v1.5 specification. -They only offer 56 bits of protection since they both use \s-1DES\s0. -.IP "\fB\s-1PBE\-SHA1\-RC2\-64\s0 \s-1PBE\-MD2\-RC2\-64\s0 \s-1PBE\-MD5\-RC2\-64\s0 \s-1PBE\-SHA1\-DES\s0\fR" 4 +They only offer 56 bits of protection since they both use \s-1DES.\s0 +.IP "\fB\s-1PBE\-SHA1\-RC2\-64 PBE\-MD2\-RC2\-64 PBE\-MD5\-RC2\-64 PBE\-SHA1\-DES\s0\fR" 4 .IX Item "PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES" These algorithms are not mentioned in the original PKCS#5 v1.5 specification but they use the same key derivation algorithm and are supported by some software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or -56 bit \s-1DES\s0. -.IP "\fB\s-1PBE\-SHA1\-RC4\-128\s0 \s-1PBE\-SHA1\-RC4\-40\s0 \s-1PBE\-SHA1\-3DES\s0 \s-1PBE\-SHA1\-2DES\s0 \s-1PBE\-SHA1\-RC2\-128\s0 \s-1PBE\-SHA1\-RC2\-40\s0\fR" 4 +56 bit \s-1DES.\s0 +.IP "\fB\s-1PBE\-SHA1\-RC4\-128 PBE\-SHA1\-RC4\-40 PBE\-SHA1\-3DES PBE\-SHA1\-2DES PBE\-SHA1\-RC2\-128 PBE\-SHA1\-RC2\-40\s0\fR" 4 .IX Item "PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40" These algorithms use the PKCS#12 password based encryption algorithm and allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used. @@ -327,13 +336,13 @@ Convert a private key from any PKCS#8 format to tr .SH "STANDARDS" .IX Header "STANDARDS" Test vectors from this PKCS#5 v2.0 implementation were posted to the -pkcs-tng mailing list using triple \s-1DES\s0, \s-1DES\s0 and \s-1RC2\s0 with high iteration +pkcs-tng mailing list using triple \s-1DES, DES\s0 and \s-1RC2\s0 with high iteration counts, several people confirmed that they could decrypt the private keys produced and Therefore it can be assumed that the PKCS#5 v2.0 implementation is reasonably accurate at least as far as these algorithms are concerned. .PP -The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented: +The format of PKCS#8 \s-1DSA \s0(and other) private keys is not well documented: it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0 PKCS#8 private key format complies with this standard. .SH "BUGS" Index: secure/usr.bin/openssl/man/rand.1 =================================================================== --- secure/usr.bin/openssl/man/rand.1 (revision 279126) +++ secure/usr.bin/openssl/man/rand.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND 1" -.TH RAND 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RAND 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/req.1 =================================================================== --- secure/usr.bin/openssl/man/req.1 (revision 279126) +++ secure/usr.bin/openssl/man/req.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "REQ 1" -.TH REQ 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH REQ 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -178,7 +187,7 @@ for use as root CAs for example. .IX Header "COMMAND OPTIONS" .IP "\fB\-inform DER|PEM\fR" 4 .IX Item "-inform DER|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded form compatible with the PKCS#10. The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines. @@ -194,7 +203,7 @@ options (\fB\-new\fR and \fB\-newkey\fR) are not s .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" This specifies the output filename to write to or standard output by @@ -202,7 +211,7 @@ default. .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-text\fR" 4 .IX Item "-text" prints out the certificate request in text form. @@ -263,7 +272,7 @@ will not be encrypted. .IX Item "-[md5|sha1|md2|mdc2]" this specifies the message digest to sign the request with. This overrides the digest algorithm specified in the configuration file. -This option is ignored for \s-1DSA\s0 requests: they always use \s-1SHA1\s0. +This option is ignored for \s-1DSA\s0 requests: they always use \s-1SHA1.\s0 .IP "\fB\-config filename\fR" 4 .IX Item "-config filename" this allows an alternative configuration file to be specified, @@ -287,7 +296,7 @@ If \-multi\-rdn is not used then the \s-1UID\s0 va .IX Item "-x509" this option outputs a self signed certificate instead of a certificate request. This is typically used to generate a test certificate or -a self signed root \s-1CA\s0. The extensions added to the certificate +a self signed root \s-1CA.\s0 The extensions added to the certificate (if any) are specified in the configuration file. Unless specified using the \fBset_serial\fR option \fB0\fR will be used for the serial number. @@ -314,7 +323,7 @@ a variety of purposes. .IP "\fB\-utf8\fR" 4 .IX Item "-utf8" this option causes field values to be interpreted as \s-1UTF8\s0 strings, by -default they are interpreted as \s-1ASCII\s0. This means that the field +default they are interpreted as \s-1ASCII.\s0 This means that the field values, whether prompted from a terminal or obtained from a configuration file, must be valid \s-1UTF8\s0 strings. .IP "\fB\-nameopt option\fR" 4 @@ -331,10 +340,10 @@ accept requests containing no attributes in an inv option produces this invalid format. .Sp More precisely the \fBAttributes\fR in a PKCS#10 certificate request -are defined as a \fB\s-1SET\s0 \s-1OF\s0 Attribute\fR. They are \fBnot \s-1OPTIONAL\s0\fR so +are defined as a \fB\s-1SET OF\s0 Attribute\fR. They are \fBnot \s-1OPTIONAL\s0\fR so if no attributes are present then they should be encoded as an -empty \fB\s-1SET\s0 \s-1OF\s0\fR. The invalid form does not include the empty -\&\fB\s-1SET\s0 \s-1OF\s0\fR whereas the correct form does. +empty \fB\s-1SET OF\s0\fR. The invalid form does not include the empty +\&\fB\s-1SET OF\s0\fR whereas the correct form does. .Sp It should be noted that very few CAs still require the use of this option. .IP "\fB\-newhdr\fR" 4 @@ -379,7 +388,7 @@ specified the key is written to standard output. T overridden by the \fB\-keyout\fR option. .IP "\fBoid_file\fR" 4 .IX Item "oid_file" -This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. +This specifies a file containing additional \fB\s-1OBJECT IDENTIFIERS\s0\fR. Each line of the file should consist of the numerical form of the object identifier followed by white space then the short name followed by white space and finally the long name. @@ -412,7 +421,7 @@ fields. Most users will not need to change this op It can be set to several values \fBdefault\fR which is also the default option uses PrintableStrings, T61Strings and BMPStrings if the \&\fBpkix\fR value is used then only PrintableStrings and BMPStrings will -be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0. If the +be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459.\s0 If the \&\fButf8only\fR option is used then only UTF8Strings will be used: this is the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0 after 2003. Finally the \fBnombstr\fR option just uses PrintableStrings and T61Strings: certain software has @@ -435,7 +444,7 @@ expected format of the \fBdistinguished_name\fR an .IP "\fButf8\fR" 4 .IX Item "utf8" if set to the value \fByes\fR then field values to be interpreted as \s-1UTF8\s0 -strings, by default they are interpreted as \s-1ASCII\s0. This means that +strings, by default they are interpreted as \s-1ASCII.\s0 This means that the field values, whether prompted from a terminal or obtained from a configuration file, must be valid \s-1UTF8\s0 strings. .IP "\fBattributes\fR" 4 @@ -488,7 +497,7 @@ on the field being used (for example countryName c two characters long and must fit in a PrintableString). .PP Some fields (such as organizationName) can be used more than once -in a \s-1DN\s0. This presents a problem because configuration files will +in a \s-1DN.\s0 This presents a problem because configuration files will not recognize the same name occurring twice. To avoid this problem if the fieldName contains some characters followed by a full stop they will be ignored. So for example a second organizationName can @@ -663,7 +672,7 @@ Another puzzling message is this: .Ve .PP this is displayed when no attributes are present and the request includes -the correct empty \fB\s-1SET\s0 \s-1OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0 +the correct empty \fB\s-1SET OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0 0x00). If you just see: .PP .Vb 1 @@ -670,7 +679,7 @@ this is displayed when no attributes are present a \& Attributes: .Ve .PP -then the \fB\s-1SET\s0 \s-1OF\s0\fR is missing and the encoding is technically invalid (but +then the \fB\s-1SET OF\s0\fR is missing and the encoding is technically invalid (but it is tolerated). See the description of the command line option \fB\-asn1\-kludge\fR for more information. .SH "ENVIRONMENT VARIABLES" @@ -682,7 +691,7 @@ environment variable serves the same purpose but i .SH "BUGS" .IX Header "BUGS" OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively -treats them as \s-1ISO\-8859\-1\s0 (Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour. +treats them as \s-1ISO\-8859\-1 \s0(Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour. This can cause problems if you need characters that aren't available in PrintableStrings and you don't want to or can't use BMPStrings. .PP Index: secure/usr.bin/openssl/man/rsa.1 =================================================================== --- secure/usr.bin/openssl/man/rsa.1 (revision 279126) +++ secure/usr.bin/openssl/man/rsa.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA 1" -.TH RSA 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RSA 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -141,6 +150,12 @@ rsa \- RSA key processing tool [\fB\-out filename\fR] [\fB\-passout arg\fR] [\fB\-sgckey\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] [\fB\-des\fR] [\fB\-des3\fR] [\fB\-idea\fR] @@ -162,7 +177,7 @@ utility. .IX Header "COMMAND OPTIONS" .IP "\fB\-inform DER|NET|PEM\fR" 4 .IX Item "-inform DER|NET|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format. The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines. On input PKCS#8 format private @@ -180,7 +195,7 @@ prompted for. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" This specifies the output filename to write a key to or standard output if this @@ -190,15 +205,15 @@ filename. .IP "\fB\-passout password\fR" 4 .IX Item "-passout password" the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-sgckey\fR" 4 .IX Item "-sgckey" use the modified \s-1NET\s0 algorithm used with some versions of Microsoft \s-1IIS\s0 and \s-1SGC\s0 keys. -.IP "\fB\-des|\-des3|\-idea\fR" 4 -.IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the -\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. +.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4 +.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea" +These options encrypt the private key with the specified +cipher before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This means that using the \fBrsa\fR utility to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by @@ -249,13 +264,13 @@ The \s-1PEM\s0 public key format uses the header a .Ve .PP The \fB\s-1NET\s0\fR form is a format compatible with older Netscape servers -and Microsoft \s-1IIS\s0 .key files, this uses unsalted \s-1RC4\s0 for its encryption. +and Microsoft \s-1IIS \s0.key files, this uses unsalted \s-1RC4\s0 for its encryption. It is not very secure and so should only be used when necessary. .PP Some newer version of \s-1IIS\s0 have additional data in the exported .key files. To use these with the utility, view the file with a binary editor and look for the string \*(L"private-key\*(R", then trace back to the byte -sequence 0x30, 0x82 (this is an \s-1ASN1\s0 \s-1SEQUENCE\s0). Copy all the data +sequence 0x30, 0x82 (this is an \s-1ASN1 SEQUENCE\s0). Copy all the data from this point onwards to another file and use that as the input to the \fBrsa\fR utility with the \fB\-inform \s-1NET\s0\fR option. If you get an error after entering the password try the \fB\-sgckey\fR option. Index: secure/usr.bin/openssl/man/rsautl.1 =================================================================== --- secure/usr.bin/openssl/man/rsautl.1 (revision 279126) +++ secure/usr.bin/openssl/man/rsautl.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSAUTL 1" -.TH RSAUTL 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH RSAUTL 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -186,7 +195,7 @@ encrypt the input data using an \s-1RSA\s0 public decrypt the input data using an \s-1RSA\s0 private key. .IP "\fB\-pkcs, \-oaep, \-ssl, \-raw\fR" 4 .IX Item "-pkcs, -oaep, -ssl, -raw" -the padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP\s0, +the padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP,\s0 special padding used in \s-1SSL\s0 v2 backwards compatible handshakes, or no padding, respectively. For signatures, only \fB\-pkcs\fR and \fB\-raw\fR can be used. @@ -261,7 +270,7 @@ example in certs/pca\-cert.pem . Running \fBasn1pa \& 614:d=1 hl=3 l= 129 prim: BIT STRING .Ve .PP -The final \s-1BIT\s0 \s-1STRING\s0 contains the actual signature. It can be extracted with: +The final \s-1BIT STRING\s0 contains the actual signature. It can be extracted with: .PP .Vb 1 \& openssl asn1parse \-in pca\-cert.pem \-out sig \-noout \-strparse 614 Index: secure/usr.bin/openssl/man/s_client.1 =================================================================== --- secure/usr.bin/openssl/man/s_client.1 (revision 279126) +++ secure/usr.bin/openssl/man/s_client.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_CLIENT 1" -.TH S_CLIENT 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH S_CLIENT 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -143,6 +152,22 @@ s_client \- SSL/TLS client program [\fB\-pass arg\fR] [\fB\-CApath directory\fR] [\fB\-CAfile filename\fR] +[\fB\-attime timestamp\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-issuer_checks\fR] +[\fB\-policy arg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose purpose\fR] +[\fB\-use_deltas\fR] +[\fB\-verify_depth num\fR] +[\fB\-x509_strict\fR] [\fB\-reconnect\fR] [\fB\-pause\fR] [\fB\-showcerts\fR] @@ -160,9 +185,11 @@ s_client \- SSL/TLS client program [\fB\-no_ssl2\fR] [\fB\-no_ssl3\fR] [\fB\-no_tls1\fR] +[\fB\-fallback_scsv\fR] [\fB\-bugs\fR] [\fB\-cipher cipherlist\fR] [\fB\-starttls protocol\fR] +[\fB\-xmpphost hostname\fR] [\fB\-engine id\fR] [\fB\-tlsextdebug\fR] [\fB\-no_ticket\fR] @@ -172,10 +199,14 @@ s_client \- SSL/TLS client program .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBs_client\fR command implements a generic \s-1SSL/TLS\s0 client which connects -to a remote host using \s-1SSL/TLS\s0. It is a \fIvery\fR useful diagnostic tool for +to a remote host using \s-1SSL/TLS.\s0 It is a \fIvery\fR useful diagnostic tool for \&\s-1SSL\s0 servers. .SH "OPTIONS" .IX Header "OPTIONS" +In addition to the options below the \fBs_client\fR utility also supports the +common and client only options documented in the +in the \fISSL_CONF_cmd\fR\|(3) +manual page. .IP "\fB\-connect host:port\fR" 4 .IX Item "-connect host:port" This specifies the host and optional port to connect to. If not specified @@ -186,7 +217,7 @@ The certificate to use, if one is requested by the not to use a certificate. .IP "\fB\-certform format\fR" 4 .IX Item "-certform format" -The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default. +The certificate format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. .IP "\fB\-key keyfile\fR" 4 .IX Item "-key keyfile" The private key to use. If not specified then the certificate file will @@ -193,11 +224,11 @@ The private key to use. If not specified then the be used. .IP "\fB\-keyform format\fR" 4 .IX Item "-keyform format" -The private format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default. +The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. .IP "\fB\-pass arg\fR" 4 .IX Item "-pass arg" the private key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-verify depth\fR" 4 .IX Item "-verify depth" The verify depth to use. This specifies the maximum length of the @@ -214,9 +245,13 @@ also used when building the client certificate cha .IX Item "-CAfile file" A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. +.IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fBexplicit_policy\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-issuer_checks\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-use_deltas\fR, \fB\-verify_depth\fR, \fB\-x509_strict\fR" 4 +.IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, explicit_policy, -ignore_critical, -inhibit_any, -inhibit_map, -issuer_checks, -policy, -policy_check, -policy_print, -purpose, -use_deltas, -verify_depth, -x509_strict" +Set various certificate chain valiadition options. See the +\&\fBverify\fR manual page for details. .IP "\fB\-reconnect\fR" 4 .IX Item "-reconnect" -reconnects to the same server 5 times using the same session \s-1ID\s0, this can +reconnects to the same server 5 times using the same session \s-1ID,\s0 this can be used as a test that session caching is working. .IP "\fB\-pause\fR" 4 .IX Item "-pause" @@ -232,7 +267,7 @@ to print out information even if the connection fa will only be printed out once if the connection succeeds. This option is useful because the cipher in use may be renegotiated or the connection may fail because a client certificate is required or is requested only after an -attempt is made to access a certain \s-1URL\s0. Note: the output produced by this +attempt is made to access a certain \s-1URL.\s0 Note: the output produced by this option is not always accurate because a connection might never have been established. .IP "\fB\-state\fR" 4 @@ -268,10 +303,12 @@ these options disable the use of certain \s-1SSL\s the initial handshake uses a method which should be compatible with all servers and permit them to use \s-1SSL\s0 v3, \s-1SSL\s0 v2 or \s-1TLS\s0 as appropriate. .Sp -Unfortunately there are a lot of ancient and broken servers in use which +Unfortunately there are still ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only -work if \s-1TLS\s0 is turned off with the \fB\-no_tls\fR option others will only -support \s-1SSL\s0 v2 and may need the \fB\-ssl2\fR option. +work if \s-1TLS\s0 is turned off. +.IP "\fB\-fallback_scsv\fR" 4 +.IX Item "-fallback_scsv" +Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. .IP "\fB\-bugs\fR" 4 .IX Item "-bugs" there are several known bug in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this @@ -286,16 +323,19 @@ command for more information. .IX Item "-starttls protocol" send the protocol-specific message(s) to switch to \s-1TLS\s0 for communication. \&\fBprotocol\fR is a keyword for the intended protocol. Currently, the only -supported keywords are \*(L"smtp\*(R", \*(L"pop3\*(R", \*(L"imap\*(R", and \*(L"ftp\*(R". +supported keywords are \*(L"smtp\*(R", \*(L"pop3\*(R", \*(L"imap\*(R", \*(L"ftp\*(R" and \*(L"xmpp\*(R". +.IP "\fB\-xmpphost hostname\fR" 4 +.IX Item "-xmpphost hostname" +This option, when used with \*(L"\-starttls xmpp\*(R", specifies the host for the +\&\*(L"to\*(R" attribute of the stream element. +If this option is not specified, then the host specified with \*(L"\-connect\*(R" +will be used. .IP "\fB\-tlsextdebug\fR" 4 .IX Item "-tlsextdebug" -print out a hex dump of any \s-1TLS\s0 extensions received from the server. Note: this -option is only available if extension support is explicitly enabled at compile -time +print out a hex dump of any \s-1TLS\s0 extensions received from the server. .IP "\fB\-no_ticket\fR" 4 .IX Item "-no_ticket" -disable RFC4507bis session ticket support. Note: this option is only available -if extension support is explicitly enabled at compile time +disable RFC4507bis session ticket support. .IP "\fB\-sess_out filename\fR" 4 .IX Item "-sess_out filename" output \s-1SSL\s0 session to \fBfilename\fR @@ -305,7 +345,7 @@ load \s-1SSL\s0 session from \fBfilename\fR. The c connection from this session. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBs_client\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBs_client\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. @@ -326,7 +366,7 @@ have been given), the session will be renegotiated connection will be closed down. .SH "NOTES" .IX Header "NOTES" -\&\fBs_client\fR can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL\s0 \s-1HTTP\s0 +\&\fBs_client\fR can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL HTTP\s0 server the command: .PP .Vb 1 @@ -334,7 +374,7 @@ server the command: .Ve .PP would typically be used (https uses port 443). If the connection succeeds -then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET\s0 /\*(R" to retrieve a web page. +then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET /\*(R"\s0 to retrieve a web page. .PP If the handshake fails then there are several possible causes, if it is nothing obvious like no client certificate then the \fB\-bugs\fR, \fB\-ssl2\fR, @@ -364,8 +404,11 @@ Since the SSLv23 client hello cannot include compr these will only be supported if its use is disabled, for example by using the \&\fB\-no_sslv2\fR option. .PP -\&\s-1TLS\s0 extensions are only supported in OpenSSL 0.9.8 if they are explictly -enabled at compile time using for example the \fBenable-tlsext\fR switch. +The \fBs_client\fR utility is a test tool and is designed to continue the +handshake after any certificate verification errors. As a result it will +accept any certificate chain (trusted or not) sent by the peer. None test +applications should \fBnot\fR do this as it makes them vulnerable to a \s-1MITM\s0 +attack. .SH "BUGS" .IX Header "BUGS" Because this program has a lot of options and also because some of @@ -373,9 +416,6 @@ the techniques used are rather old, the C source o hard to read and not a model of how things should be done. A typical \&\s-1SSL\s0 client program would be much simpler. .PP -The \fB\-verify\fR option should really exit if the server verification -fails. -.PP The \fB\-prexit\fR option is a bit of a hack. We should really report information whenever a session is renegotiated. .SH "SEE ALSO" Index: secure/usr.bin/openssl/man/s_server.1 =================================================================== --- secure/usr.bin/openssl/man/s_server.1 (revision 279126) +++ secure/usr.bin/openssl/man/s_server.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_SERVER 1" -.TH S_SERVER 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH S_SERVER 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,6 +170,7 @@ s_server \- SSL/TLS server program [\fB\-CAfile filename\fR] [\fB\-nocert\fR] [\fB\-cipher cipherlist\fR] +[\fB\-serverpref\fR] [\fB\-quiet\fR] [\fB\-no_tmp_rsa\fR] [\fB\-ssl2\fR] @@ -183,7 +193,7 @@ s_server \- SSL/TLS server program .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBs_server\fR command implements a generic \s-1SSL/TLS\s0 server which listens -for connections on a given port using \s-1SSL/TLS\s0. +for connections on a given port using \s-1SSL/TLS.\s0 .SH "OPTIONS" .IX Header "OPTIONS" .IP "\fB\-accept port\fR" 4 @@ -197,11 +207,11 @@ is not present a default value will be used. .IX Item "-cert certname" The certificate to use, most servers cipher suites require the use of a certificate and some require a certificate with a certain public key type: -for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0 -(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used. +for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS +\&\s0(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used. .IP "\fB\-certform format\fR" 4 .IX Item "-certform format" -The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default. +The certificate format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. .IP "\fB\-key keyfile\fR" 4 .IX Item "-key keyfile" The private key to use. If not specified then the certificate file will @@ -208,11 +218,11 @@ The private key to use. If not specified then the be used. .IP "\fB\-keyform format\fR" 4 .IX Item "-keyform format" -The private format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default. +The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. .IP "\fB\-pass arg\fR" 4 .IX Item "-pass arg" the private key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-dcert filename\fR, \fB\-dkey keyname\fR" 4 .IX Item "-dcert filename, -dkey keyname" specify an additional certificate and private key, these behave in the @@ -220,7 +230,7 @@ same manner as the \fB\-cert\fR and \fB\-key\fR op if they are not specified (no additional certificate and key is used). As noted above some cipher suites require a certificate containing a key of a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key -and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys +and some a \s-1DSS \s0(\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites by using an appropriate certificate. .IP "\fB\-dcertform format\fR, \fB\-dkeyform format\fR, \fB\-dpass arg\fR" 4 @@ -252,9 +262,12 @@ client certificate chain and makes the server requ the client. With the \fB\-verify\fR option a certificate is requested but the client does not have to send one, with the \fB\-Verify\fR option the client must supply a certificate or an error occurs. +.Sp +If the ciphersuite cannot request a client certificate (for example an +anonymous ciphersuite or \s-1PSK\s0) this option has no effect. .IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4 .IX Item "-crl_check, -crl_check_all" -Check the peer certificate has not been revoked by its \s-1CA\s0. +Check the peer certificate has not been revoked by its \s-1CA.\s0 The \s-1CRL\s0(s) are appended to the certificate file. With the \fB\-crl_check_all\fR option all CRLs of all CAs in the chain are checked. .IP "\fB\-CApath directory\fR" 4 @@ -285,7 +298,7 @@ tests non blocking I/O turns on non blocking I/O .IP "\fB\-crlf\fR" 4 .IX Item "-crlf" -this option translated a line feed from the terminal into \s-1CR+LF\s0. +this option translated a line feed from the terminal into \s-1CR+LF.\s0 .IP "\fB\-quiet\fR" 4 .IX Item "-quiet" inhibit printing of session and certificate information. @@ -309,6 +322,9 @@ the client sends a list of supported ciphers the f also included in the server list is used. Because the client specifies the preference order, the order of the server cipherlist irrelevant. See the \fBciphers\fR command for more information. +.IP "\fB\-serverpref\fR" 4 +.IX Item "-serverpref" +use the server's cipher preferences, rather than the client's preferences. .IP "\fB\-tlsextdebug\fR" 4 .IX Item "-tlsextdebug" print out a hex dump of any \s-1TLS\s0 extensions received from the server. Index: secure/usr.bin/openssl/man/s_time.1 =================================================================== --- secure/usr.bin/openssl/man/s_time.1 (revision 279126) +++ secure/usr.bin/openssl/man/s_time.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_TIME 1" -.TH S_TIME 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH S_TIME 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,7 +161,7 @@ s_time \- SSL/TLS performance timing program .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBs_client\fR command implements a generic \s-1SSL/TLS\s0 client which connects to a -remote host using \s-1SSL/TLS\s0. It can request a page from the server and includes +remote host using \s-1SSL/TLS.\s0 It can request a page from the server and includes the time to transfer the payload data in its timing measurements. It measures the number of connections within a given timeframe, the amount of data transferred (if any), and calculates the average time spent for one connection. @@ -234,7 +243,7 @@ and the link speed determine how many connections .SH "NOTES" .IX Header "NOTES" \&\fBs_client\fR can be used to measure the performance of an \s-1SSL\s0 connection. -To connect to an \s-1SSL\s0 \s-1HTTP\s0 server and get the default page the command +To connect to an \s-1SSL HTTP\s0 server and get the default page the command .PP .Vb 1 \& openssl s_time \-connect servername:443 \-www / \-CApath yourdir \-CAfile yourfile.pem \-cipher commoncipher [\-ssl3] Index: secure/usr.bin/openssl/man/sess_id.1 =================================================================== --- secure/usr.bin/openssl/man/sess_id.1 (revision 279126) +++ secure/usr.bin/openssl/man/sess_id.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SESS_ID 1" -.TH SESS_ID 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SESS_ID 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,7 +159,7 @@ needs some knowledge of the \s-1SSL\s0 protocol to not need to use it. .IP "\fB\-inform DER|PEM\fR" 4 .IX Item "-inform DER|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded format containing session details. The precise format can vary from one version to the next. The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines. @@ -180,7 +189,7 @@ this option prevents output of the encoded version .IP "\fB\-context \s-1ID\s0\fR" 4 .IX Item "-context ID" this option can set the session id so the output session information uses the -supplied \s-1ID\s0. The \s-1ID\s0 can be any string of characters. This option wont normally +supplied \s-1ID.\s0 The \s-1ID\s0 can be any string of characters. This option wont normally be used. .SH "OUTPUT" .IX Header "OUTPUT" Index: secure/usr.bin/openssl/man/smime.1 =================================================================== --- secure/usr.bin/openssl/man/smime.1 (revision 279126) +++ secure/usr.bin/openssl/man/smime.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME 1" -.TH SMIME 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SMIME 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -230,7 +239,7 @@ is S/MIME and it uses the multipart/signed \s-1MIM .IX Item "-text" this option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied message if encrypting or signing. If decrypting or verifying it strips -off text headers: if the decrypted or verified message is not of \s-1MIME\s0 +off text headers: if the decrypted or verified message is not of \s-1MIME \s0 type text/plain then an error occurs. .IP "\fB\-CAfile file\fR" 4 .IX Item "-CAfile file" @@ -243,8 +252,8 @@ is a hash of each subject name (using \fBx509 \-ha to each certificate. .IP "\fB\-des \-des3 \-rc2\-40 \-rc2\-64 \-rc2\-128 \-aes128 \-aes192 \-aes256 \-camellia128 \-camellia192 \-camellia256\fR" 4 .IX Item "-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -camellia128 -camellia192 -camellia256" -the encryption algorithm to use. \s-1DES\s0 (56 bits), triple \s-1DES\s0 (168 bits), -40, 64 or 128 bit \s-1RC2\s0, 128, 192 or 256 bit \s-1AES\s0, or 128, 192 or 256 bit Camellia respectively. +the encryption algorithm to use. \s-1DES \s0(56 bits), triple \s-1DES \s0(168 bits), +40, 64 or 128 bit \s-1RC2, 128, 192\s0 or 256 bit \s-1AES,\s0 or 128, 192 or 256 bit Camellia respectively. If not specified triple \s-1DES\s0 is used. Only used with \fB\-encrypt\fR. .IP "\fB\-nointern\fR" 4 .IX Item "-nointern" @@ -308,7 +317,7 @@ the \fB\-recip\fR or \fB\-signer\fR file. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the private key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-rand file(s)\fR" 4 .IX Item "-rand file(s)" a file or files containing random data used to seed the random number Index: secure/usr.bin/openssl/man/speed.1 =================================================================== --- secure/usr.bin/openssl/man/speed.1 (revision 279126) +++ secure/usr.bin/openssl/man/speed.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SPEED 1" -.TH SPEED 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SPEED 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/spkac.1 =================================================================== --- secure/usr.bin/openssl/man/spkac.1 (revision 279126) +++ secure/usr.bin/openssl/man/spkac.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SPKAC 1" -.TH SPKAC 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH SPKAC 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -168,7 +177,7 @@ present. .IP "\fB\-passin password\fR" 4 .IX Item "-passin password" the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-challenge string\fR" 4 .IX Item "-challenge string" specifies the challenge string if an \s-1SPKAC\s0 is being created. @@ -175,23 +184,23 @@ specifies the challenge string if an \s-1SPKAC\s0 .IP "\fB\-spkac spkacname\fR" 4 .IX Item "-spkac spkacname" allows an alternative name form the variable containing the -\&\s-1SPKAC\s0. The default is \*(L"\s-1SPKAC\s0\*(R". This option affects both +\&\s-1SPKAC.\s0 The default is \*(L"\s-1SPKAC\*(R".\s0 This option affects both generated and input \s-1SPKAC\s0 files. .IP "\fB\-spksect section\fR" 4 .IX Item "-spksect section" allows an alternative name form the section containing the -\&\s-1SPKAC\s0. The default is the default section. +\&\s-1SPKAC.\s0 The default is the default section. .IP "\fB\-noout\fR" 4 .IX Item "-noout" -don't output the text version of the \s-1SPKAC\s0 (not used if an +don't output the text version of the \s-1SPKAC \s0(not used if an \&\s-1SPKAC\s0 is being created). .IP "\fB\-pubkey\fR" 4 .IX Item "-pubkey" -output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is +output the public key of an \s-1SPKAC \s0(not used if an \s-1SPKAC\s0 is being created). .IP "\fB\-verify\fR" 4 .IX Item "-verify" -verifies the digital signature on the supplied \s-1SPKAC\s0. +verifies the digital signature on the supplied \s-1SPKAC.\s0 .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR @@ -218,7 +227,7 @@ Create an \s-1SPKAC\s0 using the challenge string \& openssl spkac \-key key.pem \-challenge hello \-out spkac.cnf .Ve .PP -Example of an \s-1SPKAC\s0, (long lines split up for clarity): +Example of an \s-1SPKAC, \s0(long lines split up for clarity): .PP .Vb 5 \& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e Index: secure/usr.bin/openssl/man/verify.1 =================================================================== --- secure/usr.bin/openssl/man/verify.1 (revision 279126) +++ secure/usr.bin/openssl/man/verify.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "VERIFY 1" -.TH VERIFY 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH VERIFY 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -134,13 +143,27 @@ verify \- Utility to verify certificates. .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBverify\fR +[\fB\-CAfile file\fR] [\fB\-CApath directory\fR] -[\fB\-CAfile file\fR] +[\fB\-attime timestamp\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-help\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-issuer_checks\fR] +[\fB\-policy arg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] [\fB\-purpose purpose\fR] [\fB\-untrusted file\fR] -[\fB\-help\fR] -[\fB\-issuer_checks\fR] +[\fB\-use_deltas\fR] [\fB\-verbose\fR] +[\fB\-verify_depth num\fR] +[\fB\-x509_strict\fR] [\fB\-\fR] [certificates] .SH "DESCRIPTION" @@ -148,6 +171,10 @@ verify \- Utility to verify certificates. The \fBverify\fR command verifies certificate chains. .SH "COMMAND OPTIONS" .IX Header "COMMAND OPTIONS" +.IP "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +A file of trusted certificates. The file should contain multiple certificates +in \s-1PEM\s0 format concatenated together. .IP "\fB\-CApath directory\fR" 4 .IX Item "-CApath directory" A directory of trusted certificates. The certificates should have names @@ -155,46 +182,92 @@ of the form: hash.0 or have symbolic links to them form (\*(L"hash\*(R" is the hashed certificate subject name: see the \fB\-hash\fR option of the \fBx509\fR utility). Under Unix the \fBc_rehash\fR script will automatically create symbolic links to a directory of certificates. -.IP "\fB\-CAfile file\fR" 4 -.IX Item "-CAfile file" -A file of trusted certificates. The file should contain multiple certificates -in \s-1PEM\s0 format concatenated together. +.IP "\fB\-attime timestamp\fR" 4 +.IX Item "-attime timestamp" +Perform validation checks using time specified by \fBtimestamp\fR and not +current system time. \fBtimestamp\fR is the number of seconds since +01.01.1970 (\s-1UNIX\s0 time). +.IP "\fB\-check_ss_sig\fR" 4 +.IX Item "-check_ss_sig" +Verify the signature on the self-signed root \s-1CA.\s0 This is disabled by default +because it doesn't add any security. +.IP "\fB\-crl_check\fR" 4 +.IX Item "-crl_check" +Checks end entity certificate validity by attempting to look up a valid \s-1CRL.\s0 +If a valid \s-1CRL\s0 cannot be found an error occurs. +.IP "\fB\-crl_check_all\fR" 4 +.IX Item "-crl_check_all" +Checks the validity of \fBall\fR certificates in the chain by attempting +to look up valid CRLs. +.IP "\fB\-explicit_policy\fR" 4 +.IX Item "-explicit_policy" +Set policy variable require-explicit-policy (see \s-1RFC5280\s0). +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-ignore_critical\fR" 4 +.IX Item "-ignore_critical" +Normally if an unhandled critical extension is present which is not +supported by OpenSSL the certificate is rejected (as required by \s-1RFC5280\s0). +If this option is set critical extensions are ignored. +.IP "\fB\-inhibit_any\fR" 4 +.IX Item "-inhibit_any" +Set policy variable inhibit-any-policy (see \s-1RFC5280\s0). +.IP "\fB\-inhibit_map\fR" 4 +.IX Item "-inhibit_map" +Set policy variable inhibit-policy-mapping (see \s-1RFC5280\s0). +.IP "\fB\-issuer_checks\fR" 4 +.IX Item "-issuer_checks" +Print out diagnostics relating to searches for the issuer certificate of the +current certificate. This shows why each candidate issuer certificate was +rejected. The presence of rejection messages does not itself imply that +anything is wrong; during the normal verification process, several +rejections may take place. +.IP "\fB\-policy arg\fR" 4 +.IX Item "-policy arg" +Enable policy processing and add \fBarg\fR to the user-initial-policy-set (see +\&\s-1RFC5280\s0). The policy \fBarg\fR can be an object name an \s-1OID\s0 in numeric form. +This argument can appear more than once. +.IP "\fB\-policy_check\fR" 4 +.IX Item "-policy_check" +Enables certificate policy processing. +.IP "\fB\-policy_print\fR" 4 +.IX Item "-policy_print" +Print out diagnostics related to policy processing. +.IP "\fB\-purpose purpose\fR" 4 +.IX Item "-purpose purpose" +The intended use for the certificate. If this option is not specified, +\&\fBverify\fR will not consider certificate purpose during chain verification. +Currently accepted uses are \fBsslclient\fR, \fBsslserver\fR, \fBnssslserver\fR, +\&\fBsmimesign\fR, \fBsmimeencrypt\fR. See the \fB\s-1VERIFY OPERATION\s0\fR section for more +information. .IP "\fB\-untrusted file\fR" 4 .IX Item "-untrusted file" A file of untrusted certificates. The file should contain multiple certificates -.IP "\fB\-purpose purpose\fR" 4 -.IX Item "-purpose purpose" -the intended use for the certificate. Without this option no chain verification -will be done. Currently accepted uses are \fBsslclient\fR, \fBsslserver\fR, -\&\fBnssslserver\fR, \fBsmimesign\fR, \fBsmimeencrypt\fR. See the \fB\s-1VERIFY\s0 \s-1OPERATION\s0\fR -section for more information. -.IP "\fB\-help\fR" 4 -.IX Item "-help" -prints out a usage message. +in \s-1PEM\s0 format concatenated together. +.IP "\fB\-use_deltas\fR" 4 +.IX Item "-use_deltas" +Enable support for delta CRLs. .IP "\fB\-verbose\fR" 4 .IX Item "-verbose" -print extra information about the operations being performed. -.IP "\fB\-issuer_checks\fR" 4 -.IX Item "-issuer_checks" -print out diagnostics relating to searches for the issuer certificate -of the current certificate. This shows why each candidate issuer -certificate was rejected. However the presence of rejection messages -does not itself imply that anything is wrong: during the normal -verify process several rejections may take place. -.IP "\fB\-check_ss_sig\fR" 4 -.IX Item "-check_ss_sig" -Verify the signature on the self-signed root \s-1CA\s0. This is disabled by default -because it doesn't add any security. +Print extra information about the operations being performed. +.IP "\fB\-verify_depth num\fR" 4 +.IX Item "-verify_depth num" +Limit the maximum depth of the certificate chain to \fBnum\fR certificates. +.IP "\fB\-x509_strict\fR" 4 +.IX Item "-x509_strict" +For strict X.509 compliance, disable non-compliant workarounds for broken +certificates. .IP "\fB\-\fR" 4 .IX Item "-" -marks the last option. All arguments following this are assumed to be +Indicates the last option. All arguments following this are assumed to be certificate files. This is useful if the first certificate filename begins with a \fB\-\fR. .IP "\fBcertificates\fR" 4 .IX Item "certificates" -one or more certificates to verify. If no certificate filenames are included -then an attempt is made to read a certificate from standard input. They should -all be in \s-1PEM\s0 format. +One or more certificates to verify. If no certificates are given, \fBverify\fR +will attempt to read a certificate from standard input. Certificates must be +in \s-1PEM\s0 format. .SH "VERIFY OPERATION" .IX Header "VERIFY OPERATION" The \fBverify\fR program uses the same functions as the internal \s-1SSL\s0 and S/MIME @@ -210,10 +283,10 @@ determined. The verify operation consists of a number of separate steps. .PP Firstly a certificate chain is built up starting from the supplied certificate -and ending in the root \s-1CA\s0. It is an error if the whole chain cannot be built +and ending in the root \s-1CA.\s0 It is an error if the whole chain cannot be built up. The chain is built up by looking up the issuers certificate of the current certificate. If a certificate is found which is its own issuer it is assumed -to be the root \s-1CA\s0. +to be the root \s-1CA.\s0 .PP The process of 'looking up the issuers certificate' itself involves a number of steps. In versions of OpenSSL before 0.9.5a the first certificate whose @@ -237,9 +310,9 @@ consistency with the supplied purpose. If the \fB\ then no checks are done. The supplied or \*(L"leaf\*(R" certificate must have extensions compatible with the supplied purpose and all other certificates must also be valid \&\s-1CA\s0 certificates. The precise extensions required are described in more detail in -the \fB\s-1CERTIFICATE\s0 \s-1EXTENSIONS\s0\fR section of the \fBx509\fR utility. +the \fB\s-1CERTIFICATE EXTENSIONS\s0\fR section of the \fBx509\fR utility. .PP -The third operation is to check the trust settings on the root \s-1CA\s0. The root +The third operation is to check the trust settings on the root \s-1CA.\s0 The root \&\s-1CA\s0 should be trusted for the supplied purpose. For compatibility with previous versions of SSLeay and OpenSSL a certificate with no trust settings is considered to be valid for all purposes. @@ -281,7 +354,7 @@ the issuer certificate of a looked up certificate normally means the list of trusted certificates is not complete. .IP "\fB3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate \s-1CRL\s0\fR" 4 .IX Item "3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL" -the \s-1CRL\s0 of a certificate could not be found. Unused. +the \s-1CRL\s0 of a certificate could not be found. .IP "\fB4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4 .IX Item "4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature" the certificate signature could not be decrypted. This means that the actual signature value @@ -299,7 +372,7 @@ the public key in the certificate SubjectPublicKey the signature of the certificate is invalid. .IP "\fB8 X509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4 .IX Item "8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure" -the signature of the certificate is invalid. Unused. +the signature of the certificate is invalid. .IP "\fB9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4 .IX Item "9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid" the certificate is not yet valid: the notBefore date is after the current time. @@ -308,10 +381,10 @@ the certificate is not yet valid: the notBefore da the certificate has expired: that is the notAfter date is before the current time. .IP "\fB11 X509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4 .IX Item "11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid" -the \s-1CRL\s0 is not yet valid. Unused. +the \s-1CRL\s0 is not yet valid. .IP "\fB12 X509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4 .IX Item "12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired" -the \s-1CRL\s0 has expired. Unused. +the \s-1CRL\s0 has expired. .IP "\fB13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4 .IX Item "13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field" the certificate notBefore field contains an invalid time. @@ -320,10 +393,10 @@ the certificate notBefore field contains an invali the certificate notAfter field contains an invalid time. .IP "\fB15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4 .IX Item "15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field" -the \s-1CRL\s0 lastUpdate field contains an invalid time. Unused. +the \s-1CRL\s0 lastUpdate field contains an invalid time. .IP "\fB16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4 .IX Item "16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field" -the \s-1CRL\s0 nextUpdate field contains an invalid time. Unused. +the \s-1CRL\s0 nextUpdate field contains an invalid time. .IP "\fB17 X509_V_ERR_OUT_OF_MEM: out of memory\fR" 4 .IX Item "17 X509_V_ERR_OUT_OF_MEM: out of memory" an error occurred trying to allocate memory. This should never happen. @@ -348,7 +421,7 @@ self signed. the certificate chain length is greater than the supplied maximum depth. Unused. .IP "\fB23 X509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4 .IX Item "23 X509_V_ERR_CERT_REVOKED: certificate revoked" -the certificate has been revoked. Unused. +the certificate has been revoked. .IP "\fB24 X509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4 .IX Item "24 X509_V_ERR_INVALID_CA: invalid CA certificate" a \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not consistent @@ -390,9 +463,9 @@ an application specific error. Unused. .SH "BUGS" .IX Header "BUGS" Although the issuer checks are a considerable improvement over the old technique they still -suffer from limitations in the underlying X509_LOOKUP \s-1API\s0. One consequence of this is that +suffer from limitations in the underlying X509_LOOKUP \s-1API.\s0 One consequence of this is that trusted certificates with matching subject name must either appear in a file (as specified by the -\&\fB\-CAfile\fR option) or a directory (as specified by \fB\-CApath\fR. If they occur in both then only +\&\fB\-CAfile\fR option) or a directory (as specified by \fB\-CApath\fR). If they occur in both then only the certificates in the file will be recognised. .PP Previous versions of OpenSSL assume certificates with matching subject name are identical and Index: secure/usr.bin/openssl/man/version.1 =================================================================== --- secure/usr.bin/openssl/man/version.1 (revision 279126) +++ secure/usr.bin/openssl/man/version.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "VERSION 1" -.TH VERSION 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH VERSION 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/x509.1 =================================================================== --- secure/usr.bin/openssl/man/x509.1 (revision 279126) +++ secure/usr.bin/openssl/man/x509.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509 1" -.TH X509 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH X509 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,6 +154,7 @@ x509 \- Certificate display and signing utility [\fB\-hash\fR] [\fB\-subject_hash\fR] [\fB\-issuer_hash\fR] +[\fB\-ocspid\fR] [\fB\-subject\fR] [\fB\-issuer\fR] [\fB\-nameopt option\fR] @@ -153,6 +163,7 @@ x509 \- Certificate display and signing utility [\fB\-enddate\fR] [\fB\-purpose\fR] [\fB\-dates\fR] +[\fB\-checkend num\fR] [\fB\-modulus\fR] [\fB\-fingerprint\fR] [\fB\-alias\fR] @@ -166,6 +177,7 @@ x509 \- Certificate display and signing utility [\fB\-days arg\fR] [\fB\-set_serial n\fR] [\fB\-signkey filename\fR] +[\fB\-passin arg\fR] [\fB\-x509toreq\fR] [\fB\-req\fR] [\fB\-CA filename\fR] @@ -173,6 +185,7 @@ x509 \- Certificate display and signing utility [\fB\-CAcreateserial\fR] [\fB\-CAserial filename\fR] [\fB\-text\fR] +[\fB\-certopt option\fR] [\fB\-C\fR] [\fB\-md2|\-md5|\-sha1|\-mdc2\fR] [\fB\-clrext\fR] @@ -183,7 +196,7 @@ x509 \- Certificate display and signing utility .IX Header "DESCRIPTION" The \fBx509\fR command is a multi purpose certificate utility. It can be used to display certificate information, convert certificates to -various forms, sign certificate requests like a \*(L"mini \s-1CA\s0\*(R" or edit +various forms, sign certificate requests like a \*(L"mini \s-1CA\*(R"\s0 or edit certificate trust settings. .PP Since there are a large number of options they will split up into @@ -190,7 +203,7 @@ Since there are a large number of options they wil various sections. .SH "OPTIONS" .IX Header "OPTIONS" -.SS "\s-1INPUT\s0, \s-1OUTPUT\s0 \s-1AND\s0 \s-1GENERAL\s0 \s-1PURPOSE\s0 \s-1OPTIONS\s0" +.SS "\s-1INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS\s0" .IX Subsection "INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS" .IP "\fB\-inform DER|PEM|NET\fR" 4 .IX Item "-inform DER|PEM|NET" @@ -224,10 +237,10 @@ specifying an engine (by it's unique \fBid\fR stri to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. -.SS "\s-1DISPLAY\s0 \s-1OPTIONS\s0" +.SS "\s-1DISPLAY OPTIONS\s0" .IX Subsection "DISPLAY OPTIONS" Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options -but are described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR section. +but are described in the \fB\s-1TRUST SETTINGS\s0\fR section. .IP "\fB\-text\fR" 4 .IX Item "-text" prints out the certificate in text form. Full details are output including the @@ -237,7 +250,7 @@ any extensions present and any trust settings. .IX Item "-certopt option" customise the output format used with \fB\-text\fR. The \fBoption\fR argument can be a single option or multiple options separated by commas. The \fB\-certopt\fR switch -may be also be used more than once to set multiple options. See the \fB\s-1TEXT\s0 \s-1OPTIONS\s0\fR +may be also be used more than once to set multiple options. See the \fB\s-1TEXT OPTIONS\s0\fR section for more information. .IP "\fB\-noout\fR" 4 .IX Item "-noout" @@ -257,6 +270,9 @@ name. .IP "\fB\-issuer_hash\fR" 4 .IX Item "-issuer_hash" outputs the \*(L"hash\*(R" of the certificate issuer name. +.IP "\fB\-ocspid\fR" 4 +.IX Item "-ocspid" +outputs the \s-1OCSP\s0 hash values for the subject name and public key. .IP "\fB\-hash\fR" 4 .IX Item "-hash" synonym for \*(L"\-subject_hash\*(R" for backward compatibility reasons. @@ -271,7 +287,7 @@ outputs the issuer name. option which determines how the subject or issuer names are displayed. The \&\fBoption\fR argument can be a single option or multiple options separated by commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to -set multiple options. See the \fB\s-1NAME\s0 \s-1OPTIONS\s0\fR section for more information. +set multiple options. See the \fB\s-1NAME OPTIONS\s0\fR section for more information. .IP "\fB\-email\fR" 4 .IX Item "-email" outputs the email address(es) if any. @@ -284,6 +300,10 @@ prints out the expiry date of the certificate, tha .IP "\fB\-dates\fR" 4 .IX Item "-dates" prints out the start and expiry dates of a certificate. +.IP "\fB\-checkend arg\fR" 4 +.IX Item "-checkend arg" +checks if the certificate expires within the next \fBarg\fR seconds and exits +non-zero if yes it will expire or zero if not. .IP "\fB\-fingerprint\fR" 4 .IX Item "-fingerprint" prints out the digest of the \s-1DER\s0 encoded version of the whole certificate @@ -291,7 +311,7 @@ prints out the digest of the \s-1DER\s0 encoded ve .IP "\fB\-C\fR" 4 .IX Item "-C" this outputs the certificate in the form of a C source file. -.SS "\s-1TRUST\s0 \s-1SETTINGS\s0" +.SS "\s-1TRUST SETTINGS\s0" .IX Subsection "TRUST SETTINGS" Please note these options are currently experimental and may well change. .PP @@ -304,7 +324,7 @@ must be \*(L"trusted\*(R". By default a trusted ce locally and must be a root \s-1CA:\s0 any certificate chain ending in this \s-1CA\s0 is then usable for any purpose. .PP -Trust settings currently are only used with a root \s-1CA\s0. They allow a finer +Trust settings currently are only used with a root \s-1CA.\s0 They allow a finer control over the purposes the root \s-1CA\s0 can be used for. For example a \s-1CA\s0 may be trusted for \s-1SSL\s0 client but not \s-1SSL\s0 server use. .PP @@ -346,12 +366,12 @@ option. .IP "\fB\-purpose\fR" 4 .IX Item "-purpose" this option performs tests on the certificate extensions and outputs -the results. For a more complete description see the \fB\s-1CERTIFICATE\s0 -\&\s-1EXTENSIONS\s0\fR section. -.SS "\s-1SIGNING\s0 \s-1OPTIONS\s0" +the results. For a more complete description see the \fB\s-1CERTIFICATE +EXTENSIONS\s0\fR section. +.SS "\s-1SIGNING OPTIONS\s0" .IX Subsection "SIGNING OPTIONS" The \fBx509\fR utility can be used to sign certificates and requests: it -can thus behave like a \*(L"mini \s-1CA\s0\*(R". +can thus behave like a \*(L"mini \s-1CA\*(R".\s0 .IP "\fB\-signkey filename\fR" 4 .IX Item "-signkey filename" this option causes the input file to be self signed using the supplied @@ -367,6 +387,10 @@ the \fB\-clrext\fR option is supplied. If the input is a certificate request then a self signed certificate is created using the supplied private key using the subject name in the request. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +the key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-clrext\fR" 4 .IX Item "-clrext" delete any extensions from a certificate. This option is used when a @@ -401,7 +425,7 @@ serial numbers can also be specified but their use .IP "\fB\-CA filename\fR" 4 .IX Item "-CA filename" specifies the \s-1CA\s0 certificate to be used for signing. When this option is -present \fBx509\fR behaves like a \*(L"mini \s-1CA\s0\*(R". The input file is signed by this +present \fBx509\fR behaves like a \*(L"mini \s-1CA\*(R".\s0 The input file is signed by this \&\s-1CA\s0 using this option: that is its issuer name is set to the subject name of the \s-1CA\s0 and it is digitally signed using the CAs private key. .Sp @@ -440,7 +464,7 @@ the section to add certificate extensions from. If specified then the extensions should either be contained in the unnamed (default) section or the default section should contain a variable called \&\*(L"extensions\*(R" which contains the section to use. -.SS "\s-1NAME\s0 \s-1OPTIONS\s0" +.SS "\s-1NAME OPTIONS\s0" .IX Subsection "NAME OPTIONS" The \fBnameopt\fR command line switch determines how the subject and issuer names are displayed. If no \fBnameopt\fR switch is present the default \*(L"oneline\*(R" @@ -457,7 +481,7 @@ displays names compatible with \s-1RFC2253\s0 equi \&\fBsep_comma_plus\fR, \fBdn_rev\fR and \fBsname\fR. .IP "\fBoneline\fR" 4 .IX Item "oneline" -a oneline format which is more readable than \s-1RFC2253\s0. It is equivalent to +a oneline format which is more readable than \s-1RFC2253.\s0 It is equivalent to specifying the \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR, \fBdump_nostr\fR, \&\fBdump_der\fR, \fBuse_quote\fR, \fBsep_comma_plus_space\fR, \fBspace_eq\fR and \fBsname\fR options. @@ -486,7 +510,7 @@ escapes some characters by surrounding the whole s without the option all escaping is done with the \fB\e\fR character. .IP "\fButf8\fR" 4 .IX Item "utf8" -convert all strings to \s-1UTF8\s0 format first. This is required by \s-1RFC2253\s0. If +convert all strings to \s-1UTF8\s0 format first. This is required by \s-1RFC2253.\s0 If you are lucky enough to have a \s-1UTF8\s0 compatible terminal then the use of this option (and \fBnot\fR setting \fBesc_msb\fR) may result in the correct display of multibyte (international) characters. Is this option is not @@ -494,8 +518,8 @@ present then multibyte characters larger than 0xff using the format \eUXXXX for 16 bits and \eWXXXXXXXX for 32 bits. Also if this option is off any UTF8Strings will be converted to their character form first. -.IP "\fBno_type\fR" 4 -.IX Item "no_type" +.IP "\fBignore_type\fR" 4 +.IX Item "ignore_type" this option does not attempt to interpret multibyte characters in any way. That is their content octets are merely dumped as though one octet represents each character. This is useful for diagnostic purposes but @@ -508,11 +532,11 @@ field contents. For example \*(L"\s-1BMPSTRING:\s0 .IX Item "dump_der" when this option is set any fields that need to be hexdumped will be dumped using the \s-1DER\s0 encoding of the field. Otherwise just the -content octets will be displayed. Both options use the \s-1RFC2253\s0 -\&\fB#XXXX...\fR format. +content octets will be displayed. Both options use the \s-1RFC2253 +\&\s0\fB#XXXX...\fR format. .IP "\fBdump_nostr\fR" 4 .IX Item "dump_nostr" -dump non character string types (for example \s-1OCTET\s0 \s-1STRING\s0) if this +dump non character string types (for example \s-1OCTET STRING\s0) if this option is not set then non character string types will be displayed as though each content octet represents a single character. .IP "\fBdump_all\fR" 4 @@ -533,7 +557,7 @@ the \s-1RDN\s0 separator and a spaced \fB+\fR for indents the fields by four characters. .IP "\fBdn_rev\fR" 4 .IX Item "dn_rev" -reverse the fields of the \s-1DN\s0. This is required by \s-1RFC2253\s0. As a side +reverse the fields of the \s-1DN.\s0 This is required by \s-1RFC2253.\s0 As a side effect this also reverses the order of multiple AVAs but this is permissible. .IP "\fBnofname\fR, \fBsname\fR, \fBlname\fR, \fBoid\fR" 4 @@ -551,7 +575,7 @@ align field values for a more readable output. Onl .IX Item "space_eq" places spaces round the \fB=\fR character which follows the field name. -.SS "\s-1TEXT\s0 \s-1OPTIONS\s0" +.SS "\s-1TEXT OPTIONS\s0" .IX Subsection "TEXT OPTIONS" As well as customising the name output format, it is also possible to customise the actual fields printed using the \fBcertopt\fR options when @@ -685,7 +709,7 @@ certificate extensions: .Ve .PP Set a certificate to be trusted for \s-1SSL\s0 client use and change set its alias to -\&\*(L"Steve's Class 1 \s-1CA\s0\*(R" +\&\*(L"Steve's Class 1 \s-1CA\*(R"\s0 .PP .Vb 2 \& openssl x509 \-in cert.pem \-addtrust clientAuth \e @@ -724,7 +748,7 @@ This is commonly called a \*(L"fingerprint\*(R". B digests the fingerprint of a certificate is unique to that certificate and two certificates with the same fingerprint can be considered to be the same. .PP -The Netscape fingerprint uses \s-1MD5\s0 whereas \s-1MSIE\s0 uses \s-1SHA1\s0. +The Netscape fingerprint uses \s-1MD5\s0 whereas \s-1MSIE\s0 uses \s-1SHA1.\s0 .PP The \fB\-email\fR option searches the subject name and the subject alternative name extension. Only unique email addresses will be printed out: it will @@ -740,12 +764,12 @@ The same code is used when verifying untrusted cer so this section is useful if a chain is rejected by the verify code. .PP The basicConstraints extension \s-1CA\s0 flag is used to determine whether the -certificate can be used as a \s-1CA\s0. If the \s-1CA\s0 flag is true then it is a \s-1CA\s0, -if the \s-1CA\s0 flag is false then it is not a \s-1CA\s0. \fBAll\fR CAs should have the +certificate can be used as a \s-1CA.\s0 If the \s-1CA\s0 flag is true then it is a \s-1CA,\s0 +if the \s-1CA\s0 flag is false then it is not a \s-1CA. \s0\fBAll\fR CAs should have the \&\s-1CA\s0 flag set to true. .PP If the basicConstraints extension is absent then the certificate is -considered to be a \*(L"possible \s-1CA\s0\*(R" other extensions are checked according +considered to be a \*(L"possible \s-1CA\*(R"\s0 other extensions are checked according to the intended use of the certificate. A warning is given in this case because the certificate should really not be regarded as a \s-1CA:\s0 however it is allowed to be a \s-1CA\s0 to work around some broken software. @@ -769,14 +793,14 @@ basicConstraints and keyUsage and V1 certificates .IP "\fB\s-1SSL\s0 Client\fR" 4 .IX Item "SSL Client" The extended key usage extension must be absent or include the \*(L"web client -authentication\*(R" \s-1OID\s0. keyUsage must be absent or it must have the +authentication\*(R" \s-1OID. \s0 keyUsage must be absent or it must have the digitalSignature bit set. Netscape certificate type must be absent or it must have the \s-1SSL\s0 client bit set. .IP "\fB\s-1SSL\s0 Client \s-1CA\s0\fR" 4 .IX Item "SSL Client CA" The extended key usage extension must be absent or include the \*(L"web client -authentication\*(R" \s-1OID\s0. Netscape certificate type must be absent or it must have -the \s-1SSL\s0 \s-1CA\s0 bit set: this is used as a work around if the basicConstraints +authentication\*(R" \s-1OID.\s0 Netscape certificate type must be absent or it must have +the \s-1SSL CA\s0 bit set: this is used as a work around if the basicConstraints extension is absent. .IP "\fB\s-1SSL\s0 Server\fR" 4 .IX Item "SSL Server" @@ -788,7 +812,7 @@ Netscape certificate type must be absent or have t .IX Item "SSL Server CA" The extended key usage extension must be absent or include the \*(L"web server authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. Netscape certificate type must -be absent or the \s-1SSL\s0 \s-1CA\s0 bit must be set: this is used as a work around if the +be absent or the \s-1SSL CA\s0 bit must be set: this is used as a work around if the basicConstraints extension is absent. .IP "\fBNetscape \s-1SSL\s0 Server\fR" 4 .IX Item "Netscape SSL Server" @@ -799,7 +823,7 @@ Otherwise it is the same as a normal \s-1SSL\s0 se .IP "\fBCommon S/MIME Client Tests\fR" 4 .IX Item "Common S/MIME Client Tests" The extended key usage extension must be absent or include the \*(L"email -protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or should have the +protection\*(R" \s-1OID.\s0 Netscape certificate type must be absent or should have the S/MIME bit set. If the S/MIME bit is not set in netscape certificate type then the \s-1SSL\s0 client bit is tolerated as an alternative but a warning is shown: this is because some Verisign certificates don't set the S/MIME bit. @@ -814,7 +838,7 @@ if the keyUsage extension is present. .IP "\fBS/MIME \s-1CA\s0\fR" 4 .IX Item "S/MIME CA" The extended key usage extension must be absent or include the \*(L"email -protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or must have the +protection\*(R" \s-1OID.\s0 Netscape certificate type must be absent or must have the S/MIME \s-1CA\s0 bit set: this is used as a work around if the basicConstraints extension is absent. .IP "\fB\s-1CRL\s0 Signing\fR" 4 @@ -837,7 +861,7 @@ be checked. There should be options to explicitly set such things as start and end dates rather than an offset from the current time. .PP -The code to implement the verify behaviour described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR +The code to implement the verify behaviour described in the \fB\s-1TRUST SETTINGS\s0\fR is currently being developed. It thus describes the intended behaviour rather than the current behaviour. It is hoped that it will represent reality in OpenSSL 0.9.5 and later. @@ -847,4 +871,4 @@ OpenSSL 0.9.5 and later. \&\fIgendsa\fR\|(1), \fIverify\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" -Before OpenSSL 0.9.8, the default digest for \s-1RSA\s0 keys was \s-1MD5\s0. +Before OpenSSL 0.9.8, the default digest for \s-1RSA\s0 keys was \s-1MD5.\s0 Index: secure/usr.bin/openssl/man/x509v3_config.1 =================================================================== --- secure/usr.bin/openssl/man/x509v3_config.1 (revision 279126) +++ secure/usr.bin/openssl/man/x509v3_config.1 (working copy) @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509V3_CONFIG 1" -.TH X509V3_CONFIG 1 "2014-06-05" "0.9.8za" "OpenSSL" +.TH X509V3_CONFIG 1 "2015-01-08" "0.9.8zd" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -185,7 +194,7 @@ use is defined by the extension code itself: check policies extension for an example. .PP If an extension type is unsupported then the \fIarbitrary\fR extension syntax -must be used, see the \s-1ARBITRART\s0 \s-1EXTENSIONS\s0 section for more details. +must be used, see the \s-1ARBITRARY EXTENSIONS\s0 section for more details. .SH "STANDARD EXTENSIONS" .IX Header "STANDARD EXTENSIONS" The following sections describe each supported extension in detail. @@ -207,7 +216,7 @@ For example: .Ve .PP A \s-1CA\s0 certificate \fBmust\fR include the basicConstraints value with the \s-1CA\s0 field -set to \s-1TRUE\s0. An end user certificate must either set \s-1CA\s0 to \s-1FALSE\s0 or exclude the +set to \s-1TRUE.\s0 An end user certificate must either set \s-1CA\s0 to \s-1FALSE\s0 or exclude the extension entirely. Some software may require the inclusion of basicConstraints with \s-1CA\s0 set to \s-1FALSE\s0 for end entity certificates. .PP @@ -237,7 +246,7 @@ the certificate public key can be used for, .PP These can either be object short names of the dotted numerical form of OIDs. While any \s-1OID\s0 can be used only certain values make sense. In particular the -following \s-1PKIX\s0, \s-1NS\s0 and \s-1MS\s0 values are meaningful: +following \s-1PKIX, NS\s0 and \s-1MS\s0 values are meaningful: .PP .Vb 10 \& Value Meaning @@ -296,7 +305,7 @@ Example: The subject alternative name extension allows various literal values to be included in the configuration file. These include \fBemail\fR (an email address) \&\fB\s-1URI\s0\fR a uniform resource indicator, \fB\s-1DNS\s0\fR (a \s-1DNS\s0 domain name), \fB\s-1RID\s0\fR (a -registered \s-1ID:\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0), \fB\s-1IP\s0\fR (an \s-1IP\s0 address), \fBdirName\fR +registered \s-1ID: OBJECT IDENTIFIER\s0), \fB\s-1IP\s0\fR (an \s-1IP\s0 address), \fBdirName\fR (a distinguished name) and otherName. .PP The email option include a special 'copy' value. This will automatically @@ -307,11 +316,11 @@ The \s-1IP\s0 address used in the \fB\s-1IP\s0\fR .PP The value of \fBdirName\fR should point to a section containing the distinguished name to use as a set of name value pairs. Multi values AVAs can be formed by -preceeding the name with a \fB+\fR character. +preceding the name with a \fB+\fR character. .PP otherName can include arbitrary data associated with an \s-1OID:\s0 the value should be the \s-1OID\s0 followed by a semicolon and the content in standard -\&\fIASN1_generate_nconf()\fR format. +\&\fIASN1_generate_nconf\fR\|(3) format. .PP Examples: .PP @@ -346,7 +355,7 @@ Example: .SS "Authority Info Access." .IX Subsection "Authority Info Access." The authority information access extension gives details about how to access -certain information relating to the \s-1CA\s0. Its syntax is accessOID;location +certain information relating to the \s-1CA.\s0 Its syntax is accessOID;location where \fIlocation\fR has the same syntax as subject alternative name (except that email:copy is not supported). accessOID can be any valid \s-1OID\s0 but only certain values are meaningful, for example \s-1OCSP\s0 and caIssuers. @@ -359,22 +368,84 @@ Example: .Ve .SS "\s-1CRL\s0 distribution points." .IX Subsection "CRL distribution points." -This is a multi-valued extension that supports all the literal options of -subject alternative name. Of the few software packages that currently interpret -this extension most only interpret the \s-1URI\s0 option. +This is a multi-valued extension whose options can be either in name:value pair +using the same form as subject alternative name or a single value representing +a section name containing all the distribution point fields. .PP -Currently each option will set a new DistributionPoint with the fullName -field set to the given value. +For a name:value pair a new DistributionPoint with the fullName field set to +the given value both the cRLissuer and reasons fields are omitted in this case. .PP -Other fields like cRLissuer and reasons cannot currently be set or displayed: -at this time no examples were available that used these fields. +In the single option case the section indicated contains values for each +field. In this section: .PP -Examples: +If the name is \*(L"fullname\*(R" the value field should contain the full name +of the distribution point in the same format as subject alternative name. .PP +If the name is \*(L"relativename\*(R" then the value field should contain a section +name whose contents represent a \s-1DN\s0 fragment to be placed in this field. +.PP +The name \*(L"CRLIssuer\*(R" if present should contain a value for this field in +subject alternative name format. +.PP +If the name is \*(L"reasons\*(R" the value field should consist of a comma +separated field containing the reasons. Valid reasons are: \*(L"keyCompromise\*(R", +\&\*(L"CACompromise\*(R", \*(L"affiliationChanged\*(R", \*(L"superseded\*(R", \*(L"cessationOfOperation\*(R", +\&\*(L"certificateHold\*(R", \*(L"privilegeWithdrawn\*(R" and \*(L"AACompromise\*(R". +.PP +Simple examples: +.PP .Vb 2 \& crlDistributionPoints=URI:http://myhost.com/myca.crl \& crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl .Ve +.PP +Full distribution point example: +.PP +.Vb 1 +\& crlDistributionPoints=crldp1_section +\& +\& [crldp1_section] +\& +\& fullname=URI:http://myhost.com/myca.crl +\& CRLissuer=dirName:issuer_sect +\& reasons=keyCompromise, CACompromise +\& +\& [issuer_sect] +\& C=UK +\& O=Organisation +\& CN=Some Name +.Ve +.SS "Issuing Distribution Point" +.IX Subsection "Issuing Distribution Point" +This extension should only appear in CRLs. It is a multi valued extension +whose syntax is similar to the \*(L"section\*(R" pointed to by the \s-1CRL\s0 distribution +points extension with a few differences. +.PP +The names \*(L"reasons\*(R" and \*(L"CRLissuer\*(R" are not recognized. +.PP +The name \*(L"onlysomereasons\*(R" is accepted which sets this field. The value is +in the same format as the \s-1CRL\s0 distribution point \*(L"reasons\*(R" field. +.PP +The names \*(L"onlyuser\*(R", \*(L"onlyCA\*(R", \*(L"onlyAA\*(R" and \*(L"indirectCRL\*(R" are also accepted +the values should be a boolean value (\s-1TRUE\s0 or \s-1FALSE\s0) to indicate the value of +the corresponding field. +.PP +Example: +.PP +.Vb 1 +\& issuingDistributionPoint=critical, @idp_section +\& +\& [idp_section] +\& +\& fullname=URI:http://myhost.com/myca.crl +\& indirectCRL=TRUE +\& onlysomereasons=keyCompromise, CACompromise +\& +\& [issuer_sect] +\& C=UK +\& O=Organisation +\& CN=Some Name +.Ve .SS "Certificate Policies." .IX Subsection "Certificate Policies." This is a \fIraw\fR extension. All the fields of this extension can be set by @@ -381,7 +452,7 @@ This is a \fIraw\fR extension. All the fields of t using the appropriate syntax. .PP If you follow the \s-1PKIX\s0 recommendations and just using one \s-1OID\s0 then you just -include the value of that \s-1OID\s0. Multiple OIDs can be set separated by commas, +include the value of that \s-1OID.\s0 Multiple OIDs can be set separated by commas, for example: .PP .Vb 1 @@ -472,6 +543,15 @@ Examples: \& \& nameConstraints=excluded;email:.com .Ve +.SS "\s-1OCSP\s0 No Check" +.IX Subsection "OCSP No Check" +The \s-1OCSP\s0 No Check extension is a string extension but its value is ignored. +.PP +Example: +.PP +.Vb 1 +\& noCheck = ignored +.Ve .SH "DEPRECATED EXTENSIONS" .IX Header "DEPRECATED EXTENSIONS" The following extensions are non standard, Netscape specific and largely @@ -509,7 +589,8 @@ the data is formatted correctly for the given exte There are two ways to encode arbitrary extensions. .PP The first way is to use the word \s-1ASN1\s0 followed by the extension content -using the same syntax as \fIASN1_generate_nconf()\fR. For example: +using the same syntax as \fIASN1_generate_nconf\fR\|(3). +For example: .PP .Vb 1 \& 1.2.3.4=critical,ASN1:UTF8String:Some random data @@ -598,4 +679,5 @@ The \fBdirectoryName\fR and \fBotherName\fR option for arbitrary extensions was added in OpenSSL 0.9.8 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIreq\fR\|(1), \fIca\fR\|(1), \fIx509\fR\|(1) +\&\fIreq\fR\|(1), \fIca\fR\|(1), \fIx509\fR\|(1), +\&\fIASN1_generate_nconf\fR\|(3)